Votre question

windows n'ouvre plus mon profil

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Septembre 2008 13:40:06

Bonjour a tous
j'ai un probleme avec mon pc : a l'ouverture de session windows me dit qu'il ne peut pas ouvrir mon profil et ma session

Du coup je me retrouve avec une autre session, completement vide.
autres signes : avast detecte un virus et l'ouverture de D: a partir du poste de travail echoue

je fais suivre un log hijackthis

merci

Autres pages sur : windows ouvre profil

17 Septembre 2008 13:40:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:15, on 17/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless 802.11g Monitor\XPFix.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\TEMP\Bureau\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [InfoMyCa.exe] C:\Program Files\Wireless 802.11g Monitor\InfoMyCa.exe
O4 - HKLM\..\Run: [XPFix] C:\Program Files\Wireless 802.11g Monitor\XPFix.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcafee] C:\WINDOWS\WIN31.dll.vbs
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8248394A-B0F5-4872-87B2-5C854520F585}: NameServer = 192.168.0.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

--
End of file - 6293 bytes
Contenus similaires
17 Septembre 2008 17:17:46

bonjour et merci de ton aide

J'ai lancé ton outil (je ne l'ai pas fait en mode sans echec par contre...)

Apres la desinfection, je peux maintenant ouvrir D:/ à partir du poste de travail.
Par contre à chaque reboot, windows me dit qu'il ne peut pas charger mon profil. Et une nouvelle session s'ouvre (qui porte pourtant le meme nom qu'avant), et tout est vierge dessus. Ca fait exactement qu'on vient d'installer XP : visite guidée proposée, fond d'ecran colline, et aucune icone sur le bureau (sauf quicktime). Meme ton outil que j'avais placé sur le bureau a disparu au reboot. Autres choses : firefox est vierge de marque page, mots de passes..etc : comme si je venais de l'installer. Par contre j'ai l'impression que tous les paramètres sont présents dans le profil firefox

merci
a b 8 Sécurité
17 Septembre 2008 18:01:08

Reposte un rapport Hijackthis.
17 Septembre 2008 18:13:35

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:19, on 17/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless 802.11g Monitor\XPFix.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [InfoMyCa.exe] C:\Program Files\Wireless 802.11g Monitor\InfoMyCa.exe
O4 - HKLM\..\Run: [XPFix] C:\Program Files\Wireless 802.11g Monitor\XPFix.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcafee] C:\WINDOWS\WIN31.dll.vbs
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8248394A-B0F5-4872-87B2-5C854520F585}: NameServer = 192.168.0.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

--
End of file - 6531 bytes
a b 8 Sécurité
17 Septembre 2008 18:30:27

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    17 Septembre 2008 18:46:51

    ComboFix 08-09-16.05 - Mi Chan 2008-09-17 18:34:57.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.239 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\TEMP\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-17 au 2008-09-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-17 18:39 . 2006-09-08 16:10 <REP> d--h----- C:\Documents and Settings\TEMP\Voisinage r‚seau
    2008-09-17 18:39 . 2006-09-08 16:10 <REP> d--h----- C:\Documents and Settings\TEMP\Voisinage d'impression
    2008-09-17 18:39 . 2006-09-08 17:18 <REP> d--h----- C:\Documents and Settings\TEMP\ModŠles
    2008-09-17 18:39 . 2008-09-17 18:39 <REP> dr------- C:\Documents and Settings\TEMP\Mes documents
    2008-09-17 18:39 . 2006-09-08 16:10 <REP> dr------- C:\Documents and Settings\TEMP\Menu D‚marrer
    2008-09-17 18:39 . 2008-09-17 18:39 <REP> d-------- C:\Documents and Settings\TEMP\Favoris
    2008-09-17 18:39 . 2006-09-08 16:10 <REP> d-------- C:\Documents and Settings\TEMP\Bureau
    2008-09-17 18:39 . 2008-09-17 18:39 <REP> d-------- C:\Documents and Settings\TEMP

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-17 16:09 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 2
    2008-08-28 17:18 --------- d-----w C:\Program Files\SuperCopier2
    2008-08-23 15:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-03-22 155648]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-03-22 126976]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
    "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 406016]
    "PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-04-27 94208]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-29 77824]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
    "SMSERIAL"="sm56hlpr.exe" [2005-04-26 C:\WINDOWS\sm56hlpr.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Mozilla Firefox 2 Beta 2\\firefox.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "D:\\jeux\\CSS\\hl2.exe"=
    "C:\\Program Files\\Hamachi\\hamachi.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
    S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 209408]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 17792]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-InfoMyCa.exe - C:\Program Files\Wireless 802.11g
    HKLM-Run-XPFix - C:\Program Files\Wireless 802.11g
    HKLM-Run-Pinnacle WebUpdater - C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml
    HKLM-Run-mcafee - C:\WINDOWS\WIN31.dll.vbs
    Notify-WgaLogon - (no file)


    .
    ------- Examen suppl‚mentaire -------
    .
    R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
    O17 -: HKLM\CCS\Interface\{8248394A-B0F5-4872-87B2-5C854520F585}: NameServer = 192.168.0.1
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-17 18:39:56
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Wireless 802.11g Monitor\XPFix.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\ComboFix\pv.cfexe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-17 18:43:35 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-17 16:43:30

    Avant-CF: 10,305,888,256 octets libres
    AprŠs-CF: 10,316,201,984 octets libres

    118
    17 Septembre 2008 18:50:27

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:49, on 2008-09-17
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Wireless 802.11g Monitor\XPFix.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\CTFMON.EXE
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8248394A-B0F5-4872-87B2-5C854520F585}: NameServer = 192.168.0.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

    --
    End of file - 6122 bytes
    17 Septembre 2008 22:08:38

    Bonsoir j'ai fait le scan avec AntiVir et voila le résultat


    Avira AntiVir Personal
    Report file date: mercredi 17 septembre 2008 21:06

    Scanning for 1621910 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: HANA

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 19:01:21
    ANTIVIR3.VDF : 7.0.6.173 143360 Bytes 17/09/2008 19:01:23
    Engineversion : 8.1.1.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.70 319866 Bytes 17/09/2008 19:01:34
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.1 397683 Bytes 17/09/2008 19:01:33
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.23 196987 Bytes 17/09/2008 19:01:31
    AEHEUR.DLL : 8.1.0.51 1397111 Bytes 17/09/2008 19:01:30
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 17/09/2008 19:01:26
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 17/09/2008 19:01:25
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 17/09/2008 19:01:23
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 17 septembre 2008 21:06

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'remoterm.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'brctrcen.exe' - '1' Module(s) have been scanned
    Scan process 'BrStDvPt.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
    Scan process 'msiexec.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'brss01a.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    36 processes with 36 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '59' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103149.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103150.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103161.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103163.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was moved to '49025cc9.qua'!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103177.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] A backup was created as '49025cd5.qua' ( QUARANTINE )
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103178.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103192.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103193.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103205.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103206.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103220.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103222.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103236.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103238.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103256.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103258.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103270.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103272.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103285.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103286.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103299.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103300.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103314.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103316.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103328.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103329.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103342.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103343.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103356.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103357.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103371.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103372.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103387.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103388.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103410.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103411.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103422.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103423.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103445.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103446.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103460.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103462.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103474.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103475.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103491.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103493.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103508.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103509.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103520.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103521.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103534.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103535.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103557.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103559.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103585.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103586.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103604.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103606.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103640.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103642.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103657.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103658.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103675.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103676.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103690.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103691.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103702.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103703.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103722.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103724.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103737.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103738.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0103777.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0103778.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104820.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104822.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104924.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104926.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104942.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104944.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104980.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104981.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0105017.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP382\A0107094.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    Begin scan in 'D:\'
    D:\Mes documents\Cours M1\TP\2 TP gènes candidats maïs\lignine\pgkb5 T-DNA.doc
    [DETECTION] Contains code of the W97M/Thus.AH Word macro virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103053.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103074.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103092.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103106.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103120.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103134.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103152.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103166.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103181.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103195.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103209.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103225.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103240.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103261.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103275.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103289.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103303.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103318.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103331.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103345.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103359.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103375.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103390.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103414.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103425.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103449.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103465.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103477.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103495.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103512.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103524.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103539.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103562.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103589.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103609.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103645.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103660.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103679.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103693.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103706.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103727.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP370\A0103741.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0103780.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104824.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104928.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104946.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP371\A0104984.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{0F6FE7BB-A302-4C3B-BF00-0A2735CE07E2}\RP382\A0107056.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.J VBS script virus
    [NOTE] The file was deleted!


    End of the scan: mercredi 17 septembre 2008 21:55
    Used time: 48:54 Minute(s)

    The scan has been done completely.

    5874 Scanning directories
    375418 Files were scanned
    133 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    132 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    375284 Files not concerned
    2785 Archives were scanned
    1 Warnings
    133 Notes


    Par contre le problème de mes paramètres personnels n'est pas résolu.
    Merci pour ton aide.
    a b 8 Sécurité
    18 Septembre 2008 16:55:43

    Reposte un rapport Hijackthis.
    18 Septembre 2008 18:48:30

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:46:57, on 18/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\CTFMON.EXE
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8248394A-B0F5-4872-87B2-5C854520F585}: NameServer = 192.168.0.1
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

    --
    End of file - 6257 bytes
    merci
    a b 8 Sécurité
    18 Septembre 2008 19:27:22

    Tu as d'autres soucis ?
    18 Septembre 2008 19:40:26

    Bonsoir,
    Je te remercie pour ton aide mais le problème de mes paramètres personnels persiste. Mon profil ne se télécharge pas à l'ouverture de Windows et de plus je perds tout ce que j'enregistre sur mon bureau quand j'éteints mon pc.
    Merci
    a b 8 Sécurité
    18 Septembre 2008 19:51:53

    Je ne pense pas que cela soit lié à une infection :/ 
    19 Septembre 2008 18:07:13

    Bonjour,
    Si on formate le pc, cela pourrait il réparer le problème?
    a b 8 Sécurité
    19 Septembre 2008 18:08:06

    Possible, on ne peut être certain.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS