Sujet Précédent Sujet Suivant

Probleme Hacked by godzilla

Résolu
campingaz -  
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour a toutes et à tous,

Comme beaucoup de personne j'ai un petit probleme avec le virus hacked by godzilla. J'ai donc suivi les instructions donné par certaines persones du forum et voici donc le rapport que j'ai effectué avec HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:18, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Seekmo\bin\10.0.406.0\Srv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\scan\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C2E7157C98A56F2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll
O2 - BHO: (no name) - {531BAEF0-0AF7-46CA-8243-5305B31E4449} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {c17e50be-f048-22d8-2f04-46e42077c1a8} - {8a1c7702-4e64-40f2-8d22-840feb05e71c} - C:\WINDOWS\system32\xbogqirm.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A18C2F24-8FD5-4067-9D74-93904D0B4087} - C:\WINDOWS\system32\khffgdc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F501C2AB-834A-4B9D-A86B-A1EADA760B00} - C:\WINDOWS\system32\mljhfdd.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMc3190198] Rundll32.exe "C:\WINDOWS\system32\yjikmumq.dll",s
O4 - HKLM\..\Run: [c02a3204] rundll32.exe "C:\WINDOWS\system32\sicwqfax.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O20 - Winlogon Notify: khffgdc - C:\WINDOWS\SYSTEM32\khffgdc.dll
O20 - Winlogon Notify: mljhfdd - mljhfdd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

9 réponses

Réponse 1 / 9
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Re !

j'ai ete obligé de reinstaller mon systeme ya eu un gros bug

Tu peux m'en dire plus ?

Les rapports sont propres.

Par contre :

Ta version IE n'est pas à jour Grosse faille de sécurité !!!
Internet Explorer v6.00 SP2 (6.00.2900.2180)
On en est a la 07
la Mise à Jour <--- ICI
Pourquoi faire la MàJ ?

La console Java n'est pas à jour: Faille de sécurité !!!
Clique sur Download Latest Version

Choisis la première ligne de téléchargement puis installe java.
En fin d'installation, revient sur la page pour vérifier ton installation.
Quand l'installation a réussi, ouvre le panneau de configuration >
Ajout/suppression de programmes et supprimes les anciennes versions (de java) afin d’éliminer les failles de sécurité présentes dans ces anciennes versions.
Fais cela pour chacune d'elle, une a une, fais redémarrer ton PC quand cela te le sera demandé .
Tu gardes la Java\jre1.6.0_05 !

Adobe n'est pas à jour !

Télécharge Adobe Reader 8.1 pour Windows
L'installation d' une nouvelle version désinstallera l' ancienne si besoin est.
Lien Direct
Décocher Téléchargez également :Adobe Photoshop® Album Édition
Dans Ajout/Suppression des programmes, tu supprimes toutes les autres versions.

Tu peux désactiver C:\WINDOWS\ALCXMNTR.EXE
C'est un logiciel espion de ( Realtek AC 97 ) inutile...qui sert a obtenir des infos sur les consommateurs.

Va dans le gestionnaire de tâches !

Pour ouvrir le gestionnaire de tâches, appuies simultanément sur les trois touches du clavier Ctr+Alt+Suppr (Del).
Sous Windows NT/2000/XP, choisis l'onglet "Processus" (Processes) pour lister tous les processus.
Rechercher ALCXMNTR.EXE et cliques sur "Terminer le processus".

ensuite, refais moi un log Hijackthis stp !

@+
1
campingaz
 
bonjour jorginho,

En fait le gbug se produisait lorsque l'ordinateur s'allumé.Une fois que toutes les icones apparaissaient sur mon bureau, 2 message aparraissaitcomme quoi il me manquait deux fichiers .dll dans le systeme 32. A partir de la l'ordinateur etait incontrolable impossible de clic nulpart et il ne "reflechisait" plus......

Voila le nouveau rapport hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:57, on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 2 / 9
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Ok, ça m'a l'air bon !

Un conseil :

Avast! est loin de ce que l'on a fait de mieux en matière de protection.

Je te conseillerais plutot AVIRA ANTIVIR ( GRATUIT EGALEMENT ) à la place de Avast !
Pourquoi ?
un autre avis ?
Toujours pas convaincu ? ici, l'avis des Masters en désinfection !

Donc télécharge AVIRA Antivir si tu veux l'esssayer.
Avira antivir PersonalEdition Classic

Ensuite hors connexion supprime AVAST
Pour suppimer Avast correctement :

Installe ANTIVIR...
TUTO D' installation par Malekal
Tuto D'instalation et de mise en Oeuvre
encore un au cas ou...
Reconnecte toi, fais les mises à jours Antivir... tu seras mieux protégé !

Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.

Redémarre en mode normal.

Poste le rapport ici.

@+
1
campingaz
 
Salut,

Voila le rapport de avira:



AntiVir PersonalEdition Classic
Report file date: samedi 22 mars 2008 00:29

Scanning for 1160819 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Administrateur
Computer name: NOM-FB9B15D2723

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:29:32
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 23:22:14
ANTIVIR3.VDF : 7.0.3.63 2048 Bytes 21/03/2008 23:22:14
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 18/03/2008 21:19:21
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/03/2008 18:29:33
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 22 mars 2008 00:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'HPBootOp.exe' - '1' Module(s) have been scanned
Scan process 'DMAScheduler.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'arpwrmsg.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZIPM12.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '43' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\! Microsoft Office 2007 Crack-Serial-Keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48314547.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\!Microsoft Windows Media Player 11 [NOCD-Crack].rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484d457b.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\(Programma ITA) Nod32 2.51.26 + crack per aggiornamenti - Windows XP.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48564582.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\- Autodesk Autocad 2008 Crack(1).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48254555.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\- Crack - Pinnacle Studio Plus 10 - .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48274559.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\- Crack - Pinnacle Studio Plus 10 - Codici Di Attivazione.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4827455c.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\-Tunnel Client v2.7.1853 Setup And Crack - Hipbob.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48594594.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\321 XviD Converter 1.2.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48154575.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\3D Studio Max 9 + Tutorials and Keygen +.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4804458c.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\3D Studio Max 9 Last Version crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4804458f.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\A-Z iPod Video Converter v6.90 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '483e457a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\A-Z iPod Video Converter v6.90.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '483e457e.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\A-Z Video Converter Ultimate v7.55 patch.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '483e4581.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\A-Z Video Converter Ultimate v7.55.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '483e4583.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\A1 DVD Audio Ripper v1.1.37 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4804458a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Ability Office v4.1.000 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484d45be.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Accelerator Download Plus v4.0.0.2 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484745c3.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Access Password Recovery Genie v1.60.20050612 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484745c6.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Accurateburn MP3 Audio CD Maker v1.10 by LasH serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484745c9.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\ACDSee 7 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '482845ac.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\ACDSee 7 serial patch.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '482845af.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\ACDSee 9 build 108 Vista Compatible_.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '482845b2.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\ACDSee v9.0 Photo Manager patch.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '482845b5.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Ace ScreenSaver v2.40 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484945d7.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Ace Video Workshop v1.6 patch.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484945da.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AceFTP Pro v3.80.3 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484945dd.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AceFTP Pro v3.80.3.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484945e0.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AceMoney v3.7.1 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484945e2.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AceReader Pro Deluxe Plus v4.0c serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484945e5.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Acoustica Ausio Converter Pro v2.5.b15 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485345e8.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Acoustica CD DVD Label Maker v3.14.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485345ea.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Acoustica CDDVD Label Maker v2.33 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485345ed.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Acoustica Mixcraft v3.1 b41.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485345ef.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Acoustica MP3 Audio Mixer v2.4xx serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485345f2.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Acoustica MP3 CD Burner v3.01 build 64 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485345f4.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Acronis Disk Director Server 10.0.216.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485645f7.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Acronis Disk Director Server 10.0.2169 Keygenerator Working.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485645fa.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Acronis True Image 11 Build 8053 Home..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485645fd.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Acrobat 7.0 Full with crack Multilanguage.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534601.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Acrobat 8 Professional Incl keygen..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534604.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Acrobat 8 Professional Serial Crack (Acrobat Dll,Adobelm Dll) Updated-Fixed 03-2007.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534607.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Acrobat Professional 8.1 - Latest Version -.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4853460a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Acrobat Professional 8.1 keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4853460d.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe After Effects 7.0 crack version Tryout.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534610.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe After Effects 7.0 crack versioni Tryout.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534613.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Creative Suite 3.01 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534616.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe CS3 Creative suite design Premium (Include Crack).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534619.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe CS3 Master Collection Corporate Final +Keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4853461c.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe CS3 Master Collection Corporate ISO. .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4853461f.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe CS3 Master Collection Full Version + Keygen ..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534622.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe GoLive v9.0.0.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534625.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Illustrator 11.0 CS serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534628.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Illustrator CS3 with plugins (Thinstalled) .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534630.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop 10 (Cs3) New! Full Crack(1).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534633.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe PhotoShop 9 CS serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534636.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop CS3 + Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534640.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Extended Version Full + .Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b01.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Extended+ Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534642.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Ita + Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534641.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b02.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Lite crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b03.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Plugins Collection..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534644.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop CS3 v10 Extended Keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b05.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop CS3 with Crack..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534643.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop Elements v2.0 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b04.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop Elements v6.0(Full Version with Keygen).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534646.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop Elements v6.0.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b07.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop Elements v6.0a Keygenerator.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534648.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop Lightroom 1.3..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534645.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop Lightroom 1.4 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b06.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop Lightroom v1.2 MacOSX UB.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b09.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Photoshop Plugin - Digimarc Watermark Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4853464a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe PhotoShop v5.0x78 Code serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b0b.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Premiere CS3 Pro Keygenerator.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534647.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\adobe premiere pro cs3 full cd crack + serial.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b08.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Premiere Pro CS3 Multi-language Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4853464c.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Primeier v7.0 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b0d.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Type Manager v40 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4853464e.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe Type Manager v40 for Windows 95 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534649.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe.Audition.v3.WinAll.Cracked-NoPE+.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b0a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe.Dreamweaver CS3 9.0.0.345 Latest Patched-RETAiL.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4853464b.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adobe_Photoshop_9_CS2 (Crack).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492c3b0f.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adrosoft Sound Recorder v1.1 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4856464a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AdsGone Popup Killer 2007 v7.0.8.1.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4857464b.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adult PDF Password Recovery v2.3.0 datecode 20051115 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4859464b.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adusoft PSP Video Converter v2.46.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4859464c.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advance Registry War v0.9 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a464c.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advance System Optimizer Reg. v2.0.0.1 Systwaek Inc serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b0d.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advance Windows Passwordvery v.3.5.1.390 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a464d.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced ACT Password Recovery v2.30.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b0e.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Archive Password Recovery v2.20 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a464e.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced ARJ Password Recovery serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b0f.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced ARJ Password Recovery v2.0 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a4650.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Batch Converter v3.9.76 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a464f.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced File Worker v2.32.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b10.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced GIF Optimizer v4.0.12 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b11.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Keylogger serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a4652.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Keylogger v1.4 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b13.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Mailbox Password Recovery v1.9.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a4651.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced MP3 Converter v3.00.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b12.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Net Monitor for Classroom v4.6.7.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a4654.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Office XP Password Recovery v2.x serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b15.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Outlook Password Recovery serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a4653.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Popup Killer 2007 by iNTENSiON serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b14.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced RAR Password Recovery v1.5x serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a4655.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Registry Tracer v2.1 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a4656.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Spyware Remover v1.81 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b17.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced System Optimizer 2.20.4.747 keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b16.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Uninstaller Pro 8.54 Keygenerator.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a4657.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Uninstaller Pro v6.72 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b18.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Uninstaller Professional 8.5.2 + Working crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a4658.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Uninstaller Special Edition v4.0 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b19.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced X Video Converter v3.9.35.1 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485a4659.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Advanced Zip Password Recovery v3.54 Private Sniper serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49253b1a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Adware Agent v4.81 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485b4658.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Alcohol 120 1.9.7.602 with KeyMaker v3.6 (BetaMaster-24.Dec.2007).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48474660.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Alcohol 120 v.1.9.7 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49383b21.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Alcohol 120% 1.9.2.1705 Multilanguage + Serial + Crack + Di.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48474661.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Alcohol 120% 1.9.6.471 Activation Key + Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49383b22.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Alcohol 120% v1.9.5.3105 Ita Keygen Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48474662.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Alive YouTube Video Converter 1.2.7.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484d4662.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\All Antivirus Keygenerator Pack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48504663.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\ALL.Adobe.Products.Keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48304643.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\All.MicroSoft.Products.Keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492f3b24.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Allok 3GP PSP MP4 iPod Video Converter 2.7.2 Keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48504664.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\All_ADOBE_Products_Crack+Keygen_2008-ReLEASE.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '492f3b25.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Anti Hacker Expert 2008 working License Key + Patch _.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48584666.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Anti Hacker Expert 2008 working License Key and Patch.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48584667.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Any DVD Converter Professional 3.5.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485d4667.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AnyDVD & AnyDVD HD 6.1.3.5 + Crack [April 13 2007].rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485d4668.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AnyDVD & AnyDVD HD 6.3.0 - Final.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49223b29.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AnyDVD & AnyDVD HD 6.4 keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485d4669.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AnyDVD 6.1.0.2 It + CloneDVD 2.9.0.3 It + CloneDVDmobile 1.1.4.0 It + Clone CD 5.3.0.1 It + Virtual CloneDrive 5.1.4.5 It + Crack By Ipparius.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49223b2a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AnyDVD 6.3.0.6 +Activation Key.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485d466b.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AnyDVD.HD.6.3.0.3.Incl.Crack-RES.By.GGW.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '485d466a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Apollo No1 DVD Ripper 6.2.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4853466d.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\ArcGis 9 (CD1 CD2 CD3) with Crack-funziona!istruzioni in ita.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4847466f.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\ArcGis 9 (CD1 CD2 CD3) with Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49383b30.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Arquitectura -3D Home Floor Plan Design Suite V 9 Key & Patch.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48554670.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Ashampoo Office 2008 3.01 + crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '484c4671.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Atomix Virtual DJ Professional 5 rev6 -.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48534673.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Autocad 2007 Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48584674.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Autocad 2007 Español Spanish + Serial + Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49273b35.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AutoCAD.2007.Crack.Only.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48584675.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Autodata 2007 v2.18 2Cd Crack Updated-Fixed 02-2007.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49273b36.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Autodata v3.18 2 CDs Full +.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48584676.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Autodesk 3DS MAX 2008 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49273b37.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Autodesk AutoCAD 2008 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48584678.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Autodesk AutoCAD Architecture Version 2008 (Full Version with Key).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48584677.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Autodesk AutoCAD Architecture Version 2008..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49273b38.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Autodesk Inventor Suite 2008 .(Full Version with Crack).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '48584679.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Autodesk Inventor Suite 2008 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49273b3a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Avast Antivirus Pro 4.7 Licensed till 2009.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4845467b.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Avast Antivirus Pro 4.7.109 working Key.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '493a3b3c.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Avast! Antivirus 4.6.691 Professional Edition Crack Licenza.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4845467c.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Avast! Antivirus 4.6.691 Professional Edition + Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '493a3b3d.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AVG 7.5 antivirus + antispyware 7.5 + key and crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '482b465c.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AVG 7.5 Internet Security & Firewall _.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '482b465d.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AVG Anti-Spyware Plus 7.5.1.43 con el key funcionante.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49543b1e.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AVG Anti-Spyware Plus 7.5.1.43.333 Patched Multilingual-ReL.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '482b465e.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AVG Anti-Virus Professional Edition Latest v7.5.5 + Key..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49543b1f.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\AVG Antivirus Latest Version 7.5 .Pro.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '482b465f.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Babylon 7.0.2018 Keygen Serial Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '4846466a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collections\Babylon Pro v6.0.0.29 Ita + Dizionari + Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.1478656
[INFO] The file was moved to '49393b2b.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\Shareaza\Collecti
0
Réponse 3 / 9
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Il en manque !

( ça y va les cracks......)

Shareaza\Collections\Autocad 2007 Español Spanish + Serial + Crack.rar
Shareaza\Collections\Autodesk Inventor Suite 2008 .(Full Version with Crack).rar
Collections\Avast! Antivirus 4.6.691 Professional Edition + Crack.rar
Shareaza\Collections\AVG 7.5 antivirus + antispyware 7.5 + key and crack.rar Shareaza\Collections\Babylon 7.0.2018 Keygen Serial Crack.rar
Shareaza\Collections\Babylon Pro v6.0.0.29 Ita + Dizionari + Crack.rar

et j'en passe..... même les A Vs.... faut pas s'etonner....

tout est en quarantaine apparament.

Tu n'as pas de pare feu ( hormis celui de windows qui est une passoire )

Je pense que tu n'auras pas de mal a en trouver un.....

Pour nettoyer les outils téléchargés pendant cette désinfection qui ne te serviront plus, vu qu'ils sont mis a jour régulierement, il vaut mieux les télécharger en cas de besoin au dernier moment .......:

Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

Double-clique sur ToolsCleaner2.exe et
Clique sur Recherche et laisse le scan se terminer.
Clique, sur Suppression pour finaliser.
# Ton Bureau va disparaître. Ceci est normal.
# S'il ne réapparait pas, fais ceci : CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter".
Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.

Tu peux, et dois te servir des Options facultatives.
- Point de Restauration.
- Corbeille. ------------------------------------------------> a faire !
- Nettoyage des fichiers Temporaires.------------------------> a faire !
Clique sur quitter, pour que le rapport puisse se créer.

Ferme le rapport qui s'ouvre, et poste le dans ta prochaine réponse.
Il se trouve a la racine du disque C:\TCleaner.txt

@+
1
Réponse 4 / 9
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Salut !
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla

Mais tu n'as pas que ça...
Pour comencer :

Télécharge Godzilla.remover
et éxécute ce programme.
http://www.softbkk.com/downloads/dl1/10304/NOD32%20VBS%5BButsur.A%5D-Fix.exe

relance Hijackthis, Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition" ->> "Sélectionner tout", puis sur "Edition" -> Copier" pour copier tout le contenu du rapport

Je ne pourrais pas etre de retour avant 17h, mais ensuite je ne te lache plus...

@+
0
campingaz
 
Bonjour jorginho67,

J'ai suivi à la lettre se que tu m'as dit et voila donc le rapport de Hijack. Il semblerait aussi que je soit infecté par virumundo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:09, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Orange\browser\browser.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\scan\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C2E7157C98A56F2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll
O2 - BHO: (no name) - {531BAEF0-0AF7-46CA-8243-5305B31E4449} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {c17e50be-f048-22d8-2f04-46e42077c1a8} - {8a1c7702-4e64-40f2-8d22-840feb05e71c} - C:\WINDOWS\system32\xbogqirm.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A18C2F24-8FD5-4067-9D74-93904D0B4087} - C:\WINDOWS\system32\khffgdc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F501C2AB-834A-4B9D-A86B-A1EADA760B00} - C:\WINDOWS\system32\mljhfdd.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMc3190198] Rundll32.exe "C:\WINDOWS\system32\yjikmumq.dll",s
O4 - HKLM\..\Run: [c02a3204] rundll32.exe "C:\WINDOWS\system32\sicwqfax.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: khffgdc - C:\WINDOWS\SYSTEM32\khffgdc.dll
O20 - Winlogon Notify: mljhfdd - mljhfdd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
campingaz Messages postés 2 Statut Membre
 
Bonjour jorginho67,

J'ai suivi à la lettre se que tu m'as dit et voila donc le rapport de Hijack. Il semblerait aussi que je soit infecté par virumundo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:09, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Orange\browser\browser.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\scan\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C2E7157C98A56F2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll
O2 - BHO: (no name) - {531BAEF0-0AF7-46CA-8243-5305B31E4449} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {c17e50be-f048-22d8-2f04-46e42077c1a8} - {8a1c7702-4e64-40f2-8d22-840feb05e71c} - C:\WINDOWS\system32\xbogqirm.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A18C2F24-8FD5-4067-9D74-93904D0B4087} - C:\WINDOWS\system32\khffgdc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F501C2AB-834A-4B9D-A86B-A1EADA760B00} - C:\WINDOWS\system32\mljhfdd.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMc3190198] Rundll32.exe "C:\WINDOWS\system32\yjikmumq.dll",s
O4 - HKLM\..\Run: [c02a3204] rundll32.exe "C:\WINDOWS\system32\sicwqfax.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\supp­ort.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\supp­ort.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: khffgdc - C:\WINDOWS\SYSTEM32\khffgdc.dll
O20 - Winlogon Notify: mljhfdd - mljhfdd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Re !
pour Godzilla c'est bon, on continue !

Télécharge BTFix 1.017 (de bibi26)

* Décompresse l'archive sur ton Bureau (Clique-Droit/Extraire tout).
* Ouvre le dossier BTFix
* Double clique sur BTFix.exe
* Clique sur Rechercher
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse !

@+
0
campingaz Messages postés 2 Statut Membre
 
Salut jorginho, j 'etait un peu occupe voila le rapport de BTfix:

BTFix 1.088 (par bibi26) - 18/03/2008 23:03:00 - Analyse
Lancé depuis C:\Documents and Settings\HP_Administrateur\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\Program Files\Seekmo\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\
- C:\Documents and Settings\All Users\Application Data\SeekmoSA\
- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\
- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Seekmo\

---> Analyse terminée
0
Réponse 6 / 9
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
On continue ......

Double clique sur BTFix.exe.
Clique sur Nettoyer.

Un rapport va apparaître, copie/colle-le dans ta prochaine réponse avant de passer a Vundofix.

ensuite :

Télécharge VundoFix.exe par Atribune sur ton Bureau.

# Double-clique sur VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est terminé, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique sur OK

Le rapport est situé dans C:\vundofix.txt

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage.
Il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Télécharge virtumondebegone

# Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.

Une fois terminé, redémarre et poste le rapport de VBG.TXT créé sur le bureau, celui de vundofix situé dans C:\vundofix.txt et un nouveau rapport HijackThis dans ta prochaine réponse.

@+

@+
0
campingaz
 
Bonjour,

Le rapport de Btfix:

BTFix 1.088 (par bibi26) - 20/03/2008 19:20:10 - Nettoyage - Mode normal
Lancé depuis C:\Documents and Settings\HP_Administrateur\Bureau\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés
- C:\Program Files\Seekmo\bin\10.0.406.0\firefox\extensions\components\
- C:\Program Files\Seekmo\bin\10.0.406.0\firefox\extensions\plugins\
- C:\Program Files\Seekmo\bin\10.0.406.0\firefox\extensions\
- C:\Program Files\Seekmo\bin\10.0.406.0\firefox\
- C:\Program Files\Seekmo\bin\10.0.406.0\
- C:\Program Files\Seekmo\bin\
- C:\Program Files\Seekmo\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\IESkins\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\dynamic\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\dynamic\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\dynamic\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static\1\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static\2\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\
- C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\
- C:\Documents and Settings\All Users\Application Data\SeekmoSA\
- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\
- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Seekmo\

---> Nettoyage terminé

Je t envoi les prochains rapport d'ici peu.....
Desolé poir l attente mais j'ai eu un petit problème j'ai ete obligé de reinstaller mon systeme ya eu un gros bug
0
campingaz
 
re bonjour,

Vundofix n'a rien trouve,

voila le rapport de virtumondebegone:


[03/20/2008, 19:35:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4UJFAWQ5\VirtumundoBeGone[1].exe" )
[03/20/2008, 19:41:07] - Detected System Information:
[03/20/2008, 19:41:07] - Windows Version: 5.1.2600, Service Pack 2
[03/20/2008, 19:41:07] - Current Username: HP_Administrateur (Admin)
[03/20/2008, 19:41:07] - Windows is in NORMAL mode.
[03/20/2008, 19:41:07] - Searching for Browser Helper Objects:
[03/20/2008, 19:41:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/20/2008, 19:41:07] - BHO 2: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/20/2008, 19:41:07] - Finished Searching Browser Helper Objects
[03/20/2008, 19:41:07] - Finishing up...
[03/20/2008, 19:41:07] - Nothing found! Exiting...


et celui de hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:14, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Azureus\Azureus.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\RRRP1AGV\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 7 / 9
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
 
Salut Jorg! Antivir serais-t'il plus efficace que Avast ??? Grosse question existentielle ce matin Loll!
+1 ;-)
0
Réponse 8 / 9
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Salut Jal' ;-)

Antivir serais-t'il plus efficace que Avast ?? je pense ( Quand il ne s'agit pas d'un crack )

@+
0
Réponse 9 / 9
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
 
Oui , le terme crack est bien approprié je crois: Car crack pour moi = Craque, ou fente dans le PC.;¨^),
bonne soirée.
0

Discussions similaires

ads by images+
Fildyr -
bazfile -

5 réponses
To Be Filled By O.E.M...
xav|865 -
Bus!ll!s -

3 réponses
mail rejeté
biljp -
biljp -

7 réponses
Comment voir les commentaires d'une personne sur Facebook ?
elbarto -
Mounii -

8 réponses
SHOESBYIARA est ce une arnaque Svpp????
Anais -
Scarlett -

13 réponses