Se connecter / S'enregistrer
Votre question

Virus MSN [ Résolu ]

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Janvier 2008 22:39:45

Bonjour / Bonsoir a tous


Je me permet de poster ici car mon ordinateur est malade :pfff: 

J'ai recherché un petit peu comment me debarrasser de cette sale bestiole , et je ne comprend RIEN !!!

Le virus en question c'est le fameux virus "c'est toi?"

Donc a cause de ca je ne peux plus utiliser MSN , c'est embettant...

Si vous pouviez m'expliquer comment m'en debarasser , et pourquoi Avast ne m'as pas alerté ...

A bientot :) 

Autres pages sur : virus msn resolu

a b 8 Sécurité
19 Janvier 2008 13:03:26

Bonjour,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
19 Janvier 2008 13:16:23

bonjour

J'ai un virus msn j'arrive pas à m'en débarrasser, comment je peux faire?
Contenus similaires
Pas de réponse à votre question ? Demandez !
a b 8 Sécurité
19 Janvier 2008 13:27:39

Crée ton propre sujet.
19 Janvier 2008 18:20:29

Quand je lance MSN Fix , il commence a scanner puis se ferme ...

A bientot et merci de ta reponse AngelDark
a b 8 Sécurité
19 Janvier 2008 18:40:10

Supprime ta version puis recommence.
19 Janvier 2008 18:42:41

il doit y avoir quelque chose que je fais mal... ca ne fonctionne tjrs pas :heink: 
a b 8 Sécurité
19 Janvier 2008 18:46:36

Tu as une erreur ?

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
19 Janvier 2008 19:09:06

non je n'avais pas d'erreur particuliere ...

Voici mon rapport HIJACKTHIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:11, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\HidFind.exe
C:\DOCUME~1\ANAS~1\LOCALS~1\Temp\services.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\mrofinu1148.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\ANAS~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8099 bytes




Merci encore
19 Janvier 2008 19:30:53

Je fais ca tout de suite !
a b 8 Sécurité
19 Janvier 2008 19:33:02

Ok ;) 
19 Janvier 2008 19:37:08

Je n'arrive pas a suivre le lien pour telecharger Antivir , mozilla n'arrive pas a l'ouvrir...

Je pense que je n'ai pas que ce virus ...
19 Janvier 2008 19:41:23

c'est bon pour celui la , je dl , j'installe , je scan , et je poste !

a tout de suite

P.S : Merci milles fois encore
a b 8 Sécurité
19 Janvier 2008 19:43:41

De rien ;) 
19 Janvier 2008 19:51:24

:pt1cable:  mon pc bippe comme si il allait exploser !!!

Avast n'est apparement pas efficace , c'est rassurant :sweat: 
a b 8 Sécurité
19 Janvier 2008 19:58:11

Il bip ?
19 Janvier 2008 20:03:08

oui il bippe , mais de l'interieur ( desolé j'suis pas douée du tout ) des qu'AntiVir trouve un virus ( pour te donner une idée il est a 185 virus la ... )
19 Janvier 2008 21:12:04

Bon voila j'ai fini le scan , le rapport est ... vraiment long !!!


Le voici :



AntiVir PersonalEdition Classic
Report file date: samedi 19 janvier 2008 19:49

Scanning for 1056958 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: DELL-D620

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:48:40
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 18:48:40
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 18:48:40
ANTIVIR3.VDF : 7.0.2.20 225792 Bytes 18/01/2008 18:48:40
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 19/01/2008 18:48:41
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/01/2008 18:48:41
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 19 janvier 2008 19:49

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'qvpkuz.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Documents and Settings\Anaïs\qvpkuz.exe'
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'hidfind.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'mrofinu1148.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\mrofinu1148.exe'
Scan process 'services.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOCUME~1\ANAS~1\LOCALS~1\Temp\services.exe'
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'VisualToolTip.exe' - '1' Module(s) have been scanned
Scan process 'SysMetrix.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

55 processes with 55 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\Documents and Settings\Anaïs\Local Settings\Temp\services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
[WARNING] The file could not be deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temp\services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
C:\WINDOWS\mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

The registry was scanned ( '28' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Anaïs\amdjjn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\bnadcp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\cixynp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\cuzgyy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\didnbu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\djtdno.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\dprvbw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\dyhbuo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ekikmb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\erqtpo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ftzdin.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\fyhabo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\fzegqa.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ggsklr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\gjlldy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\gnuyvl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\hhkjpk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ievsrf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ipznac.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ixkjob.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kbmbfm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kdciud.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kfvvhw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kpqwsn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kvffwf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kxkpvg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\lmbqza.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\lpdoej.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\lpnleg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\mdjhgw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\msvunj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\myzpxb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\nmdavp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\npzbto.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\obnaau.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\obylqt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\oidoyg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\omxmdl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\oomgkl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ottfma.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\phnhsw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\plpvcf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\povhmh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\qemirv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\qnfcoc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\qqjiyu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\qvpkuz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\qzwjym.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\semmzn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\shakxr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ssdhre.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\swqpfh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\tbsssh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\tjzjgh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\tmjjkx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\uxwfcs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\uyslvc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\vhdvco.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\vjckqp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\vsdhea.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\vvmltb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wflaxi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wjrkna.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wkdcyr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wnblgb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wnhxhv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wqpfyk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wtawqa.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wymufn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\xmycba.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\xrgcyp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\xwwvoz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\zzewss.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temp\services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
[WARNING] The file could not be deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\B2P0IENI\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\B2P0IENI\f4d28682d186cc6beb75f106d133f489[2].zip
[0] Archive type: ZIP
--> b128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\GFMST5ZA\a[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\2c1dbeb1361cce3acfbbca0488dfd6ee[1].zip
[0] Archive type: ZIP
--> b151.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fjn.1
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\X3LV1P9E\8154ff2675af1b6e0677560871425153[1].zip
[0] Archive type: ZIP
--> b138.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\X3LV1P9E\a[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[WARNING] The file could not be deleted!
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
[INFO] The file was deleted!
C:\Program Files\Temporary\kernInst.exe
[DETECTION] Is the Trojan horse TR/Agent.dwb
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009659.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009666.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009694.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009695.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009706.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009709.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009725.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.PR
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009762.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009763.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009766.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP45\A0009814.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP46\A0009867.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP46\A0009868.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP46\A0010034.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP46\A0010035.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP47\A0010637.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP47\A0010638.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP47\A0011699.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011809.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011810.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011811.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011812.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011813.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011814.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011815.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011816.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011818.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011819.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011820.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011821.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011822.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011823.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011824.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011825.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011826.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011827.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011828.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011829.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011830.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011831.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011832.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011833.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011834.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011835.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011836.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011837.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011838.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011839.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011840.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011841.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011842.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011843.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011844.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011845.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011846.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011847.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011848.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011849.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011850.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011851.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011852.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011853.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011854.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011855.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011856.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011857.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011858.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011859.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011860.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011861.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011862.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011863.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011864.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011865.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011866.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011867.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011868.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011869.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011870.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011871.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011873.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011874.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011875.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011876.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011877.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011878.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011879.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011880.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011881.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011883.exe
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011884.exe
[DETECTION] Is the Trojan horse TR/Agent.dwb
[INFO] The file was deleted!
C:\WINDOWS\b128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[INFO] The file was deleted!
C:\WINDOWS\mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
Begin scan in 'D:\'


End of the scan: samedi 19 janvier 2008 20:32
Used time: 42:42 min

The scan has been done completely.

5449 Scanning directories
142563 Files were scanned
183 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
175 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
142380 Files not concerned
1766 Archives were scanned
6 Warnings
4 Notes


Merci encore
20 Janvier 2008 12:56:30

Up ;) 
a b 8 Sécurité
20 Janvier 2008 16:33:35

Reposte un rapport Hijackthis.
20 Janvier 2008 17:47:11

Bonjour AngelDark :) 

Voici mon rapport HijackThis :

C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\ANAS~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7924 bytes


Bonne soirée

a b 8 Sécurité
20 Janvier 2008 18:10:55

Supprime ta version de MSNFix puis recommence.
20 Janvier 2008 18:11:41

comment je fais pour la supprimer ?
a b 8 Sécurité
20 Janvier 2008 18:15:20

Clique droit / supprimer :D 
20 Janvier 2008 18:16:27

:lol: ah ben ca c'etais deja fais ...
a b 8 Sécurité
20 Janvier 2008 18:21:02

Bah maintenant, tu continues :D 
20 Janvier 2008 18:23:25

Ah oui suis je bete ...

Voila le rapport :

MSNFix 1.634

C:\Documents and Settings\Ana‹s\Bureau\MSNFix
Fix exécuté le 20/01/2008 - 18:22:15,28 By Ana‹s
mode normal

************************ Recherche les fichiers présents

************************ Fichiers suspects

Aucun Fichier trouvé



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------


Lé parti le vilain virus ? :ange: 
a b 8 Sécurité
20 Janvier 2008 18:49:25

Reposte un rapport Hijackthis.
20 Janvier 2008 18:52:14

Voila


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:41, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\ANAS~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7924 bytes


Merci , desolée de te deranger
a b 8 Sécurité
20 Janvier 2008 18:54:56

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    20 Janvier 2008 18:57:15

    Tu peux me donner un lien pour telecharger ComboFix , celui la ne s'ouvre pas !

    Merci :) 
    20 Janvier 2008 19:12:33

    Voila le rapport que me donne ComboFix :

    ComboFix 08-01-20.1 - Ana‹s 2008-01-20 19:10:15.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.526 [GMT 1:00]
    Running from: C:\Documents and Settings\Ana‹s\Bureau\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
    C:\Program Files\inetget2
    C:\Program Files\inetget2\YazzleBundle-1560.exe.lzma
    C:\Program Files\Temporary

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-20 19:09 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
    2008-01-19 19:46 . 2008-01-19 19:46 <REP> d----c--- C:\Program Files\Avira
    2008-01-19 19:46 . 2008-01-19 19:46 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-19 19:07 . 2008-01-19 19:07 <REP> d----c--- C:\Program Files\Trend Micro
    2008-01-18 14:13 . 2008-01-18 14:25 1,374 --a--c--- C:\WINDOWS\imsins.BAK
    2008-01-18 03:50 . 2008-01-18 03:50 <REP> d----c--- C:\Program Files\CCleaner
    2008-01-18 03:40 . 2008-01-18 03:40 <REP> d----c--- C:\Program Files\MSXML 4.0
    2008-01-18 03:23 . 2008-01-18 03:23 <REP> d----c--- C:\VundoFix Backups
    2008-01-18 03:21 . 2006-09-06 17:43 22,752 --a--c--- C:\WINDOWS\system32\spupdsvc.exe
    2008-01-18 03:12 . 2008-01-18 03:12 <REP> d----c--- C:\WINDOWS\AU_Temp
    2008-01-18 01:07 . 2008-01-17 23:40 35,104,589 --a--c--- C:\WINDOWS\LPT$VPN.949
    2008-01-17 23:42 . 2008-01-18 01:08 <REP> d----c--- C:\WINDOWS\report
    2008-01-17 23:40 . 2008-01-18 01:07 <REP> d----c--- C:\WINDOWS\AU_Backup
    2008-01-17 23:40 . 2008-01-17 23:40 35,104,589 --a--c--- C:\WINDOWS\VPTNFILE.949
    2008-01-17 23:40 . 2008-01-17 23:40 1,910,895 --a--c--- C:\WINDOWS\tsc.ptn
    2008-01-17 23:40 . 2008-01-18 03:12 1,163,344 --a--c--- C:\WINDOWS\vsapi32.dll
    2008-01-17 23:40 . 2008-01-17 23:40 267,845 --a--c--- C:\WINDOWS\tsc.exe
    2008-01-17 23:40 . 2008-01-18 03:12 86,094 --a--c--- C:\WINDOWS\BPMNT.dll
    2008-01-17 23:40 . 2008-01-17 23:40 71,749 --a--c--- C:\WINDOWS\hcextoutput.dll
    2008-01-17 23:40 . 2008-01-18 03:21 823 --a--c--- C:\WINDOWS\tsc.ini
    2008-01-17 23:39 . 2008-01-17 23:39 <REP> d----c--- C:\WINDOWS\AU_Log
    2008-01-17 23:39 . 2008-01-17 23:39 507,904 --a--c--- C:\WINDOWS\TMUPDATE.DLL
    2008-01-17 23:39 . 2008-01-17 23:39 286,720 --a--c--- C:\WINDOWS\PATCH.EXE
    2008-01-17 23:39 . 2008-01-17 23:39 69,689 --a--c--- C:\WINDOWS\UNZIP.DLL
    2008-01-17 23:39 . 2008-01-18 03:12 170 --a--c--- C:\WINDOWS\GetServer.ini
    2008-01-17 22:48 . 2008-01-18 03:00 <REP> d----c--- C:\Program Files\Dot1XCfg
    2008-01-17 22:36 . 2008-01-17 22:36 <REP> d----c--- C:\Program Files\Alwil Software
    2008-01-17 22:36 . 2003-03-18 21:20 1,060,864 --a--c--- C:\WINDOWS\system32\MFC71.dll
    2008-01-17 22:36 . 2003-03-18 20:14 499,712 --a--c--- C:\WINDOWS\system32\MSVCP71.dll
    2008-01-17 22:36 . 2003-02-21 04:42 348,160 --a--c--- C:\WINDOWS\system32\MSVCR71.dll
    2008-01-16 21:17 . 2008-01-16 21:17 <REP> d----c--- C:\Program Files\iPod
    2008-01-16 21:17 . <REP> C:\Documents and Settings\Anaïs\Application Data\Apple Computer
    2008-01-16 21:17 . 2008-01-20 12:29 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
    2008-01-16 21:17 . 2008-01-16 21:17 1,409 --a--c--- C:\WINDOWS\QTFont.for
    2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Program Files\QuickTime
    2008-01-16 21:16 . 2008-01-16 21:17 <REP> d----c--- C:\Program Files\iTunes
    2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Program Files\Bonjour
    2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Program Files\Fichiers communs\Apple
    2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Program Files\Apple Software Update
    2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
    2008-01-16 13:30 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\drivers\MSTEE.sys
    2008-01-16 13:30 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
    2008-01-16 13:27 . 2008-01-16 13:27 <REP> d----c--- C:\WINDOWS\PixArt
    2008-01-16 13:27 . 2008-01-16 13:47 <REP> d----c--- C:\WINDOWS\Downloaded Installations
    2008-01-16 13:27 . 2008-01-16 13:47 <REP> d----c--- C:\Program Files\Trust
    2008-01-16 13:27 . 2008-01-16 13:27 <REP> d----c--- C:\Program Files\Fichiers communs\PAC207
    2008-01-16 13:27 . 2006-11-03 10:59 48,128 --a--c--- C:\WINDOWS\system32\Remove.exe
    2008-01-16 13:27 . 2007-01-04 01:20 314 --a--c--- C:\WINDOWS\system32\Remover.ini
    2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts
    2007-12-29 02:58 . 2007-12-29 02:58 <REP> d----c--- C:\Program Files\Audacity

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-20 11:29 --------- dc----w C:\Program Files\SysMetrix
    2008-01-17 21:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-16 12:27 --------- dc-h--w C:\Program Files\InstallShield Installation Information
    2007-12-28 20:22 --------- dc----w C:\Program Files\EA GAMES
    2007-12-22 09:38 --------- dc----w C:\Program Files\MSN Messenger
    2007-12-22 09:38 --------- dc----w C:\Program Files\Messenger Plus! Live
    2007-12-18 10:31 --------- dcs---w C:\Documents and Settings\Anaïs\Application Data\Microsoft
    2007-12-09 16:29 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Sun
    2007-12-09 12:45 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Adobe
    2007-12-09 02:40 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Talkback
    2007-12-07 20:48 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Macromedia
    2007-12-07 17:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe
    2007-12-07 17:57 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Mozilla
    2007-12-07 17:38 --------- dc----w C:\Program Files\StuffPlug3
    2007-11-18 16:37 63,545 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
    2007-11-18 16:37 6,118 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2007-11-18 16:37 219,648 -c--a-w C:\WINDOWS\system32\uxtheme.dll
    2007-11-07 09:28 728,576 -c--a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 -c--a-w C:\WINDOWS\system32\quartz.dll
    2007-10-20 05:01 227,328 -c--a-w C:\WINDOWS\system32\wmasf.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 11:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2004-06-13 18:40 2441216]
    "VisualTooltip"="C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe" [2007-04-25 09:45 956928]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-06-29 12:13 1032192]
    "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-19 19:48 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a--c--- 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    --a--c--- 2006-06-29 12:13 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    -----c--- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\mrofinu1148.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-06-13 23:56]
    R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2006-03-08 19:53]
    R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2006-03-08 19:53]
    S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 10:26]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-06-30 10:08]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-16 20:15:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 19:11:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-20 19:11:49
    ComboFix-quarantined-files.txt 2008-01-20 18:11:41
    .
    2008-01-18 02:42:29 --- E O F ---

    Merci encore
    20 Janvier 2008 19:29:02

    Re ,

    si je n'ai pas le CD d'installation Windows , je ne comprend pas trop comment faire :( 
    a b 8 Sécurité
    20 Janvier 2008 19:32:30

    Ok, on va faire sans :/ 
    Reposte un rapport Hijackthis.
    20 Janvier 2008 19:33:41

    lol désolée , voici le rapport HijackThis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:33:19, on 20/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\SysMetrix\SysMetrix.exe
    C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
    O4 - HKLM\..\Run: [VisualTooltip] C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 7680 bytes


    A plus tard
    a b 8 Sécurité
    20 Janvier 2008 20:27:14

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\imsins.BAK
    C:\WINDOWS\system32\Remove.exe
    C:\WINDOWS\system32\Remover.ini

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VisualTooltip"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    20 Janvier 2008 20:31:53

    Re ,

    Voici le rapport ComboFix :

    ComboFix 08-01-20.1 - Ana‹s 2008-01-20 20:29:39.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.484 [GMT 1:00]
    Running from: C:\Documents and Settings\Ana‹s\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Ana‹s\Bureau\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE
    C:\WINDOWS\imsins.BAK
    C:\WINDOWS\system32\Remove.exe
    C:\WINDOWS\system32\Remover.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\imsins.BAK
    C:\WINDOWS\system32\Remove.exe
    C:\WINDOWS\system32\Remover.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-20 19:09 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
    2008-01-19 19:46 . 2008-01-19 19:46 <REP> d----c--- C:\Program Files\Avira
    2008-01-19 19:46 . 2008-01-19 19:46 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-19 19:07 . 2008-01-19 19:07 <REP> d----c--- C:\Program Files\Trend Micro
    2008-01-18 03:50 . 2008-01-18 03:50 <REP> d----c--- C:\Program Files\CCleaner
    2008-01-18 03:40 . 2008-01-18 03:40 <REP> d----c--- C:\Program Files\MSXML 4.0
    2008-01-18 03:23 . 2008-01-18 03:23 <REP> d----c--- C:\VundoFix Backups
    2008-01-18 03:21 . 2006-09-06 17:43 22,752 --a--c--- C:\WINDOWS\system32\spupdsvc.exe
    2008-01-18 03:12 . 2008-01-18 03:12 <REP> d----c--- C:\WINDOWS\AU_Temp
    2008-01-18 01:07 . 2008-01-17 23:40 35,104,589 --a--c--- C:\WINDOWS\LPT$VPN.949
    2008-01-17 23:42 . 2008-01-18 01:08 <REP> d----c--- C:\WINDOWS\report
    2008-01-17 23:40 . 2008-01-18 01:07 <REP> d----c--- C:\WINDOWS\AU_Backup
    2008-01-17 23:40 . 2008-01-17 23:40 35,104,589 --a--c--- C:\WINDOWS\VPTNFILE.949
    2008-01-17 23:40 . 2008-01-17 23:40 1,910,895 --a--c--- C:\WINDOWS\tsc.ptn
    2008-01-17 23:40 . 2008-01-18 03:12 1,163,344 --a--c--- C:\WINDOWS\vsapi32.dll
    2008-01-17 23:40 . 2008-01-17 23:40 267,845 --a--c--- C:\WINDOWS\tsc.exe
    2008-01-17 23:40 . 2008-01-18 03:12 86,094 --a--c--- C:\WINDOWS\BPMNT.dll
    2008-01-17 23:40 . 2008-01-17 23:40 71,749 --a--c--- C:\WINDOWS\hcextoutput.dll
    2008-01-17 23:40 . 2008-01-18 03:21 823 --a--c--- C:\WINDOWS\tsc.ini
    2008-01-17 23:39 . 2008-01-17 23:39 <REP> d----c--- C:\WINDOWS\AU_Log
    2008-01-17 23:39 . 2008-01-17 23:39 507,904 --a--c--- C:\WINDOWS\TMUPDATE.DLL
    2008-01-17 23:39 . 2008-01-17 23:39 286,720 --a--c--- C:\WINDOWS\PATCH.EXE
    2008-01-17 23:39 . 2008-01-17 23:39 69,689 --a--c--- C:\WINDOWS\UNZIP.DLL
    2008-01-17 23:39 . 2008-01-18 03:12 170 --a--c--- C:\WINDOWS\GetServer.ini
    2008-01-17 22:48 . 2008-01-18 03:00 <REP> d----c--- C:\Program Files\Dot1XCfg
    2008-01-17 22:36 . 2008-01-17 22:36 <REP> d----c--- C:\Program Files\Alwil Software
    2008-01-17 22:36 . 2003-03-18 21:20 1,060,864 --a--c--- C:\WINDOWS\system32\MFC71.dll
    2008-01-17 22:36 . 2003-03-18 20:14 499,712 --a--c--- C:\WINDOWS\system32\MSVCP71.dll
    2008-01-17 22:36 . 2003-02-21 04:42 348,160 --a--c--- C:\WINDOWS\system32\MSVCR71.dll
    2008-01-16 21:17 . 2008-01-16 21:17 <REP> d----c--- C:\Program Files\iPod
    2008-01-16 21:17 . <REP> C:\Documents and Settings\Anaïs\Application Data\Apple Computer
    2008-01-16 21:17 . 2008-01-20 12:29 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
    2008-01-16 21:17 . 2008-01-16 21:17 1,409 --a--c--- C:\WINDOWS\QTFont.for
    2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Program Files\QuickTime
    2008-01-16 21:16 . 2008-01-16 21:17 <REP> d----c--- C:\Program Files\iTunes
    2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Program Files\Bonjour
    2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Program Files\Fichiers communs\Apple
    2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Program Files\Apple Software Update
    2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
    2008-01-16 13:30 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\drivers\MSTEE.sys
    2008-01-16 13:30 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
    2008-01-16 13:27 . 2008-01-16 13:27 <REP> d----c--- C:\WINDOWS\PixArt
    2008-01-16 13:27 . 2008-01-16 13:47 <REP> d----c--- C:\WINDOWS\Downloaded Installations
    2008-01-16 13:27 . 2008-01-16 13:47 <REP> d----c--- C:\Program Files\Trust
    2008-01-16 13:27 . 2008-01-16 13:27 <REP> d----c--- C:\Program Files\Fichiers communs\PAC207
    2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts
    2007-12-29 02:58 . 2007-12-29 02:58 <REP> d----c--- C:\Program Files\Audacity

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-20 11:29 --------- dc----w C:\Program Files\SysMetrix
    2008-01-17 21:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-16 12:27 --------- dc-h--w C:\Program Files\InstallShield Installation Information
    2007-12-28 20:22 --------- dc----w C:\Program Files\EA GAMES
    2007-12-22 09:38 --------- dc----w C:\Program Files\MSN Messenger
    2007-12-22 09:38 --------- dc----w C:\Program Files\Messenger Plus! Live
    2007-12-18 10:31 --------- dcs---w C:\Documents and Settings\Anaïs\Application Data\Microsoft
    2007-12-09 16:29 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Sun
    2007-12-09 12:45 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Adobe
    2007-12-09 02:40 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Talkback
    2007-12-07 20:48 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Macromedia
    2007-12-07 17:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe
    2007-12-07 17:57 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Mozilla
    2007-12-07 17:38 --------- dc----w C:\Program Files\StuffPlug3
    2007-11-18 16:37 63,545 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
    2007-11-18 16:37 6,118 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2007-11-18 16:37 219,648 -c--a-w C:\WINDOWS\system32\uxtheme.dll
    2007-11-07 09:28 728,576 -c--a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 -c--a-w C:\WINDOWS\system32\quartz.dll
    2007-10-20 05:01 227,328 -c--a-w C:\WINDOWS\system32\wmasf.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-20_19.11.27,62 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-20 18:10:02 229,376 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-20 19:29:34 229,376 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-20 18:10:02 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-20 19:29:34 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-20 18:10:02 229,376 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-20 19:29:34 229,376 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-20 18:10:02 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-20 19:29:34 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-20 18:10:02 3,018,752 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-20 19:29:35 3,018,752 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-20 18:10:03 98,304 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-20 19:29:35 98,304 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 11:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2004-06-13 18:40 2441216]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-06-29 12:13 1032192]
    "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-19 19:48 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a--c--- 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    --a--c--- 2006-06-29 12:13 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    -----c--- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-06-13 23:56]
    R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2006-03-08 19:53]
    R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2006-03-08 19:53]
    S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 10:26]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-06-30 10:08]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-16 20:15:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 20:30:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-20 20:30:50
    ComboFix-quarantined-files.txt 2008-01-20 19:30:42
    ComboFix2.txt 2008-01-20 18:11:49
    .
    2008-01-18 02:42:29 --- E O F ---




    Et voici le rapport HiJackThis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:31:28, on 20/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\SysMetrix\SysMetrix.exe
    C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 7487 bytes



    Je precise que mon Pc n'as pas redemarré
    a b 8 Sécurité
    20 Janvier 2008 20:33:23

    C'est mieux ?
    20 Janvier 2008 20:34:33

    J'essaye de lancer MSN pour voir ?
    a b 8 Sécurité
    20 Janvier 2008 20:35:27

    Oui :) 
    20 Janvier 2008 20:38:56

    Ok

    ( panique en cours... )

    Msn se lance bien , et apparement le virus ne se montre plus ...

    Tu pense que c'est bon ?
    a b 8 Sécurité
    20 Janvier 2008 20:42:39

    Je pense que c'est ok.
    20 Janvier 2008 20:44:11

    Ok ben merci un milliard et demi de fois alors :D 

    A bientot
    a b 8 Sécurité
    20 Janvier 2008 21:00:25

    De rien :) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    20 Janvier 2008 21:05:00

    Voici le rapport Tools Cleaner :

    -->- Recherche:

    C:\Combofix: trouvé !
    C:\Vundofix backups: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Anaïs\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\Anaïs\Bureau\MsnFix: trouvé !
    C:\Documents and Settings\Anaïs\Recent\MSNFix.lnk: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Anaïs\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\Anaïs\Recent\MSNFix.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix: supprimé !
    C:\Vundofix backups: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\Anaïs\Bureau\MsnFix: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !


    ( Trés Pratique ce petit programme :D  )


    Merci encore mille fois pour ton aide !
    a b 8 Sécurité
    20 Janvier 2008 21:07:01

    Citation :
    ( Trés Pratique ce petit programme :D  )

    Tout à fait :D 
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS