Se connecter / S'enregistrer
Votre question

virus c'est pas toi sur msn

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Janvier 2008 10:32:11

bonjour

j'ai eut aussi ce virus donc j'ai suivi les procedures que j'ai vu dans le forum soit msn fix, hjti, sd fix voici les rapports apres sd fix windos m'a dit erreur serieuse envoyer ou pas envoyer et j'ai mon pare feu de windows qui se deconnecte tout seul
la visiblement apres tout ça ça fonctionne mais comment etre sur je n'ose plus ouvrir msn
je vous colle mes rapports en tous cas merci d'avance
MSNFix 1.639-2

C:\Documents and Settings\cecile debaugnies\Bureau\MSNFix
Fix exécuté le 21/01/2008 - 21:25:22,98 By cecile debaugnies
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\CECILE~1\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\CECILE~1\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\cecile debaugnies\??????.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

/!\ ... C:\DOCUME~1\CECILE~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\CECILE~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\cecile debaugnies\??????.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\CECILE~1\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\CECILE~1\LOCALS~1\Temp\services.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\bhij.exe] E35BBFB29114DC915FB8FAF710EB8770
[C:\tuwwp.exe] 89EA174DD0E1FFFE0295C903DDB4367A
[C:\upaq.exe] F6E57C3E854EE7780F960AA9B50BC69E



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21012008_21290287.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:16, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\bhij.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Inscription sur le Web.lnk = C:\WINDOWS\winhlp32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www8.photoweb.fr/telechargement/Photoweb_uploade...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lafamilledececile.spaces.live.com//PhotoUpload/M...
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lafamilledececile.spaces.live.com/PhotoUpload/Ms...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11193 bytes

Autres pages sur : virus msn

22 Janvier 2008 12:42:59

bonjour
Flake Il a déjà passé MSNFix :D 

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    Contenus similaires
    22 Janvier 2008 15:41:54

    merci j'ai deja fait cette manip sauf que je n'ai pas eut a l'ecran finished et le dossier report.txt
    et j'ai refais un scan il ma trouver encore 2 trojan
    agent-JDR et hijack-AS
    et que veut tu dire avec un nouveau log hijackthis
    merci d'avance
    22 Janvier 2008 17:08:49

    re
    trouve le rapport:
    Dans le dossier SDFix sous le nom Report.txt.
    23 Janvier 2008 09:36:22

    j'es pere que c'est ça merci de ton aide

    SDFix: Version 1.129

    Run by cecile debaugnies on 21/01/2008 at 22:06

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    runtime

    Path:
    \??\C:\WINDOWS\System32\drivers\runtime.sys

    runtime - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\134404~1 - Deleted
    C:\TUWWP.EXE - Deleted
    C:\Program Files\Helper\superfindout.dll - Deleted
    C:\DOCUME~1\CECILE~1\LOCALS~1\Temp\Clean_*.dll - Deleted
    C:\WINDOWS\system32\*_exception.nls - Deleted
    C:\WINDOWS\system32\adult.txt - Deleted
    C:\WINDOWS\system32\finance.txt - Deleted
    C:\WINDOWS\system32\lt.res - Deleted
    C:\WINDOWS\system32\other.txt - Deleted
    C:\WINDOWS\system32\pharma.txt - Deleted
    C:\WINDOWS\system32\sft.res - Deleted



    Folder C:\Program Files\Helper - Removed


    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    : ADS Found!

    svchost.exe: deleted 27716 bytes in 2 streams.

    Checking for remaining Streams

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    23 Janvier 2008 09:42:07

    j'es pere que c'est ça merci de ton aide

    SDFix: Version 1.129

    Run by cecile debaugnies on 21/01/2008 at 22:06

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    runtime

    Path:
    \??\C:\WINDOWS\System32\drivers\runtime.sys

    runtime - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\134404~1 - Deleted
    C:\TUWWP.EXE - Deleted
    C:\Program Files\Helper\superfindout.dll - Deleted
    C:\DOCUME~1\CECILE~1\LOCALS~1\Temp\Clean_*.dll - Deleted
    C:\WINDOWS\system32\*_exception.nls - Deleted
    C:\WINDOWS\system32\adult.txt - Deleted
    C:\WINDOWS\system32\finance.txt - Deleted
    C:\WINDOWS\system32\lt.res - Deleted
    C:\WINDOWS\system32\other.txt - Deleted
    C:\WINDOWS\system32\pharma.txt - Deleted
    C:\WINDOWS\system32\sft.res - Deleted



    Folder C:\Program Files\Helper - Removed


    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    : ADS Found!

    svchost.exe: deleted 27716 bytes in 2 streams.

    Checking for remaining Streams

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    23 Janvier 2008 10:26:28

    bonjour
    le rapport n'est pas complet
    poste nous le en entier
    23 Janvier 2008 10:30:51

    j'ai que ça et comme je disais au depart il n'a jamais ecrit finished et je n'ai jamais eut le rapport d'affiché a l'ecran
    je dois recommencer la procédure ?
    je supprimme sd fix avant de recommencer?
    merci
    23 Janvier 2008 13:29:11

    re
    ne supprime pas ta version
    refais un passage avec l'outil

    tu posteras le nouveau rapport et un log hijackthis
    23 Janvier 2008 15:58:54

    j'ai beau recommencer la procedure il redemmarre normalement

    avec les icones directe

    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    tout cela ne se fait pas
    23 Janvier 2008 16:01:52

    tant pis, on fera autrement
    reposte un log hijackthis :) 
    23 Janvier 2008 16:03:18

    ça affiche juste le journal a recupere une erreur serieuse voulez vous envoyer a microsoft
    23 Janvier 2008 16:06:02

    poste ton log :) 
    23 Janvier 2008 16:07:16

    si ça ne marche pas, supprime ta version puis on en prend une autre:
    ~ Télécharge HijackThis
    http://www.merijn.org/files/hijackthis.zip ;
    ~Crée un "nouveau dossier" dédié à Hijackthis (c:\Hijackthis\),dézippe Hijackthis.exe dans ce répertoire
    ~Lance Hijackthis.exe "do a system scan & save log file",et fais un copier coller du rapport généré dans ton prochain post.


    23 Janvier 2008 21:30:45

    Logfile of HijackThis v1.99.1
    Scan saved at 21:26:34, on 23/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\bhij.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\CECILE~1\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Inscription sur le Web.lnk = C:\WINDOWS\winhlp32.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www8.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lafamilledececile.spaces.live.com//PhotoUpload/M...
    O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lafamilledececile.spaces.live.com/PhotoUpload/Ms...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    23 Janvier 2008 23:09:05

    re

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

    ajoute un nouveau rapport Hijackthis.
    24 Janvier 2008 07:47:32

    bonjour j'ai fait combo fix je n'ai jamais eut la question ou je devait taper 1 et bien entendu pas de rapport non plus la fenetre sous dos c'est ferme et plus rien
    donc j'ai tout de meme refait un nouveau rapport hijackthis je te l'envoie
    merci
    24 Janvier 2008 07:48:35

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:43, on 2008-01-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\bhij.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Inscription sur le Web.lnk = C:\WINDOWS\winhlp32.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www8.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lafamilledececile.spaces.live.com//PhotoUpload/M...
    O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lafamilledececile.spaces.live.com/PhotoUpload/Ms...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 10848 bytes
    24 Janvier 2008 12:08:06

    bonjour
    on va faire autrement:

    ~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

    1

    Tu cliques sur démarrer, tu cliques executer et tu tapes dans la boîte de dialogue: services.msc , tu recherches la ligne de service FFI et tu fais" type de démarrage désactivé" puis et "type de démarrage" sur arrêter.

    2



    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
    O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe


    Clique sur Fix checked (en bas à gauche)

    3

    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\bhij.exe
    C:\WINDOWS\system32\svchost.exe:exm.exe


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur MoveIt![/#f]

    [#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.

    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ->Informations sur le logiciel<-



    24 Janvier 2008 20:05:16

    bonsoir j'ai fait la manip jusqu'au point 2 fix checked la partie 3 selectionne
    C:\bhij.exe
    C:\WINDOWS\system32\svchost.exe:exm.exe
    je ne l'ai encore pas eut donc j'ai recommencer ms cette fois je n'ai plus
    O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
    O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
    donc dois je faire tout de meme OT MOVE IT
    MERCI
    24 Janvier 2008 21:19:34

    bonsoir

    Oui, continue :) 
    24 Janvier 2008 21:26:19

    mais je n'ai rien a coller du coup donc je clique juste sur move it
    24 Janvier 2008 21:33:25

    tu as lu la procédure?
    tu copies ce qui est en gras sur le forum et tu colles dans OTMoveIt
    24 Janvier 2008 21:36:29

    voila ce que j'ai
    j'ai tapé du coup dans le cadre

    C:\bhij.exe
    C:\WINDOWS\system32\svchost.exe:exm.exe
    et ensuite move it et voilaa ce que ça a donné

    c:\bhij.exe moved successfully.
    File/Folder c:\windows\system32\svchost.exe:exm.exe not found.

    Created on 01-24-2008 21:28:48
    mais c'est chiant pourquoi je n'arrive jamais a finir une étape de ce que tu me demande
    je suis pas nul ds le domaine de l'informatique ça ne me fait pas peur de bidouiller merde alors que se passe t'il
    va t'ont s'en sortir
    en tout cas merci de pas m'abandonner

    24 Janvier 2008 22:07:03

    Citation :
    je suis pas nul ds le domaine de l'informatique ça ne me fait pas peur de bidouiller merde alors que se passe t'il
    va t'ont s'en sortir

    tu t'en sors très bien ;) 

    reposte un log hijackthis
    24 Janvier 2008 22:09:32

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:09, on 2008-01-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Inscription sur le Web.lnk = C:\WINDOWS\winhlp32.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www8.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lafamilledececile.spaces.live.com//PhotoUpload/M...
    O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lafamilledececile.spaces.live.com/PhotoUpload/Ms...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 10782 bytes
    24 Janvier 2008 22:15:10

    je ne vais pas te torturer plus longtemps. :D 
    tu as encore des soucis? (pour moi c'est OK)
    25 Janvier 2008 07:31:14

    bonjourl

    le souccis que j'ai c'est que ça rame plus qu'avant
    que j'ai le pare feu de windows qui se desactive tout seul
    et quand je lance avast il me trouve toujours des trojans
    voila et je n'ose plus ouvrir msn

    merci beaucoup
    25 Janvier 2008 11:56:01

    bonjour
    ok

    Voilà ce qu'on va faire, tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    25 Janvier 2008 18:04:33

    voila le rapport pas terrible d'ailleurs


    AntiVir PersonalEdition Classic
    Report file date: 2008-01-25 16:57

    Scanning for 1070348 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: ACER-DC6C4D74B4

    Version information:
    BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 15:56:46
    ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 2008-01-25 15:56:46
    ANTIVIR3.VDF : 7.0.2.50 2048 Bytes 2008-01-25 15:56:46
    AVEWIN32.DLL : 7.6.0.53 3211776 Bytes 2008-01-25 15:56:47
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-01-25 15:56:47
    AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2008-01-25 16:57

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
    Scan process 'SiWake.exe' - '1' Module(s) have been scanned
    Scan process 'OSA.EXE' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
    Scan process '9wifi.exe' - '1' Module(s) have been scanned
    Scan process 'InCD.exe' - '1' Module(s) have been scanned
    Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    53 processes with 53 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '81' files ).


    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\arnaud debaugnies\Local Settings\Temp\loader.exe
    [DETECTION] Is the Trojan horse TR/Kobcka.CG.4
    [INFO] The file was moved to '47fb0894.qua'!
    C:\Documents and Settings\arnaud debaugnies\Local Settings\Temporary Internet Files\Content.IE5\01MR4TK9\zgshj[1].html
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '480d08b2.qua'!
    C:\Documents and Settings\arnaud debaugnies\Local Settings\Temporary Internet Files\Content.IE5\A18DTEOS\addy[1].exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '47fe08d2.qua'!
    C:\Documents and Settings\arnaud debaugnies\Local Settings\Temporary Internet Files\Content.IE5\NOY4OU22\cprdshtvt[1].html
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    [INFO] The file was moved to '480c0919.qua'!
    C:\Documents and Settings\arnaud debaugnies\Local Settings\Temporary Internet Files\Content.IE5\O9YRCP6R\niushkmpx[1].html
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [INFO] The file was moved to '480f0936.qua'!
    C:\Documents and Settings\arnaud debaugnies\Local Settings\Temporary Internet Files\Content.IE5\PN9DNI71\17PHolmes[1].cmt
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47ea0938.qua'!
    C:\Documents and Settings\arnaud debaugnies\Local Settings\Temporary Internet Files\Content.IE5\PN9DNI71\rvljyazbq[1].html
    [DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [INFO] The file was moved to '48060982.qua'!
    C:\Documents and Settings\arnaud debaugnies\Local Settings\Temporary Internet Files\Content.IE5\WC7KLA8C\a[1].exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb0993.qua'!
    C:\Documents and Settings\arnaud debaugnies\Local Settings\Temporary Internet Files\Content.IE5\WLQ5XV89\lsegihwln[1].txt
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '47ff09bc.qua'!
    C:\Documents and Settings\cecile debaugnies\Bureau\pour virus\MSNFix\21012008_21290287.zip
    [0] Archive type: ZIP
    --> backup/mrofinu1148.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/mrofinu1148.exe.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/services.exe
    [DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
    --> backup/vjeepb.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '47ca0ae0.qua'!
    C:\Documents and Settings\cecile debaugnies\Local Settings\Temporary Internet Files\Content.IE5\5UBP3IBA\cprdshtvt[1].html
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    [INFO] The file was moved to '480c0b86.qua'!
    C:\Documents and Settings\cecile debaugnies\Local Settings\Temporary Internet Files\Content.IE5\5UBP3IBA\rvljyazbq[1].html
    [DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [INFO] The file was moved to '48060b92.qua'!
    C:\Documents and Settings\cecile debaugnies\Local Settings\Temporary Internet Files\Content.IE5\AQ4SL8RQ\17PHolmes[1].cmt
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47ea0b6d.qua'!
    C:\Documents and Settings\cecile debaugnies\Local Settings\Temporary Internet Files\Content.IE5\CV870G2C\niushkmpx[1].html
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.Crw.1 Backdoor server programs
    [INFO] The file was moved to '480f0bd3.qua'!
    C:\Documents and Settings\cecile debaugnies\Local Settings\Temporary Internet Files\Content.IE5\Q5BTU1M7\addy[1].exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '47fe0c15.qua'!
    C:\Documents and Settings\cecile debaugnies\Local Settings\Temporary Internet Files\Content.IE5\Q5BTU1M7\lsegihwln[1].txt
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '47ff0c2b.qua'!
    C:\Documents and Settings\cecile debaugnies\Local Settings\Temporary Internet Files\Content.IE5\R4WR9RPH\a[1].exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb0c2b.qua'!
    C:\Documents and Settings\cecile debaugnies\Local Settings\Temporary Internet Files\Content.IE5\R4WR9RPH\zgshj[1].html
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '480d0c41.qua'!
    C:\Documents and Settings\cecile debaugnies\Local Settings\Temporary Internet Files\Content.IE5\S2JEOC9B\niushkmpx[1].html
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '480f0c4f.qua'!
    C:\Documents and Settings\cecile debaugnies\Local Settings\Temporary Internet Files\Content.IE5\SI2D2P3A\zgshj[1].html
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '480d0c61.qua'!
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\808KO4WZ\df34[1].html
    [DETECTION] Is the Trojan horse TR/Agent.18944
    [INFO] The file was moved to '47cd0cad.qua'!
    C:\SDFix\backups_old1\backups.zip
    [0] Archive type: ZIP
    --> backups/clean_1f363.dll
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    --> backups/clean_20c5a.dll
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    --> backups/clean_35f74e.dll
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    --> backups/tuwwp.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '47fd118a.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129669.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1186.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129672.com
    [DETECTION] Is the Trojan horse TR/Agent.dwd.4
    [INFO] The file was moved to '4654be9f.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129673.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1187.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129674.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654be90.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129675.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1189.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129676.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654be92.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129677.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1188.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129678.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654be91.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129679.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb118a.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129680.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654be93.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129681.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb118b.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129687.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654be94.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129688.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb118d.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129689.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654be96.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129690.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb118c.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129691.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654be95.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129692.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db63.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129693.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db65.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129694.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db64.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129695.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db66.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129696.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb118f.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129697.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db78.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129698.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb118e.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129699.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db67.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129700.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1180.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129701.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db69.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129702.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1191.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129703.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db7a.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129704.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1193.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129705.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db7c.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129706.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1182.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129707.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db6b.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129708.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1184.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129709.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db6d.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129710.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1195.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129711.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db7e.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129712.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1197.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129713.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db70.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129714.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1190.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129715.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db79.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129716.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1192.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129717.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db7b.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129718.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1199.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129719.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db72.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129720.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb119b.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129721.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db74.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129722.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1194.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129723.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db7d.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129724.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1196.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129725.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb119d.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129726.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db76.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129727.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb119f.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129728.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db48.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129729.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11a1.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129730.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db7f.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129731.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1168.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129732.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db81.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129733.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb116a.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129765.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db4a.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129766.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db83.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129767.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb116c.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129768.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db85.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129769.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb116e.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129770.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11a3.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129771.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db4c.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129772.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11a5.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129773.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db4e.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129774.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1198.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129775.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db71.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129776.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb119a.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129777.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db73.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129778.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11a7.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129779.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db40.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129780.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11a9.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129781.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db42.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129782.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb119c.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129783.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db75.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP375\A0129784.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb119e.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129828.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db77.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129829.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db87.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129830.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11ab.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129831.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db44.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129832.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11ad.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129833.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db46.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129834.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1160.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129835.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db89.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129836.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb1162.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129837.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db8b.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129838.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11af.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129839.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db58.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129840.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11b1.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129841.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db5a.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129842.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11a0.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129843.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db49.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129844.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11a2.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129845.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db4b.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129846.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11b3.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129847.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db5c.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0129848.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11b5.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0130918.exe
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    [INFO] The file was moved to '4654db5e.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0130920.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '47cb11b7.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0130921.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47cb11a4.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0130922.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4654db4d.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0131927.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4654db50.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0131928.exe
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    [INFO] The file was moved to '47cb11b9.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0131929.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '4654db52.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0131930.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '47cb11bb.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0131931.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '47cb11a6.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0131932.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '4654db4f.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0131940.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
    [INFO] The file was moved to '47cb11b8.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0132919.exe
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    [INFO] The file was moved to '4654db54.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0132920.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '47cb11bd.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP376\A0132921.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '4654db56.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0133993.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11bf.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0133994.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db28.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0134969.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '47cb11c1.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0134970.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4654db2a.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0135969.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cb11ae.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0135970.exe
    [DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
    [INFO] The file was moved to '4654db47.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0135973.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '4654db51.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0136029.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '47cb11b0.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0136037.dll
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    [INFO] The file was moved to '4654db59.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0136038.dll
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    [INFO] The file was moved to '47cb11b2.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0136039.dll
    [DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
    [INFO] The file was moved to '47cb11c3.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0136041.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '4654db2c.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0137095.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '4654db5b.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0137096.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47cb11c5.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0137097.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [INFO] The file was moved to '4654db2e.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0137098.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '47cb11c7.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0137099.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '4654db20.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0137100.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    [INFO] The file was moved to '47cb11b4.qua'!
    C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP377\A0137102.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4654db5d.qua'!
    C:\WINDOWS\system32\socketa.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
    [INFO] The file was moved to '47fd1354.qua'!
    C:\WINDOWS\system32\socksys.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
    [INFO] The file was moved to '4663d635.qua'!
    C:\_OTMoveIt\MovedFiles\bhij.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.Crw.1 Backdoor server programs
    [INFO] The file was moved to '480313a6.qua'!
    Begin scan in 'D:\' <ACERDATA>


    End of the scan: 2008-01-25 17:50
    Used time: 52:19 min

    The scan has been done completely.

    8617 Scanning directories
    455264 Files were scanned
    163 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    157 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    455101 Files not concerned
    8331 Archives were scanned
    2 Warnings
    0 Notes

    25 Janvier 2008 18:34:30

    bonjour
    reposte un log hijackthis :) 
    25 Janvier 2008 19:34:37

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:29:49, on 25/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-733070570-1298144984-1413640847-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'cecile debaugnies')
    O4 - HKUS\S-1-5-21-733070570-1298144984-1413640847-1007\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (User 'cecile debaugnies')
    O4 - HKUS\S-1-5-21-733070570-1298144984-1413640847-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'cecile debaugnies')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-733070570-1298144984-1413640847-1007 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'cecile debaugnies')
    O4 - S-1-5-21-733070570-1298144984-1413640847-1007 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'cecile debaugnies')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Inscription sur le Web.lnk = C:\WINDOWS\winhlp32.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www8.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lafamilledececile.spaces.live.com//PhotoUpload/M...
    O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lafamilledececile.spaces.live.com/PhotoUpload/Ms...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 11162 bytes
    25 Janvier 2008 21:04:12

    bonsoir
    essaye de repasser combofix maintenant. (supprime ta version)

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

    ajoute un nouveau rapport Hijackthis.

    25 Janvier 2008 21:39:56

    bon combo fix ne ma pas pose de question mon horloge doit etre modifie ms elle continue de tourner
    et aucun reboot et aucun rapport le programme se ferme comme ça

    voila le rapport hijackthis ms je ne sais pas si ça te servira du coup


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:35, on 2008-01-25
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Inscription sur le Web.lnk = C:\WINDOWS\winhlp32.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www8.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lafamilledececile.spaces.live.com//PhotoUpload/M...
    O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lafamilledececile.spaces.live.com/PhotoUpload/Ms...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 10341 bytes
    25 Janvier 2008 23:30:28

    re
    retrouve le rapport combofix et poste le:
    il est dans:
    C:\Combofix.txt


    26 Janvier 2008 10:13:16

    bonjour je n'ai que ça en fichier texte c'est a dire rien

    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.331 [GMT 1:00]
    26 Janvier 2008 10:35:17

    j'ai desinstallé et reinstalle combo et recommence la manip voila le rapport ms toujours pas de question pose et d'arret d'horloge il a fait 38 etapes

    ComboFix 08-01-23.1C - cecile debaugnies 2008-01-26 10:27:09.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.304 [GMT 1:00]
    Endroit: C:\Documents and Settings\cecile debaugnies\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\arnaud debaugnies\Application Data\inst.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-25 21:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-25 16:51 . 2008-01-25 16:51 <REP> d-------- C:\Program Files\Avira
    2008-01-21 22:03 . 2008-01-21 22:04 <REP> d-------- C:\WINDOWS\ERUNT
    2008-01-21 21:33 . 2008-01-21 21:33 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-20 12:45 . 2008-01-20 12:45 244 --ah----- C:\sqmnoopt15.sqm
    2008-01-20 12:45 . 2008-01-20 12:45 232 --ah----- C:\sqmdata15.sqm
    2008-01-20 12:42 . 2008-01-20 12:42 244 --ah----- C:\sqmnoopt14.sqm
    2008-01-20 12:42 . 2008-01-20 12:42 232 --ah----- C:\sqmdata14.sqm
    2008-01-20 12:39 . 2008-01-20 12:39 244 --ah----- C:\sqmnoopt13.sqm
    2008-01-20 12:39 . 2008-01-20 12:39 232 --ah----- C:\sqmdata13.sqm
    2008-01-20 12:35 . 2008-01-20 12:35 244 --ah----- C:\sqmnoopt12.sqm
    2008-01-20 12:35 . 2008-01-20 12:35 232 --ah----- C:\sqmdata12.sqm
    2008-01-20 12:32 . 2008-01-20 12:32 244 --ah----- C:\sqmnoopt11.sqm
    2008-01-20 12:32 . 2008-01-20 12:32 232 --ah----- C:\sqmdata11.sqm
    2008-01-20 12:29 . 2008-01-20 12:29 244 --ah----- C:\sqmnoopt10.sqm
    2008-01-20 12:29 . 2008-01-20 12:29 232 --ah----- C:\sqmdata10.sqm
    2008-01-20 12:25 . 2008-01-20 12:25 244 --ah----- C:\sqmnoopt09.sqm
    2008-01-20 12:25 . 2008-01-20 12:25 232 --ah----- C:\sqmdata09.sqm
    2008-01-20 12:21 . 2008-01-20 12:21 244 --ah----- C:\sqmnoopt08.sqm
    2008-01-20 12:21 . 2008-01-20 12:21 232 --ah----- C:\sqmdata08.sqm
    2008-01-20 12:18 . 2008-01-20 12:18 244 --ah----- C:\sqmnoopt07.sqm
    2008-01-20 12:18 . 2008-01-20 12:18 232 --ah----- C:\sqmdata07.sqm
    2008-01-11 20:45 . 2008-01-11 20:45 <REP> dr------- C:\Program Files\Bitmanagement Software
    2008-01-10 20:54 . 2008-01-10 20:54 244 --ah----- C:\sqmnoopt06.sqm
    2008-01-10 20:54 . 2008-01-10 20:54 232 --ah----- C:\sqmdata06.sqm
    2008-01-09 20:38 . 2008-01-09 20:38 <REP> d-------- C:\Program Files\Fisher-Price

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-21 17:54 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-01-11 01:48 --------- d-----w C:\Program Files\eMule
    2007-12-25 10:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-25 10:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-25 10:08 --------- d-----w C:\Program Files\Konami
    2007-12-23 16:01 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
    2007-12-23 15:59 --------- d-----w C:\Program Files\ArcSoft
    2007-12-23 15:57 --------- d-----w C:\Program Files\Fichiers communs\sndo963
    2007-12-23 12:57 --------- d-----w C:\Program Files\Skyline
    2007-12-23 08:42 --------- d-----w C:\Program Files\iTunes
    2007-12-23 08:42 --------- d-----w C:\Program Files\iPod
    2007-12-23 08:40 --------- d-----w C:\Program Files\QuickTime
    2007-12-19 10:46 --------- d-----w C:\Program Files\Azureus
    2007-12-12 11:47 --------- d-----w C:\Program Files\Atout Clic CP
    2007-11-30 03:22 --------- d-----w C:\Program Files\Windows Live
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-24_ 7.38.57,93 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-01-25 15:56:47 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 19:04 68856]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
    "LaunchApp"="Alaunch" []
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 17:48 16208384 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
    "ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 16:15 45056]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 21:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 21:00 44032]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 21:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 21:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 21:00 455168]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [ ]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-24 17:24 1155122]
    "NWEReboot"="" []
    "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2006-07-06 21:32 122880]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 17:36 28672]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-25 16:56 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 21:00 15360]

    C:\Documents and Settings\arnaud debaugnies\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22 61440]

    C:\Documents and Settings\cecile debaugnies\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 18:14]
    R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-10-18 16:36]
    R2 HPW5ECP;HPW5ECP;C:\WINDOWS\system32\drivers\HPW5ECP.SYS [1999-12-17 10:08]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 aa214d6c-ac0c-4f05-a81e-48a93a33e209;aa214d6c-ac0c-4f05-a81e-48a93a33e209;E:\Player\cds300.dll []
    S3 e2b54bb4-97d8-4851-a5a5-4e118bf3b8d0;e2b54bb4-97d8-4851-a5a5-4e118bf3b8d0;E:\Player\cds300.dll []
    S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 22:34]
    S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
    S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2007-09-08 08:05]
    S3 SNDO963;Mega Pixel Camera (8101 SXGA);C:\WINDOWS\system32\DRIVERS\sndo963.sys [2005-12-28 09:26]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]
    S4 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{602e3482-8837-11db-bf3c-0019212bc4e7}]
    \Shell\AutoRun\command - J:\NASONEX.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-29 21:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-26 09:30:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    26 Janvier 2008 14:32:50

    bonjour
    ton rapport n'est pas complet...

    Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis edititon "sélectionner tout", edition "copier"

    viens sur le forum et édition "coller"

    et ajoute un log hijackthis pour qu'on puisse terminer
    26 Janvier 2008 16:20:22

    c'est ce que je fais je vais ds c combofix je cherche le fichier texte etc je sais tres bien comment on fait c'est combo qui ne se lance pas comme ça devrait j'ajoute un log hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:19, on 2008-01-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-733070570-1298144984-1413640847-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'arnaud debaugnies')
    O4 - HKUS\S-1-5-21-733070570-1298144984-1413640847-1005\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (User 'arnaud debaugnies')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-733070570-1298144984-1413640847-1005 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'arnaud debaugnies')
    O4 - S-1-5-21-733070570-1298144984-1413640847-1005 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'arnaud debaugnies')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Inscription sur le Web.lnk = C:\WINDOWS\winhlp32.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www8.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lafamilledececile.spaces.live.com//PhotoUpload/M...
    O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lafamilledececile.spaces.live.com/PhotoUpload/Ms...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 11410 bytes
    26 Janvier 2008 21:50:26

    bonsoir
    je ne te demande pas de relancer Combofix...
    je veux le rapport complet.

    comment as tu fais pour me le poster ci dessus?
    le rapport existe bien puisque tu me l'as posté mais il est incomplet.
    je veux tout voir. :) 

    C:\Combofix.txt
    26 Janvier 2008 22:47:09

    oui j'ai bien compris mais j'ai que ça en faisant selectionner tous et copier coller

    je vois bien qu'il est incomplet ms j'ai rien de plus
    et lorsque je le lance je trouve qu'il ne fonctionne pas correctement car on ne me pose pas de question ou je dois repondre 1 , apres on me dit que l'horloge sera deregle mais remise elle tourne tjrs et a la fin le rapport ne s'affiche pas je dois allez le chercher ds c
    donc pourquoi va savoir?
    26 Janvier 2008 23:02:42

    ok
    comment se comporte ton PC?

    1

    supprime C:\qoobox puis vide ta corbeille

    2

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://webscanner.kaspersky.fr/

    ~ Clique sur Online Scanner.
    ~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

    ~Sélectionne le poste de travail comme analyse.

    ~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

    Tuto du scan en ligne
    27 Janvier 2008 00:48:56

    je supprimme antivir ou pas avt de lancer kaspersky

    mon pc va mieux qu'au depart il fonctionne ms je voudrais etre sur d'etre sorti d'affaire
    27 Janvier 2008 19:47:09

    bonsoir
    nan, tu gardes antivir

    Citation :
    mon pc va mieux qu'au depart il fonctionne ms je voudrais etre sur d'etre sorti d'affaire

    d'où le scan en ligne ;) 
    28 Janvier 2008 18:22:53

    sa seers a koi de poster des million de raport kme sa moi je sui un nouvueau en oridnateur (je sai pa envoyer un mail) !!!?
    30 Janvier 2008 09:19:21

    bonjour dans le scan kaspersky j'ai eut aucun virus de detecté tout a l'air de revenir a la normal
    juste une petite question en plus les virus oun les laisses tjrs en quarentaine ou on les supprrime
    et ds antivir que veut dire lorsqu'il trouve une infection et que c'est coché denny a la place de quarantaine
    merci
    30 Janvier 2008 10:45:49

    bonjour
    denny = refuser : c'est quand un virus tente de s'introduire sur ton pc donc tu refuses.

    laisse les virus en quarantaine, ils sont innofensifs

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    30 Janvier 2008 10:51:10

    ok merci beaucoup
    quand tu dit de supprimmer tt les programmes pour la desinfection c'est combofix, hijackthis, msn fix etc..
    30 Janvier 2008 19:22:10

    oui

    bon surf
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS