Sujet Précédent Sujet Suivant

Virus MSN persistant.

Résolu
odc Messages postés 15 Statut Membre -  
odc Messages postés 15 Statut Membre -
Bonjour,

J'ai reçu il y a plusieurs mois un virus par MSN. Malgré plusieurs tentative de le supprimer, je n'y suis pas parvenu. J'avais reçu à cet époque un message d'alerte concernant un virus winwaroz (ou quelque chose qui ressemble à ça) par avast. Après être passé à antivir, je recevais continuellement des alertes sur un fichier e1 infecté ce qui m'a poussé à retirer mon antivirus car ça devenais ingérable. J'ai aussi essayer de passer par plusieurs autres programme scan kapersky, SDfix (l'ordinateur s'éteint sans raison en mode sans échec)... Rien n'y fait.
Je remercie donc d'avance l'âme généreuse qui voudrait bien m'aider sur ce problème.
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
Utilisateur anonyme
 
Salut tu as quoi comme antivirus.
0
Réponse 2 / 22
odc Messages postés 15 Statut Membre
 
Aujourd'hui, j'en ai plus car je recevais des messages continuellement qui m'empêchaient de m'en servir.
0
Utilisateur anonyme
 
Ok télécharge un antivirus tien AntiVir qui est pas mal https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html voici le lien et voici le tutoriel pour t'aider a bien l'installé https://www.malekal.com/avira-free-security-antivirus-gratuit/ voila tu le fais bien précisément et quand t'a fini tu postes un rapport merci.
0
Réponse 3 / 22
odc Messages postés 15 Statut Membre
 
J'ai essayé de scanner mes disques en mode sans échec mais comme pour SDfix, l'ordinateur s'est éteint au bout de quelques secondes sans raison. Du coup, j'ai été forcé d'effectuer le scan sous windows normal qui m'a trouvé en effet beaucoup de fichiers infectés.
Bon courage et merci pour l'analyse.

AntiVir PersonalEdition Classic
Report file date: mercredi 2 avril 2008 14:03

Scanning for 1174697 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Antoine
Computer name: ACER-318DE0055E

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 11:24:58
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 11:24:58
ANTIVIR3.VDF : 7.0.3.107 90624 Bytes 02/04/2008 11:24:58
AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 02/04/2008 11:24:58
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 02/04/2008 11:24:58
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:22

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 2 avril 2008 14:03

The scan of running processes will be started
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '0' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '0' Module(s) have been scanned
Scan process 'BitTorrent-5.0.9.exe' - '0' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'HPBPRO.EXE' - '0' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'WMIAPSRV.EXE' - '0' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Launcher.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'StatusClient.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'GUARDGUI.EXE' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '0' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
62 processes with 62 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '41' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\45udowc.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48687a8c.qua'!
C:\WINDOWS\system32\e1.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\kqWjC0a.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484a7b35.qua'!
C:\WINDOWS\system32\confcnn.dll
[DETECTION] Contains detection pattern of the worm WORM/Stration.Gen
[INFO] The file was moved to '48617b48.qua'!
C:\WINDOWS\system32\22E40Cjo8.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48387b0f.qua'!
C:\WINDOWS\system32\7sIq1PEs.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483c7b53.qua'!
C:\WINDOWS\system32\wy632gRUq.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48297b5e.qua'!
C:\WINDOWS\system32\Gmxo4RU.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486b7b55.qua'!
C:\WINDOWS\system32\oI1jWQ.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48247b34.qua'!
C:\WINDOWS\system32\R0oa5HA.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48627b1e.qua'!
C:\WINDOWS\system32\bG852.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482b7b38.qua'!
C:\WINDOWS\system32\e0xl9pvsp2.dll
[DETECTION] Contains detection pattern of the worm WORM/Stration.Gen
[INFO] The file was moved to '486b7b24.qua'!
C:\WINDOWS\system32\bx0378fd4.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48237b6f.qua'!
C:\WINDOWS\system32\s1x0l84QB.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486b7b2a.qua'!
C:\WINDOWS\system32\Fhmt8.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48607b63.qua'!
C:\WINDOWS\system32\odfwbc22.exe
[DETECTION] Contains detection pattern of the dropper DR/Spy.Agent.NHA
[INFO] The file was moved to '48597b62.qua'!
C:\WINDOWS\system32\3evf6u0v4.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48697b65.qua'!
C:\WINDOWS\system32\00NAvN42.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48417b33.qua'!
C:\WINDOWS\system32\odfwbcmz22.dll
[DETECTION] Is the Trojan horse TR/Maccess.A.1
[INFO] The file was moved to '48597b69.qua'!
C:\WINDOWS\system32\08oXR.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48627b3f.qua'!
C:\WINDOWS\system32\cJ3kefof.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48267b53.qua'!
C:\WINDOWS\system32\odfwbcmc22.dll
[DETECTION] Contains detection pattern of the worm WORM/Warezov.PI.9
[INFO] The file was moved to '48597b70.qua'!
C:\WINDOWS\system32\x17eakmCV.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482a7b3f.qua'!
C:\WINDOWS\system32\qh1yEI82n40.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48247b7a.qua'!
C:\WINDOWS\system32\PgcauaRE.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48567b7b.qua'!
C:\WINDOWS\system32\CpoeV52xFj7.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48627b87.qua'!
C:\WINDOWS\system32\fjUhkk4.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48487b83.qua'!
C:\WINDOWS\system32\00oaE7E78.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48627b4b.qua'!
C:\WINDOWS\system32\3Eu0m6bvp2.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48687b62.qua'!
C:\WINDOWS\system32\o240H.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48277b51.qua'!
C:\WINDOWS\system32\UXxG5CXx.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486b7b79.qua'!
C:\WINDOWS\system32\p4FGd7ioCqK.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48397b58.qua'!
C:\WINDOWS\system32\2PBTaTo1.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48357b7c.qua'!
C:\WINDOWS\system32\kPFo2al.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48397b7c.qua'!
C:\WINDOWS\system32\oXM143v.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48407b85.qua'!
C:\WINDOWS\system32\X678Ta.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482a7b63.qua'!
C:\WINDOWS\system32\xB7sY71fKT.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482a7b6f.qua'!
C:\WINDOWS\system32\0MgE400Yt1k.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485a7b7a.qua'!
C:\WINDOWS\system32\iMa80bEK5fj.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48547b7b.qua'!
C:\WINDOWS\system32\k50c82.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48237b63.qua'!
C:\WINDOWS\system32\a6hp7ff262b.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485b7b65.qua'!
C:\WINDOWS\system32\m0sHxm.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48667b5f.qua'!
C:\WINDOWS\system32\Fl6GMV7ACT.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48297b9b.qua'!
C:\WINDOWS\system32\6XXGNvQ.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484b7b88.qua'!
C:\WINDOWS\system32\e2gP08fj.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485a7b62.qua'!
C:\WINDOWS\system32\HlGsun.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483a7b9c.qua'!
C:\WINDOWS\system32\a1B4jE.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48357b62.qua'!
C:\WINDOWS\system32\LdG67SqCdJm.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483a7b95.qua'!
C:\WINDOWS\system32\RtStai38.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48467ba5.qua'!
C:\WINDOWS\system32\FacQNFQQmAF.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48567b93.qua'!
C:\WINDOWS\system32\ai3RlI.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48267b9b.qua'!
C:\WINDOWS\system32\K3b1g.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48557b65.qua'!
C:\WINDOWS\system32\FCXJUbBv1.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484b7b76.qua'!
C:\WINDOWS\system32\04MNU85.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48407b67.qua'!
C:\WINDOWS\system32\KH7Rf7.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482a7b7b.qua'!
C:\WINDOWS\system32\0TtpYw7.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48677b88.qua'!
C:\WINDOWS\system32\j26h6TL.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48297b66.qua'!
C:\WINDOWS\system32\bc5bG6.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48287b97.qua'!
C:\WINDOWS\system32\7k8m0q7.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482b7b9f.qua'!
C:\WINDOWS\system32\VKcGA.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48567b80.qua'!
C:\WINDOWS\system32\T32Ax.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48257b68.qua'!
C:\WINDOWS\system32\46IYCm.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483c7b6b.qua'!
C:\WINDOWS\system32\G8xxGvPg6.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486b7b6e.qua'!
C:\WINDOWS\system32\2EB63DkQ.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48357b7b.qua'!
C:\WINDOWS\system32\mic8N4.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48567ba0.qua'!
C:\WINDOWS\system32\nmlH3y.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485f7ba4.qua'!
C:\WINDOWS\system32\p88Yj635F.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482b7b6f.qua'!
C:\WINDOWS\system32\G0TFa.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48477b68.qua'!
C:\WINDOWS\system32\GYU5xf.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48487b91.qua'!
C:\WINDOWS\system32\EjUbLO7.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48487ba3.qua'!
C:\WINDOWS\system32\C8Tbj.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48477b71.qua'!
C:\WINDOWS\system32\vGLFmSu.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483f7b80.qua'!
C:\WINDOWS\system32\7WYgYWbWd.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484c7b91.qua'!
C:\WINDOWS\system32\6767oRwUKAW.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48297b72.qua'!
C:\WINDOWS\system32\4N2wT61g8S.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48257b89.qua'!
C:\WINDOWS\system32\AhqaVA146DS.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48647ba3.qua'!
C:\WINDOWS\system32\ljImq0i6I0.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483c7ba6.qua'!
C:\WINDOWS\system32\UcAR3LE6FJ8.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48347b9f.qua'!
C:\WINDOWS\system32\Ugav3.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48547ba3.qua'!
C:\WINDOWS\system32\G5y35n68D5.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486c7b72.qua'!
C:\WINDOWS\system32\5qc6NorF00.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48567bae.qua'!
C:\WINDOWS\system32\40ivr2Q3N5t.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485c7b6d.qua'!
C:\WINDOWS\system32\PnvYT7a7Lm4.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48697bac.qua'!
C:\WINDOWS\system32\K1tVcM04.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48677b6f.qua'!
C:\WINDOWS\system32\y07151xf.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482a7b6e.qua'!
C:\WINDOWS\system32\D85f7t4KuYf.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48287b77.qua'!
C:\WINDOWS\system32\RME0uvx52PJ.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48387b8c.qua'!
C:\WINDOWS\system32\8VVX654fnM.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48497b95.qua'!
C:\WINDOWS\system32\X1vJ8YGdmh.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48697b70.qua'!
C:\WINDOWS\system32\ehNi5355.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48417ba8.qua'!
C:\WINDOWS\system32\4f2v7.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48257ba6.qua'!
C:\WINDOWS\system32\0w13y5.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48247bb8.qua'!
C:\WINDOWS\system32\jso5h.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48627bb4.qua'!
C:\WINDOWS\system32\B600B.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48237b77.qua'!
C:\WINDOWS\system32\06FBD.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48397b78.qua'!
C:\WINDOWS\system32\3lE0hAK24.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48387bae.qua'!
C:\WINDOWS\system32\sJF8romnm73.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48397b8c.qua'!
C:\WINDOWS\system32\I0EWCCwCn.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48387b73.qua'!
C:\WINDOWS\system32\i8XFQ7djpa.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484b7b7b.qua'!
C:\WINDOWS\system32\5oS7p.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48467bb2.qua'!
C:\WINDOWS\system32\7XrPLLAu4Xc.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48657b9c.qua'!
C:\WINDOWS\system32\1NkuN.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485e7b92.qua'!
C:\WINDOWS\system32\GMCyGrp66.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48367b91.qua'!
C:\WINDOWS\system32\xRLUwy.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483f7b97.qua'!
C:\WINDOWS\system32\cdKEpIy3b2.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483e7ba9.qua'!
C:\WINDOWS\system32\K8ybh350A.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486c7b7d.qua'!
C:\WINDOWS\system32\Oo1Yd.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48247bb4.qua'!
C:\WINDOWS\system32\E7rvYnJ164I.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48657b7d.qua'!
C:\WINDOWS\system32\7jLh8H6t.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483f7bb0.qua'!
C:\WINDOWS\system32\FAjA384g.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485d7b88.qua'!
C:\WINDOWS\system32\fL5N2.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48287b93.qua'!
C:\WINDOWS\system32\12L5y8uk1ou.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483f7b7a.qua'!
C:\WINDOWS\system32\YiFN47.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48397bb1.qua'!
C:\WINDOWS\system32\4S1E3Y.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48247b9b.qua'!
C:\WINDOWS\system32\3QB23V3.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48357b99.qua'!
C:\WINDOWS\system32\my8UHG.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482b7bc2.qua'!
C:\WINDOWS\system32\vijlE0GTn.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485d7bb2.qua'!
C:\WINDOWS\system32\8nTV11UC7nN.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48477bb7.qua'!
C:\WINDOWS\system32\8084VWY.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482b7b7a.qua'!
C:\WINDOWS\system32\4otRUc04C.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48677bb9.qua'!
C:\WINDOWS\system32\xjYIL357.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484c7bb4.qua'!
C:\WINDOWS\system32\7xWL7D0HR.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484a7bc3.qua'!
C:\WINDOWS\system32\t85408.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48287b83.qua'!
C:\WINDOWS\system32\0etYgB1.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48677bb0.qua'!
C:\WINDOWS\system32\uQqIjCW75p.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48647b9d.qua'!
C:\WINDOWS\system32\P5ty6XB14.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48677b81.qua'!
C:\WINDOWS\system32\0DIwVbmOa.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483c7b90.qua'!
C:\WINDOWS\system32\QRrHanR8.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48657b9e.qua'!
C:\WINDOWS\system32\2cJtS.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483d7bb0.qua'!
C:\WINDOWS\system32\25WOE8.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484a7b82.qua'!
C:\WINDOWS\system32\yt3s5x3.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48267bc1.qua'!
C:\WINDOWS\system32\iUB5bSDi.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48357ba3.qua'!
C:\WINDOWS\system32\8Rl02.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485f7ba0.qua'!
C:\WINDOWS\system32\uyn01v.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48617bc7.qua'!
C:\WINDOWS\system32\qPo2h2T.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48627b9f.qua'!
C:\WINDOWS\system32\7r0bAt3Of.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48237bc1.qua'!
C:\WINDOWS\system32\yp11m.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48247bbf.qua'!
C:\WINDOWS\system32\w75l722hVPC.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48287b87.qua'!
C:\WINDOWS\system32\1oxfS.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486b7bbf.qua'!
C:\WINDOWS\system32\me84slAAj8W.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482b7bb5.qua'!
C:\WINDOWS\system32\s5s3M17lYNK.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48667b86.qua'!
C:\WINDOWS\system32\0KQSt2j3.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48447b9c.qua'!
C:\WINDOWS\system32\ILG1J1BDf5.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483a7b9d.qua'!
C:\WINDOWS\system32\Viq2KrLsK.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48647bbb.qua'!
C:\WINDOWS\system32\0xAPt3y1.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48347bca.qua'!
C:\WINDOWS\system32\LCS0104G2H.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48467b96.qua'!
C:\WINDOWS\system32\7A20p1.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48257b94.qua'!
C:\WINDOWS\system32\33bc871Sm2.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48557b86.qua'!
C:\WINDOWS\system32\dcDXu.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48377bb6.qua'!
C:\WINDOWS\system32\xTu02816vC.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48687ba8.qua'!
C:\WINDOWS\system32\Y0PNlqBB.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48437b84.qua'!
C:\WINDOWS\system32\j3rY8J.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48657b87.qua'!
C:\WINDOWS\system32\2DlEL53IEnn.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485f7b99.qua'!
C:\WINDOWS\system32\v7Nn0kQ7.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48417b8c.qua'!
C:\WINDOWS\system32\w7X656f.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484b7b8c.qua'!
C:\WINDOWS\system32\5mPW63GYh.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48437bc2.qua'!
C:\WINDOWS\system32\1nr8swEtGI.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48657bc4.qua'!
C:\WINDOWS\system32\aXUNyC5.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48487bae.qua'!
C:\WINDOWS\system32\s4B21RL3W.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48357b8b.qua'!
C:\WINDOWS\system32\41Kni1Cw4.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483e7b88.qua'!
C:\WINDOWS\system32\NvFYu5VRY.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48397bcd.qua'!
C:\WINDOWS\system32\5uV1iWuW.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48497bcc.qua'!
C:\WINDOWS\system32\vcqb6t31i3.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '49c424cc.qua'!
C:\WINDOWS\system32\diT3dkBg5Ie.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48477bc1.qua'!
C:\WINDOWS\system32\KidmynI1.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48577bc1.qua'!
C:\WINDOWS\system32\0064WwX33n7.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48297b89.qua'!
C:\WINDOWS\system32\sY6dUO7.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48297bb2.qua'!
C:\WINDOWS\system32\j683HNtTYLj.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482b7b8f.qua'!
C:\WINDOWS\system32\jiBPgV.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48357bc3.qua'!
C:\WINDOWS\system32\d58PH6E.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '498b24e0.qua'!
C:\WINDOWS\system32\exihSQYt8v.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485c7bd2.qua'!
C:\WINDOWS\system32\02xo78K6.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486b7b8c.qua'!
C:\WINDOWS\system32\O886aW52qv.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482b7b93.qua'!
C:\WINDOWS\system32\nV5OIBnKNi.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48287bb1.qua'!
C:\WINDOWS\system32\u1HN1F3p.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483b7b8c.qua'!
C:\WINDOWS\system32\Dp7p1yP81I.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482a7bcc.qua'!
C:\WINDOWS\system32\PqvUuurX.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48697bcd.qua'!
C:\WINDOWS\system32\iLF22.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48397ba8.qua'!
C:\WINDOWS\system32\F14TR66eC.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48277b8e.qua'!
C:\WINDOWS\system32\uKxTdl8d71e.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486b7ba8.qua'!
C:\WINDOWS\system32\UYXhOY5F3.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484b7bb6.qua'!
C:\WINDOWS\system32\vbY2u.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484c7bc0.qua'!
C:\WINDOWS\system32\dIGi238uC.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483a7ba7.qua'!
C:\WINDOWS\system32\KkpV3S0sy.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48637bc9.qua'!
C:\WINDOWS\system32\Ni42700q6.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48277bc7.qua'!
C:\WINDOWS\system32\5EyFxmg46U.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486c7ba4.qua'!
C:\WINDOWS\system32\ysNshI.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48417bd2.qua'!
C:\WINDOWS\system32\lD8tS.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482b7ba4.qua'!
C:\WINDOWS\system32\7KgfM.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485a7bab.qua'!
C:\WINDOWS\system32\t34vkc558.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48277b93.qua'!
C:\WINDOWS\system32\BuC7WeHQL0.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48367bd6.qua'!
C:\WINDOWS\system32\8484AA527.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '482b7b95.qua'!
C:\WINDOWS\system32\wAYjg41Jjx.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484c7ba3.qua'!
C:\WINDOWS\system32\c1t80jUh8.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48677b93.qua'!
C:\WINDOWS\system32\OD6K3tAu.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48297ba6.qua'!
C:\WINDOWS\system32\dArXNv5781k.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48657ba3.qua'!
C:\WINDOWS\system32\cOL4T.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483f7bb2.qua'!
C:\WINDOWS\system32\rpJ2JVNX.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483d7bd3.qua'!
C:\WINDOWS\system32\WNICnELloy.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483c7bb1.qua'!
C:\WINDOWS\system32\24wneH3.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '486a7b98.qua'!
C:\WINDOWS\system32\13B0y6.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48357b97.qua'!
C:\WINDOWS\system32\xYLk3f6R.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483f7bbe.qua'!
C:\WINDOWS\system32\iVYD6d1Dg5g.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '484c7bbb.qua'!
C:\WINDOWS\system32\2DjnREF6.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485d7ba9.qua'!
C:\WINDOWS\system32\E3r5H2.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48657b98.qua'!
C:\WINDOWS\system32\Opv30F63.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48697bd6.qua'!
C:\WINDOWS\system32\v7krrQG.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '485e7b9d.qua'!
C:\WINDOWS\system32\x43Ie4FVyT4.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '498624ec.qua'!
C:\WINDOWS\system32\Mh13CtfI8.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48247bcf.qua'!
C:\WINDOWS\system32\Q414026rga0.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '498424ec.qua'!
C:\WINDOWS\system32\Gcc58Ocg67.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48567bcb.qua'!
C:\WINDOWS\system32\3oGl6Q.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '483a7bd7.qua'!
C:\WINDOWS\system32\4eUC0xp6y3i.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48487bcd.qua'!
C:\WINDOWS\system32\pMrw1ug3.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48657bb5.qua'!
C:\WINDOWS\system32\ekc8dT.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48567bd4.qua'!
C:\WINDOWS\system32\NhPm0.dll
[DETECTION] Is the Trojan horse TR/Agent.A.6
[INFO] The file was moved to '48437bd1.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm1.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e81.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm2.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e82.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm64.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e83.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm3.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e84.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm4.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e85.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm5.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e86.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm6.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21407.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm7.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e87.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm69.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e88.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm65.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e89.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm66.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e8a.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm67.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e8b.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm68.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e8c.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm8.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e8d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm6A.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e8e.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm6C.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e8f.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm6B.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e90.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm7C.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21411.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm6D.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e91.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm72.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e92.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm73.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21413.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm6E.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e93.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm6F.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e94.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm70.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21415.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm71.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e95.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm75.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e96.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm76.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e97.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm74.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e98.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm79.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21419.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm77.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e99.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm78.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e9a.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm7B.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e9b.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm7A.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e9c.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm81.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e9d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm82.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e9e.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm7D.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607e9f.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm7E.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21420.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm7F.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ea1.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm80.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ea2.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm84.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ea3.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm85.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ea4.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm83.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ea5.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm9.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21426.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ea6.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm86.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ea7.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm87.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ea8.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm88.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ea9.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm89.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eaa.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm90.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eab.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm91.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eac.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm8A.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2142d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm8B.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ead.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm8C.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eae.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm8D.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eaf.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm8E.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eb0.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm8F.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21431.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm93.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eb1.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm94.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eb2.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm92.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eb3.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm95.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eb4.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm98.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21435.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm99.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eb5.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm96.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eb6.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm97.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21437.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm9A.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eb7.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm9B.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eb8.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm9E.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21439.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm9C.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eb9.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm9D.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eba.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm9F.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ebb.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA0.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2143c.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmCB.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ebc.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC6.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ebd.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA4.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ebe.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA1.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2143f.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA2.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ebf.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA3.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ec0.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21441.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmAA.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ec1.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA5.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ec3.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA6.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ec4.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA7.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ec5.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA8.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ec6.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmA9.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ec7.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmAB.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21448.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB3.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ec8.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmAC.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ec9.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmAD.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eca.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmAE.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2144b.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmAF.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ecb.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB0.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ecc.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB1.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2144d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB2.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ecd.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB4.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ece.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC0.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2144f.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB5.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ed0.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB6.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ed1.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB7.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21452.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB8.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ed2.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD5.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ed3.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmB9.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ed4.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmBA.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ed5.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmBF.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ed6.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmBB.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21457.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmBC.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ed7.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmBD.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ed8.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmBE.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ed9.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC2.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2145a.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC1.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eda.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC7.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607edb.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC3.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607edc.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC4.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ede.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC5.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee0.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC8.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee1.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC.tmp
[DETECTION
0
Utilisateur anonyme
 
Re merci pour le rapport tu as trouvé combien de virus.
0
Réponse 4 / 22
odc Messages postés 15 Statut Membre
 
Visiblement tout le rapport n'est pas passé, voici la suite:

C:\Documents and Settings\Antoine\Local Settings\Temp\stmC8.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee1.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21462.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee2.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee3.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee4.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmC9.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee5.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm10.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21466.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm11.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee6.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmCA.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee7.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD0.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee8.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmCC.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ee9.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmCD.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eea.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmCE.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2146b.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmCF.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eeb.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD3.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eec.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD1.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eed.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD2.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2146e.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD4.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eee.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm12.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eef.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm13.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ef0.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm14.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21471.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm15.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ef1.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm16.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ef2.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmDC.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21473.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm17.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ef3.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm18.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ef4.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD6.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ef5.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD7.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ef6.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD8.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21477.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmD9.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ef7.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmDA.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ef8.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmDB.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607ef9.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE0.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607efa.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmDD.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2147b.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmDE.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607efb.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmDF.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607efc.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE3.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2147d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE1.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607efd.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE2.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607efe.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF1.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607eff.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE4.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f00.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE5.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21581.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE6.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f01.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE7.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f02.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE8.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f03.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmE9.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f04.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmEA.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21585.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm19.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f05.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm1A.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f06.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmEB.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21587.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmEC.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f07.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmED.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f08.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmEE.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f09.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmEF.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f0a.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF0.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f0b.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF6.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f0c.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF2.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2158d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF3.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f0d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF4.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f0e.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF5.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f0f.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmFC.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f10.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF7.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21591.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF8.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f11.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmFA.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f12.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmF9.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f13.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmFB.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c21594.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmFD.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f14.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmFE.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f15.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm100.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f16.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stmFF.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f17.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm1B.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f18.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm1C.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f1a.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm1D.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f1b.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm1E.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f1c.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm1F.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f1d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm20.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c2159e.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm21.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f1e.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm22.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f1f.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm23.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215a0.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm24.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f20.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm25.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f21.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm26.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f22.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm27.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f23.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm2A.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215a4.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm2B.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f24.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm2C.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f25.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm2D.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215a6.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm2E.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f26.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm2F.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f27.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm30.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f28.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm31.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215a9.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm28.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f29.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm32.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f2a.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm33.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215ab.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm34.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f2b.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm35.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f2c.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm36.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f2d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm37.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215ae.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm38.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f2e.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm39.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f2f.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm3A.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f30.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm3B.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f31.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm3C.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f32.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm3D.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f34.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm3E.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215b5.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm3F.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f35.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm40.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f36.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm41.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215b7.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm42.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f37.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm43.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f38.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm29.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f39.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm44.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f3a.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm46.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215bb.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm47.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f3b.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm48.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f3c.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm49.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215bd.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm4B.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f3d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm4A.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f3e.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm4C.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f3f.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm4D.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215c0.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm4E.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f40.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm4F.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f41.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm50.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f42.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm51.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215c3.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm52.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f43.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm53.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f44.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm54.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f45.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm55.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f46.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm56.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215c7.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm57.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f47.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm58.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f48.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm59.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215c9.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm5C.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f4a.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm5E.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f4b.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm45.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215cc.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm5D.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f4c.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm5F.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f4d.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm60.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f4e.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm61.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f4f.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm62.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '49c215d0.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm63.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f50.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm5A.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f52.qua'!
C:\Documents and Settings\Antoine\Local Settings\Temp\stm5B.tmp
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '48607f53.qua'!
C:\Documents and Settings\Antoine\Mes documents\SPSS2\Merant\merant\client\java\sljdbc.jar
[0] Archive type: ZIP
--> help/wwhdata/js/search/search2.js
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '485d818f.qua'!
C:\Documents and Settings\Antoine\.housecall6.6\Quarantine\isrprov.exe.bac_a02652
[DETECTION] Is the Trojan horse TR/Maccess.A.1
[INFO] The file was moved to '4865841c.qua'!
Begin scan in 'D:\' <ACERDATA>
D:\_OTMoveIt\MovedFiles\WINDOWS\system32\odfwbcmz22.dll
[DETECTION] Is the Trojan horse TR/Maccess.A.1
[INFO] The file was moved to '48599006.qua'!
D:\_OTMoveIt\MovedFiles\WINDOWS\system32\odfwbcmx22.exe
[DETECTION] Is the Trojan horse TR/Maccess.A.1
[INFO] The file was moved to '48599007.qua'!
D:\_OTMoveIt\MovedFiles\WINDOWS\system32\odfwbcmc22.dll
[DETECTION] Contains detection pattern of the worm WORM/Warezov.PI.9
[INFO] The file was moved to '49fbfa88.qua'!
Begin scan in 'H:\' <Intuix key>
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\' <U3 System>

End of the scan: mercredi 2 avril 2008 15:54
Used time: 1:51:14 min

The scan has been done completely.

6707 Scanning directories
446510 Files were scanned
476 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
476 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
446034 Files not concerned
8115 Archives were scanned
4 Warnings
18 Notes
0
Utilisateur anonyme
 
ok merci as tu supprimé les virus.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
odc Messages postés 15 Statut Membre
 
Je les ai envoyé en quarantaine. Lorsque je termine l'analyse en cliquant sur End, il me met un message me demandant de redémarrer windows.
0
Utilisateur anonyme
 
ok après tu vas dans quarantaine et tu les supprimes 1 par 1 après je te dit la suite.
0
Réponse 6 / 22
ludsfa Messages postés 1287 Statut Membre 15
 
bonjour ,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE :http://www.infos-du-net.com/forum/271838-11-tuto-utiliser-hijackthis v2.0.2

Téléchargehttp://sosvirus.changelog.fr/MSNFix.zip(!aur3n7) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Il est indispensable que l'outil soit executé à partir du bureau.

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

https://www.malekal.com/supprimer-virus-desinfecter-pc/
0
Utilisateur anonyme
 
Si ca ne te derange pas je suis avec lui donc pas besoin de 10 000 gens pour l'aider
0
Réponse 7 / 22
ludsfa Messages postés 1287 Statut Membre 15
 
tu peux enlever les trojans que tu veux mais au bout du compte tu n'enlèvera pas le ver msn.
Faites ce que vous voulez après tout.
0
Réponse 8 / 22
odc Messages postés 15 Statut Membre
 
Merci pour l'aide à tous les deux. J'ai relancer windows. Bonne nouvelle, je ne suis plus assailli de messages d'alertes. Que dois-je faire maintenant?
0
Réponse 9 / 22
odc Messages postés 15 Statut Membre
 
Voila, le rapport HijackThis en attendant:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:38, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Antoine\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\system32\fnetip.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: e1.dll diagisr.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Utilisateur anonyme
 
Télécharge navilog1 http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe tien le lien pour le configurer http://infotuto.servhome.org/tutoriel/Navilog1.php
0
ludsfa Messages postés 1287 Statut Membre 15 > Utilisateur anonyme
 
bonjour boy94450
Pourquoi lui fais tu faire un navilog de il mafioso je ne comprends pas .
Il n'à pas évoqué le fait d'avoir des pubs imtempestive?
Il te parle de virus msn il y à une différence je veux bien admettre que son pc est infecté de trojan mais comme je te disais tout à l'heure ça n'enlève pas le vers.
Je viens d'analisée son log et il lui faut un msm fix.
Je veux bien ne pas m'en mêlé mais tu verra quand tu fera planté un pc.
cordialement
ludo
0
Utilisateur anonyme > ludsfa Messages postés 1287 Statut Membre
 
Oui je sais ludsfa mais je voulais savoir être sur quelle n'avait pas d'autre virus voila.
0
Réponse 10 / 22
odc Messages postés 15 Statut Membre
 
Voila le rapport:

Search Navipromo version 3.5.2 commencé le 02/04/2008 à 16:46:09,93

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Antoine"

Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Antoine\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Antoine\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Antoine\menud+~1\progra~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Antoine\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\Antoine\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 02/04/2008 à 16:49:05,07 ***
0
Réponse 11 / 22
odc Messages postés 15 Statut Membre
 
Voila la suite avec le rapport de désinfection:

Clean Navipromo version 3.5.2 commencé le 02/04/2008 à 16:52:44,98

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Antoine"

Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

* Suppression dans "C:\Documents and Settings\Antoine\locals~1\applic~1" *

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Suppression dossiers dans "C:\Documents and Settings\Antoine\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Antoine\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Antoine\menud+~1\progra~1" ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Antoine\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans C:\WINDOWS\system32 *

* Dans "C:\Documents and Settings\Antoine\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 02/04/2008 à 16:57:36,87 ***
0
Réponse 12 / 22
ludsfa Messages postés 1287 Statut Membre 15
 
re
ODC fais quand même le msn fix s'il te plait par mesure de sécurité. et envoi le rapport + un autre hijackthis.
bon boulot boy94450.
0
Utilisateur anonyme
 
de rien
0
Réponse 13 / 22
odc Messages postés 15 Statut Membre
 
Ok merci. Voila pour le rapport MSNfix après redémarrage:

MSNFix 1.696

C:\Documents and Settings\Antoine\Bureau\MSNFix
Fix exécuté le 02/04/2008 - 17:01:19,15 By Antoine
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\mdfg4v.ge
... C:\WINDOWS\wmeiuht.exe
... C:\WINDOWS\system32\mscmippr.dat

************************ Recherche les dossiers présents

... \TEMP\

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\mdfg4v.ge
.. OK ... C:\WINDOWS\wmeiuht.exe
.. OK ... C:\WINDOWS\system32\mscmippr.dat

************************ Suppression des dossiers

/!\ ... \TEMP\

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

Aucun Fichier trouvé

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 02042008_17151906.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
Réponse 14 / 22
odc Messages postés 15 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:35, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Antoine\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\system32\fnetip.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: e1.dll diagisr.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 15 / 22
ludsfa Messages postés 1287 Statut Membre 15
 
re,
bah tu vois on à bien fait
cette saloperie est bien là .
envoi un autre hijackthis stplait.
0
Réponse 16 / 22
odc Messages postés 15 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:17, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Antoine\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\system32\fnetip.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: e1.dll diagisr.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 17 / 22
ludsfa Messages postés 1287 Statut Membre 15
 
oki pense à mettre à jour internet explorer

1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».

2) Désactive toute protection résidente ( antivirus…) !
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !

Télécharge http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>

http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

3) Copie/colle un nouveau rapport HiJackThis avec.
0
Réponse 18 / 22
odc Messages postés 15 Statut Membre
 
Impossible de rester en mode SANS ECHEC plus de 3 minutes sans que l'ordinateur s'éteigne. Du coup, je ne peux exécuter combofix qu'en mode normal. Dois-je le faire quand même?

Par ailleurs, en ce qui concerne les mises à jours automatiques windows (et je crois Internet explorer), elles ne s'effectuent pas malgré les consignes données. En conséquence, il a une petite icône rouge avec une croix blanche qui s'affichent pour le centre de sécurité.
0
Réponse 19 / 22
ludsfa Messages postés 1287 Statut Membre 15
 
ok fais le en mode normal et je vais t'envoyé un lien pour tes mises à jour tout à l'heure.
0
Réponse 20 / 22
odc Messages postés 15 Statut Membre
 
Voila les rapports combofix et hijackthis:

ComboFix 08-04-01.2 - Antoine 2008-04-02 18:23:17.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.303 [GMT 2:00]
Endroit: C:\Documents and Settings\Antoine\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 16:42 . 2008-04-02 16:42 <REP> d-------- C:\Program Files\Navilog1
2008-04-02 13:09 . 2008-04-02 13:09 <REP> d-------- C:\Program Files\Avira
2008-04-02 13:09 . 2008-04-02 13:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-02 01:39 . 2008-04-02 01:39 <REP> d--hs---- C:\FOUND.009
2008-04-02 00:14 . 2008-04-02 00:14 <REP> d-------- C:\Program Files\test
2008-03-24 13:10 . 2003-07-21 04:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-24 13:10 . 2005-01-04 19:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-24 02:08 . 2008-03-24 02:08 <REP> d-------- C:\Program Files\9Dragons

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 15:47 1,141 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-01 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-12-04 23:28 43008]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [ ]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-15 00:41 185896]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 18:28 155648]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-14 11:05 98304]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 13:24 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e1.dll diagisr.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 gkmixern;gkmixern;C:\DOCUME~1\Antoine\LOCALS~1\Temp\gkmixern.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-03 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 18:28:26
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-02 18:30:29
ComboFix-quarantined-files.txt 2008-04-02 16:30:24
Pre-Run: 16,342,810,624 octets libres
Post-Run: 16,321,576,960 octets libres
.
2007-06-14 01:02:58 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:06, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Antoine\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: e1.dll diagisr.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses