Votre question

Avast Application Win32 non valide

Tags :
  • Avast
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Mars 2008 19:44:06

Bonjour,
Voilà j'ai un gros problème c'est que mon antivirus AVAST ne veut plus démarrer et quand j'essaye de le démarrer j'ai marqué application Win32 non valide....
Deplus, je ne peut installer aucun autre antivirus, ça marche pas !!!
Que dois je faire ???
Merci d'avance

PS: J'ai windows XP

Autres pages sur : avast application win32 valide

12 Mars 2008 19:55:05

Salut,

Télécharge ELIBAGLA au bas de cette page. Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !
Clique sur le Descargar Elibagla afin de télécharger le fichier, enregistre-le sur ton bureau.
Lance le en double cliquant dessus.
Vérifie que dans le menu déroulant Unidad, il y ait bien C:\
L'option Eliminar Ficheros Automaticamente doit également être cochée.
Clique sur Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
12 Mars 2008 20:11:35

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 5123
Nº Total de Ficheros: 51321
Nº de Ficheros Analizados: 9933
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 3

Wed Mar 12 20:10:54 2008
EliBagle v11.14 (c)2008 S.G.H. / Satinfo S.L.
Contenus similaires
12 Mars 2008 20:14:46

Manquerait pas le début du rapport par hasard ? :p 

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
12 Mars 2008 20:20:17

Quand je lance Conbofix, j'ai Elibagla qui se lance. Et Conbofix est tout bleu avec un curceur horizontal qui clignote. C'est normal ?
Que doir je faire ? Lancer un new scan avec Eligabla ?
Merci d'avance
12 Mars 2008 20:24:14

Elibagla qui se lance quand tu lances combofix ? :D 

oui il y a un écran bleu, il faut attendre un peu.
12 Mars 2008 20:54:18

Voilà c'est fait !!!
Je fais quoi maintenant?
J'ai un fichier log qui a été créer.
Je le poste ICI ?
Merci
12 Mars 2008 20:57:36

Ben vi :D 
12 Mars 2008 21:04:19

ComboFix 08-03-10.1 - Maxime 2008-03-12 20:42:05.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.192 [GMT 1:00]
Endroit: C:\Documents and Settings\Maxime\Bureau\test.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Maxime\Application Data\inst.exe
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\101078.exe
C:\WINDOWS\system32\drivers\down\104171.exe
C:\WINDOWS\system32\drivers\down\1078828.exe
C:\WINDOWS\system32\drivers\down\107968.exe
C:\WINDOWS\system32\drivers\down\10820687.exe
C:\WINDOWS\system32\drivers\down\10825640.exe
C:\WINDOWS\system32\drivers\down\10827906.exe
C:\WINDOWS\system32\drivers\down\10830843.exe
C:\WINDOWS\system32\drivers\down\1084875.exe
C:\WINDOWS\system32\drivers\down\10853593.exe
C:\WINDOWS\system32\drivers\down\10882406.exe
C:\WINDOWS\system32\drivers\down\10890562.exe
C:\WINDOWS\system32\drivers\down\10894421.exe
C:\WINDOWS\system32\drivers\down\1091265.exe
C:\WINDOWS\system32\drivers\down\10935031.exe
C:\WINDOWS\system32\drivers\down\10936906.exe
C:\WINDOWS\system32\drivers\down\10943828.exe
C:\WINDOWS\system32\drivers\down\1094875.exe
C:\WINDOWS\system32\drivers\down\10980109.exe
C:\WINDOWS\system32\drivers\down\1114937.exe
C:\WINDOWS\system32\drivers\down\111796.exe
C:\WINDOWS\system32\drivers\down\1121625.exe
C:\WINDOWS\system32\drivers\down\1128953.exe
C:\WINDOWS\system32\drivers\down\1132203.exe
C:\WINDOWS\system32\drivers\down\113281.exe
C:\WINDOWS\system32\drivers\down\114281.exe
C:\WINDOWS\system32\drivers\down\1143250.exe
C:\WINDOWS\system32\drivers\down\114578.exe
C:\WINDOWS\system32\drivers\down\1147453.exe
C:\WINDOWS\system32\drivers\down\1151265.exe
C:\WINDOWS\system32\drivers\down\1155156.exe
C:\WINDOWS\system32\drivers\down\115625.exe
C:\WINDOWS\system32\drivers\down\1178625.exe
C:\WINDOWS\system32\drivers\down\118093.exe
C:\WINDOWS\system32\drivers\down\1189359.exe
C:\WINDOWS\system32\drivers\down\120671.exe
C:\WINDOWS\system32\drivers\down\122062.exe
C:\WINDOWS\system32\drivers\down\122859.exe
C:\WINDOWS\system32\drivers\down\123437.exe
C:\WINDOWS\system32\drivers\down\125812.exe
C:\WINDOWS\system32\drivers\down\125859.exe
C:\WINDOWS\system32\drivers\down\130609.exe
C:\WINDOWS\system32\drivers\down\131750.exe
C:\WINDOWS\system32\drivers\down\135625.exe
C:\WINDOWS\system32\drivers\down\136000.exe
C:\WINDOWS\system32\drivers\down\139187.exe
C:\WINDOWS\system32\drivers\down\140562.exe
C:\WINDOWS\system32\drivers\down\141546.exe
C:\WINDOWS\system32\drivers\down\143484.exe
C:\WINDOWS\system32\drivers\down\144500.exe
C:\WINDOWS\system32\drivers\down\146375.exe
C:\WINDOWS\system32\drivers\down\14671265.exe
C:\WINDOWS\system32\drivers\down\14679328.exe
C:\WINDOWS\system32\drivers\down\14682312.exe
C:\WINDOWS\system32\drivers\down\14724562.exe
C:\WINDOWS\system32\drivers\down\14727375.exe
C:\WINDOWS\system32\drivers\down\14747328.exe
C:\WINDOWS\system32\drivers\down\14754437.exe
C:\WINDOWS\system32\drivers\down\14756765.exe
C:\WINDOWS\system32\drivers\down\14759718.exe
C:\WINDOWS\system32\drivers\down\14762421.exe
C:\WINDOWS\system32\drivers\down\14768812.exe
C:\WINDOWS\system32\drivers\down\14772171.exe
C:\WINDOWS\system32\drivers\down\14773156.exe
C:\WINDOWS\system32\drivers\down\14773515.exe
C:\WINDOWS\system32\drivers\down\14776359.exe
C:\WINDOWS\system32\drivers\down\14778296.exe
C:\WINDOWS\system32\drivers\down\14810750.exe
C:\WINDOWS\system32\drivers\down\149843.exe
C:\WINDOWS\system32\drivers\down\15101921.exe
C:\WINDOWS\system32\drivers\down\15132875.exe
C:\WINDOWS\system32\drivers\down\15136125.exe
C:\WINDOWS\system32\drivers\down\15142859.exe
C:\WINDOWS\system32\drivers\down\15146687.exe
C:\WINDOWS\system32\drivers\down\15147468.exe
C:\WINDOWS\system32\drivers\down\15151390.exe
C:\WINDOWS\system32\drivers\down\15188734.exe
C:\WINDOWS\system32\drivers\down\152734.exe
C:\WINDOWS\system32\drivers\down\158671.exe
C:\WINDOWS\system32\drivers\down\163218.exe
C:\WINDOWS\system32\drivers\down\163937.exe
C:\WINDOWS\system32\drivers\down\165062.exe
C:\WINDOWS\system32\drivers\down\169250.exe
C:\WINDOWS\system32\drivers\down\170640.exe
C:\WINDOWS\system32\drivers\down\171781.exe
C:\WINDOWS\system32\drivers\down\174218.exe
C:\WINDOWS\system32\drivers\down\176812.exe
C:\WINDOWS\system32\drivers\down\177546.exe
C:\WINDOWS\system32\drivers\down\177734.exe
C:\WINDOWS\system32\drivers\down\180656.exe
C:\WINDOWS\system32\drivers\down\180718.exe
C:\WINDOWS\system32\drivers\down\181640.exe
C:\WINDOWS\system32\drivers\down\183906.exe
C:\WINDOWS\system32\drivers\down\184421.exe
C:\WINDOWS\system32\drivers\down\187875.exe
C:\WINDOWS\system32\drivers\down\191500.exe
C:\WINDOWS\system32\drivers\down\191796.exe
C:\WINDOWS\system32\drivers\down\192640.exe
C:\WINDOWS\system32\drivers\down\193921.exe
C:\WINDOWS\system32\drivers\down\194031.exe
C:\WINDOWS\system32\drivers\down\194671.exe
C:\WINDOWS\system32\drivers\down\194843.exe
C:\WINDOWS\system32\drivers\down\195750.exe
C:\WINDOWS\system32\drivers\down\197421.exe
C:\WINDOWS\system32\drivers\down\197953.exe
C:\WINDOWS\system32\drivers\down\198906.exe
C:\WINDOWS\system32\drivers\down\200000.exe
C:\WINDOWS\system32\drivers\down\201828.exe
C:\WINDOWS\system32\drivers\down\202984.exe
C:\WINDOWS\system32\drivers\down\204937.exe
C:\WINDOWS\system32\drivers\down\207250.exe
C:\WINDOWS\system32\drivers\down\208343.exe
C:\WINDOWS\system32\drivers\down\209218.exe
C:\WINDOWS\system32\drivers\down\212234.exe
C:\WINDOWS\system32\drivers\down\213640.exe
C:\WINDOWS\system32\drivers\down\216187.exe
C:\WINDOWS\system32\drivers\down\216343.exe
C:\WINDOWS\system32\drivers\down\218906.exe
C:\WINDOWS\system32\drivers\down\219300140.exe
C:\WINDOWS\system32\drivers\down\219307218.exe
C:\WINDOWS\system32\drivers\down\219309687.exe
C:\WINDOWS\system32\drivers\down\219321000.exe
C:\WINDOWS\system32\drivers\down\219325359.exe
C:\WINDOWS\system32\drivers\down\219333703.exe
C:\WINDOWS\system32\drivers\down\219338546.exe
C:\WINDOWS\system32\drivers\down\219339125.exe
C:\WINDOWS\system32\drivers\down\219340312.exe
C:\WINDOWS\system32\drivers\down\219346250.exe
C:\WINDOWS\system32\drivers\down\219348593.exe
C:\WINDOWS\system32\drivers\down\219381875.exe
C:\WINDOWS\system32\drivers\down\233802890.exe
C:\WINDOWS\system32\drivers\down\233806000.exe
C:\WINDOWS\system32\drivers\down\233809359.exe
C:\WINDOWS\system32\drivers\down\233811656.exe
C:\WINDOWS\system32\drivers\down\233815031.exe
C:\WINDOWS\system32\drivers\down\233837671.exe
C:\WINDOWS\system32\drivers\down\233845390.exe
C:\WINDOWS\system32\drivers\down\233847875.exe
C:\WINDOWS\system32\drivers\down\233860531.exe
C:\WINDOWS\system32\drivers\down\233863093.exe
C:\WINDOWS\system32\drivers\down\233869531.exe
C:\WINDOWS\system32\drivers\down\233872953.exe
C:\WINDOWS\system32\drivers\down\233873750.exe
C:\WINDOWS\system32\drivers\down\233874578.exe
C:\WINDOWS\system32\drivers\down\233877187.exe
C:\WINDOWS\system32\drivers\down\233879109.exe
C:\WINDOWS\system32\drivers\down\233917125.exe
C:\WINDOWS\system32\drivers\down\234750.exe
C:\WINDOWS\system32\drivers\down\237453.exe
C:\WINDOWS\system32\drivers\down\241140.exe
C:\WINDOWS\system32\drivers\down\241390.exe
C:\WINDOWS\system32\drivers\down\245734.exe
C:\WINDOWS\system32\drivers\down\245921.exe
C:\WINDOWS\system32\drivers\down\246921.exe
C:\WINDOWS\system32\drivers\down\249843.exe
C:\WINDOWS\system32\drivers\down\250843.exe
C:\WINDOWS\system32\drivers\down\253906.exe
C:\WINDOWS\system32\drivers\down\255703.exe
C:\WINDOWS\system32\drivers\down\256281.exe
C:\WINDOWS\system32\drivers\down\260546.exe
C:\WINDOWS\system32\drivers\down\264265.exe
C:\WINDOWS\system32\drivers\down\267359.exe
C:\WINDOWS\system32\drivers\down\279437.exe
C:\WINDOWS\system32\drivers\down\283625.exe
C:\WINDOWS\system32\drivers\down\286406.exe
C:\WINDOWS\system32\drivers\down\29234437.exe
C:\WINDOWS\system32\drivers\down\29245187.exe
C:\WINDOWS\system32\drivers\down\29247687.exe
C:\WINDOWS\system32\drivers\down\29250843.exe
C:\WINDOWS\system32\drivers\down\29254453.exe
C:\WINDOWS\system32\drivers\down\29278156.exe
C:\WINDOWS\system32\drivers\down\29287828.exe
C:\WINDOWS\system32\drivers\down\29290765.exe
C:\WINDOWS\system32\drivers\down\29293421.exe
C:\WINDOWS\system32\drivers\down\29296281.exe
C:\WINDOWS\system32\drivers\down\29324062.exe
C:\WINDOWS\system32\drivers\down\29328187.exe
C:\WINDOWS\system32\drivers\down\29328515.exe
C:\WINDOWS\system32\drivers\down\29328828.exe
C:\WINDOWS\system32\drivers\down\29332562.exe
C:\WINDOWS\system32\drivers\down\29334203.exe
C:\WINDOWS\system32\drivers\down\29367343.exe
C:\WINDOWS\system32\drivers\down\309671.exe
C:\WINDOWS\system32\drivers\down\31431296.exe
C:\WINDOWS\system32\drivers\down\31467875.exe
C:\WINDOWS\system32\drivers\down\31476250.exe
C:\WINDOWS\system32\drivers\down\31513687.exe
C:\WINDOWS\system32\drivers\down\315234.exe
C:\WINDOWS\system32\drivers\down\31543125.exe
C:\WINDOWS\system32\drivers\down\31761000.exe
C:\WINDOWS\system32\drivers\down\31823421.exe
C:\WINDOWS\system32\drivers\down\318468.exe
C:\WINDOWS\system32\drivers\down\31909187.exe
C:\WINDOWS\system32\drivers\down\31955406.exe
C:\WINDOWS\system32\drivers\down\321687.exe
C:\WINDOWS\system32\drivers\down\32259937.exe
C:\WINDOWS\system32\drivers\down\32348531.exe
C:\WINDOWS\system32\drivers\down\323984.exe
C:\WINDOWS\system32\drivers\down\32421281.exe
C:\WINDOWS\system32\drivers\down\32422328.exe
C:\WINDOWS\system32\drivers\down\32550125.exe
C:\WINDOWS\system32\drivers\down\33046734.exe
C:\WINDOWS\system32\drivers\down\344234.exe
C:\WINDOWS\system32\drivers\down\350578.exe
C:\WINDOWS\system32\drivers\down\361406.exe
C:\WINDOWS\system32\drivers\down\381250.exe
C:\WINDOWS\system32\drivers\down\384968.exe
C:\WINDOWS\system32\drivers\down\410531.exe
C:\WINDOWS\system32\drivers\down\413125.exe
C:\WINDOWS\system32\drivers\down\425234.exe
C:\WINDOWS\system32\drivers\down\428640.exe
C:\WINDOWS\system32\drivers\down\448015.exe
C:\WINDOWS\system32\drivers\down\463375.exe
C:\WINDOWS\system32\drivers\down\572265.exe
C:\WINDOWS\system32\drivers\down\57264531.exe
C:\WINDOWS\system32\drivers\down\57268218.exe
C:\WINDOWS\system32\drivers\down\57270421.exe
C:\WINDOWS\system32\drivers\down\57272906.exe
C:\WINDOWS\system32\drivers\down\57321921.exe
C:\WINDOWS\system32\drivers\down\57335234.exe
C:\WINDOWS\system32\drivers\down\57361843.exe
C:\WINDOWS\system32\drivers\down\57367781.exe
C:\WINDOWS\system32\drivers\down\57375093.exe
C:\WINDOWS\system32\drivers\down\57388609.exe
C:\WINDOWS\system32\drivers\down\57390750.exe
C:\WINDOWS\system32\drivers\down\57395890.exe
C:\WINDOWS\system32\drivers\down\57431328.exe
C:\WINDOWS\system32\drivers\down\608656.exe
C:\WINDOWS\system32\drivers\down\63362406.exe
C:\WINDOWS\system32\drivers\down\63375875.exe
C:\WINDOWS\system32\drivers\down\63405750.exe
C:\WINDOWS\system32\drivers\down\63507234.exe
C:\WINDOWS\system32\drivers\down\63613328.exe
C:\WINDOWS\system32\drivers\down\6396515.exe
C:\WINDOWS\system32\drivers\down\6404734.exe
C:\WINDOWS\system32\drivers\down\6407406.exe
C:\WINDOWS\system32\drivers\down\6436078.exe
C:\WINDOWS\system32\drivers\down\6444406.exe
C:\WINDOWS\system32\drivers\down\6447265.exe
C:\WINDOWS\system32\drivers\down\6453250.exe
C:\WINDOWS\system32\drivers\down\6458593.exe
C:\WINDOWS\system32\drivers\down\6465640.exe
C:\WINDOWS\system32\drivers\down\6469656.exe
C:\WINDOWS\system32\drivers\down\6470328.exe
C:\WINDOWS\system32\drivers\down\6471062.exe
C:\WINDOWS\system32\drivers\down\6477828.exe
C:\WINDOWS\system32\drivers\down\647812.exe
C:\WINDOWS\system32\drivers\down\6480046.exe
C:\WINDOWS\system32\drivers\down\6515359.exe
C:\WINDOWS\system32\drivers\down\654453.exe
C:\WINDOWS\system32\drivers\down\678531.exe
C:\WINDOWS\system32\drivers\down\693140.exe
C:\WINDOWS\system32\drivers\down\722343.exe
C:\WINDOWS\system32\drivers\down\729000.exe
C:\WINDOWS\system32\drivers\down\772328.exe
C:\WINDOWS\system32\drivers\down\778250.exe
C:\WINDOWS\system32\drivers\down\781890.exe
C:\WINDOWS\system32\drivers\down\783187.exe
C:\WINDOWS\system32\drivers\down\797781.exe
C:\WINDOWS\system32\drivers\down\824500.exe
C:\WINDOWS\system32\drivers\down\827765.exe
C:\WINDOWS\system32\drivers\down\842625.exe
C:\WINDOWS\system32\drivers\down\85703.exe
C:\WINDOWS\system32\drivers\down\879625.exe
C:\WINDOWS\system32\drivers\down\88890.exe
C:\WINDOWS\system32\drivers\down\91515.exe
C:\WINDOWS\system32\drivers\down\92187.exe
C:\WINDOWS\system32\drivers\down\936375.exe
C:\WINDOWS\system32\drivers\down\94156.exe
C:\WINDOWS\system32\drivers\down\95453.exe
C:\WINDOWS\system32\drivers\down\97312.exe
C:\WINDOWS\system32\drivers\down\98312.exe
C:\WINDOWS\system32\drivers\down\99484.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
.

2008-03-11 20:32 . 2008-03-11 20:32 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-03-11 19:26 . 2008-03-11 19:26 <REP> d-------- C:\Program Files\Lavasoft
2008-03-11 17:01 . 2008-03-11 17:01 <REP> d-------- C:\Documents and Settings\Maxime\Application Data\OpenOffice.org2
2008-03-11 16:58 . 2008-03-11 16:59 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-10 19:37 . 2008-03-12 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-10 19:26 . 2008-03-12 20:48 <REP> d--h----- C:\Documents and Settings\Maxime\Application Data\m
2008-03-10 19:09 . 2008-03-10 19:09 <REP> d-------- C:\Documents and Settings\Maxime\Application Data\TuneUp Software
2008-03-10 19:09 . 2008-03-10 19:09 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-10 19:09 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-10 19:08 . 2008-03-10 19:09 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-10 19:08 . 2008-03-12 12:11 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-10 19:08 . 2008-03-10 19:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-05 14:36 . 2008-03-05 14:37 <REP> d-------- C:\Program Files\netbeans-5.5.1
2008-03-05 08:03 . 2008-03-05 08:03 <REP> d-------- C:\Documents and Settings\Maxime\Application Data\EPSON
2008-03-02 19:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-02 19:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-02 19:10 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 19:09 . 2008-03-02 19:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-02 19:08 . 2008-03-02 19:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 21:52 . 2007-02-06 13:24 1,126,400 --a------ C:\WINDOWS\system32\GflAx.dll
2008-02-28 21:52 . 2004-03-09 00:00 609,824 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-02-28 21:52 . 2001-04-24 16:22 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-02-28 21:52 . 2001-06-11 20:03 98,304 --a------ C:\WINDOWS\system32\HLBButton6.ocx
2008-02-28 21:52 . 2002-12-16 15:27 40,960 --a------ C:\WINDOWS\system32\vbalFlBr6.dll
2008-02-28 21:52 . 2003-02-06 07:58 40,960 --a------ C:\WINDOWS\system32\MouseEventsCapture.ocx
2008-02-28 21:00 . 2008-02-28 21:02 <REP> d-------- C:\Program Files\Cryptus 2006
2008-02-28 20:59 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-28 20:59 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-28 19:21 . 2008-02-28 19:21 <REP> d-------- C:\FILEPROT
2008-02-28 19:21 . 2008-02-28 19:21 32,768 --a------ C:\WINDOWS\system32\fpdrv.dll
2008-02-28 19:21 . 2008-02-28 19:21 32,491 --a------ C:\WINDOWS\system32\drivers\fileprot.sys
2008-02-28 19:21 . 2008-02-28 19:21 24,576 --a------ C:\WINDOWS\system32\loadfp.exe
2008-02-28 17:58 . 2008-03-10 00:36 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-28 17:54 . 2006-10-13 00:00 61,952 --a------ C:\WINDOWS\system32\escwiad.dll
2008-02-28 17:54 . 2005-02-25 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-02-28 17:54 . 2005-02-25 00:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2008-02-28 17:04 . 2008-03-10 19:15 <REP> d-------- C:\Program Files\Ahead
2008-02-28 16:54 . 2008-03-05 14:03 <REP> d-------- C:\LaBonnePaye
2008-02-28 16:49 . 2008-02-28 16:49 <REP> d-------- C:\Documents and Settings\Maxime\.netbeans
2008-02-26 19:14 . 2008-02-26 19:14 <REP> d-------- C:\Documents and Settings\Maxime\Application Data\T.Aragon
2008-02-26 19:13 . 2008-03-10 19:22 <REP> d-------- C:\Program Files\WinSesame
2008-02-26 19:13 . 2008-02-28 22:32 <REP> d-------- C:\Documents and Settings\Maxime\Application Data\WinSesame
2008-02-25 13:48 . 2008-02-25 13:48 <REP> d-------- C:\Program Files\My Lockbox
2008-02-25 13:48 . 2007-12-13 20:13 17,264 --a------ C:\WINDOWS\system32\drivers\mprifl.sys
2008-02-22 19:31 . 2008-02-22 19:31 244 --ah----- C:\sqmnoopt14.sqm
2008-02-22 19:31 . 2008-02-22 19:31 232 --ah----- C:\sqmdata14.sqm
2008-02-22 18:21 . 2008-02-22 18:21 244 --ah----- C:\sqmnoopt13.sqm
2008-02-22 18:21 . 2008-02-22 18:21 232 --ah----- C:\sqmdata13.sqm
2008-02-21 09:35 . 2008-02-21 09:35 244 --ah----- C:\sqmnoopt12.sqm
2008-02-21 09:35 . 2008-02-21 09:35 232 --ah----- C:\sqmdata12.sqm
2008-02-20 23:37 . 2008-02-20 23:37 244 --ah----- C:\sqmnoopt11.sqm
2008-02-20 23:37 . 2008-02-20 23:37 232 --ah----- C:\sqmdata11.sqm
2008-02-19 23:32 . 2008-02-19 23:32 244 --ah----- C:\sqmnoopt10.sqm
2008-02-19 23:32 . 2008-02-19 23:32 232 --ah----- C:\sqmdata10.sqm
2008-02-19 19:06 . 2008-02-19 19:06 244 --ah----- C:\sqmnoopt09.sqm
2008-02-19 19:06 . 2008-02-19 19:06 232 --ah----- C:\sqmdata09.sqm
2008-02-19 10:27 . 2008-02-19 10:27 244 --ah----- C:\sqmnoopt08.sqm
2008-02-19 10:27 . 2008-02-19 10:27 232 --ah----- C:\sqmdata08.sqm
2008-02-18 18:16 . 2008-02-18 18:16 <REP> d-------- C:\Documents and Settings\Maxime\Application Data\PokerAcademy2
2008-02-15 12:34 . 2008-02-15 12:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-14 21:43 . 2008-02-14 21:43 <REP> d-------- C:\TempDVD
2008-02-14 21:43 . 2008-02-14 21:44 <REP> d-------- C:\Program Files\dvdSanta
2008-02-14 21:40 . 2008-03-10 19:11 <REP> d-------- C:\Program Files\VSO
2008-02-14 21:40 . 2008-03-10 19:11 <REP> d-------- C:\Documents and Settings\Maxime\Application Data\Vso
2008-02-14 21:40 . 2008-02-14 21:40 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-14 21:40 . 2008-03-10 19:11 47,360 --a------ C:\Documents and Settings\Maxime\Application Data\pcouffin.sys
2008-02-14 18:41 . 2008-02-14 18:41 <REP> d-------- C:\Documents and Settings\Maxime\Application Data\River Past G5
2008-02-14 18:41 . 2008-02-14 21:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2008-02-14 18:33 . 2008-02-14 21:49 <REP> d-------- C:\Program Files\MKVtoolnix
2008-02-14 18:27 . 2008-02-14 18:35 <REP> d-------- C:\Program Files\DivX
2008-02-14 18:20 . 2008-02-14 18:35 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-02-14 18:19 . 2008-02-14 18:42 <REP> d-------- C:\Program Files\Ripp-it_AM

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-10 18:16 --------- d-----w C:\Program Files\Applications
2008-03-02 18:11 --------- d-----w C:\Program Files\MSN Messenger
2008-03-02 18:09 --------- d-----w C:\Program Files\Windows Live
2008-02-28 16:54 --------- d-----w C:\Program Files\EPSON
2008-02-27 12:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-08 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-06 18:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-05 21:23 --------- d-----w C:\Documents and Settings\Maxime\Application Data\Apple Computer
2008-02-04 19:48 --------- d-----w C:\Program Files\AdVantage
2008-02-04 17:05 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-04 16:48 --------- d-----w C:\Program Files\Google
2008-01-30 23:30 --------- d-----w C:\Documents and Settings\Maxime\Application Data\Ashampoo
2008-01-30 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-01-30 19:42 64,942 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-30 19:42 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-30 19:11 --------- d-----w C:\Program Files\iTunes
2008-01-30 19:11 --------- d-----w C:\Program Files\iPod
2008-01-30 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-30 19:09 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-01-30 19:09 --------- d-----w C:\Program Files\Apple Software Update
2008-01-30 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-30 17:51 --------- d-----w C:\Program Files\Alwil Software
2008-01-30 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-30 17:48 --------- d-----w C:\Documents and Settings\Maxime\Application Data\vlc
2008-01-30 17:46 --------- d-----w C:\Program Files\VideoLAN
2008-01-30 17:36 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-30 17:20 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-30 17:18 --------- d-----w C:\Program Files\Sun
2008-01-30 17:18 --------- d-----w C:\Program Files\Java
2008-01-30 17:16 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-01-30 17:15 357 ----a-w C:\Documents and Settings\Maxime\.cb_layout.bin
2008-01-30 17:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-30 16:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-30 16:50 --------- d-----w C:\Program Files\Maple 10
2008-01-30 16:31 --------- d-----w C:\Program Files\Synaptics
2008-01-30 16:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 16:17 --------- d-----w C:\Program Files\ATI Technologies
2008-01-30 16:14 --------- d-----w C:\Program Files\DIFX
2008-01-30 15:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-30 15:46 --------- d-----w C:\Program Files\Services en ligne
2004-08-19 15:10 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-12 23:21 14156800 C:\WINDOWS\RTHDCPL.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"RMC"="C:\WINDOWS\system32\drivers\RMC.exe" [2005-03-28 17:55 24576]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-04 11:13 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-04 11:12 708698]
"jEdit Server"="C:\WINDOWS\system32\javaw.exe" [2007-07-12 01:22 135168]
"EPSON Stylus Photo RX420 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 03:00 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"winsesame_del"=C:\Program Files\WinSesame\effaceur.exe
"EPSON Stylus Photo RX420 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"flockbox"=C:\Program Files\My Lockbox\flockbox.exe /a
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"FP Loader"=loadfp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Applications\\Ares\\Ares.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Applications\\lphant\\eLePhantClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R2 Fileprot;Fileprot;C:\WINDOWS\system32\drivers\Fileprot.sys [2008-02-28 19:21]
R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 15:24]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-05 02:48]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 15:24]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-10 19:09]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-14 11:09:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-12 19:47:49 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 20:48:09
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Maxime\Bureau\ELIBAGLA.BBØCBØØH.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-12 20:51:19 - machine was rebooted [Maxime]
ComboFix-quarantined-files.txt 2008-03-12 19:51:07
.
2008-03-03 11:42:50 --- E O F ---
12 Mars 2008 21:37:48

Re,

Supprime (en mode sans échec s'il le faut !):
  • C:\Documents and Settings\Maxime\Application Data\m

    Reposte un HijackThis
    12 Mars 2008 21:52:42

    Voilà j'ai supprimer C:\Documents and Settings\Maxime\Application Data\m en mode sans echec.

    HijackThis:

    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\drivers\RMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\javaw.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [jEdit Server] "C:\WINDOWS\system32\javaw.exe" -Xms64M -Xmx192M -jar "C:\Program Files\Applications\jEdit\jedit.jar" -background -nogui
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Applications\Ares\chatServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 5532 bytes
    12 Mars 2008 21:53:20

    Et maintenant je fais quoi ?
    Merci d'avance
    12 Mars 2008 22:06:18

    Re,

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)

    Vérifie qu’il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
    12 Mars 2008 22:36:52

    Voila c fait !!!



    AntiVir PersonalEdition Classic
    Report file date: mercredi 12 mars 2008 22:29

    Scanning for 1145475 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number:
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: M
    Computer name: M

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:28:17
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 21:28:17
    ANTIVIR3.VDF : 7.0.3.22 127488 Bytes 12/03/2008 21:28:17
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 12/03/2008 21:28:18
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 12/03/2008 21:28:18
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Rootkit search
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
    Logging..........................: high
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high
    Expanded search settings.........: 0x00300922

    Start of the scan: mercredi 12 mars 2008 22:29

    Starting search for hidden objects.
    c:\documents and settings\maxime\mes documents\my lockbox
    [NOTE] The directory is not visible.
    [INFO] A backup was created as '47f84cdc.qua' ( QUARANTINE )
    '265875' objects were checked, '1' hidden objects were found.


    End of the scan: mercredi 12 mars 2008 22:34
    Used time: 04:36 min

    The scan has been done completely.

    0 Scanning directories
    1 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    1 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes
    265875 Objects were scanned with rootkit scan
    1 Hidden objects were found
    12 Mars 2008 22:38:46

    Donc je suppose que c fini !!! Si c pas le cas dit le moi !!!
    Je te remercie pour tout. C génial qu'il y est des personne comme toi pour aider des personne comme moi qui ne savons pas quoi faire.
    Encore merci.
    12 Mars 2008 22:39:09

    Nop nop..

    Used time: 04:36 min <- trop court !

    Citation :
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off


    Citation :
    puis dans manual selection, coche tout (tes partitions de disque dur).


    Allez hop au boulot :p 

    12 Mars 2008 22:42:06

    Oui je suis bien allé dans Scanner et j'ai tout cocher !!!
    Puis j'ai cliquer sur l'icone avec la loupe !!
    Et voila c parti !!!
    12 Mars 2008 22:46:39

    Attend, je c il faut peut etre que je clique dans status sur scan system now !!! C'est en rouge !!!

    A oui c'est bcp bcp plus long !!!
    Je teins au courant demain, car la je vais allé me coucher, car demain j'ai cour. De toute façon je sens que le scan va prendre une bonne petite heure !!!

    Je t'enverrai un resumé demain midi.
    Sinon apres cette étape il reste quoi à faire ?

    Merci d'avance.
    13 Mars 2008 12:04:44

    Salut, je te poste comme promis le log de antivir.
    Juste quelque precision sur le fonctionnement de antivir. Il fonctionne en tant réel ?
    Merci d'avance pour ta réponse.

    AntiVir PersonalEdition Classic
    Report file date: mercredi 12 mars 2008 22:42

    Scanning for 1145475 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number:
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: MAX

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:28:17
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 21:28:17
    ANTIVIR3.VDF : 7.0.3.22 127488 Bytes 12/03/2008 21:28:17
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 12/03/2008 21:28:18
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 12/03/2008 21:28:18
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 12 mars 2008 22:42

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'javaw.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'RMC.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    34 processes with 34 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '5872' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!

    [1] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the Trojan horse TR/Drop.Multid.FF.1
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16001
    [WARNING] Failed!
    C:\QooBox\Quarantine\catchme2008-03-12_204802.21.zip
    [0] Archive type: ZIP
    --> srosa.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    --> wintems.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> mdelk.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> hldrrr.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '484c57e1.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '483d57e4.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '484657ea.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '483c57ed.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\104171.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480c57b2.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\1078828.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480f57b2.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\10820687.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '481057b3.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\113281.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480b57b5.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\115625.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480d57b5.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\131750.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480957b8.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14671265.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '480e57ba.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\233802890.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480b57bb.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\233806000.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480b57bc.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\241140.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '480957be.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\246921.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480e57bf.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29234437.exe.vir
    [DETECTION] Is the Trojan horse TR/Agent.698884
    [INFO] The file was moved to '480a57c5.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29245187.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480a57c6.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\31431296.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '480c57be.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\31467875.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480c57bf.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\57264531.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '497920ff.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\63362406.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '480b57c3.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\63375875.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '497820fc.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\6396515.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '481157c4.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\85703.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480f57c7.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\88890.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '481057cb.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\91515.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480d57c5.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\94156.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480957c8.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\99484.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480c57ce.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP38\A0013276.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48085864.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP38\A0013325.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48085866.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP38\A0013617.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48085872.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP38\A0013668.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48085874.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP38\A0013669.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085875.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP38\A0013670.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4967396e.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP40\A0013765.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4808587c.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP40\A0013766.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4808587d.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP41\A0013803.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085880.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP41\A0013804.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085881.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP41\A0013822.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '4967399a.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP41\A0014817.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48085883.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP41\A0014838.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085884.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP41\A0014839.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4967399d.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP42\A0014851.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48085886.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP42\A0014912.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48085887.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP42\A0014924.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48085888.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP43\A0015924.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '4808588a.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP45\A0016366.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '4808589f.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP45\A0016367.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858a0.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP45\A0016368.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '496739b9.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP47\A0016737.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '480858b5.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP47\A0016738.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '496739ae.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP47\A0016739.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858b6.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP47\A0016740.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '496739af.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP48\A0016848.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '480858bf.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP48\A0016849.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '496739d8.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP48\A0016850.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858c1.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP48\A0016871.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858c0.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP48\A0017829.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '496739da.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP48\A0017830.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858c3.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP49\A0017921.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '480858c4.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP49\A0017922.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858c5.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP49\A0018019.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '480858c8.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP49\A0018031.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '480858c9.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP49\A0018049.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '496739d2.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP49\A0018050.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858ca.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP49\A0018052.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '496739d3.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP50\A0018208.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858d1.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP50\A0019189.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '496739ca.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP50\A0020189.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '480858d3.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0020231.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '480858d5.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0020461.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858e0.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0020464.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858e1.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0020466.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '496739fa.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0020467.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '480858e2.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0020569.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858e5.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0021050.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858fc.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0021064.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858fd.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0021083.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '496739e6.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0021084.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858fe.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0021100.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '496739e7.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0021101.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '480858ff.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP51\A0021260.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '48085908.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0021262.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '48085909.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0021512.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085915.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0021515.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4967380e.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0021517.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085917.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0021518.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48085916.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0021620.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4808591a.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0022101.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4808592b.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0022115.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4808592c.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0022134.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '49673835.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0022135.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4808592d.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0022153.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '4808592e.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0022154.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4975e9cf.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0022155.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4808592f.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP52\A0022156.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4975e9d0.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP53\A0022292.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48085935.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP54\A0022296.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085938.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP56\A0023292.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '4808593d.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP56\A0023293.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4975e9de.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP56\A0024292.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '4808593e.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP56\A0024293.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4975e9df.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP56\A0024294.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4808593f.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP56\A0024302.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '4975e9a0.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP56\A0024306.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085940.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP57\A0024312.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '4975e9a1.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024384.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085944.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024385.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4975e9a5.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024387.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085945.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024407.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085946.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024414.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4975e9a7.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024425.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085947.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024434.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '4975e9a8.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024513.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085949.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024514.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4808594a.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024532.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '4808594b.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024536.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '49673854.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024548.exe
    [DETECTION] Is the Trojan horse TR/Agent.698884
    [INFO] The file was moved to '4808594c.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024549.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '49673855.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024566.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '4808594d.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024567.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '49673856.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024597.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4808594e.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024611.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '4808594f.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024612.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '49673848.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024616.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '48085950.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024645.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085951.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024647.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4967384a.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024648.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085952.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024651.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4967384b.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024655.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '48085953.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024662.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '48085954.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024664.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '4967384d.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024665.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '48085955.qua'!
    C:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP58\A0024675.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '4967384e.qua'!
    Begin scan in 'D:\' <Documents>
    D:\WinSesame 5.1 [Patch].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '48465c09.qua'!
    D:\WinSesame 5.1 [Patch].zip
    [0] Archive type: ZIP
    --> WinSesame 5.1 [Patch].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '492d6c62.qua'!
    D:\System Volume Information\_restore{B6633A54-EC5E-49D0-8F66-B3B79D5E58E6}\RP59\A0024842.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.KP
    [INFO] The file was moved to '48085c00.qua'!


    End of the scan: mercredi 12 mars 2008 23:48
    Used time: 1:05:53 min

    The scan has been done completely.

    5356 Scanning directories
    587778 Files were scanned
    141 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    137 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    587637 Files not concerned
    4947 Archives were scanned
    2 Warnings
    0 Notes
    13 Mars 2008 17:06:29

    Je te remercie pour tout.
    Mon pc marche cent fois mieux et surtout vive Antivir !!!
    Au fait Antivir il protège en tant réel ???
    13 Mars 2008 18:33:23

    Re,

    Antivir protège en temps réel oui.

    Te conseille de désinstaller lphant.
    Citation :
    C:\Program Files\Applications\lphant\temp\003.part
    [0] Archive type: ZIP
    --> Worms 4 Mayhem Crack Fr.zip


    Reposte un HijackThis ;) 

    13 Mars 2008 18:43:32

    Désinstallation Effectué !!!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:42:48, on 13/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\drivers\RMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\javaw.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [jEdit Server] "C:\WINDOWS\system32\javaw.exe" -Xms64M -Xmx192M -jar "C:\Program Files\Applications\jEdit\jedit.jar" -background -nogui
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Applications\Ares\chatServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 6107 bytes
    13 Mars 2008 18:49:37

    Re,

    C'est clean :) 

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
    Poste le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
    13 Mars 2008 18:58:48

    Voilà le rapport:

    13/03/2008 a 18:54:18,59

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    13 Mars 2008 19:13:38

    Bien,

    Télécharge ToolsCleaner2( de A.Rothstein)

    Installe le sur ton Bureau
    Clique sur [Recherche] pour lancer le scan
    Clique sur [Supprimer] pour nettoyer les outils utilisés
    Clique sur [Quitter],
    Poste ce rapport ~>C:\TCleaner.txt<~

    Garde ccleaner, avg et antivir si nous les avons installé..
    Désactive-réactive la restauration système
    Rapporte ton infection sur Malware Complaints >Tuto<
    Ton(tes) infection(s) : Bagle
    Si tu ne la trouves pas dans la liste, poste dans Autres infections,

    Puis regarde ces dossiers :

    Sécurité/Prévention
    Conséquences de la multi-protection

    bonne soirée
    13 Mars 2008 19:19:32

    Ok et merci pour toute ton aide !!!
    Bonne Soirée à toi aussi et surtout continue à aidé les gens comme moi.
    Encore merci
    A+
    13 Mars 2008 19:24:22

    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Maxime\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Maxime\Bureau\Clean.zip: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\tar.exe: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\remove.reg: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\pskill.exe: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\LFiles.exe: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\gzip.exe: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\delsiri.cmd: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\delr.cmd: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\del3.cmd: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\del2.cmd: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\clean.cmd: trouvé !
    C:\Documents and Settings\Maxime\Bureau\clean\cherche.cmd: trouvé !
    C:\Program Files\Applications\CodeBlocks\bin\gzip.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Maxime\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Maxime\Bureau\Clean.zip: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\tar.exe: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\remove.reg: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\pskill.exe: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\LFiles.exe: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\gzip.exe: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\delsiri.cmd: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\delr.cmd: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\del3.cmd: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\del2.cmd: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\clean.cmd: supprimé !
    C:\Documents and Settings\Maxime\Bureau\clean\cherche.cmd: supprimé !
    C:\Program Files\Applications\CodeBlocks\bin\gzip.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    19 Novembre 2008 19:17:29

    Salut XmichouX,

    j'ai le meme problème que lezert avec avast et l'application win32... alors puis-je suivre à la lettre les indications que tu as donné à lezert ?

    Merci d'avance pour ta réponse !!
    a bientôt
    7 Décembre 2008 13:41:43

    J'ai le même problème avec avast : lorsque je lance l'executif, winows affiche : application win32 non valide...
    J'ai télécharger combofix mais il me faut l'avis d'un consultant expère...
    Peus tu m'aider ?
    25 Janvier 2009 20:45:29

    Bonjour
    j'ai le même problème que lezert impossible d'ouvrir avast, et d'installer d'autres antivirus
    merci d'avance
    25 Janvier 2009 22:02:34

    voici mon rapport
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:53:13, on 25/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\HiYo\bin\HiYo.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\eMule\emule.exe
    C:\WINDOWS\explorer.exe
    D:\Documents and Settings\gérard et véro\Local Settings\Temporary Internet Files\Content.IE5\DPEG6U1Y\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 11788 bytes
    20 Juin 2009 19:40:00

    XmichouX a dit :
    ++ ;) 

    bonjour,

    j'ai également un problème avec Win32, je n'arrive pas à un ouvrir un document avec Word.
    voici, mon message: C:\Documents ans Settings\HP_propriétaireBureau\.doc n'est pas une application Win32 valide.

    Que dois-je faire?

    D'avance, merci pour votre aide.

    Chris
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS