Votre question

[ résolu ] j'ais eu un virus avec msn

Tags :
  • en quarantaine
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Janvier 2008 19:59:59

bonjour j'ai un probleme avec ma msn j'ais eu ce virus ci-dessous:

c'est pas toi!:
http://members.lycos.co.uk/faceboo [...] otmail.com

c'est pas toi!:
http://members.lycos.co.uk/faceboo [...] hotmail.fr

c'est pas toi!:
http://members.lycos.co.uk/faceboo [...] hotmail.fr

merci de me repondre et de me dire s'y il existeun fichier pour le virer

c'est pas toi!:
http://members.lycos.co.uk/faceboo [...] otmail.com

aprés mon ordi c'est éteind puis je ne pouvais plus discuter avec ma msn et si je commencer une discution avec ma msn était coupé et tout mes contact ont reçu le même virus et j'ais beaucoup de pub intempestive que faire et aujourd'hui j'ais eu un virus cheval de trois que j'ais mis en quarantaine puis suprimé y a t il autre chose a faire et s'il vous plait comment enlevé ce virus sur msn j'attend vos réponse avec impatience pour dépanner mes contact en même temps que moi merci a bientôt

Autres pages sur : resolu virus msn

20 Janvier 2008 01:09:39

rebonsoir j'ais fait :
Télécharge MSNFix.zip (!aur3n7) sur mon Bureau.
je l'ais décompresse sur mon bureau (Cliqué-Droit/Extraire tout).

j'ais ouvert le dossier MSNFix puis double-cliqué sur MSNFix.bat.
- Exécute l'option R puis entrer
et sa ma mis ceci:
scan ........
...check service
et après 1min ça rajoute
...check files
et ça ferme la ptite fenetre ...
C'est normal ? ^^'
20 Janvier 2008 17:46:56

bonsoir
j'ais réssayé en désactivent avast sa n'as pas marché alors la j'ais désinstallé avst pour le remplacer par antivir je vous tiens au courant pour la suite et si quelqu'un pouvais m'aider ce serait gentil car ce virus ddicute avec mes contactes et ce fait passer pour moi merci de votre compréhention.
Contenus similaires
20 Janvier 2008 18:45:55

bonsoir
est-ce que je dois attendre de finir le téléchargement de antirvir ou je peux commencer a télécharge puis installe Hijackthis (Trend Micro)
merci pour votre précieuse aide
20 Janvier 2008 18:47:23

prends ton temps
installe antivir, puis fais le reste après :) 
20 Janvier 2008 18:53:35

ok merci je suis une débutante alors je vais y allé doucement a tout a l'heure
20 Janvier 2008 19:02:36

pas de problèmes ;O)
20 Janvier 2008 19:07:23

help!!!a la fin du téléchargement de avatir sa ma dit qu'il ne pouvait pas télécharger car le temps est dépasser j'ais pas compris pourquoi la je suis sans antivirus comment je fait si j'ais un autre cheval de trois
20 Janvier 2008 19:08:19

poste ton rapport hijackthis :) 
20 Janvier 2008 19:10:20

je le fait et je le poste a tout de suite
20 Janvier 2008 19:16:37


JE PENSE QUE CEST SA
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:59, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4+antivirus\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\17PHolmes1148.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsma...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7340 bytes
20 Janvier 2008 19:19:15

est-ce que c'est sa
20 Janvier 2008 19:36:25

bonsoir
supprime ta version de MSNFix puis suis exactement cette procédure :) 

Télécharge MSNFix.zip (!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
[#ff0000]
Il est indispensable que l'outil soit executé à partir du bureau.


Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

->Tutorial de Malekal<-
20 Janvier 2008 19:49:13

voila le raport mais j'ais eu un problème pendant l'écution msnfix m'as mis un écran rouge puis ma dit de redémarer l'ordi et on me signale que je cours des risque car je n'est pas d'antivirus merci encore
MSNFix 1.639

C:\Documents and Settings\Propri‚taire\Mes documents\MSNFix\MSNFix
Fix exécuté le 20/01/2008 - 19:41:19,37 By Propri‚taire
mode normal

************************ Recherche les fichiers présents

... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Propri‚taire\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp

************************ Recherche les dossiers présents

... C:\Program Files\Dot1XCfg\
... C:\Program Files\InetGet2\
... C:\Program Files\Temporary\




************************ Suppression des fichiers

.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
.. OK ... C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\*.dmp
/!\ ... C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Propri‚taire\??????.exe
/!\ ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp


************************ Suppression des dossiers

.. OK ... C:\Program Files\Dot1XCfg\
.. OK ... C:\Program Files\InetGet2\
/!\ ... C:\Program Files\Temporary\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\VideoSec3008.zip] 72627D8BFD65F7A49F3F5461ECB0DD4F

==> SVP merci d'envoyer le fichier C:\DOCUME~1\PROPRI~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 20012008_19454054.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

a tout de suite
20 Janvier 2008 19:56:16

re
Citation :
==> SVP merci d'envoyer le fichier C:\DOCUME~1\PROPRI~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr

fais le stp

reposte un log hijackthis :) 
20 Janvier 2008 19:57:27

ok a tout de suite
20 Janvier 2008 20:00:47

voili voilou
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:04, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsma...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6613 bytes
20 Janvier 2008 20:56:43

~Télécharge Clean de Malekal

Enregistre-le sur ton bureau et dézippe-le
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean.cmd.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Poste le contenu du rapport généré en C:\rapport_clean.txt.
20 Janvier 2008 21:00:07

je ne sais pas dézipé que faire
20 Janvier 2008 21:06:30

voila j'ais fait tous le début et trouver plusieurs fichiers mais il n'y as pas clean.cmd
20 Janvier 2008 21:09:49

finalement j'ais réussie a faire ce que tu ma demander mais aprés sa par a la fin de la recherche
20 Janvier 2008 21:43:26

prends le temps de relire la procédure :) 
j'attends ton rapport

C:\rapport_clean.txt
20 Janvier 2008 21:53:05

je t'assure que je l'ais refait plusieurs fois et une fois la recherche finit le dossier part et je me retrouve devans tous les fichiers clean
20 Janvier 2008 22:45:18

voila je viens de finir de télécharger antivir et voila un premier raport
Avira AntiVir PersonalEdition Classic
*************************************

Copyright © 2007 Avira GmbH.
All rights reserved.


Inhalt
******

0 Important information
1 System requirements
2 Important requirements for an installation
3 Incompatibilities with other programs
4 Support service
5 Contact address


0 Important information
***********************

Users who have up to now installed an ANSI version of the Avira
AntiVir PersonalEdition Classic software pack on a Microsoft Windows
NT, Microsoft Windows 2000 or Microsoft Windows XP operating system,
receive update information when attempting to update.

When updating, please proceed as follows:

1. Deinstall the installed version of the Avira AntiVir
PersonalEdition Classic.
2. Download a current software pack from the downoad section of the
Avira AntiVir PersonalEdition Classic website
http://www.free-av.com.
3. Install this software pack on your computer.

1 System requirements
*********************

In order for Avira AntiVir PersonalEdition Classic to run properly,
the computer system must fulfill the following requirements:

- Computer: Pentium or higher, at least 133 MHz

- Operating system
- Microsoft Windows Vista or
- Microsoft Windows XP Home or Professional, or
- Microsoft Windows 2000, SP 4 recommended

Avira AntiVir PersonalEdition Classic also supports Microsoft Windows
XP x64 Edition.

The display of the program interfaces can differ, depending on the
operating system used.

- 30 MB free memory on the hard disk (more if quarantine is used)

- Min. 100 MB temporary memory on the hard disk

- Min. 25 MB of free main memory

- For all installations: Internet Explorer 5.0 or higher

- For the installation of Avira AntiVir PersonalEdition Classic:
administrator rights

Note
----

- If there is no Internet Explorer 5.0 or higher available on your
system, you can download it under the following address:

http://www.microsoft.com/windows/ie/downloads/default.m...


2 Important requirements for an installation
********************************************

Ensure that the following requirements are fulfilled so that Avira
AntiVir PersonalEdition Classic works properly on your computer:

- System requirements fulfilled
- No other on-access scanner (also called Guard) installed
- Installer has administrator rights
- Internet/Intranet connection available
- All running programs on the computer exited


3 Incompatibilities with other programs
***************************************

Cygwin

If the Avira AntiVir PersonalEdition Classic runs on a system where
the product Cygwin is installed, you might encounter problems with
updating the Avira AntiVir PersonalEdition Classic. In a worst case
scenario you might not be able to update the Avira AntiVir
PersonalEdition Classic at all. Background to this behavior is the
fact that the cygwin process "cygrun.srv.exe" together with the
Microsoft Client/Server runtime server subsystem ("csrss.exe) causes
a complete load of the system once the update process of the Avira
AntiVir PersonalEdition Classic is started. It is therefore strongly
recommended to deinstall Cygwin before the Avira AntiVir
PersonalEdition Classic is installed.


4 Support service
*****************

If you have problems please try first to solve them using the
integrated help system and the user manual (Download at:
http://www.free-av.com). For harder problem, please feel free to
post a message to our bulletin board at http://forum.avira.de or
to call our Support-Hotline.

Please also feel free to post bug reports, hints, feature requests
and anything else related to the Avira AntiVir PersonalEdition
Classic to this Bulletin Board.

Please note that technical inquiries can only be anserwered via our
Support-Forum or our Support-Hotline.


Support-Forum
-------------

...our forum is available for you at any time!

The forum, which is subdivided into clear categories offers you the
possibility to exchange yourself online with other users and our
employees of the customer support. An up-to-date, electronic
bulletin board that is coordinated by our moderators is available.
Our experience multiplies with the experience from the users of
AntiVir all over the world. Have a look on it without any
obligation...

http://forum.avira.de


Support-Hotline
---------------

Germany: 0900 10 11 333 (1,99 Euro/Min*)
Austria: 0900 51 03 61 121 (2,16 Euro/Min*)
Switzerland: 0900 51 03 61 (4,23 CHF/Min*)

* Prices are subject to change.

Mo - Fr between 10 a.m. and 7 p.m.


5 Contact
*********

Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany

Internet: http://www.free-av.com
21 Janvier 2008 00:03:00

j'ais fait un scanne et pendant ce scanne j'ais eu 11 virus que j'ais mis en quarantaine puis suprimer (delete) et oui je me suis mise a l'anglais avec cet antivirus y a un moyen de le metre en français si c'est possible je ne voudrais pas abuser de ta gentiellesse et mon ordi a biper a plusieur reprise pendant le scan voili voilou mon raport:
AntiVir PersonalEdition Classic
Report file date: dimanche 20 janvier 2008 23:24

Scanning for 1059592 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Propriétaire
Computer name: ADMIN-87D400EE9

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:45:17
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 21:45:17
ANTIVIR3.VDF : 7.0.2.22 257536 Bytes 20/01/2008 21:45:17
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 20/01/2008 21:45:18
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 20/01/2008 21:45:18
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 20 janvier 2008 23:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIAGE.EXE' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] In the drive 'D:\' no data medium is inserted!
Boot sector 'E:\'
[NOTE] In the drive 'E:\' no data medium is inserted!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/17PHolmes1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/aargdk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ahtlxt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ajvujp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/aqigju.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/aqwlgs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/arfuxg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/arrbso.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/attpdv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/aycxhj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/b128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/bgynzo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/bhqqgk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/bmavkp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/bnczyg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/bnlqhb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/bqplqy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/bwflwt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/bxsazg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/bzqyxs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/cfrjhb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/cfxwog.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/cixpkh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/cqyncz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/crqpov.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/dexeur.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/dggmwd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/djnsth.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/dlscnk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/Dot1XCfg.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.PR
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/dptavf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/dsatgk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/dufosn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/dxjgyf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/egucve.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ehscwq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ejfwsx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ejrnro.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/enhfso.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/erahtd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/evhlvp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ewjmqx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/fbexcc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/feoycl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/fgpyjy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/fkipke.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/fkrmgq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/fmvkkw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/fnizqp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/fpbhaz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/frosat.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/gaccog.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ggpaal.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/gqfcct.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/gwmept.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/gwykpb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/gzpnfg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/hcfrwc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/hfyjmb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/hjsveg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/hljswz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/hlkual.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/hpibbz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/hrjhkc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/hseysv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/hyjwgj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/hyxizp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ijvkkg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ipspxb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/irlkql.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/iudyaj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ixmlpq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/iyepxj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/jazhnw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/jfsong.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/jgayuf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/jlzmyd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/jpayul.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/jqabqo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/khihhi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/kivgyx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/kmzqbe.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/koynoh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/kpwuzd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ksoqxj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/kurtir.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/kxnlqy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/kytiak.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/kyylza.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ldtztl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/lgbwxb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/lhhbgu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/lhvlyl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/lkmtrz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ltsicv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/lzvohf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/lzzdrc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/mahchk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/mhaiah.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/mljjis.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/mndgsz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/mnmuzo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/mooziw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/moyoqf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/mqldom.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/mrtsme.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/msimmv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/msqeff.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/muzxhb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/nfdoth.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/nlmwph.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/nmbvzz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/nnxsrk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/nqkyfy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/nznmxv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/owwjbt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ozaecv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/pbfvtc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/plbdlx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/plqlka.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/pntmpk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/popnzl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/pqdtud.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/pyqsuc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/qazhpb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/qbhdzw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/qdcovf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/qdmduv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/qonhdm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/qsikiy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/rbxgxh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/relzpi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/rfmsnm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/rhmxdl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/rhsshl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/rliach.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/rxwmak.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/samzoh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/sbjekr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/sdqgqu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/sgsedi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/sikfpm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/simefh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/skireq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/skmpfs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/sofmya.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/sphzgh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/srsdzv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/stfoem.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/suamqw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/suksxm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/sxtcjr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/taeftd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/tekojj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/tjpmrj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/tnilff.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/tsfxdr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/tshlch.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/tupnng.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ubneci.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ueewuc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ufaigx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ufarrb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ugnydo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/uifwuy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ulaode.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/urwkyi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/uvitwd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/vboznj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/vksaur.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/vlizja.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/vocxhg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/vovpvm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/vphxgl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/vvoixc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/wbawct.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/wfkaha.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/wgdfgs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/whmonz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/wiylix.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/wniicv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/wqjhqi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/wumaax.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/xbjfeb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/xeveyo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/xglrqw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/xqelif.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/xqpqxu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/xtjmkj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/xtqzva.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/xwhkln.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/yadolk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/yieclc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/yovcei.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ytbkql.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/yxkrcy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/yzzgfo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/zahnyc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/zasiew.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/zceexb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/zdnytb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/ziweqy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/zjfbwf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/zjqwsu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/PROPRI~1/Bureau/Upload_Me/zotjaq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47ffcbf9.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temp\Installer.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '4806cc21.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ShprInstaller.exe
[DETECTION] Contains detection pattern of the dropper DR/Shopper.L
[INFO] The file was moved to '4803cc24.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\8Y6XE67V\naked0453[1].com
[DETECTION] Is the Trojan horse TR/Agent.dwd.4
[INFO] The file was moved to '47fecd55.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\8Y6XE67V\naked0453[2].com
[DETECTION] Is the Trojan horse TR/Agent.dwd.4
[INFO] The file was moved to '47fecd58.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\AR6ZKUON\f4d28682d186cc6beb75f106d133f489[1].zip
[0] Archive type: ZIP
--> b128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[INFO] The file was moved to '47f7cd4c.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\FFEP2AV3\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47e3cdad.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\FFEP2AV3\a8f5a020e4b833865a1034489887c8b9[1].zip
[0] Archive type: ZIP
--> b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
[INFO] The file was moved to '47f9cdb9.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\FFEP2AV3\a[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c4cdec.qua'!
C:\Documents and Settings\Propriétaire\Mes documents\MSNFix\MSNFix\20012008_19454054.zip
[0] Archive type: ZIP
--> backup/17PHolmes1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/aargdk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ahtlxt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ajvujp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/aqigju.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/aqwlgs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/arfuxg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/arrbso.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/attpdv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/aycxhj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
--> backup/b128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
--> backup/bgynzo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bhqqgk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bmavkp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bnczyg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bnlqhb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bqplqy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bwflwt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bxsazg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bzqyxs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cfrjhb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cfxwog.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cixpkh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cqyncz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/crqpov.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dexeur.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dggmwd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/djnsth.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dlscnk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/Dot1XCfg.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.PR
--> backup/dptavf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dsatgk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dufosn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dxjgyf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/egucve.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ehscwq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ejfwsx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ejrnro.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/enhfso.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/erahtd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/evhlvp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ewjmqx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fbexcc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/feoycl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fgpyjy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fkipke.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fkrmgq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fmvkkw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fnizqp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fpbhaz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/frosat.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gaccog.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ggpaal.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gqfcct.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gwmept.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gwykpb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gzpnfg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hcfrwc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hfyjmb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hjsveg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hljswz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hlkual.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hpibbz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hrjhkc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hseysv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hyjwgj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hyxizp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ijvkkg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ipspxb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/irlkql.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/iudyaj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ixmlpq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/iyepxj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jazhnw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jfsong.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jgayuf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jlzmyd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jpayul.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jqabqo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/khihhi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kivgyx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kmzqbe.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/koynoh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kpwuzd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ksoqxj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kurtir.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kxnlqy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kytiak.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kyylza.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ldtztl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lgbwxb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lhhbgu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lhvlyl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lkmtrz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ltsicv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lzvohf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lzzdrc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mahchk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mhaiah.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mljjis.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mndgsz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mnmuzo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mooziw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/moyoqf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mqldom.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrtsme.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/msimmv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/msqeff.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/muzxhb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nfdoth.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nlmwph.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nmbvzz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nnxsrk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nqkyfy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nznmxv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/owwjbt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ozaecv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pbfvtc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/plbdlx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/plqlka.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pntmpk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/popnzl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pqdtud.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pyqsuc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qazhpb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qbhdzw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qdcovf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qdmduv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qonhdm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qsikiy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rbxgxh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/relzpi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rfmsnm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rhmxdl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rhsshl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rliach.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rxwmak.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/samzoh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/sbjekr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/sdqgqu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
--> backup/sgsedi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/sikfpm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/simefh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/skireq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/skmpfs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/sofmya.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/sphzgh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/srsdzv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/stfoem.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/suamqw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/suksxm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/sxtcjr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/taeftd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tekojj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tjpmrj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tnilff.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tsfxdr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tshlch.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tupnng.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ubneci.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ueewuc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ufaigx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ufarrb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ugnydo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/uifwuy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ulaode.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/urwkyi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/uvitwd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vboznj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vksaur.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vlizja.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vocxhg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vovpvm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vphxgl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vvoixc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wbawct.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wfkaha.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wgdfgs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/whmonz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wiylix.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wniicv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wqjhqi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wumaax.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xbjfeb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xeveyo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xglrqw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xqelif.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xqpqxu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xtjmkj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xtqzva.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xwhkln.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yadolk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yieclc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yovcei.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ytbkql.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yxkrcy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yzzgfo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zahnyc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zasiew.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zceexb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zdnytb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ziweqy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zjfbwf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zjqwsu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zotjaq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c3ce7e.qua'!
C:\Program Files\Temporary\kernInst.exe
[DETECTION] Is the Trojan horse TR/Agent.dwb
[INFO] The file was moved to '4805d0d6.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Fonction incorrecte.



End of the scan: lundi 21 janvier 2008 00:00
Used time: 35:45 min

The scan has been done completely.

5128 Scanning directories
133992 Files were scanned
426 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
133566 Files not concerned
1611 Archives were scanned
1 Warnings
0 Notes

il est trés long alors bon courage et un grand grand merci car je peux a nouveau me servir de ma msn bonne nuit a demain
21 Janvier 2008 11:18:00

bonjour pour ce rapport C:\rapport_clean.txt j'ais essayer a plusieurs reprise aprés m'avoir dit (patienter quelque minutes.... soyez patient) tous ce referme
21 Janvier 2008 12:39:02

bonjour
reposte un log hijackthis stp
21 Janvier 2008 12:43:11

ok
merci
21 Janvier 2008 12:45:11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:47, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsma...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7340 bytes
21 Janvier 2008 14:18:30

coucou tu peux m'envoyer un mp quand tu reviens merci
21 Janvier 2008 17:09:07

re
J'ai un job :D 

je voudrais vérifier quelque chose (vu les detections d'antivir)

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

21 Janvier 2008 17:55:56

ok merci
21 Janvier 2008 18:07:12

voila bon courage a tout a l'heure tcha
Search Navipromo version 3.4.2 commencé le 21/01/2008 à 17:59:03,95

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 21.01.2008 à 14h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\application data" ***



*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\local settings\application data" ***



*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\MENUDM~1\PROGRA~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Propriétaire\local settings\application data" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Propriétaire\local settings\application data" :


3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :



*** Analyse terminée le 21/01/2008 à 18:05:47,92 ***
21 Janvier 2008 21:30:31

bonsoir
tu as encore des soucis?
21 Janvier 2008 21:51:57

bonsoir oui des cheval de trois mais la msn fonction c'est trop génial je te remercie sincèrement
21 Janvier 2008 21:57:30

et pourais je savoir comment faire pour regarder une vidéo entière sur dailymotion sans qu'elle soit coupé en faite aprés l'écran ce met en veil et je doit bouger la souris pour voir la suite et lorsque je recherche sur google earth lorsque la recherche est finit c'est flou
21 Janvier 2008 21:58:24

attends, j'ai relu, il reste des fichiers infectieux

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    21 Janvier 2008 22:21:14

    ja fait sa toute a l'heure ou demain et je te tiens au courant merci pour ta générosité et ton savoir
    21 Janvier 2008 22:22:29

    ok
    à demain :hello: 
    22 Janvier 2008 15:18:33

    Bonjour j'ais mis du temps a revenir car j'y arrive pas
    avant je voulais te dire que quand j'ais eu le virus avant de trouver ton forums je suis tombé sur un site qui disait qu'il fallait que je clique sur (démarrer puis éxecute puis tapermsconfig et redémarrer l'ordi ce jour la j'avais un écran sans échec) et j'ais paniquer et j'ais ensuite réussie a le remettre en écran normal et maintenant quand je clique sur démare puis éxecute je vois toujour msconfig sa veut pas partir.
    Pour en revenir a ce que tu ma demander j'ais télécharger SDFix et sauvegarder dans mon bureau puis j'ais double-cliquer sur SDFix.exe et choisis Install et pour l'extraire je ne peux pas et j'ais essayé le liens pareil a l'étape extraire je peux pas je clique dessus a droite y a tout sauf extraire et j'ais essayer de redémarrer l'ordi en tapotant sur f8 une pression par seconde sa me sort sa
    PLEASE Select boot device
    PM6ST 3200021A
    SM-LITE-ON DVDRW SOHW816335
    GENERIC USB Storage SMC 500A
    GENERIC USB Storage SFC 500A
    GENERIC USB Storage SDC 500A
    GENERIC USB Storage MSC 500A
    and to move selection
    Enter to select boot device
    ESC to boot using defaults
    j'ais tester la première deuxième et troisième option y a rien a faire il ne veux pas démarrer en mode sans echec je suis perdu help!!!!
    Merci de m'aider a toute a l'heure bonne journée

    22 Janvier 2008 17:07:50

    Citation :
    démarrer puis éxecute puis tapermsconfig et redémarrer l'ordi ce jour la j'avais un écran sans échec)

    Il me manque un élément, tu avais sûrement cliquer quelque part
    tu te souviens où?
    tu as cliqué dans l'onglet Safeboot?
    22 Janvier 2008 17:38:39

    ah oui désoler j'avais oublier je suis pas une pro
    22 Janvier 2008 17:40:21

    et aussi ma boîte msn ce déconecte et lee petit bonhomme prés de l'heure en bas a droite disparait et réaparait quand je double clique sur messenger dans mon bureau
    22 Janvier 2008 17:58:11

    j'ais chercher dans mon historique impossible de trouver ce que j'ais fait aprés msconfig que faire
    22 Janvier 2008 20:03:06

    encore une toute petite question est-ce normale que dans le statuts de antivir a la seconde ligne il y a écrit
    Last complete scan not performed
    tu vas penser que je demande trop de choses en même temps mais je m'inquiète à cause des cheval de trois qui persiste j'en ais plusieurs fois par jour je les met en quarantaine et les delete bonne soiré a tout a l'heure
    22 Janvier 2008 21:58:28

    bonsoir
    Il faut que tu arrives à passer SDFix.

    Citation :
    Pour en revenir a ce que tu ma demander j'ais télécharger SDFix et sauvegarder dans mon bureau puis j'ais double-cliquer sur SDFix.exe et choisis Install et pour l'extraire je ne peux pas et j'ais essayé le liens pareil a l'étape extraire je peux pas je clique dessus a droite y a tout sauf extraire

    L'outil est autoextractible, pas de clic droit, il s'installe quand tu choisis install.
    je suppose que mainteannt, il est installé.
    dans un dossier auquel tu aura donné le nom SDFix.



    Citation :
    et j'ais essayer de redémarrer l'ordi en tapotant sur f8 une pression par seconde sa me sort sa
    PLEASE Select boot device
    PM6ST 3200021A<<<------ essaye de choisir celui-ci, ça doit être le disque dur

    après, tu choisis "mode sans echec"


    relis la procédure:
    Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    ***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    22 Janvier 2008 22:14:00

    ok je fais sa tout de suite
    22 Janvier 2008 22:29:40

    oui SDFix est installer
    j'ais fait sa
    Citation :


    et j'ais essayer de redémarrer l'ordi en tapotant sur f8 une pression par seconde sa me sort sa
    PLEASE Select boot device
    PM6ST 3200021A<<<------ essaye de choisir celui-ci, ça doit être le disque dur


    mais aprés j'arive pas a me mettre sans échec car l'ordi se remet en mode normal avec messenger j'avoue que je suis un peu perdu
    22 Janvier 2008 22:39:09

    une fois que tu as booté sur le Disque dur, tu continues à tapoter F8
    dis moi si tu accédes au mode sans echec
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS