Virus MSN [ Résolu ]

Bonjour / Bonsoir a tous

Je me permet de poster ici car mon ordinateur est malade :pfff:

J'ai recherché un petit peu comment me debarrasser de cette sale bestiole , et je ne comprend RIEN !!!

Le virus en question c'est le fameux virus "c'est toi?"

Donc a cause de ca je ne peux plus utiliser MSN , c'est embettant...

Si vous pouviez m'expliquer comment m'en debarasser , et pourquoi Avast ne m'as pas alerté ...

A bientot

Message édité par Anbastom le 20-01-2008 à 20:47:04

------------------------------ Future maman ... C'est long 9 mois :(

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Télécharge MSNFix.zip (!aur3n7) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

bonjour

J'ai un virus msn j'arrive pas à m'en débarrasser, comment je peux faire?

Message édité par marie888 le 19-01-2008 à 14:03:52

------------------------------ marie
Répondre à marie888

Crée ton propre sujet.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Quand je lance MSN Fix , il commence a scanner puis se ferme ...

A bientot et merci de ta reponse AngelDark

Message édité par Anbastom le 19-01-2008 à 18:28:56

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Supprime ta version puis recommence.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

il doit y avoir quelque chose que je fais mal... ca ne fonctionne tjrs pas :heink:

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Tu as une erreur ?

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

non je n'avais pas d'erreur particuliere ...

Voici mon rapport HIJACKTHIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:11, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\HidFind.exe
C:\DOCUME~1\ANAS~1\LOCALS~1\Temp\services.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\mrofinu1148.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\ANAS~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8099 bytes

Merci encore

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Fais ceci pour commencer :

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Je fais ca tout de suite !

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Ok

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Je n'arrive pas a suivre le lien pour telecharger Antivir , mozilla n'arrive pas a l'ouvrir...

Je pense que je n'ai pas que ce virus ...

Message édité par Anbastom le 19-01-2008 à 19:37:34

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

http://www.antivir-pe.com/freet/in [...] ree-av.com
Un autre lien.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

c'est bon pour celui la , je dl , j'installe , je scan , et je poste !

a tout de suite

P.S : Merci milles fois encore

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

De rien

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

:pt1cable: mon pc bippe comme si il allait exploser !!!

Avast n'est apparement pas efficace , c'est rassurant :sweat:

Message édité par Anbastom le 19-01-2008 à 19:52:30

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Il bip ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

oui il bippe , mais de l'interieur ( desolé j'suis pas douée du tout ) des qu'AntiVir trouve un virus ( pour te donner une idée il est a 185 virus la ... )

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Bon voila j'ai fini le scan , le rapport est ... vraiment long !!!

Le voici :

AntiVir PersonalEdition Classic
Report file date: samedi 19 janvier 2008 19:49

Scanning for 1056958 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: DELL-D620

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:48:40
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 18:48:40
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 18:48:40
ANTIVIR3.VDF : 7.0.2.20 225792 Bytes 18/01/2008 18:48:40
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 19/01/2008 18:48:41
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/01/2008 18:48:41
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 19 janvier 2008 19:49

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'qvpkuz.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Documents and Settings\Anaïs\qvpkuz.exe'
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'hidfind.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'mrofinu1148.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\mrofinu1148.exe'
Scan process 'services.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOCUME~1\ANAS~1\LOCALS~1\Temp\services.exe'
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'VisualToolTip.exe' - '1' Module(s) have been scanned
Scan process 'SysMetrix.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

55 processes with 55 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\Documents and Settings\Anaïs\Local Settings\Temp\services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
[WARNING] The file could not be deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temp\services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
C:\WINDOWS\mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

The registry was scanned ( '28' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Anaïs\amdjjn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\bnadcp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\cixynp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\cuzgyy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\didnbu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\djtdno.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\dprvbw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\dyhbuo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ekikmb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\erqtpo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ftzdin.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\fyhabo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\fzegqa.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ggsklr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\gjlldy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\gnuyvl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\hhkjpk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ievsrf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ipznac.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ixkjob.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kbmbfm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kdciud.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kfvvhw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kpqwsn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kvffwf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\kxkpvg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\lmbqza.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\lpdoej.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\lpnleg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\mdjhgw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\msvunj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\myzpxb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\nmdavp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\npzbto.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\obnaau.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\obylqt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\oidoyg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\omxmdl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\oomgkl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ottfma.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\phnhsw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\plpvcf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\povhmh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\qemirv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\qnfcoc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\qqjiyu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\qvpkuz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\qzwjym.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\semmzn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\shakxr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\ssdhre.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\swqpfh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\tbsssh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\tjzjgh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\tmjjkx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\uxwfcs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\uyslvc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\vhdvco.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\vjckqp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\vsdhea.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\vvmltb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wflaxi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wjrkna.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wkdcyr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wnblgb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wnhxhv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wqpfyk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wtawqa.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\wymufn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\xmycba.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\xrgcyp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\xwwvoz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\zzewss.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temp\services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
[WARNING] The file could not be deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\B2P0IENI\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\B2P0IENI\f4d28682d186cc6beb75f106d133f489[2].zip
[0] Archive type: ZIP
--> b128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\GFMST5ZA\a[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\2c1dbeb1361cce3acfbbca0488dfd6ee[1].zip
[0] Archive type: ZIP
--> b151.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fjn.1
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\X3LV1P9E\8154ff2675af1b6e0677560871425153[1].zip
[0] Archive type: ZIP
--> b138.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
[INFO] The file was deleted!
C:\Documents and Settings\Anaïs\Local Settings\Temporary Internet Files\Content.IE5\X3LV1P9E\a[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[WARNING] The file could not be deleted!
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
[INFO] The file was deleted!
C:\Program Files\Temporary\kernInst.exe
[DETECTION] Is the Trojan horse TR/Agent.dwb
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009659.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009666.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009694.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009695.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009706.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009709.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009725.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.PR
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009762.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009763.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP44\A0009766.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP45\A0009814.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP46\A0009867.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP46\A0009868.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP46\A0010034.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP46\A0010035.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP47\A0010637.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP47\A0010638.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP47\A0011699.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011809.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011810.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011811.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011812.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011813.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011814.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011815.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011816.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011818.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011819.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011820.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011821.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011822.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011823.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011824.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011825.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011826.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011827.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011828.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011829.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011830.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011831.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011832.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011833.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011834.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011835.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011836.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011837.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011838.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011839.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011840.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011841.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011842.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011843.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011844.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011845.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011846.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011847.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011848.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011849.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011850.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011851.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011852.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011853.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011854.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011855.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011856.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011857.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011858.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011859.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011860.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011861.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011862.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011863.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011864.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011865.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011866.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011867.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011868.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011869.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011870.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011871.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011873.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011874.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011875.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011876.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011877.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011878.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011879.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011880.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011881.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011883.exe
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
[INFO] The file was deleted!
C:\System Volume Information\_restore{CB988D7A-452E-4592-BAFC-D3C30F45D5EB}\RP48\A0011884.exe
[DETECTION] Is the Trojan horse TR/Agent.dwb
[INFO] The file was deleted!
C:\WINDOWS\b128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[INFO] The file was deleted!
C:\WINDOWS\mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
Begin scan in 'D:\'

End of the scan: samedi 19 janvier 2008 20:32
Used time: 42:42 min

The scan has been done completely.

5449 Scanning directories
142563 Files were scanned
183 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
175 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
142380 Files not concerned
1766 Archives were scanned
6 Warnings
4 Notes

Merci encore

Message édité par Anbastom le 20-01-2008 à 12:33:37

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Up

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Bonjour AngelDark

Voici mon rapport HijackThis :

C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\ANAS~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7924 bytes

Bonne soirée

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Supprime ta version de MSNFix puis recommence.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

comment je fais pour la supprimer ?

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Clique droit / supprimer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

:lol: ah ben ca c'etais deja fais ...

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Bah maintenant, tu continues

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Ah oui suis je bete ...

Voila le rapport :

MSNFix 1.634

C:\Documents and Settings\Ana‹s\Bureau\MSNFix
Fix exécuté le 20/01/2008 - 18:22:15,28 By Ana‹s
mode normal

************************ Recherche les fichiers présents

************************ Fichiers suspects

Aucun Fichier trouvé

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Lé parti le vilain virus ? :ange:

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:41, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\ANAS~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7924 bytes

Merci , desolée de te deranger

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Re,

Désactive tes protections résidentes (antivirus, Spybot...) !

Télécharge Combofix (sUBs) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Tu peux me donner un lien pour telecharger ComboFix , celui la ne s'ouvre pas !

Merci

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Ok
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voila le rapport que me donne ComboFix :

ComboFix 08-01-20.1 - Ana‹s 2008-01-20 19:10:15.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.526 [GMT 1:00]
Running from: C:\Documents and Settings\Ana‹s\Bureau\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\YazzleBundle-1560.exe.lzma
C:\Program Files\Temporary

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))))))
.

2008-01-20 19:09 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-19 19:46 . 2008-01-19 19:46 <REP> d----c--- C:\Program Files\Avira
2008-01-19 19:46 . 2008-01-19 19:46 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-19 19:07 . 2008-01-19 19:07 <REP> d----c--- C:\Program Files\Trend Micro
2008-01-18 14:13 . 2008-01-18 14:25 1,374 --a--c--- C:\WINDOWS\imsins.BAK
2008-01-18 03:50 . 2008-01-18 03:50 <REP> d----c--- C:\Program Files\CCleaner
2008-01-18 03:40 . 2008-01-18 03:40 <REP> d----c--- C:\Program Files\MSXML 4.0
2008-01-18 03:23 . 2008-01-18 03:23 <REP> d----c--- C:\VundoFix Backups
2008-01-18 03:21 . 2006-09-06 17:43 22,752 --a--c--- C:\WINDOWS\system32\spupdsvc.exe
2008-01-18 03:12 . 2008-01-18 03:12 <REP> d----c--- C:\WINDOWS\AU_Temp
2008-01-18 01:07 . 2008-01-17 23:40 35,104,589 --a--c--- C:\WINDOWS\LPT$VPN.949
2008-01-17 23:42 . 2008-01-18 01:08 <REP> d----c--- C:\WINDOWS\report
2008-01-17 23:40 . 2008-01-18 01:07 <REP> d----c--- C:\WINDOWS\AU_Backup
2008-01-17 23:40 . 2008-01-17 23:40 35,104,589 --a--c--- C:\WINDOWS\VPTNFILE.949
2008-01-17 23:40 . 2008-01-17 23:40 1,910,895 --a--c--- C:\WINDOWS\tsc.ptn
2008-01-17 23:40 . 2008-01-18 03:12 1,163,344 --a--c--- C:\WINDOWS\vsapi32.dll
2008-01-17 23:40 . 2008-01-17 23:40 267,845 --a--c--- C:\WINDOWS\tsc.exe
2008-01-17 23:40 . 2008-01-18 03:12 86,094 --a--c--- C:\WINDOWS\BPMNT.dll
2008-01-17 23:40 . 2008-01-17 23:40 71,749 --a--c--- C:\WINDOWS\hcextoutput.dll
2008-01-17 23:40 . 2008-01-18 03:21 823 --a--c--- C:\WINDOWS\tsc.ini
2008-01-17 23:39 . 2008-01-17 23:39 <REP> d----c--- C:\WINDOWS\AU_Log
2008-01-17 23:39 . 2008-01-17 23:39 507,904 --a--c--- C:\WINDOWS\TMUPDATE.DLL
2008-01-17 23:39 . 2008-01-17 23:39 286,720 --a--c--- C:\WINDOWS\PATCH.EXE
2008-01-17 23:39 . 2008-01-17 23:39 69,689 --a--c--- C:\WINDOWS\UNZIP.DLL
2008-01-17 23:39 . 2008-01-18 03:12 170 --a--c--- C:\WINDOWS\GetServer.ini
2008-01-17 22:48 . 2008-01-18 03:00 <REP> d----c--- C:\Program Files\Dot1XCfg
2008-01-17 22:36 . 2008-01-17 22:36 <REP> d----c--- C:\Program Files\Alwil Software
2008-01-17 22:36 . 2003-03-18 21:20 1,060,864 --a--c--- C:\WINDOWS\system32\MFC71.dll
2008-01-17 22:36 . 2003-03-18 20:14 499,712 --a--c--- C:\WINDOWS\system32\MSVCP71.dll
2008-01-17 22:36 . 2003-02-21 04:42 348,160 --a--c--- C:\WINDOWS\system32\MSVCR71.dll
2008-01-16 21:17 . 2008-01-16 21:17 <REP> d----c--- C:\Program Files\iPod
2008-01-16 21:17 . <REP> C:\Documents and Settings\Anaïs\Application Data\Apple Computer
2008-01-16 21:17 . 2008-01-20 12:29 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-01-16 21:17 . 2008-01-16 21:17 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Program Files\QuickTime
2008-01-16 21:16 . 2008-01-16 21:17 <REP> d----c--- C:\Program Files\iTunes
2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Program Files\Bonjour
2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Program Files\Fichiers communs\Apple
2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Program Files\Apple Software Update
2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-16 13:30 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-16 13:30 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-16 13:27 . 2008-01-16 13:27 <REP> d----c--- C:\WINDOWS\PixArt
2008-01-16 13:27 . 2008-01-16 13:47 <REP> d----c--- C:\WINDOWS\Downloaded Installations
2008-01-16 13:27 . 2008-01-16 13:47 <REP> d----c--- C:\Program Files\Trust
2008-01-16 13:27 . 2008-01-16 13:27 <REP> d----c--- C:\Program Files\Fichiers communs\PAC207
2008-01-16 13:27 . 2006-11-03 10:59 48,128 --a--c--- C:\WINDOWS\system32\Remove.exe
2008-01-16 13:27 . 2007-01-04 01:20 314 --a--c--- C:\WINDOWS\system32\Remover.ini
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts
2007-12-29 02:58 . 2007-12-29 02:58 <REP> d----c--- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 11:29 --------- dc----w C:\Program Files\SysMetrix
2008-01-17 21:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-16 12:27 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-12-28 20:22 --------- dc----w C:\Program Files\EA GAMES
2007-12-22 09:38 --------- dc----w C:\Program Files\MSN Messenger
2007-12-22 09:38 --------- dc----w C:\Program Files\Messenger Plus! Live
2007-12-18 10:31 --------- dcs---w C:\Documents and Settings\Anaïs\Application Data\Microsoft
2007-12-09 16:29 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Sun
2007-12-09 12:45 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Adobe
2007-12-09 02:40 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Talkback
2007-12-07 20:48 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Macromedia
2007-12-07 17:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2007-12-07 17:57 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Mozilla
2007-12-07 17:38 --------- dc----w C:\Program Files\StuffPlug3
2007-11-18 16:37 63,545 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-18 16:37 6,118 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-18 16:37 219,648 -c--a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-07 09:28 728,576 -c--a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 -c--a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 11:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2004-06-13 18:40 2441216]
"VisualTooltip"="C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe" [2007-04-25 09:45 956928]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-06-29 12:13 1032192]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-19 19:48 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 2006-06-29 12:13 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1148.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-06-13 23:56]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2006-03-08 19:53]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2006-03-08 19:53]
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 10:26]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-06-30 10:08]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-16 20:15:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 19:11:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 19:11:49
ComboFix-quarantined-files.txt 2008-01-20 18:11:41
.
2008-01-18 02:42:29 --- E O F ---

Merci encore

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Re,

Suis la procédure ci-dessous :
http://www.libellules.ch/installer [...] ration.php

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re ,

si je n'ai pas le CD d'installation Windows , je ne comprend pas trop comment faire

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Ok, on va faire sans
Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

lol désolée , voici le rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:19, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7680 bytes

A plus tard

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Re,

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\Remove.exe
C:\WINDOWS\system32\Remover.ini

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTooltip"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re ,

Voici le rapport ComboFix :

ComboFix 08-01-20.1 - Ana‹s 2008-01-20 20:29:39.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.484 [GMT 1:00]
Running from: C:\Documents and Settings\Ana‹s\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ana‹s\Bureau\CFScript.txt
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\Remove.exe
C:\WINDOWS\system32\Remover.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\Remove.exe
C:\WINDOWS\system32\Remover.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))))))
.

2008-01-20 19:09 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-19 19:46 . 2008-01-19 19:46 <REP> d----c--- C:\Program Files\Avira
2008-01-19 19:46 . 2008-01-19 19:46 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-19 19:07 . 2008-01-19 19:07 <REP> d----c--- C:\Program Files\Trend Micro
2008-01-18 03:50 . 2008-01-18 03:50 <REP> d----c--- C:\Program Files\CCleaner
2008-01-18 03:40 . 2008-01-18 03:40 <REP> d----c--- C:\Program Files\MSXML 4.0
2008-01-18 03:23 . 2008-01-18 03:23 <REP> d----c--- C:\VundoFix Backups
2008-01-18 03:21 . 2006-09-06 17:43 22,752 --a--c--- C:\WINDOWS\system32\spupdsvc.exe
2008-01-18 03:12 . 2008-01-18 03:12 <REP> d----c--- C:\WINDOWS\AU_Temp
2008-01-18 01:07 . 2008-01-17 23:40 35,104,589 --a--c--- C:\WINDOWS\LPT$VPN.949
2008-01-17 23:42 . 2008-01-18 01:08 <REP> d----c--- C:\WINDOWS\report
2008-01-17 23:40 . 2008-01-18 01:07 <REP> d----c--- C:\WINDOWS\AU_Backup
2008-01-17 23:40 . 2008-01-17 23:40 35,104,589 --a--c--- C:\WINDOWS\VPTNFILE.949
2008-01-17 23:40 . 2008-01-17 23:40 1,910,895 --a--c--- C:\WINDOWS\tsc.ptn
2008-01-17 23:40 . 2008-01-18 03:12 1,163,344 --a--c--- C:\WINDOWS\vsapi32.dll
2008-01-17 23:40 . 2008-01-17 23:40 267,845 --a--c--- C:\WINDOWS\tsc.exe
2008-01-17 23:40 . 2008-01-18 03:12 86,094 --a--c--- C:\WINDOWS\BPMNT.dll
2008-01-17 23:40 . 2008-01-17 23:40 71,749 --a--c--- C:\WINDOWS\hcextoutput.dll
2008-01-17 23:40 . 2008-01-18 03:21 823 --a--c--- C:\WINDOWS\tsc.ini
2008-01-17 23:39 . 2008-01-17 23:39 <REP> d----c--- C:\WINDOWS\AU_Log
2008-01-17 23:39 . 2008-01-17 23:39 507,904 --a--c--- C:\WINDOWS\TMUPDATE.DLL
2008-01-17 23:39 . 2008-01-17 23:39 286,720 --a--c--- C:\WINDOWS\PATCH.EXE
2008-01-17 23:39 . 2008-01-17 23:39 69,689 --a--c--- C:\WINDOWS\UNZIP.DLL
2008-01-17 23:39 . 2008-01-18 03:12 170 --a--c--- C:\WINDOWS\GetServer.ini
2008-01-17 22:48 . 2008-01-18 03:00 <REP> d----c--- C:\Program Files\Dot1XCfg
2008-01-17 22:36 . 2008-01-17 22:36 <REP> d----c--- C:\Program Files\Alwil Software
2008-01-17 22:36 . 2003-03-18 21:20 1,060,864 --a--c--- C:\WINDOWS\system32\MFC71.dll
2008-01-17 22:36 . 2003-03-18 20:14 499,712 --a--c--- C:\WINDOWS\system32\MSVCP71.dll
2008-01-17 22:36 . 2003-02-21 04:42 348,160 --a--c--- C:\WINDOWS\system32\MSVCR71.dll
2008-01-16 21:17 . 2008-01-16 21:17 <REP> d----c--- C:\Program Files\iPod
2008-01-16 21:17 . <REP> C:\Documents and Settings\Anaïs\Application Data\Apple Computer
2008-01-16 21:17 . 2008-01-20 12:29 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-01-16 21:17 . 2008-01-16 21:17 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Program Files\QuickTime
2008-01-16 21:16 . 2008-01-16 21:17 <REP> d----c--- C:\Program Files\iTunes
2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Program Files\Bonjour
2008-01-16 21:16 . 2008-01-16 21:16 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Program Files\Fichiers communs\Apple
2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Program Files\Apple Software Update
2008-01-16 21:15 . 2008-01-16 21:15 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-16 13:30 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-16 13:30 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-16 13:27 . 2008-01-16 13:27 <REP> d----c--- C:\WINDOWS\PixArt
2008-01-16 13:27 . 2008-01-16 13:47 <REP> d----c--- C:\WINDOWS\Downloaded Installations
2008-01-16 13:27 . 2008-01-16 13:47 <REP> d----c--- C:\Program Files\Trust
2008-01-16 13:27 . 2008-01-16 13:27 <REP> d----c--- C:\Program Files\Fichiers communs\PAC207
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts
2007-12-29 02:58 . 2007-12-29 02:58 <REP> d----c--- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 11:29 --------- dc----w C:\Program Files\SysMetrix
2008-01-17 21:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-16 12:27 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-12-28 20:22 --------- dc----w C:\Program Files\EA GAMES
2007-12-22 09:38 --------- dc----w C:\Program Files\MSN Messenger
2007-12-22 09:38 --------- dc----w C:\Program Files\Messenger Plus! Live
2007-12-18 10:31 --------- dcs---w C:\Documents and Settings\Anaïs\Application Data\Microsoft
2007-12-09 16:29 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Sun
2007-12-09 12:45 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Adobe
2007-12-09 02:40 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Talkback
2007-12-07 20:48 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Macromedia
2007-12-07 17:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2007-12-07 17:57 --------- dc----w C:\Documents and Settings\Anaïs\Application Data\Mozilla
2007-12-07 17:38 --------- dc----w C:\Program Files\StuffPlug3
2007-11-18 16:37 63,545 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-18 16:37 6,118 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-18 16:37 219,648 -c--a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-07 09:28 728,576 -c--a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 -c--a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-20_19.11.27,62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-20 18:10:02 229,376 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-20 19:29:34 229,376 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-20 18:10:02 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-20 19:29:34 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-20 18:10:02 229,376 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-20 19:29:34 229,376 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-20 18:10:02 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-20 19:29:34 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-20 18:10:02 3,018,752 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-20 19:29:35 3,018,752 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-20 18:10:03 98,304 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-20 19:29:35 98,304 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 11:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2004-06-13 18:40 2441216]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-06-29 12:13 1032192]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-19 19:48 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 2006-06-29 12:13 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-06-13 23:56]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2006-03-08 19:53]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2006-03-08 19:53]
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 10:26]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-06-30 10:08]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-16 20:15:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 20:30:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 20:30:50
ComboFix-quarantined-files.txt 2008-01-20 19:30:42
ComboFix2.txt 2008-01-20 18:11:49
.
2008-01-18 02:42:29 --- E O F ---

Et voici le rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:28, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\DOCUME~1\Dracula\LOCALS~1\Temp\Rar$EX00.203\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7487 bytes

Je precise que mon Pc n'as pas redemarré

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

C'est mieux ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

J'essaye de lancer MSN pour voir ?

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Oui

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Ok

( panique en cours... )

Msn se lance bien , et apparement le virus ne se montre plus ...

Tu pense que c'est bon ?

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Je pense que c'est ok.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Ok ben merci un milliard et demi de fois alors

A bientot

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

De rien

Télécharge ToolsCleaner sur ton Bureau.
Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
Clique sur Quitter, pour que le rapport puisse se créer.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voici le rapport Tools Cleaner :

-->- Recherche:

C:\Combofix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Anaïs\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Anaïs\Bureau\MsnFix: trouvé !
C:\Documents and Settings\Anaïs\Recent\MSNFix.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Anaïs\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Anaïs\Recent\MSNFix.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Anaïs\Bureau\MsnFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

( Trés Pratique ce petit programme )

Merci encore mille fois pour ton aide !

------------------------------ Future maman ... C'est long 9 mois :(
Répondre à Anbastom

Citation :

( Trés Pratique ce petit programme )

Tout à fait

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Forum Sécurité - Virus : Virus MSN [ Résolu ]

Attention