Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

rapport HIJACKTHIS pour UC a 100%

shaolin

Par shaolin
dans Analyses et éradication malwares

 Partager

Messages recommandés

shaolin Junior Member

shaolin

Posté(e)
Posté(e)

slt tt le monde , mon uc est toujours a 100% , g lu et suivi les instruction conseiller sur ce problm {nettoyage en mode sans echec avec antivir } , dc je pose mon rapport hijackthis , en esperant de laide

ps.... le processus qui utilise 99% "System Idle process" etai la en mode sans echec aussi

 

Logfile of HijackThis v1.99.1

Scan saved at 4:48:23 AM, on 2/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)

 

Running processes:

G:\WINDOWS\System32\smss.exe

G:\WINDOWS\system32\csrss.exe

G:\WINDOWS\system32\winlogon.exe

G:\WINDOWS\system32\services.exe

G:\WINDOWS\system32\lsass.exe

G:\WINDOWS\system32\Ati2evxx.exe

G:\WINDOWS\system32\svchost.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

G:\WINDOWS\system32\svchost.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

G:\WINDOWS\System32\svchost.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\system32\Ati2evxx.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\Explorer.EXE

g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

G:\WINDOWS\system32\spoolsv.exe

G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

G:\Program Files\Bonjour\mDNSResponder.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

G:\WINDOWS\System32\alg.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe

G:\Program Files\ATI Technologies\ATI.ACE\cli.exe

G:\Program Files\iTunes\iTunesHelper.exe

G:\WINDOWS\SOUNDMAN.EXE

G:\WINDOWS\system32\ctfmon.exe

G:\WINDOWS\system32\wuauclt.exe

G:\Program Files\iPod\bin\iPodService.exe

G:\WINDOWS\system32\wbem\wmiprvse.exe

G:\PROGRA~1\MOZILL~2\FIREFOX.EXE

G:\WINDOWS\system32\wscntfy.exe

G:\Documents and Settings\Admin\Desktop\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector/?p...te&lang=fre

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [MDM Rock 4] G:\WINDOWS\system32\vakvygnid.exe

O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe

O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: D-Link AirPlus.lnk = ?

O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe

O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: g:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O20 - Winlogon Notify: avldr - G:\WINDOWS\SYSTEM32\avldr.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

Lien vers le commentaire
Partager sur d’autres sites

shaolin Junior Member

shaolin

Posté(e)
  • Auteur
Posté(e)
Bonsoir,

 

Mais vous n'avez pas dit quel est votre problème .

 

 

bin en fait , mon pc ramai enormement , et g pu remarker ke mon UC etai toujours a 100% .

Dc g suivi la procedure de netoyage indiquer sur un post pour le mm problm , et g poster mon scan , pour savoir koi faire .

La, mon UC nes plus tou le temps a 100 % , min le pc rame toujours autan , mm si je suis juste sur msn .

Lien vers le commentaire
Partager sur d’autres sites
pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

 

Télécharger Antivir ( http://www.free-av.com ).

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

--- Ce tutorial permet de le paramétrer aisément

 

Désactivez votre antivirus actuel

 

Redémarrez en mode sans échec.

 

Lancez le scan

 

Postez le rapport

 

Télécharger puis installer AVG Anti-Spyware (AVG AS)

http://www.ewido.net/en/download/

Une fois AVG AS lancé, cliquer sur "Mise à jour"

Fermer le programme.

 

Redémarrer en mode sans échec

 

Relancer AVG AS puis choisir l'onglet "Analyse"

Puis l'onglet "Paramètres

Sous la question "Comment réagir ?", cliquer sur "Actions recommandées"et choisir"Quarantaine"

Re-cliquer sur l'onglet "Analyse" puis réaliser une "Analyse complète du système"

 

/!\ Si un fichier est infecté détécté en fin d'analyse /!\

Cliquer sur "Appliquer toutes les actions "

 

Cliquer sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"

Enregistrer ce fichier texte sur le bureau.

 

Redémarrer normalement

Copier/Coller le rapport ici.

 

Et un nouveau rapport Hijackthis

Lien vers le commentaire
Partager sur d’autres sites
shaolin Junior Member

shaolin

Posté(e)
  • Auteur
Posté(e)

voici les rapport

 

Rapport ANITIVIR

 

 

AntiVir PersonalEdition Classic

Report file date: Sunday, February 10, 2008 04:40

 

Scanning for 1096761 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Admin

Computer name: PAL

 

Version information:

BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 22:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 21:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 8/15/2007 00:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 21:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 23:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 12:13:29

ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2/8/2008 12:13:29

ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 2/8/2008 12:13:29

AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2/10/2008 12:13:29

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 19:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 16:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 2/10/2008 12:13:29

AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 16:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 21:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 16:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 20:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 21:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 21:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 18:37:21

 

Configuration settings for the scan:

Jobname..........................: Manual Selection

Configuration file...............: G:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: G:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: Sunday, February 10, 2008 04:40

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

Master boot sector HD1

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0083

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

Boot sector 'G:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '47' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1c8.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 D6#1\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1cc.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 JAZZ S+F\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49966bcd.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 JIMMYSLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1d0.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 R+B FAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1d2.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 SCASE RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1d3.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1JAZF+FULLF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1d6.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1JAZS+FULLS\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1d7.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1POPS+FULLS\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1d9.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 D6#2\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1db.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 FULL S+F\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1dc.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 JIMMYFAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49966bdd.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 MARK1\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1dd.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 MARK1 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1df.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 ROCK1SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1e2.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2R+BF+FULLF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49966be3.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2R+BF+SWISH\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1e3.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2ROK1S+FULF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1e5.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 D6#3\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1e6.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 JAZZ SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49966be7.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 JIMMY S+F\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1e7.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 MARK2\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1e9.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 MARK2 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1eb.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 ROCK2 S+F\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1ed.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 ROCK2SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1ee.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3JAZF+SWISH\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1f0.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3JAZS+SWISH\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1f1.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 D6#4\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1f3.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 JAZZ FAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49966bf4.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 ROCK2FAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1f5.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 WURLI RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1f6.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 WURLITZER\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1f7.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4JAZF+JIMYF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1f8.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4POPS+FULLF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1fa.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4POPS+SWISH\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1fb.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 D6#5\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1fe.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 DRYCOMBIS\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f1ff.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 ROCK3SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f202.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 SWISHFAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49966803.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5ROK3S+FULF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f204.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 D6#6\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f205.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 FULL SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f208.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 POP SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49966809.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 D6#1 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f20a.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 DRYORGANS\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f20c.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 FULL FAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f20f.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE8 D6#2 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49966810.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE9 D6#3 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f210.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\10 D6#4 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49966811.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\11 D6#5 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f211.qua'!

C:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\12 D6#6 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f212.qua'!

C:\back up\Samples\source\DrumKits\Vintage Machinez 1\Vintage Machinez 1\pics\VintageDrumz1-ReadMe.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '481cf275.qua'!

C:\classik\videos.rar

[0] Archive type: RAR

--> oi0Xx5M.com

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16001

[WARNING] Failed!

C:\LOGICIEL- PLUG( RAR)\VSTi - Spectrasonics - Atmosphere & Stylus- Keygen.zip

[0] Archive type: ZIP

--> Atmosphere keygen.exe

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file

[iNFO] The file was moved to '4802f4d1.qua'!

C:\LOGICIEL- PLUG( RAR)\IZotope.Ozone.DX.VST.RTAS.v3.07.incl.KeyGen-H2O\h-oz307.r02

[0] Archive type: RAR

--> ozone_keygen.exe

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file

[iNFO] The file was moved to '481df4b3.qua'!

C:\LOGICIEL- PLUG( RAR)\IZotope.Ozone.DX.VST.RTAS.v3.07.incl.KeyGen-H2O\h-oz307d.zip

[0] Archive type: ZIP

--> h-oz307.r02

[1] Archive type: RAR

--> ozone_keygen.exe

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file

[iNFO] The file was moved to '481df4b4.qua'!

C:\LOGICIEL- PLUG( RAR)\IZotope.Ozone.DX.VST.RTAS.v3.07.incl.KeyGen-H2O\ozone_keygen.exe

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file

[iNFO] The file was moved to '481df501.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\How To Install.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4825f4f7.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Read Me First.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '480ff4ed.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Channel Mixer Presets\Channel Mixer Read Me.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '480ff516.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Custom File Info Panels\File Info Panels Read Me.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '481af517.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\Ditherbox\Ditherbox Read Me.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4822f518.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\Ffactory\Filter Factory Read Me.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '481af518.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About Alias Format.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '481df511.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About ElectricImage Format.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '481df512.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About IFF Format.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '499c8f0b.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About RLA Format.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '481df514.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About SGI RGB Format.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '499c8f0d.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\File Format\About SoftImage Format.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '481df513.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\Photoshop Only\File Formats\File Formats Read Me.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '481af51a.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\Photoshop Only\HSBHSL\HSBHSL Read Me.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '47f0f504.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\Registry Keys Read Me.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4815f517.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Textures for Lighting Effects\Textures Read Me.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4826f519.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\WPG Templates Read Me.html

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '47f5f505.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\FrameSet.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '480ff527.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\indexPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4812f523.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\SubPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4810f52b.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Dark\FrameSet.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '480ff528.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Dark\indexPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4812f524.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Dark\SubPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49918f34.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Frame\FrameSet.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '480ff529.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Frame\IndexPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4812f525.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Frame\SubPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4810f52c.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Light\FrameSet.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '498e8f32.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Light\indexPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49938f3e.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Light\SubPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4810f52d.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Patterned\FrameSet.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '480ff52a.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Patterned\indexPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4812f526.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Horizontal Patterned\SubPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49918f36.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Table\IndexPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4812f527.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Table\SubPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4810f52e.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Table - Blue\indexPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49938f30.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Table - Blue\SubPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49918f37.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Frame\FrameSet.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '480ff52c.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Frame\IndexPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4812f528.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Frame\SubPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4810f52f.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\FrameSet.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '498e8f35.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\indexPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4812f529.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\SubPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4810f530.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\FrameSet.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '480ff52d.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\indexPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49938f32.qua'!

C:\LOGICIEL- PLUG( RAR)\PHOTOSHOP CS2 V9.0 MULTILANGUAGE + KEYGEN\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\SubPage.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4810f531.qua'!

C:\Mes fichiers reçus\Downloads\ozone_keygen.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AO

[iNFO] The file was moved to '481df54c.qua'!

C:\WINDOWS\sd\dllcache\conf.exe

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '481cf5a5.qua'!

C:\WINDOWS\sd\dllcache\icwconn2.exe

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4825f5a3.qua'!

C:\WINDOWS\sd\dllcache\icwtutor.exe

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4825f5a4.qua'!

C:\WINDOWS\sd\dllcache\mnmsrvc.exe

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '481bf5b7.qua'!

C:\WINDOWS\sd\dllcache\ss3dfo.scr

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '47e1f5cd.qua'!

C:\WINDOWS\sd\dllcache\ssflwbox.scr

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4814f5cd.qua'!

C:\WINDOWS\sd\dllcache\sspipes.scr

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '481ef5ce.qua'!

C:\WINDOWS\sd\dllcache\sstext3d.scr

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4822f5ce.qua'!

Begin scan in 'D:\'

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f604.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 D6#1\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f606.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 JAZZ S+F\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f607.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 JIMMYSLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f608.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 R+B FAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f609.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1 SCASE RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f60a.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1JAZF+FULLF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f60b.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1JAZS+FULLS\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f60d.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE1POPS+FULLS\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f60e.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 D6#2\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f60f.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 FULL S+F\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f610.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 JIMMYFAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '499689b1.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 MARK1\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f611.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 MARK1 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f612.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2 ROCK1SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f614.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2R+BF+FULLF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '499689b5.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2R+BF+SWISH\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f615.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE2ROK1S+FULF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f616.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 D6#3\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f617.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 JAZZ SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '499689b8.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 JIMMY S+F\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f618.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 MARK2\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f619.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 MARK2 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f61a.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 ROCK2 S+F\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f61b.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3 ROCK2SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f61d.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3JAZF+SWISH\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f61e.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE3JAZS+SWISH\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f61f.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 D6#4\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f620.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 JAZZ FAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49968981.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 ROCK2FAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f621.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 WURLI RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f622.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4 WURLITZER\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f623.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4JAZF+JIMYF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f624.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4POPS+FULLF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f625.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE4POPS+SWISH\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f626.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 D6#5\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f627.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 DRYCOMBIS\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f628.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 ROCK3SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f62a.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5 SWISHFAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4996898b.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE5ROK3S+FULF\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f62b.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 D6#6\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f62c.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 FULL SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f62e.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE6 POP SLOW\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4996898f.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 D6#1 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f62f.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 DRYORGANS\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f630.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE7 FULL FAST\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f631.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE8 D6#2 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f632.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE9 D6#3 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49968993.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\10 D6#4 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f634.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\11 D6#5 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '4814f633.qua'!

D:\back up\Samples\source\AKAI(Wizoo)Rhodes MKII & Suitcase -Hammond B3-Wurlitzer Piano-Hohner clav1 SUITCASE\12 D6#6 RD\info.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '49968994.qua'!

D:\back up\Samples\source\DrumKits\Vintage Machinez 1\Vintage Machinez 1\pics\VintageDrumz1-ReadMe.htm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '481cf65e.qua'!

D:\save d\Micheal JACKSON.rar

[0] Archive type: RAR

--> r58B46y.com

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16001

[WARNING] Failed!

D:\save d\Bureau\bureau new\izotop\h-oz307.r02

[0] Archive type: RAR

--> ozone_keygen.exe

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file

[iNFO] The file was moved to '481df768.qua'!

D:\save d\Bureau\bureau new\izotop\h-oz307d.zip

[0] Archive type: ZIP

--> h-oz307.r02

[1] Archive type: RAR

--> ozone_keygen.exe

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file

[iNFO] The file was moved to '481df769.qua'!

D:\save d\Bureau\bureau new\izotop\ozone_keygen.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AO

[iNFO] The file was moved to '481df7b6.qua'!

D:\save d\my received files\nibat2kg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AO

[iNFO] The file was moved to '4810f7c4.qua'!

D:\save d\my received files\Native.Instruments.Battery.VSTi.DXi.RTAS.v2.1.incl.KeyGen-H2O\nibat2kg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AO

[iNFO] The file was moved to '4810f7d0.qua'!

Begin scan in 'E:\'

Begin scan in 'F:\'

Search path F:\ could not be opened!

The device is not ready.

 

Begin scan in 'G:\' <Nouveau nom>

G:\pagefile.sys

[WARNING] The file could not be opened!

G:\Documents and Settings\All Users\Desktop\Keys\Firegraphic 8.5.811\KeyGen\Keygen.exe

[DETECTION] Is the Trojan horse TR/Agent.1071931

[iNFO] The file was moved to '4827f937.qua'!

 

 

End of the scan: Sunday, February 10, 2008 05:28

Used time: 48:07 min

 

The scan has been done completely.

 

8884 Scanning directories

260311 Files were scanned

13 viruses and/or unwanted programs were found

157 Files were classified as suspicious:

0 files were deleted

0 files were repaired

168 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

260298 Files not concerned

1846 Archives were scanned

3 Warnings

191 Notes

 

 

 

 

 

RAPORT HIJACKTHIS

 

 

Logfile of HijackThis v1.99.1

Scan saved at 5:36:36 PM, on 2/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)

 

Running processes:

G:\WINDOWS\System32\smss.exe

G:\WINDOWS\system32\csrss.exe

G:\WINDOWS\system32\winlogon.exe

G:\WINDOWS\system32\services.exe

G:\WINDOWS\system32\lsass.exe

G:\WINDOWS\system32\Ati2evxx.exe

G:\WINDOWS\system32\svchost.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

G:\WINDOWS\system32\svchost.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

G:\WINDOWS\System32\svchost.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\system32\Ati2evxx.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\Explorer.EXE

g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

G:\WINDOWS\system32\spoolsv.exe

G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

G:\Program Files\ATI Technologies\ATI.ACE\cli.exe

G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE

G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

G:\Program Files\iTunes\iTunesHelper.exe

G:\WINDOWS\SOUNDMAN.EXE

G:\Program Files\Bonjour\mDNSResponder.exe

G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

G:\WINDOWS\system32\ctfmon.exe

G:\Program Files\Windows Sidebar\sidebar.exe

G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

G:\WINDOWS\system32\wdfmgr.exe

G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

G:\Program Files\D-Link AirPlus\AirPlus.exe

G:\Program Files\iPod\bin\iPodService.exe

G:\WINDOWS\System32\alg.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe

G:\WINDOWS\system32\wbem\wmiprvse.exe

G:\WINDOWS\system32\wuauclt.exe

G:\WINDOWS\system32\wbem\wmiprvse.exe

G:\WINDOWS\system32\wuauclt.exe

C:\Hijackthis\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector/?p...te&lang=fre

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O4 - HKLM\..\Run: [MDM Rock 4] G:\WINDOWS\system32\vakvygnid.exe

O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe

O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "G:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: D-Link AirPlus.lnk = ?

O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe

O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: g:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - G:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: avldr - G:\WINDOWS\SYSTEM32\avldr.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

Lien vers le commentaire
Partager sur d’autres sites
pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

J'attends le rapport AvgAs.Je l'espère meilleur que celui d'Antivir.

 

Vous avez donc des backups , des fichiers .rar, et des keygens infectés.

Il est inutile d'aller plus loin si vous ne vous en débarrassez pas.

 

Quand ce sera fait , relancez Antivir,remplacez votre Hijackthis obsolète.

* Téléchargez Hijackthis de TrendMicro.

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

 

* Décompressez le dans un dossier à la racine du disque dur

renommer ce dossier par exemple Foutcheou

* Lancer le fichier Hijackthis.exe

* Cliquer sur Do a system scan and save a log file

* Copier-coller le rapport dans un nouveau message ici

et le rapport Antivir

Lien vers le commentaire
Partager sur d’autres sites
shaolin Junior Member

shaolin

Posté(e)
  • Auteur
Posté(e)

re BONSOIR

 

Voici les 2 nouveau rapports

 

RAPPORT Antivir

 

 

AntiVir PersonalEdition Classic

Report file date: Sunday, February 10, 2008 19:16

 

Scanning for 1096761 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Admin

Computer name: PAL

 

Version information:

BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 22:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 21:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 8/15/2007 00:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 21:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 23:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 12:13:29

ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2/8/2008 12:13:29

ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 2/8/2008 12:13:29

AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2/10/2008 12:13:29

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 19:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 16:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 2/10/2008 12:13:29

AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 16:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 21:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 16:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 20:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 21:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 21:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 18:37:21

 

Configuration settings for the scan:

Jobname..........................: Manual Selection

Configuration file...............: G:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: G:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: Sunday, February 10, 2008 19:16

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avconfig.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

13 processes with 13 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

Master boot sector HD1

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0083

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

Boot sector 'G:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '45' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\RECYCLER\S-1-5-21-1844237615-1060284298-682003330-1003\Dc2.rar

[0] Archive type: RAR

--> oi0Xx5M.com

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[iNFO] The file was deleted!

Begin scan in 'D:\'

Begin scan in 'E:\'

Begin scan in 'F:\'

Search path F:\ could not be opened!

The device is not ready.

 

Begin scan in 'G:\' <Nouveau nom>

G:\pagefile.sys

[WARNING] The file could not be opened!

 

 

End of the scan: Sunday, February 10, 2008 19:57

Used time: 40:36 min

 

The scan has been done completely.

 

7989 Scanning directories

213917 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

1 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

213916 Files not concerned

1949 Archives were scanned

1 Warnings

174 Notes

 

 

Rapport HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:09:43 PM, on 2/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Boot mode: Normal

 

Running processes:

G:\WINDOWS\System32\smss.exe

G:\WINDOWS\system32\csrss.exe

G:\WINDOWS\system32\winlogon.exe

G:\WINDOWS\system32\services.exe

G:\WINDOWS\system32\lsass.exe

G:\WINDOWS\system32\Ati2evxx.exe

G:\WINDOWS\system32\svchost.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

G:\WINDOWS\system32\svchost.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

G:\WINDOWS\System32\svchost.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\system32\Ati2evxx.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\Explorer.EXE

g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

G:\WINDOWS\system32\spoolsv.exe

G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

G:\Program Files\ATI Technologies\ATI.ACE\cli.exe

G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe

G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE

G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

G:\Program Files\iTunes\iTunesHelper.exe

G:\WINDOWS\SOUNDMAN.EXE

G:\Program Files\Bonjour\mDNSResponder.exe

G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

G:\WINDOWS\system32\ctfmon.exe

G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

G:\Program Files\Windows Sidebar\sidebar.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

G:\Program Files\Messenger\msmsgs.exe

G:\WINDOWS\system32\wdfmgr.exe

G:\Program Files\D-Link AirPlus\AirPlus.exe

G:\Program Files\iPod\bin\iPodService.exe

G:\WINDOWS\System32\alg.exe

G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe

G:\WINDOWS\system32\wuauclt.exe

G:\PROGRA~1\MOZILL~2\FIREFOX.EXE

G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

G:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector/?p...te&lang=fre

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O4 - HKLM\..\Run: [MDM Rock 4] G:\WINDOWS\system32\vakvygnid.exe

O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe

O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "G:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: D-Link AirPlus.lnk = ?

O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe

O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - G:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - g:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - G:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

 

--

End of file - 9987 bytes

Lien vers le commentaire
Partager sur d’autres sites
pear Devil Member !

pear

Posté(e)
Posté(e)

Bonsoir,

 

C'est beaucoup mieux.

Il vous reste une bestiole dans votre poubelle, que je vous invite à vider.

On continue:

Télécharger DiagHelp.zip de Malekal_morte sur le bureau.

http://www.malekal.com/download/DiagHelp.zip

* Décompressez le, sur le bureau par exemple.

* Un nouveau dossier chercher va être créé DiagHelp.

* Ouvrez le et double-cliquez sur go.cmd (le .cmd peut ne pas apparaître)

* Une fenêtre va s'ouvrir, choisir l'option 1

* L'analyse va commencer, ceci peut durer quelques minutes, appuyez sur une touche quand on le demande

* Copier/coller le contenu entier du bloc-note qui s'ouvre et le joindre à la prochaine réponse.

Sinon, il est là:C:\resultats.txt

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...