Aller au contenu

shaolin

Membres
  • Compteur de contenus

    13
  • Inscription

  • Dernière visite

shaolin's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. RE , il y a un processus , qui utilise toujours 99 % du system quand je lance des aplications : AVENGINE.EXE c grave ? sa fai le pc ramer a chaque aplication lancer , et impossible d'arreter ce processus
  2. j'ai fai ce ke vou mavez conseiller , le pc va bcp mieu , je vou remercie pour votre patience et votre aide . MERCI BCP
  3. BJR , voici le rapport HIJACKTHIS apres flash desinfector Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:31:30 PM, on 2/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\Ati2evxx.exe g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE G:\WINDOWS\system32\spoolsv.exe G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe G:\Program Files\ATI Technologies\ATI.ACE\cli.exe G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe G:\Program Files\iTunes\iTunesHelper.exe G:\WINDOWS\SOUNDMAN.EXE G:\Program Files\Bonjour\mDNSResponder.exe G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe G:\WINDOWS\system32\ctfmon.exe G:\Program Files\Windows Sidebar\sidebar.exe G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe G:\Program Files\D-Link AirPlus\AirPlus.exe G:\Program Files\iPod\bin\iPodService.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe G:\WINDOWS\system32\wuauclt.exe G:\WINDOWS\system32\wuauclt.exe G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe G:\PROGRA~1\MOZILL~2\FIREFOX.EXE G:\Program Files\iTunes\iTunes.exe G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe G:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe G:\WINDOWS\system32\wscntfy.exe G:\WINDOWS\explorer.exe G:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector/?p...te&lang=fre R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [MDM Rock 4] G:\WINDOWS\system32\vakvygnid.exe O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "G:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe -- End of file - 9950 bytes
  4. bjr voici le nouveau rapport DiagHelp version v1.4 - http://www.malekal.com excute le Mon 02/11/2008 à 12:19:19.81 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch G:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->2/11/2008 12:19:18 PM G:\WINDOWS\prefetch\ALCFDRTM.EXE-2BB9547C.pf -->2/11/2008 12:18:49 PM G:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->2/11/2008 12:18:46 PM G:\WINDOWS\prefetch\RTLCPL.EXE-068CE630.pf -->2/11/2008 12:18:39 PM G:\WINDOWS\prefetch\NTVDM.EXE-0A81AB7B.pf -->2/11/2008 12:18:22 PM G:\WINDOWS\prefetch\GZIP.EXE-266E34A2.pf -->2/11/2008 12:18:22 PM G:\WINDOWS\prefetch\FIND.EXE-0EEAD1A7.pf -->2/11/2008 12:18:19 PM G:\WINDOWS\prefetch\SORT.EXE-19728AC5.pf -->2/11/2008 12:18:17 PM G:\WINDOWS\prefetch\REG.EXE-07FA5B3F.pf -->2/11/2008 12:18:07 PM G:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->2/11/2008 12:18:06 PM G:\WINDOWS\System32\drivers\APPFLTR.CFG -->2/11/2008 12:16:03 PM G:\WINDOWS\System32\drivers\APPFCONT.DAT -->2/11/2008 12:15:42 PM G:\WINDOWS\System32\drivers\avipbb.sys -->2/10/2008 4:13:29 AM G:\WINDOWS\System32\drivers\TPkd.sys -->2/8/2008 9:27:14 AM G:\WINDOWS\System32\drivers\iLokDrvr.sys -->2/8/2008 9:27:14 AM G:\WINDOWS\System32\drivers\wnmsav.dat -->2/7/2008 10:09:00 AM G:\WINDOWS\System32\drivers\ShldDrv.sys -->2/7/2008 8:19:41 AM G:\WINDOWS\System32\DICoInst.log -->2/11/2008 12:08:39 PM G:\WINDOWS\System32\wpa.dbl -->2/10/2008 3:51:39 AM G:\WINDOWS\System32\LoopyMusic.wav -->2/8/2008 12:21:19 PM G:\WINDOWS\System32\BuzzingBee.wav -->2/8/2008 12:21:19 PM G:\WINDOWS\System32\ilinet.dll -->2/8/2008 9:27:14 AM G:\WINDOWS\System32\FNTCACHE.DAT -->2/8/2008 9:20:54 AM G:\WINDOWS\System32\TZLog.log -->2/7/2008 4:36:22 PM G:\WINDOWS\System32\PavSHook.dll -->2/7/2008 4:00:08 PM G:\WINDOWS\System32\infocardcpl.cpl -->2/7/2008 3:52:28 PM G:\WINDOWS\System32\infocardapi.dll -->2/7/2008 3:52:28 PM G:\WINDOWS\System32\icardres.dll.mui -->2/7/2008 3:52:28 PM G:\WINDOWS\System32\icardres.dll -->2/7/2008 3:52:28 PM G:\WINDOWS\System32\icardagt.exe -->2/7/2008 3:52:28 PM G:\WINDOWS\System32\netfxperf.dll -->2/7/2008 3:51:11 PM G:\WINDOWS\System32\mscories.dll -->2/7/2008 3:51:11 PM G:\WINDOWS\System32\mscorier.dll -->2/7/2008 3:51:11 PM G:\WINDOWS\System32\dfshim.dll -->2/7/2008 3:51:11 PM G:\WINDOWS\System32\$winnt$.inf -->2/7/2008 3:47:09 PM G:\WINDOWS\System32\CONFIG.NT -->2/7/2008 3:45:04 PM G:\WINDOWS\System32\nscompat.tlb -->2/7/2008 3:44:55 PM G:\WINDOWS\System32\amcompat.tlb -->2/7/2008 3:44:55 PM G:\WINDOWS\System32\WindowsLogon.manifest -->2/7/2008 3:43:43 PM G:\WINDOWS\System32\logonui.exe.manifest -->2/7/2008 3:43:43 PM G:\WINDOWS\System32\wuaucpl.cpl.manifest -->2/7/2008 3:43:39 PM G:\WINDOWS\System32\sapi.cpl.manifest -->2/7/2008 3:43:39 PM G:\WINDOWS\ALCFDRTM.VER -->2/11/2008 12:18:39 PM G:\WINDOWS\setupapi.log -->2/11/2008 12:18:33 PM G:\WINDOWS\wmsetup.log -->2/11/2008 12:12:51 PM G:\WINDOWS\WindowsUpdate.log -->2/11/2008 12:05:50 PM G:\WINDOWS\tsoc.log -->2/11/2008 12:04:47 PM G:\WINDOWS\tabletoc.log -->2/11/2008 12:04:47 PM G:\WINDOWS\ocmsn.log -->2/11/2008 12:04:47 PM G:\WINDOWS\ocgen.log -->2/11/2008 12:04:47 PM G:\WINDOWS\ntdtcsetup.log -->2/11/2008 12:04:47 PM G:\WINDOWS\imsins.log -->2/11/2008 12:04:47 PM G:\WINDOWS\iis6.log -->2/11/2008 12:04:47 PM G:\WINDOWS\comsetup.log -->2/11/2008 12:04:47 PM G:\WINDOWS\netfxocm.log -->2/11/2008 12:04:46 PM G:\WINDOWS\msgsocm.log -->2/11/2008 12:04:46 PM G:\WINDOWS\MedCtrOC.log -->2/11/2008 12:04:46 PM winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 248 Command line: G:\WINDOWS\Explorer.EXE Base Size Version Path 0x77c10000 0x58000 7.00.2600.3085 G:\WINDOWS\system32\msvcrt.dll 0x42c10000 0xcf000 7.00.6000.20696 G:\WINDOWS\system32\WININET.dll 0x00550000 0x9000 6.00.5441.0000 G:\WINDOWS\system32\Normaliz.dll 0x42990000 0x45000 7.00.6000.20696 G:\WINDOWS\system32\iertutil.dll 0x5d090000 0x9a000 5.82.2900.2982 G:\WINDOWS\system32\comctl32.dll 0x50260000 0x40000 7.00.0000.0000 G:\WINDOWS\SYSTEM32\PAVSHOOK.DLL 0x50460000 0xf000 7.00.0000.0000 G:\WINDOWS\system32\pavipc.dll 0x50060000 0x22000 7.00.0000.0000 G:\WINDOWS\system32\TpUtil.dll 0x7c3a0000 0x7b000 7.10.3077.0000 G:\WINDOWS\system32\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 G:\WINDOWS\system32\MSVCR71.dll 0x66600000 0x1d000 2.00.0000.0000 G:\WINDOWS\system32\systools.dll 0x76fd0000 0x7f000 2001.12.4414.0312 G:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 2001.12.4414.0258 G:\WINDOWS\system32\COMRes.dll 0x661c0000 0x21d000 12.00.4518.1014 G:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL 0x68ef0000 0xf1000 12.00.4518.1014 G:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL 0x78130000 0x9b000 8.00.50727.0762 G:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x68ff0000 0x7000 12.00.4518.1014 G:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL 0x7c630000 0x1b000 8.00.50727.0762 G:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL 0x65e30000 0x37000 12.00.4518.1014 G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL 0x42cf0000 0x127000 7.00.6000.20696 G:\WINDOWS\system32\urlmon.dll 0x74980000 0x113000 8.90.1101.0000 G:\WINDOWS\system32\MSXML3.DLL 0x76b20000 0x11000 3.05.2284.0000 G:\WINDOWS\system32\ATL.DLL 0x42ef0000 0x5cd000 7.00.6000.20696 G:\WINDOWS\system32\ieframe.dll 0x42e40000 0x3c000 7.00.6000.20696 G:\WINDOWS\system32\webcheck.dll 0x7d1e0000 0x2be000 3.01.4000.4039 G:\WINDOWS\system32\msi.dll 0x66b40000 0x17d000 12.00.4518.1014 G:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL 0x74320000 0x3d000 3.525.1117.0000 G:\WINDOWS\system32\ODBC32.dll 0x021a0000 0x17000 3.525.1117.0000 G:\WINDOWS\system32\odbcint.dll 0x50640000 0x9000 7.00.6000.0381 G:\WINDOWS\system32\wups.dll 0x02be0000 0xe1000 12.00.4518.1014 G:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll 0x4b400000 0x86000 5.41.0015.1514 G:\WINDOWS\system32\MSFTEDIT.DLL 0x086c0000 0x244000 10.00.0000.3702 G:\WINDOWS\system32\wmvcore.dll 0x070d0000 0x3b000 10.00.0000.4060 G:\WINDOWS\system32\WMASF.DLL 0x03610000 0x2e000 G:\Program Files\WinRAR\rarext.dll 0x592c0000 0x19000 9.00.0000.3250 G:\WINDOWS\system32\wmpshell.dll 0x10000000 0x13000 7.05.0001.0036 G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x01280000 0x5b000 8.01.0000.0000 G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 0x01700000 0x11000 7.00.0000.0010 G:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x02f10000 0x102000 7.10.3077.0000 G:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x01fc0000 0x21000 6.01.0002.0000 G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL 0x3ec60000 0x18000 5.12.0001.0000 G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PSWLabel.dll 0x3ec90000 0x10a000 6.01.0001.0000 G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PSWLRes.dll 0x03020000 0x41000 6.05.0003.0000 G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TitCfg.dll 0x022c0000 0x2a000 7.05.0001.0036 G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll 0x01440000 0x10000 8.00.0000.0456 G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x6bd10000 0x10000 12.00.4518.1014 G:\Program Files\Microsoft Office\Office12\msohevi.dll 0x60980000 0x7000 3.01.4000.1823 G:\WINDOWS\system32\MSISIP.DLL 0x74cb0000 0x10000 5.06.0000.8825 G:\WINDOWS\system32\wshext.dll 0x73dd0000 0xfe000 6.02.4131.0000 G:\WINDOWS\system32\MFC42.DLL 0x461f0000 0x9000 6.00.5430.0000 G:\WINDOWS\system32\WindowsPowerShell\v1.0\pwrshsip.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 980 Command line: winlogon.exe Base Size Version Path 0x01000000 0x80000 \??\G:\WINDOWS\system32\winlogon.exe 0x77c10000 0x58000 7.00.2600.3085 G:\WINDOWS\system32\msvcrt.dll 0x5d090000 0x9a000 5.82.2900.2982 G:\WINDOWS\system32\COMCTL32.dll 0x74320000 0x3d000 3.525.1117.0000 G:\WINDOWS\system32\ODBC32.dll 0x20000000 0x17000 3.525.1117.0000 G:\WINDOWS\system32\odbcint.dll 0x50260000 0x40000 7.00.0000.0000 G:\WINDOWS\SYSTEM32\PAVSHOOK.DLL 0x50460000 0xf000 7.00.0000.0000 G:\WINDOWS\system32\pavipc.dll 0x50060000 0x22000 7.00.0000.0000 G:\WINDOWS\system32\TpUtil.dll 0x7c3a0000 0x7b000 7.10.3077.0000 G:\WINDOWS\system32\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 G:\WINDOWS\system32\MSVCR71.dll 0x66600000 0x1d000 2.00.0000.0000 G:\WINDOWS\system32\systools.dll 0x10000000 0x20000 6.14.0010.4175 G:\WINDOWS\system32\Ati2evxx.dll 0x01370000 0xc000 2.00.1840.0001 G:\WINDOWS\system32\avldr.dll 0x77050000 0xc5000 2001.12.4414.0258 G:\WINDOWS\system32\COMRes.dll 0x76fd0000 0x7f000 2001.12.4414.0312 G:\WINDOWS\system32\CLBCATQ.DLL Volume in drive G is Nouveau nom Volume Serial Number is 8CD3-97DE Directory of G:\WINDOWS\system32 10/13/2007 04:03 AM 6,144 csrss.exe 1 File(s) 6,144 bytes 0 Dir(s) 13,871,484,928 bytes free Contenu de Downloaded Program Files Volume in drive G is Nouveau nom Volume Serial Number is 8CD3-97DE Directory of G:\WINDOWS\Downloaded Program Files 02/07/2008 07:20 AM <DIR> . 02/07/2008 07:20 AM <DIR> .. 02/07/2008 03:43 PM 65 desktop.ini 1 File(s) 65 bytes Total Files Listed: 1 File(s) 65 bytes 2 Dir(s) 13,871,484,928 bytes free Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "G:\\WINDOWS\\system32\\vakvygnid.exe"="G:\\WINDOWS\\system32\\vakvygnid.exe:*:Enabled:MDM Rock 4" "G:\\Program Files\\Bonjour\\mDNSResponder.exe"="G:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "G:\\Program Files\\iTunes\\iTunes.exe"="G:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "G:\\Program Files\\Messenger\\msmsgs.exe"="G:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "G:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="G:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "G:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="G:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "G:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="G:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Export de la clef SharedTaskScheduler [sharedTaskScheduler] exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-11 12:19:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 248 - explorer.exe 476 - CLI.exe 768 - PNmSrv.exe 916 - iTunesHelper.ex 948 - csrss.exe 980 - winlogon.exe 1028 - services.exe 1040 - lsass.exe 1136 - avguard.exe 1148 - sched.exe 1196 - ati2evxx.exe 1208 - svchost.exe 1312 - svchost.exe 1372 - PAVSRV51.EXE 1416 - AVENGINE.EXE 1628 - svchost.exe 1740 - PDVDServ.exe 1788 - GrooveMonitor.e 1808 - AppleMobileDevi 1876 - ati2evxx.exe 1944 - svchost.exe 1960 - alg.exe 2012 - guard.exe 2016 - cledx.exe 2076 - avgnt.exe 2136 - mDNSResponder.e 2324 - mdm.exe 2380 - PavFnSvr.exe 2600 - PavPrSrv.exe 2644 - PsImSvc.exe 2648 - sidebar.exe 2796 - iPodService.exe 2880 - wuauclt.exe 2944 - msmsgs.exe 3108 - ctfmon.exe 3244 - CLI.exe 3548 - wscntfy.exe 4596 - FIREBO~1.EXE 4748 - firefox.exe 7180 - ALCFDRTM.EXE 7312 - cmd.exe Total number of processes = 42 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806F6000 - \WINDOWS\system32\hal.dll F7987000 - \WINDOWS\system32\KDCOM.DLL F7897000 - \WINDOWS\system32\BOOTVID.dll F7358000 - ACPI.sys F7989000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F7347000 - pci.sys F7487000 - isapnp.sys F7497000 - ohci1394.sys F74A7000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F7A4F000 - PCIIde.sys F7707000 - \WINDOWS\System32\Drivers\PCIIDEX.SYS F74B7000 - MountMgr.sys F7328000 - ftdisk.sys F798B000 - dmload.sys F7302000 - dmio.sys F770F000 - PartMgr.sys F74C7000 - VolSnap.sys F72EA000 - atapi.sys F72D1000 - nvata.sys F72BB000 - nvatabus.sys F74D7000 - disk.sys F74E7000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F729B000 - fltMgr.sys F7289000 - sr.sys F7277000 - TPkd.sys F7260000 - KSecDD.sys F71D3000 - Ntfs.sys F71A6000 - NDIS.sys F7189000 - NETFLT.SYS F7717000 - nvcchflt.sys F716F000 - Mup.sys F75D7000 - \SystemRoot\system32\DRIVERS\nic1394.sys F7597000 - \SystemRoot\system32\DRIVERS\AmdK8.sys F773F000 - \SystemRoot\system32\DRIVERS\usbohci.sys F6ADA000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F7747000 - \SystemRoot\system32\DRIVERS\usbehci.sys F03E7000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F03C3000 - \SystemRoot\system32\drivers\portcls.sys F76B7000 - \SystemRoot\system32\drivers\drmk.sys F03A0000 - \SystemRoot\system32\drivers\ks.sys F76C7000 - \SystemRoot\system32\DRIVERS\imapi.sys F76D7000 - \SystemRoot\system32\DRIVERS\cdrom.sys F76E7000 - \SystemRoot\system32\DRIVERS\redbook.sys F3BC3000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F791F000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys F0321000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS F02EE000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS F006D000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F0059000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7999000 - \SystemRoot\system32\DRIVERS\ASACPI.sys F76F7000 - \SystemRoot\system32\DRIVERS\serial.sys F1607000 - \SystemRoot\system32\DRIVERS\serenum.sys F0045000 - \SystemRoot\system32\DRIVERS\parport.sys F1603000 - \SystemRoot\system32\drivers\nvmpu401.sys F15FF000 - \SystemRoot\system32\DRIVERS\gameenum.sys F7BD6000 - \SystemRoot\system32\DRIVERS\audstub.sys F7517000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F15FB000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F002E000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F7527000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F7537000 - \SystemRoot\system32\DRIVERS\raspptp.sys F7837000 - \SystemRoot\system32\DRIVERS\TDI.SYS F001D000 - \SystemRoot\system32\DRIVERS\psched.sys F7547000 - \SystemRoot\system32\DRIVERS\msgpc.sys F7867000 - \SystemRoot\system32\DRIVERS\ptilink.sys F786F000 - \SystemRoot\system32\DRIVERS\raspti.sys EFFEC000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F10AE000 - \SystemRoot\system32\DRIVERS\termdd.sys F7877000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F787F000 - \SystemRoot\system32\DRIVERS\mouclass.sys F79B5000 - \SystemRoot\system32\DRIVERS\swenum.sys EFF93000 - \SystemRoot\system32\DRIVERS\update.sys F090A000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F109E000 - \SystemRoot\system32\DRIVERS\cledx.sys F108E000 - \SystemRoot\system32\DRIVERS\usbhub.sys F79B7000 - \SystemRoot\system32\DRIVERS\USBD.SYS F107E000 - \SystemRoot\System32\Drivers\NDProxy.SYS F09B4000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys F79C7000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F39C7000 - \SystemRoot\System32\Drivers\Null.SYS F79C9000 - \SystemRoot\System32\Drivers\Beep.SYS F39C5000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F775F000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F776F000 - \SystemRoot\System32\drivers\vga.sys F79CB000 - \SystemRoot\System32\Drivers\mnmdd.SYS F79CD000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F777F000 - \SystemRoot\System32\Drivers\Msfs.SYS F7787000 - \SystemRoot\System32\Drivers\Npfs.SYS F794B000 - \SystemRoot\system32\DRIVERS\rasacd.sys B2F8F000 - \SystemRoot\system32\DRIVERS\ipsec.sys B2F36000 - \SystemRoot\system32\DRIVERS\tcpip.sys B2F0E000 - \SystemRoot\system32\DRIVERS\netbt.sys F0954000 - \??\G:\WINDOWS\system32\Drivers\NETFLTDI.SYS B2EEC000 - \SystemRoot\system32\DRIVERS\ipnat.sys F0944000 - \SystemRoot\system32\DRIVERS\wanarp.sys F7135000 - \SystemRoot\System32\drivers\ws2ifsl.sys F0934000 - \SystemRoot\system32\DRIVERS\arp1394.sys B2ECA000 - \SystemRoot\System32\drivers\afd.sys F0924000 - \SystemRoot\system32\DRIVERS\netbios.sys F712D000 - \??\G:\WINDOWS\system32\Drivers\WNMFLT.SYS F779F000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F77B7000 - \??\G:\WINDOWS\system32\Drivers\SMSFLT.SYS F77C7000 - \SystemRoot\System32\Drivers\ShldDrv.SYS B2E9F000 - \SystemRoot\system32\DRIVERS\rdbss.sys B2E30000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys B2DDC000 - \??\G:\WINDOWS\system32\Drivers\IDSFLT.SYS F711D000 - \??\G:\WINDOWS\system32\Drivers\fnetmon.SYS F46D1000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F7567000 - \SystemRoot\System32\Drivers\Fips.SYS F46B9000 - \??\G:\WINDOWS\system32\Drivers\DSAFLT.SYS F3E50000 - \SystemRoot\system32\DRIVERS\avipbb.sys F160B000 - \SystemRoot\system32\DRIVERS\hidusb.sys F3E40000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F79D1000 - \??\G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F11AA000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F3217000 - \??\G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F11A2000 - \SystemRoot\system32\DRIVERS\mouhid.sys F3E30000 - \??\G:\WINDOWS\system32\Drivers\APPFLT.SYS F3E10000 - \SystemRoot\System32\Drivers\Cdfs.SYS B2DC6000 - \SystemRoot\System32\Drivers\dump_nvatabus.sys F79E3000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F7937000 - \SystemRoot\System32\drivers\Dxapi.sys F3BCB000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7AE3000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA1A000 - \SystemRoot\System32\ati2cqag.dll BFA88000 - \SystemRoot\System32\atikvmag.dll BFAD9000 - \SystemRoot\System32\atiok3x2.dll BFB07000 - \SystemRoot\System32\ati3duag.dll BFDFA000 - \SystemRoot\System32\ativvaxx.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL AFD87000 - \SystemRoot\system32\DRIVERS\pavdrv51.sys F7857000 - \??\G:\WINDOWS\system32\PavSRK.sys AFCBB000 - \SystemRoot\system32\DRIVERS\ndisuio.sys F35CD000 - \SystemRoot\system32\DRIVERS\rspndr.sys F7817000 - \SystemRoot\system32\Drivers\cpoint.sys AFA02000 - \SystemRoot\system32\drivers\wdmaud.sys AFA87000 - \SystemRoot\system32\drivers\sysaudio.sys AF7E5000 - \??\G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys AF6A0000 - \SystemRoot\system32\DRIVERS\mrxdav.sys AF79D000 - \SystemRoot\System32\Drivers\Nsynas32.SYS F7A39000 - \SystemRoot\System32\Drivers\ParVdm.SYS AF4BE000 - \SystemRoot\system32\DRIVERS\srv.sys AF385000 - \??\G:\WINDOWS\system32\DRIVERS\PavProc.sys AF725000 - \SystemRoot\system32\DRIVERS\secdrv.sys F79A5000 - \??\G:\Program Files\CyberLink\PowerDVD0.fcl AEF5E000 - \SystemRoot\system32\drivers\av5flt.sys AED3D000 - \SystemRoot\System32\Drivers\HTTP.sys AE89D000 - \SystemRoot\system32\drivers\kmixer.sys AE885000 - \SystemRoot\System32\Drivers\ps_1394.sys F7737000 - \SystemRoot\System32\Drivers\ps_avs.sys F77A7000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS AE840000 - \SystemRoot\System32\Drivers\Fastfat.SYS F7B69000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys F7A1D000 - \SystemRoot\system32\drivers\splitter.sys Total number of drivers = 158 Liste des programmes installes Adobe Reader 8.1.2 Apple Mobile Device Support Apple Software Update ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver ATI HYDRAVISION AVG Anti-Spyware 7.5 Avira AntiVir PersonalEdition Classic Bonjour D-Link AirPlus HijackThis 2.0.2 iTunes Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix Microsoft .NET Framework 2.0 with Security Updates Microsoft .NET Framework 2.0 with Security Updates Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Communicator 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (2.0.0.7) Mozilla Thunderbird (2.0.0.6) MSN MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Nero 8 Micro v8.0.3.0 NVIDIA Drivers Panda Titanium 2006 Antivirus + Antispyware PowerDVD PowerDVD Ultra PreSonus 1394 Audio Driver V1.20.0 (FIREBox) QuickTime Realtek AC'97 Audio Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Software Update for Web Folders Steinberg Cubase SX v3.0.2.623 Syncrosoft's License Control SyncroSoft Emu (Remove only) Update for Outlook 2007 Junk Email Filter (kb943597) Update for Windows XP (KB938828) Update for Windows XP (KB942763) VAIOXP Waves SSL 4000 Collection 1.1 Windows Communication Foundation Windows Imaging Component Windows Media Format Runtime Windows PowerShell 1.0 Windows Presentation Foundation Windows Sidebar Windows Workflow Foundation WinRAR archiver XML Paper Specification Shared Components Pack 1.0 Volume in drive G is Nouveau nom Volume Serial Number is 8CD3-97DE Directory of G:\Program Files 02/11/2008 01:54 AM <DIR> . 02/11/2008 01:54 AM <DIR> .. 02/08/2008 05:32 AM <DIR> Adobe 02/08/2008 09:34 AM <DIR> Apple Software Update 02/07/2008 07:32 AM <DIR> ATI Technologies 02/10/2008 04:02 AM <DIR> Avira 02/10/2008 05:50 PM <DIR> Bonjour 02/08/2008 09:35 AM <DIR> Common Files 02/07/2008 03:41 PM <DIR> ComPlus Applications 02/08/2008 06:58 AM <DIR> CyberLink 02/10/2008 05:50 PM <DIR> D-Link AirPlus 02/10/2008 07:41 AM <DIR> Grisoft 02/07/2008 04:36 PM <DIR> Internet Explorer 02/07/2008 10:06 AM <DIR> iPod 02/10/2008 05:50 PM <DIR> iTunes 02/08/2008 12:20 PM <DIR> Messenger 02/11/2008 01:54 AM <DIR> Microsoft CAPICOM 2.1.0.2 02/08/2008 07:25 AM <DIR> Microsoft Office 02/08/2008 07:09 AM <DIR> Microsoft Office Communicator 02/08/2008 07:25 AM <DIR> Microsoft Visual Studio 02/08/2008 07:19 AM <DIR> Microsoft Visual Studio 8 02/08/2008 07:25 AM <DIR> Microsoft Works 02/08/2008 07:23 AM <DIR> Microsoft.NET 02/07/2008 03:42 PM <DIR> Movie Maker 02/08/2008 12:20 PM <DIR> Mozilla Firefox 02/07/2008 03:45 PM <DIR> Mozilla Thunderbird 02/08/2008 07:25 AM <DIR> MSBuild 02/07/2008 04:26 PM <DIR> MSN 02/07/2008 03:38 PM <DIR> MSN Gaming Zone 02/07/2008 04:35 PM <DIR> MSXML 4.0 02/07/2008 03:50 PM <DIR> MSXML 6.0 02/08/2008 06:53 AM <DIR> Nero 02/07/2008 03:42 PM <DIR> NetMeeting 02/07/2008 03:41 PM <DIR> Online Services 02/07/2008 03:42 PM <DIR> Outlook Express 02/07/2008 08:09 AM <DIR> Panda Software 02/11/2008 12:06 PM <DIR> PreSonus 02/07/2008 10:05 AM <DIR> QuickTime 02/07/2008 03:52 PM <DIR> Reference Assemblies 02/08/2008 09:18 AM <DIR> Steinberg 02/08/2008 09:16 AM <DIR> Syncrosoft 02/10/2008 08:09 PM <DIR> Trend Micro 02/07/2008 03:45 PM <DIR> VAIOXP 02/08/2008 09:35 AM <DIR> Waves 02/08/2008 09:18 AM <DIR> Windows Media Player 02/07/2008 03:38 PM <DIR> Windows NT 02/10/2008 05:50 PM <DIR> Windows Sidebar 02/08/2008 01:33 AM <DIR> WinRAR 0 File(s) 0 bytes 48 Dir(s) 13,872,934,912 bytes free Volume in drive G is Nouveau nom Volume Serial Number is 8CD3-97DE Directory of G:\Program Files\common files 02/08/2008 09:35 AM <DIR> . 02/08/2008 09:35 AM <DIR> .. 02/08/2008 05:32 AM <DIR> Adobe 02/08/2008 06:53 AM <DIR> Ahead 02/07/2008 10:04 AM <DIR> Apple 02/08/2008 07:24 AM <DIR> DESIGNER 02/08/2008 09:35 AM <DIR> Digidesign 02/07/2008 07:32 AM <DIR> InstallShield 02/08/2008 07:25 AM <DIR> Microsoft Shared 02/07/2008 03:42 PM <DIR> MSSoap 02/07/2008 07:30 AM <DIR> ODBC 02/08/2008 09:35 AM <DIR> PACE Anti-Piracy 02/07/2008 08:09 AM <DIR> Panda Software 02/07/2008 03:42 PM <DIR> Services 02/07/2008 07:30 AM <DIR> SpeechEngines 02/08/2008 07:17 AM <DIR> System 0 File(s) 0 bytes 16 Dir(s) 13,872,930,816 bytes free Volume in drive G is Nouveau nom Volume Serial Number is 8CD3-97DE Directory of G:\ 04/05/2007 04:33 AM 55,808 devcon.exe 05/27/2007 01:08 AM 246,423 DPsFnshr.exe 05/27/2007 01:08 AM 211,039 DSPdsblr.exe 04/05/2007 04:33 AM 20,992 makePNF.exe 04/05/2007 04:33 AM 137,728 mute.exe 05/27/2007 01:08 AM 202,187 pmtimer.exe 6 File(s) 874,177 bytes 0 Dir(s) 13,872,930,816 bytes free Attention : G:\autorun.inf existe [AutoRun] open=dfomzwvoh.exe shellexecute=dfomzwvoh.exe shell\Auto\command=dfomzwvoh.exe shell=Auto [VVflagRun] aabb=kdkfjdkfk1 ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_PAL.tar.gz a l'adresse http://upload.malekal.com
  5. voici le rapport . DiagHelp version v1.4 - http://www.malekal.com excute le Sun 02/10/2008 à 21:02:15.42 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch G:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->2/10/2008 9:02:12 PM G:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->2/10/2008 9:01:39 PM G:\WINDOWS\prefetch\PSIMREAL.EXE-0309E2A1.pf -->2/10/2008 9:00:31 PM G:\WINDOWS\prefetch\AVTASK.EXE-10E61D73.pf -->2/10/2008 8:57:13 PM G:\WINDOWS\prefetch\MSNLIVE.EXE-06BE604C.pf -->2/10/2008 8:27:46 PM G:\WINDOWS\prefetch\REGEDIT.EXE-2AE3423E.pf -->2/10/2008 8:27:18 PM G:\WINDOWS\prefetch\AVCENTER.EXE-05983540.pf -->2/10/2008 8:21:04 PM G:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->2/10/2008 8:12:17 PM G:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->2/10/2008 8:09:37 PM G:\WINDOWS\prefetch\FIREFOX.EXE-1F8015DC.pf -->2/10/2008 8:07:28 PM G:\WINDOWS\System32\drivers\APPFLTR.CFG -->2/10/2008 8:04:24 PM G:\WINDOWS\System32\drivers\APPFCONT.DAT -->2/10/2008 8:03:06 PM G:\WINDOWS\System32\drivers\avipbb.sys -->2/10/2008 4:13:29 AM G:\WINDOWS\System32\drivers\TPkd.sys -->2/8/2008 9:27:14 AM G:\WINDOWS\System32\drivers\iLokDrvr.sys -->2/8/2008 9:27:14 AM G:\WINDOWS\System32\drivers\wnmsav.dat -->2/7/2008 10:09:00 AM G:\WINDOWS\System32\drivers\ShldDrv.sys -->2/7/2008 8:19:41 AM G:\WINDOWS\System32\wpa.dbl -->2/10/2008 3:51:39 AM G:\WINDOWS\System32\LoopyMusic.wav -->2/8/2008 12:21:19 PM G:\WINDOWS\System32\BuzzingBee.wav -->2/8/2008 12:21:19 PM G:\WINDOWS\System32\ilinet.dll -->2/8/2008 9:27:14 AM G:\WINDOWS\System32\FNTCACHE.DAT -->2/8/2008 9:20:54 AM G:\WINDOWS\System32\TZLog.log -->2/7/2008 4:36:22 PM G:\WINDOWS\System32\PavSHook.dll -->2/7/2008 4:00:08 PM G:\WINDOWS\System32\infocardcpl.cpl -->2/7/2008 3:52:28 PM G:\WINDOWS\System32\infocardapi.dll -->2/7/2008 3:52:28 PM G:\WINDOWS\System32\icardres.dll.mui -->2/7/2008 3:52:28 PM G:\WINDOWS\System32\icardres.dll -->2/7/2008 3:52:28 PM G:\WINDOWS\System32\icardagt.exe -->2/7/2008 3:52:28 PM G:\WINDOWS\System32\netfxperf.dll -->2/7/2008 3:51:11 PM G:\WINDOWS\System32\mscories.dll -->2/7/2008 3:51:11 PM G:\WINDOWS\System32\mscorier.dll -->2/7/2008 3:51:11 PM G:\WINDOWS\System32\dfshim.dll -->2/7/2008 3:51:11 PM G:\WINDOWS\System32\$winnt$.inf -->2/7/2008 3:47:09 PM G:\WINDOWS\System32\CONFIG.NT -->2/7/2008 3:45:04 PM G:\WINDOWS\System32\nscompat.tlb -->2/7/2008 3:44:55 PM G:\WINDOWS\System32\amcompat.tlb -->2/7/2008 3:44:55 PM G:\WINDOWS\System32\WindowsLogon.manifest -->2/7/2008 3:43:43 PM G:\WINDOWS\System32\logonui.exe.manifest -->2/7/2008 3:43:43 PM G:\WINDOWS\System32\wuaucpl.cpl.manifest -->2/7/2008 3:43:39 PM G:\WINDOWS\System32\sapi.cpl.manifest -->2/7/2008 3:43:39 PM G:\WINDOWS\System32\nwc.cpl.manifest -->2/7/2008 3:43:39 PM G:\WINDOWS\WindowsUpdate.log -->2/10/2008 8:03:07 PM G:\WINDOWS.log -->2/10/2008 8:01:46 PM G:\WINDOWS\QTFont.qfn -->2/10/2008 8:00:46 PM G:\WINDOWS\bootstat.dat -->2/10/2008 7:59:16 PM G:\WINDOWS\ntbtlog.txt -->2/10/2008 7:14:52 PM G:\WINDOWS\wiaservc.log -->2/10/2008 7:13:42 PM G:\WINDOWS\wiadebug.log -->2/10/2008 7:13:42 PM G:\WINDOWS\SchedLgU.Txt -->2/10/2008 7:13:42 PM G:\WINDOWS\ALCFDRTM.VER -->2/10/2008 4:11:48 AM G:\WINDOWS\iis6.log -->2/8/2008 5:04:43 PM G:\WINDOWS\tsoc.log -->2/8/2008 5:04:42 PM G:\WINDOWS\tabletoc.log -->2/8/2008 5:04:42 PM G:\WINDOWS\ocmsn.log -->2/8/2008 5:04:42 PM G:\WINDOWS\ocgen.log -->2/8/2008 5:04:42 PM G:\WINDOWS\ntdtcsetup.log -->2/8/2008 5:04:42 PM winlogon.exe svchost.exe ws2_32.dll user32.dll tcpip.sys ndis.sys null.sys ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 380 Command line: G:\WINDOWS\Explorer.EXE Base Size Version Path 0x77c10000 0x58000 7.00.2600.3085 G:\WINDOWS\system32\msvcrt.dll 0x42c10000 0xcf000 7.00.6000.20696 G:\WINDOWS\system32\WININET.dll 0x00550000 0x9000 6.00.5441.0000 G:\WINDOWS\system32\Normaliz.dll 0x42990000 0x45000 7.00.6000.20696 G:\WINDOWS\system32\iertutil.dll 0x5d090000 0x9a000 5.82.2900.2982 G:\WINDOWS\system32\comctl32.dll 0x50260000 0x40000 7.00.0000.0000 G:\WINDOWS\SYSTEM32\PAVSHOOK.DLL 0x50460000 0xf000 7.00.0000.0000 G:\WINDOWS\system32\pavipc.dll 0x50060000 0x22000 7.00.0000.0000 G:\WINDOWS\system32\TpUtil.dll 0x7c3a0000 0x7b000 7.10.3077.0000 G:\WINDOWS\system32\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 G:\WINDOWS\system32\MSVCR71.dll 0x66600000 0x1d000 2.00.0000.0000 G:\WINDOWS\system32\systools.dll 0x76fd0000 0x7f000 2001.12.4414.0312 G:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 2001.12.4414.0258 G:\WINDOWS\system32\COMRes.dll 0x661c0000 0x21d000 12.00.4518.1014 G:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL 0x68ef0000 0xf1000 12.00.4518.1014 G:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL 0x78130000 0x9b000 8.00.50727.0762 G:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x68ff0000 0x7000 12.00.4518.1014 G:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL 0x7c630000 0x1b000 8.00.50727.0762 G:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL 0x65e30000 0x37000 12.00.4518.1014 G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL 0x42cf0000 0x127000 7.00.6000.20696 G:\WINDOWS\system32\urlmon.dll 0x74980000 0x113000 8.90.1101.0000 G:\WINDOWS\system32\MSXML3.DLL 0x42e40000 0x3c000 7.00.6000.20696 G:\WINDOWS\system32\webcheck.dll 0x42ef0000 0x5cd000 7.00.6000.20696 G:\WINDOWS\system32\IEFRAME.dll 0x7d1e0000 0x2be000 3.01.4000.4039 G:\WINDOWS\system32\msi.dll 0x76b20000 0x11000 3.05.2284.0000 G:\WINDOWS\system32\ATL.DLL 0x66b40000 0x17d000 12.00.4518.1014 G:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL 0x10000000 0x5b000 8.01.0000.0000 G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 0x012d0000 0x13000 7.05.0001.0036 G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x01e40000 0x10000 8.00.0000.0456 G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x027b0000 0xe1000 12.00.4518.1014 G:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll 0x4b400000 0x86000 5.41.0015.1514 G:\WINDOWS\system32\MSFTEDIT.DLL 0x74320000 0x3d000 3.525.1117.0000 G:\WINDOWS\system32\ODBC32.dll 0x02ac0000 0x17000 3.525.1117.0000 G:\WINDOWS\system32\odbcint.dll 0x6bd10000 0x10000 12.00.4518.1014 G:\Program Files\Microsoft Office\Office12\msohevi.dll 0x02e50000 0x2e000 G:\Program Files\WinRAR\rarext.dll 0x01ff0000 0x11000 7.00.0000.0010 G:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x03280000 0x102000 7.10.3077.0000 G:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x6cc70000 0x171000 6.00.2600.0000 G:\WINDOWS\system32\diskcopy.dll 0x03390000 0x21000 6.01.0002.0000 G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL 0x3ec60000 0x18000 5.12.0001.0000 G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PSWLabel.dll 0x3ec90000 0x10a000 6.01.0001.0000 G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PSWLRes.dll 0x033e0000 0x41000 6.05.0003.0000 G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TitCfg.dll 0x03540000 0x2a000 7.05.0001.0036 G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll 0x036a0000 0x12000 1.00.0000.0001 G:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 972 Command line: winlogon.exe Base Size Version Path 0x01000000 0x80000 \??\G:\WINDOWS\system32\winlogon.exe 0x77c10000 0x58000 7.00.2600.3085 G:\WINDOWS\system32\msvcrt.dll 0x5d090000 0x9a000 5.82.2900.2982 G:\WINDOWS\system32\COMCTL32.dll 0x74320000 0x3d000 3.525.1117.0000 G:\WINDOWS\system32\ODBC32.dll 0x20000000 0x17000 3.525.1117.0000 G:\WINDOWS\system32\odbcint.dll 0x50260000 0x40000 7.00.0000.0000 G:\WINDOWS\SYSTEM32\PAVSHOOK.DLL 0x50460000 0xf000 7.00.0000.0000 G:\WINDOWS\system32\pavipc.dll 0x50060000 0x22000 7.00.0000.0000 G:\WINDOWS\system32\TpUtil.dll 0x7c3a0000 0x7b000 7.10.3077.0000 G:\WINDOWS\system32\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 G:\WINDOWS\system32\MSVCR71.dll 0x66600000 0x1d000 2.00.0000.0000 G:\WINDOWS\system32\systools.dll 0x10000000 0x20000 6.14.0010.4175 G:\WINDOWS\system32\Ati2evxx.dll 0x00e70000 0xc000 2.00.1840.0001 G:\WINDOWS\system32\avldr.dll 0x77050000 0xc5000 2001.12.4414.0258 G:\WINDOWS\system32\COMRes.dll 0x76fd0000 0x7f000 2001.12.4414.0312 G:\WINDOWS\system32\CLBCATQ.DLL Volume in drive G is Nouveau nom Volume Serial Number is 8CD3-97DE Directory of G:\WINDOWS\system32 10/13/2007 04:03 AM 6,144 csrss.exe 1 File(s) 6,144 bytes
  6. Ok je le fai de suite , merci de votre patiente et votre aide
  7. re BONSOIR Voici les 2 nouveau rapports RAPPORT Antivir AntiVir PersonalEdition Classic Report file date: Sunday, February 10, 2008 19:16 Scanning for 1096761 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Admin Computer name: PAL Version information: BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 22:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 21:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 8/15/2007 00:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 21:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 23:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 12:13:29 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2/8/2008 12:13:29 ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 2/8/2008 12:13:29 AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2/10/2008 12:13:29 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 19:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 16:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 2/10/2008 12:13:29 AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 16:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 21:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 16:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 20:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 21:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 21:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 18:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: G:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Sunday, February 10, 2008 19:16 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avconfig.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 13 processes with 13 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Master boot sector HD1 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0083 Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '45' files ). Starting the file scan: Begin scan in 'C:\' C:\RECYCLER\S-1-5-21-1844237615-1060284298-682003330-1003\Dc2.rar [0] Archive type: RAR --> oi0Xx5M.com [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen [iNFO] The file was deleted! Begin scan in 'D:\' Begin scan in 'E:\' Begin scan in 'F:\' Search path F:\ could not be opened! The device is not ready. Begin scan in 'G:\' <Nouveau nom> G:\pagefile.sys [WARNING] The file could not be opened! End of the scan: Sunday, February 10, 2008 19:57 Used time: 40:36 min The scan has been done completely. 7989 Scanning directories 213917 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 1 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 213916 Files not concerned 1949 Archives were scanned 1 Warnings 174 Notes Rapport HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:09:43 PM, on 2/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\csrss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\Explorer.EXE g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE G:\WINDOWS\system32\spoolsv.exe G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe G:\Program Files\ATI Technologies\ATI.ACE\cli.exe G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe G:\Program Files\iTunes\iTunesHelper.exe G:\WINDOWS\SOUNDMAN.EXE G:\Program Files\Bonjour\mDNSResponder.exe G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe G:\WINDOWS\system32\ctfmon.exe G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe G:\Program Files\Windows Sidebar\sidebar.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe G:\Program Files\Messenger\msmsgs.exe G:\WINDOWS\system32\wdfmgr.exe G:\Program Files\D-Link AirPlus\AirPlus.exe G:\Program Files\iPod\bin\iPodService.exe G:\WINDOWS\System32\alg.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe G:\WINDOWS\system32\wuauclt.exe G:\PROGRA~1\MOZILL~2\FIREFOX.EXE G:\Program Files\Trend Micro\HijackThis\HijackThis.exe G:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector/?p...te&lang=fre R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [MDM Rock 4] G:\WINDOWS\system32\vakvygnid.exe O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "G:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe -- End of file - 9987 bytes
  8. voici les rapport Rapport ANITIVIR AntiVir PersonalEdition Classic Report file date: Sunday, February 10, 2008 04:40 Scanning for 1096761 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Admin Computer name: PAL Version information: BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 22:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 21:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 8/15/2007 00:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 21:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 23:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 12:13:29 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2/8/2008 12:13:29 ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 2/8/2008 12:13:29 AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2/10/2008 12:13:29 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 19:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 16:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 2/10/2008 12:13:29 AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 16:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 21:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 16:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 20:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 21:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 21:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 18:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: G:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Sunday, February 10, 2008 04:40 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Master boot sector HD1 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0083 Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '47' files ). Starting the file scan: Begin scan in 'C:\' C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1c8.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 D6#1\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1cc.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 JAZZ S+F\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49966bcd.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 JIMMYSLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1d0.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 R+B FAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1d2.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 SCASE RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1d3.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1JAZF+FULLF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1d6.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1JAZS+FULLS\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1d7.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1POPS+FULLS\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1d9.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 D6#2\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1db.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 FULL S+F\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1dc.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 JIMMYFAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49966bdd.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 MARK1\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1dd.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 MARK1 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1df.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 ROCK1SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1e2.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2R+BF+FULLF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49966be3.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2R+BF+SWISH\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1e3.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2ROK1S+FULF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1e5.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 D6#3\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1e6.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 JAZZ SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49966be7.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 JIMMY S+F\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1e7.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 MARK2\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1e9.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 MARK2 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1eb.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 ROCK2 S+F\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1ed.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 ROCK2SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1ee.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3JAZF+SWISH\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1f0.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3JAZS+SWISH\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1f1.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 D6#4\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1f3.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 JAZZ FAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49966bf4.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 ROCK2FAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1f5.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 WURLI RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1f6.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 WURLITZER\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1f7.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4JAZF+JIMYF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1f8.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4POPS+FULLF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1fa.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4POPS+SWISH\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1fb.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 D6#5\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1fe.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 DRYCOMBIS\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f1ff.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 ROCK3SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f202.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 SWISHFAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49966803.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5ROK3S+FULF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f204.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 D6#6\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f205.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 FULL SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f208.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 POP SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49966809.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 D6#1 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f20a.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 DRYORGANS\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f20c.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 FULL FAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f20f.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE8 D6#2 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49966810.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE9 D6#3 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f210.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\10 D6#4 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49966811.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\11 D6#5 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f211.qua'! C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\12 D6#6 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f212.qua'! C:\back up\Samples\source\DrumKits\Vintage Machinez 1\Vintage Machinez 1\pics\VintageDrumz1-ReadMe.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '481cf275.qua'! C:\classik\videos.rar [0] Archive type: RAR --> oi0Xx5M.com [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 16001 [WARNING] Failed! C:\LOGICIEL- PLUG( RAR)\VSTi - Spectrasonics - Atmosphere & Stylus- Keygen.zip [0] Archive type: ZIP --> Atmosphere keygen.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was moved to '4802f4d1.qua'! C:\LOGICIEL- PLUG( RAR)\IZotope.Ozone.DX.VST.RTAS.v3.07.incl.KeyGen-H2O\h-oz307.r02 [0] Archive type: RAR --> ozone_keygen.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was moved to '481df4b3.qua'! C:\LOGICIEL- PLUG( RAR)\IZotope.Ozone.DX.VST.RTAS.v3.07.incl.KeyGen-H2O\h-oz307d.zip [0] Archive type: ZIP --> h-oz307.r02 [1] Archive type: RAR --> ozone_keygen.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was moved to '481df4b4.qua'! C:\LOGICIEL- PLUG( RAR)\IZotope.Ozone.DX.VST.RTAS.v3.07.incl.KeyGen-H2O\ozone_keygen.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was moved to '481df501.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\How To Install.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4825f4f7.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Read Me First.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '480ff4ed.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Channel Mixer Presets\Channel Mixer Read Me.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '480ff516.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Custom File Info Panels\File Info Panels Read Me.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '481af517.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\Ditherbox\Ditherbox Read Me.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4822f518.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\Ffactory\Filter Factory Read Me.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '481af518.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About Alias Format.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '481df511.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About ElectricImage Format.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '481df512.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About IFF Format.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '499c8f0b.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About RLA Format.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '481df514.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About SGI RGB Format.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '499c8f0d.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About SoftImage Format.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '481df513.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\Photoshop Only\File Formats\File Formats Read Me.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '481af51a.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\Photoshop Only\HSBHSL\HSBHSL Read Me.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '47f0f504.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\Registry Keys Read Me.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4815f517.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Textures for Lighting Effects\Textures Read Me.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4826f519.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\WPG Templates Read Me.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '47f5f505.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\FrameSet.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '480ff527.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\indexPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4812f523.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\SubPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4810f52b.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Dark\FrameSet.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '480ff528.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Dark\indexPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4812f524.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Dark\SubPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49918f34.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Frame\FrameSet.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '480ff529.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Frame\IndexPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4812f525.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Frame\SubPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4810f52c.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Light\FrameSet.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '498e8f32.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Light\indexPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49938f3e.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Light\SubPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4810f52d.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Patterned\FrameSet.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '480ff52a.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Patterned\indexPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4812f526.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Patterned\SubPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49918f36.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Table\IndexPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4812f527.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Table\SubPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4810f52e.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Table - Blue\indexPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49938f30.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Table - Blue\SubPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49918f37.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Frame\FrameSet.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '480ff52c.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Frame\IndexPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4812f528.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Frame\SubPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4810f52f.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\FrameSet.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '498e8f35.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\indexPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4812f529.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\SubPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4810f530.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\FrameSet.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '480ff52d.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\indexPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49938f32.qua'! C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\SubPage.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4810f531.qua'! C:\Mes fichiers reçus\Downloads\ozone_keygen.exe [DETECTION] Contains detection pattern of the Windows virus W32/Virut.AO [iNFO] The file was moved to '481df54c.qua'! C:\WINDOWS\sd\dllcache\conf.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '481cf5a5.qua'! C:\WINDOWS\sd\dllcache\icwconn2.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '4825f5a3.qua'! C:\WINDOWS\sd\dllcache\icwtutor.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '4825f5a4.qua'! C:\WINDOWS\sd\dllcache\mnmsrvc.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '481bf5b7.qua'! C:\WINDOWS\sd\dllcache\ss3dfo.scr [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '47e1f5cd.qua'! C:\WINDOWS\sd\dllcache\ssflwbox.scr [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '4814f5cd.qua'! C:\WINDOWS\sd\dllcache\sspipes.scr [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '481ef5ce.qua'! C:\WINDOWS\sd\dllcache\sstext3d.scr [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '4822f5ce.qua'! Begin scan in 'D:\' D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f604.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 D6#1\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f606.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 JAZZ S+F\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f607.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 JIMMYSLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f608.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 R+B FAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f609.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 SCASE RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f60a.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1JAZF+FULLF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f60b.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1JAZS+FULLS\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f60d.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1POPS+FULLS\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f60e.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 D6#2\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f60f.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 FULL S+F\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f610.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 JIMMYFAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '499689b1.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 MARK1\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f611.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 MARK1 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f612.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 ROCK1SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f614.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2R+BF+FULLF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '499689b5.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2R+BF+SWISH\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f615.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2ROK1S+FULF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f616.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 D6#3\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f617.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 JAZZ SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '499689b8.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 JIMMY S+F\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f618.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 MARK2\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f619.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 MARK2 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f61a.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 ROCK2 S+F\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f61b.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 ROCK2SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f61d.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3JAZF+SWISH\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f61e.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3JAZS+SWISH\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f61f.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 D6#4\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f620.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 JAZZ FAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49968981.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 ROCK2FAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f621.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 WURLI RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f622.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 WURLITZER\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f623.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4JAZF+JIMYF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f624.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4POPS+FULLF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f625.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4POPS+SWISH\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f626.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 D6#5\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f627.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 DRYCOMBIS\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f628.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 ROCK3SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f62a.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 SWISHFAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4996898b.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5ROK3S+FULF\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f62b.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 D6#6\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f62c.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 FULL SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f62e.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 POP SLOW\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4996898f.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 D6#1 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f62f.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 DRYORGANS\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f630.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 FULL FAST\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f631.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE8 D6#2 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f632.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE9 D6#3 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49968993.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\10 D6#4 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f634.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\11 D6#5 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '4814f633.qua'! D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\12 D6#6 RD\info.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '49968994.qua'! D:\back up\Samples\source\DrumKits\Vintage Machinez 1\Vintage Machinez 1\pics\VintageDrumz1-ReadMe.htm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '481cf65e.qua'! D:\save d\Micheal JACKSON.rar [0] Archive type: RAR --> r58B46y.com [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 16001 [WARNING] Failed! D:\save d\Bureau\bureau new\izotop\h-oz307.r02 [0] Archive type: RAR --> ozone_keygen.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was moved to '481df768.qua'! D:\save d\Bureau\bureau new\izotop\h-oz307d.zip [0] Archive type: ZIP --> h-oz307.r02 [1] Archive type: RAR --> ozone_keygen.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was moved to '481df769.qua'! D:\save d\Bureau\bureau new\izotop\ozone_keygen.exe [DETECTION] Contains detection pattern of the Windows virus W32/Virut.AO [iNFO] The file was moved to '481df7b6.qua'! D:\save d\my received files\nibat2kg.exe [DETECTION] Contains detection pattern of the Windows virus W32/Virut.AO [iNFO] The file was moved to '4810f7c4.qua'! D:\save d\my received files\Native.Instruments.Battery.VSTi.DXi.RTAS.v2.1.incl.KeyGen-H2O\nibat2kg.exe [DETECTION] Contains detection pattern of the Windows virus W32/Virut.AO [iNFO] The file was moved to '4810f7d0.qua'! Begin scan in 'E:\' Begin scan in 'F:\' Search path F:\ could not be opened! The device is not ready. Begin scan in 'G:\' <Nouveau nom> G:\pagefile.sys [WARNING] The file could not be opened! G:\Documents and Settings\All Users\Desktop\Keys\Firegraphic 8.5.811\KeyGen\Keygen.exe [DETECTION] Is the Trojan horse TR/Agent.1071931 [iNFO] The file was moved to '4827f937.qua'! End of the scan: Sunday, February 10, 2008 05:28 Used time: 48:07 min The scan has been done completely. 8884 Scanning directories 260311 Files were scanned 13 viruses and/or unwanted programs were found 157 Files were classified as suspicious: 0 files were deleted 0 files were repaired 168 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 260298 Files not concerned 1846 Archives were scanned 3 Warnings 191 Notes RAPORT HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 5:36:36 PM, on 2/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\csrss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\Explorer.EXE g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE G:\WINDOWS\system32\spoolsv.exe G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe G:\Program Files\ATI Technologies\ATI.ACE\cli.exe G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe G:\Program Files\iTunes\iTunesHelper.exe G:\WINDOWS\SOUNDMAN.EXE G:\Program Files\Bonjour\mDNSResponder.exe G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe G:\WINDOWS\system32\ctfmon.exe G:\Program Files\Windows Sidebar\sidebar.exe G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe G:\WINDOWS\system32\wdfmgr.exe G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe G:\Program Files\D-Link AirPlus\AirPlus.exe G:\Program Files\iPod\bin\iPodService.exe G:\WINDOWS\System32\alg.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe G:\WINDOWS\system32\wbem\wmiprvse.exe G:\WINDOWS\system32\wuauclt.exe G:\WINDOWS\system32\wbem\wmiprvse.exe G:\WINDOWS\system32\wuauclt.exe C:\Hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector/?p...te&lang=fre R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [MDM Rock 4] G:\WINDOWS\system32\vakvygnid.exe O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "G:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: g:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - G:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: avldr - G:\WINDOWS\SYSTEM32\avldr.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
  9. bin en fait , mon pc ramai enormement , et g pu remarker ke mon UC etai toujours a 100% . Dc g suivi la procedure de netoyage indiquer sur un post pour le mm problm , et g poster mon scan , pour savoir koi faire . La, mon UC nes plus tou le temps a 100 % , min le pc rame toujours autan , mm si je suis juste sur msn .
  10. ha ok m jmy connai pa du tt , merci pour la reponse je vai voir si le nettoyage a suffit a regler mon problm
  11. slt tt le monde , mon uc est toujours a 100% , g lu et suivi les instruction conseiller sur ce problm {nettoyage en mode sans echec avec antivir } , dc je pose mon rapport hijackthis , en esperant de laide ps.... le processus qui utilise 99% "System Idle process" etai la en mode sans echec aussi Logfile of HijackThis v1.99.1 Scan saved at 4:48:23 AM, on 2/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\csrss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\Explorer.EXE g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE G:\WINDOWS\system32\spoolsv.exe G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe G:\Program Files\Bonjour\mDNSResponder.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe G:\WINDOWS\System32\alg.exe G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe G:\Program Files\ATI Technologies\ATI.ACE\cli.exe G:\Program Files\iTunes\iTunesHelper.exe G:\WINDOWS\SOUNDMAN.EXE G:\WINDOWS\system32\ctfmon.exe G:\WINDOWS\system32\wuauclt.exe G:\Program Files\iPod\bin\iPodService.exe G:\WINDOWS\system32\wbem\wmiprvse.exe G:\PROGRA~1\MOZILL~2\FIREFOX.EXE G:\WINDOWS\system32\wscntfy.exe G:\Documents and Settings\Admin\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector/?p...te&lang=fre R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [MDM Rock 4] G:\WINDOWS\system32\vakvygnid.exe O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: g:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O20 - Winlogon Notify: avldr - G:\WINDOWS\SYSTEM32\avldr.dll O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
×
×
  • Créer...