Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

encore le virus Win32:OnLineGames

cyrielle

Par cyrielle
dans Analyses et éradication malwares

 Partager

Messages recommandés

cyrielle Junior Member

cyrielle

Posté(e)
Posté(e)

bonjour,

 

Avast me détecte depuis presque 1mois le virus Win32:OnLineGames [Trj] a chaque demarage.

des fois je clique sur suprimer et des fois sur mise en quarentaine.

Mais j'ai bien peur que maintenant il soit un peu partout dans l'ordi.

j'ai même infecté l'ordi de mon frere par clé USB

 

Je suis nulle en informatique.

J'aimerai réussir a virer ce virus (et peut être d'autres) de mon ordi et surement de mon disque dur externe portable :P

A l'aiiiiiiiiiiiiiiiiiiiiiiiiiide :P

 

j'ai lu dans le sujet virus Win32:OnLineGames [Trj] [résolu] que vous avez réussi a aider lamiss34

Le peu que j'ai compris c'est qu'il fallait telecharger HijackThis et vous montrer les entrailles de ma machine

les voilà:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:41:30, on 22/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\PROGRA~1\MESSAG~1\Demon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/internet/portail/go/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 11186 bytes

 

 

si un ptit chirurgien pouvais essayer de m'oppérrer tout ça et de me virer les tumeurs

merciiiiiiiiiiiiiiii

en attendant une réponse :P

oGu Godlike Member

oGu

Posté(e)
Posté(e)

Salut!

 

Télécharge Flashdisinfector de sUBs sur ton bureau.

  • Branche tes supports amovibles, démarre les (disques dur externes, clés USB, carte Flash par exemple) pour ceux qui le devraient
  • Double-clique sur Flash_Disinfector.exe.
  • Cela sera très rapide, un message t'informera de la fin du fix.
    Attention, celui-ci stoppe le processus explorer.exe puis le redémarre, prends soin de ne pas laisser de documents (word, excel) sur lesquels tu travailles ouvert à ce moment la.
  • Si tu as beaucoup de clés à désinfecter, tu peux renouveler l'opération en branchant les clés non traitées une à une.

Puis poste un nouveau log HijackThis

cyrielle Junior Member

cyrielle

Posté(e)
  • Auteur
Posté(e)

merci de ta reponse rapide

voila mon log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:13:54, on 22/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\PROGRA~1\MESSAG~1\Demon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/internet/portail/go/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 11137 bytes

 

 

 

encore merci :P

oGu Godlike Member

oGu

Posté(e)
Posté(e) (modifié)

Avast! te prévient-il encore de l'infection???

  • Télécharge OTMoveIt sur ton bureau
     
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
  • Double clic sur OTMoveIt.exe
  • Sélectionne et copie la ligne ci-dessous
     
    C:\WINDOWS\system32\amvo.exe
  • Dans OTMoveIt, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
  • Clic sur le bouton rouge MoveIt
  • Si un fichier ou un dossier ne peut être déplacé immédiatement, il te sera demander de redémarrer ta machine pour finir l'exécution: si c'est le cas, clic sur "Yes"
  • Copie et colle le rapport qu'il va te générer (il se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles

 

Je note que tu as des traces de deux antivirus sur ton PC: cela peut poser des problèmes importants de conflits e tde ralentissements, et cela peut gêner le bon fonctionnement sécuritaire de l'antivirus "principal".

 

En plus, Avast! est dépassé en ce moment (la preuve: il a attendu que le virus se soit installé sur ton PC avant de te prévenir, et il est incapable de le supprimer...), et nous avons l'habitude ici de le faire supprimer pour le remplacer par un freeware d'excellente facture: Antivir (en anglais). Pour t'en convaincre:

 

http://forum.malekal.com/ftopic3528.php

 

 

1-DESINSTALLER AVAST!

  1. Télécharge aswClear.exe sur ton bureau
  2. Lance-le
  3. Clique sur Uninstall
  4. Redémarre l' ordinateur

2-DESINSTALLER NORTON

 

  1. Télécharge Norton Removal Tool sur ton bureau
  2. Lance-le
  3. Suis les instructions
  4. Redémarre l' ordinateur

 

3-INSTALLER ANTIVIR

 

 

  1. Télécharge Antivir Free
  2. Installe-le
  3. Configure-le en suivant le tuto de Falkra

http://www.libellules.ch/tuto_antivir.php

 

 

 

 

4-TOOLBARS !

 

Les toolbars sont déconseillées, en général elles n'aident en rien et ont des visées essentiellement publicitaires:les toolbars, c'est pas obligatoire!! voir ces liens:

 

http://assiste.forum.free.fr/viewtopic.php...highlight=barre

 

http://forum.malekal.com/viewtopic.php?f=4...;p=43480#p43480

 

En plus tu en as énormément, cela doit se ressentir dans ton surf, du côté du navigateur: supprime au moins la Yahoo! Toolbar et celle de Google.

 

D'ailleuirs pourrais-tu m'en dire plus à propos de la toolbar MSN (MSN Apps)?? J'aimerais savoir son rôle etc...

 

Pour les supprimer, passe par "Ajouter Supprimer des programmes" de ton panneau de configuration".

 

 

 

5-SCAN ANTIVIRUS

 

Lance un scan de ta machine avec Antivir et poste le rapport qu'il générera.

 

 

 

6-SCAN ANTISPYWARE

 

Télécharge Ewido Anti-Spyware Micro Scanner sur ton bureau.

  • Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  • Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  • Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  • Clique sur Start Scan et laisse l'outil travailler.
  • Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
  • Poste le dans ta prochaine réponse.

  • Nb, ne clique pas tout de suite sur Remove infections; nous devons nous assurer que toutes les détections soient infectieuses car certains utilitaires légitimes pourraient apparaître dans le rapport.

Puis poste un nouveau rapport HijackThis qu'on fasse le point!

Modifié par oGu
cyrielle Junior Member

cyrielle

Posté(e)
  • Auteur
Posté(e)

merci Ogu

le lien que tu m'as donné pour telecharger OTMoveIt ne marche pas

mais j'ai trouvé un autre qui marche

en revanche je copie C:\WINDOWS\system32\amvo.exe dans la colone indiquée et clique sur MoveIT

et là: ça ne marche pas cela m'affiche dans résult: File/Folder C:\WINDOWS\system32\amvo.exe not found.

 

Created on 02/22/2008 20:34:00

????

oGu Godlike Member

oGu

Posté(e)
Posté(e)
et là: ça ne marche pas cela m'affiche dans résult: File/Folder C:\WINDOWS\system32\amvo.exe not found.

 

Merci pour l'info, je vais actualiser mon lien.

 

Tant mieux s'il ne trouve rien, c'est que flash Disinfector lui a déjà fait la peau.

cyrielle Junior Member

cyrielle

Posté(e)
  • Auteur
Posté(e)

g virer avast et les restes de norton si tout c bien passé

g installé antivir

g lancé le scan qui a duré 2 heures et trouvé 164 virus

voilà le rapport:

 

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 22 février 2008 21:23

 

Scanning for 1120425 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: AZEMA

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 20:22:16

ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 20:22:16

ANTIVIR3.VDF : 7.0.2.180 334848 Bytes 22/02/2008 20:22:16

AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 22/02/2008 20:22:18

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 22/02/2008 20:22:18

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: vendredi 22 février 2008 21:23

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned

Scan process 'hpqwmi.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'Residence.exe' - '1' Module(s) have been scanned

Scan process 'SonyTray.exe' - '1' Module(s) have been scanned

Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned

Scan process 'SetPoint.exe' - '1' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned

Scan process 'wcescomm.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'WkUFind.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned

Scan process 'mmtask.exe' - '1' Module(s) have been scanned

Scan process 'ApntEx.exe' - '1' Module(s) have been scanned

Scan process 'dragdiag.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'Demon.exe' - '1' Module(s) have been scanned

Scan process 'CnxMon.exe' - '1' Module(s) have been scanned

Scan process 'eabservr.exe' - '1' Module(s) have been scanned

Scan process 'qttask.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'Apoint.exe' - '1' Module(s) have been scanned

Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned

Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'igfxtray.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SMAgent.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

57 processes with 57 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '47' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\2ifetri.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '48252fff.qua'!

C:\awda2.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '48233024.qua'!

C:\h.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '48222fe9.qua'!

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\x.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '48222ffb.qua'!

C:\xn1i9x.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47f0303e.qua'!

C:\xo8wr9.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47f73045.qua'!

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48222fe9.qua

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47f1301b.qua'!

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48222ffb.qua

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47f13022.qua'!

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48233024.qua

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47f13027.qua'!

C:\Documents and Settings\arnaud\Local Settings\Temp\lr4x.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47f331f5.qua'!

C:\Documents and Settings\arnaud\Mes documents\fichier\PROGRAMMES\Utilitaires Didier\Slysoft.CloneDVD.v2.8.5.1.Keygen.Only-TSZ.zip

[0] Archive type: ZIP

--> Slysoft.CloneDVD.v2.8.5.1.Keygen.Only-TSZ/Keygen.exe

[DETECTION] Is the Trojan horse TR/Agent.15485

[iNFO] The file was moved to '48383700.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083889.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef41f7.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083892.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef41fb.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083903.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4200.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083906.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4203.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083908.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4207.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083918.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef420b.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083921.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef420f.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083930.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4216.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083933.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef421a.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083957.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef421c.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083960.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef421f.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP397\A0083967.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4222.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0084068.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef422b.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0084088.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef422f.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0084091.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4232.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0084106.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4234.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0084109.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4236.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0084111.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4238.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0084122.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef423b.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0084125.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef423e.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0084155.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4241.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085155.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4244.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085158.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4247.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085169.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4249.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085172.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef424b.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085174.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef424d.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085200.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4250.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085203.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4251.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085237.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4255.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085240.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4257.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085251.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4259.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085254.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef425b.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0085256.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef425c.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0085296.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4261.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0085342.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4265.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0085345.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef426b.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0085347.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef426d.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086342.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4271.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086346.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4274.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086347.inf

[DETECTION] Contains detection pattern of the worm WORM/Autorun.cea.1

[iNFO] The file was moved to '47ef4275.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086377.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4278.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086380.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef427c.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086381.inf

[DETECTION] Contains detection pattern of the worm WORM/Autorun.cea.1

[iNFO] The file was moved to '47ef427e.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086393.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4280.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086396.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4283.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086397.inf

[DETECTION] Contains detection pattern of the worm WORM/Autorun.cea.1

[iNFO] The file was moved to '47ef4291.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086398.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4294.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086409.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4296.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086424.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef429c.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP400\A0086438.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef429f.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP401\A0086450.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42a5.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP401\A0086463.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42a8.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP401\A0086473.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42aa.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP401\A0086488.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42ac.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP401\A0086501.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42ae.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP401\A0086506.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42b0.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP401\A0086508.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42b2.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP402\A0086514.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42b8.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP402\A0086515.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42b9.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086561.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42c3.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086562.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42c6.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086590.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42ca.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086593.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42cc.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086594.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42ce.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086610.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42d1.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086611.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42d4.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086631.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42d6.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086632.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42d8.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086647.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42da.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086648.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42db.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086649.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42dd.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086688.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42e0.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086690.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42e2.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086691.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pqm

[iNFO] The file was moved to '47ef42e4.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP403\A0086693.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42e7.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086730.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.psv

[iNFO] The file was moved to '47ef42eb.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086752.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42ee.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086756.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.psv

[iNFO] The file was moved to '47ef42f2.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086772.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.psv

[iNFO] The file was moved to '47ef42f4.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086791.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42f6.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086794.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42f8.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086795.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.psv

[iNFO] The file was moved to '47ef42fa.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086797.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42fd.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086811.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef42ff.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086812.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.psv

[iNFO] The file was moved to '47ef4301.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086813.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4302.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086829.inf

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.psv

[iNFO] The file was moved to '47ef4305.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086842.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4308.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086845.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef430a.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086860.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef430d.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086863.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef430f.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086867.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4312.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086868.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4313.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086895.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4316.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086899.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4319.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0086921.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef431e.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0086948.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4320.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0086952.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4324.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0086971.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4327.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0086974.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4329.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0086985.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef432c.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0086988.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef432d.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087015.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4330.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087018.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4332.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087029.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4334.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087032.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4336.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087050.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4339.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087052.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef433b.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087054.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef433d.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087063.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef433f.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087102.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4342.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087103.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4344.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087144.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4347.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087147.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef434a.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087149.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef434c.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087162.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef434e.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087165.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4350.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087191.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4354.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087256.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4358.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087259.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef435a.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087262.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef435d.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087263.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef435e.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087280.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4360.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087301.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4363.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087304.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4365.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087363.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4367.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087366.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4369.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087385.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef436c.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087388.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef436d.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP406\A0087390.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef436f.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP412\A0087991.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4389.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP413\A0088313.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4395.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP413\A0088314.dll

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4397.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP414\A0088437.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef439f.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP414\A0088438.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef43a1.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP414\A0088439.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef43a2.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP414\A0088440.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef43a4.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP414\A0088441.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef43a5.qua'!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP414\A0088442.exe

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef43a7.qua'!

Begin scan in 'E:\' <WD Passport>

E:\2ifetri.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '4825478a.qua'!

E:\3wcxx91.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '4822479a.qua'!

E:\xn1i9x.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47f04793.qua'!

E:\h.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '48224755.qua'!

E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP398\A0084017.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4765.qua'!

E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP399\A0084214.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4768.qua'!

E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP404\A0086872.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef476a.qua'!

E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0086992.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef476c.qua'!

E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP405\A0087117.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef476e.qua'!

E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP414\A0088457.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4772.qua'!

E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP414\A0088458.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4774.qua'!

E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP414\A0088459.com

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4776.qua'!

E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP414\A0088460.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef4778.qua'!

E:\System Volume Information\_restore{E5E56298-4119-4B20-8BA8-5833BC5D949D}\RP807\A0065900.cmd

[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen

[iNFO] The file was moved to '47ef477b.qua'!

 

 

End of the scan: vendredi 22 février 2008 23:10

Used time: 1:46:53 min

 

The scan has been done completely.

 

5746 Scanning directories

492305 Files were scanned

164 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

164 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

492141 Files not concerned

10974 Archives were scanned

2 Warnings

10 Notes

 

merci pour ta patience Ogu

cyrielle Junior Member

cyrielle

Posté(e)
  • Auteur
Posté(e)

pour info

*g aussi (normalement) virer les toolbars, sauf MSN que je ne trouve pas

et pour répondre à: D'ailleuirs pourrais-tu m'en dire plus à propos de la toolbar MSN (MSN Apps)?? J'aimerais savoir son rôle etc...:

je n'en sais rien du tout

*quant à E:\ c'est mon disque dur externe portable

 

là g suis entrain de scanner avec ewido

cyrielle Junior Member

cyrielle

Posté(e)
  • Auteur
Posté(e)

scan d'ewido lui a trouvé 20 infections:

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: TrackingCookie.Adbrite

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@adbrite[2].txt

Risk: Medium

 

Name: TrackingCookie.Adbrite

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@ads.adbrite[1].txt

Risk: Medium

 

Name: TrackingCookie.Adtech

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@adtech[1].txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@advertising[1].txt

Risk: Medium

 

Name: TrackingCookie.Adviva

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@adviva[2].txt

Risk: Medium

 

Name: TrackingCookie.Adviva

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@adviva[3].txt

Risk: Medium

 

Name: TrackingCookie.Atdmt

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@atdmt[2].txt

Risk: Medium

 

Name: TrackingCookie.Bluestreak

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@bluestreak[2].txt

Risk: Medium

 

Name: TrackingCookie.Bluestreak

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@bluestreak[3].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@bs.serving-sys[2].txt

Risk: Medium

 

Name: TrackingCookie.Doubleclick

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@doubleclick[1].txt

Risk: Medium

 

Name: TrackingCookie.Doubleclick

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@doubleclick[2].txt

Risk: Medium

 

Name: TrackingCookie.Estat

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@estat[1].txt

Risk: Medium

 

Name: TrackingCookie.Estat

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@estat[2].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@serving-sys[1].txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@smartadserver[1].txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@smartadserver[2].txt

Risk: Medium

 

Name: TrackingCookie.Tradedoubler

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@tradedoubler[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: C:\Documents and Settings\arnaud\Cookies\arnaud@smartadserver[3].txt

Risk: Medium

 

maintenant voilà le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:53:28, on 23/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\PROGRA~1\MESSAG~1\Demon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\arnaud\Mes documents\fichier\PROGRAMMES\VIRUS\ewido_micro.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/internet/portail/go/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10625 bytes

 

 

voilà, j'en peu plus g vais me coucher

bonne nuit

et merci ogu !

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...