alainj77

Non apparemment plus de problème. Merci de ton aide très efficace comme avec tous les gens de l'équipe sécurité. Je le dis à chaque fois mais un grand merci à tous pour le temps que vous prenez pour aider à supprimer toutes ces infections avec une gentillesse que l'on ne retrouve pas à beaucoup d'endroits. Continuez comme cela et longue vie au forum sécurité. Je mets le problème en résolu mais je surveille au cas où tu aurais autre chose à rajouter.

Bonjour Voila réinstallation et scan dont voici le rapport (le fichier trouvé c'est Smitfraudfix) Avira AntiVir Personal Report file date: jeudi 6 novembre 2008 11:39 Scanning for 1010229 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DE-GC Version information: BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:38:54 ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 10:38:56 ANTIVIR2.VDF : 7.1.0.44 139264 Bytes 06/11/2008 10:38:57 ANTIVIR3.VDF : 7.1.0.46 4096 Bytes 06/11/2008 10:38:57 Engineversion : 8.2.0.26 AEVDF.DLL : 8.1.0.6 102772 Bytes 06/11/2008 10:39:06 AESCRIPT.DLL : 8.1.1.13 332156 Bytes 06/11/2008 10:39:05 AESCN.DLL : 8.1.1.3 123252 Bytes 06/11/2008 10:39:05 AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 10:39:04 AEPACK.DLL : 8.1.3.3 393591 Bytes 06/11/2008 10:39:03 AEOFFICE.DLL : 8.1.0.29 196988 Bytes 06/11/2008 10:39:03 AEHEUR.DLL : 8.1.0.68 1479029 Bytes 06/11/2008 10:39:02 AEHELP.DLL : 8.1.1.2 115062 Bytes 06/11/2008 10:39:00 AEGEN.DLL : 8.1.0.43 319862 Bytes 06/11/2008 10:39:00 AEEMU.DLL : 8.1.0.9 393588 Bytes 06/11/2008 10:38:59 AECORE.DLL : 8.1.2.9 172407 Bytes 06/11/2008 10:38:59 AEBB.DLL : 8.1.0.3 53618 Bytes 06/11/2008 10:38:58 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 06/11/2008 10:38:58 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 6 novembre 2008 11:39 Starting search for hidden objects. '100509' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'mobsync.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'msdtc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'ehsched.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'SmpSys.exe' - '1' Module(s) have been scanned Scan process 'cfp.exe' - '1' Module(s) have been scanned Scan process 'Mouse32A.exe' - '1' Module(s) have been scanned Scan process 'wpcumi.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'lxddmon.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Locator.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'NomadSvr.exe' - '1' Module(s) have been scanned Scan process 'lxddcoms.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'cmdagent.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 60 processes with 60 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '43' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\pagefile.sys [WARNING] The file could not be opened! C:\Users\crapaud\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1KZXHHS\swflash[1].cab [0] Archive type: CAB (Microsoft) --> Flash9d.ocx [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Users\gcoquillard\Desktop\SmitfraudFix.exe [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.9 dropper [NOTE] The file was moved to '497bce0f.qua'! End of the scan: jeudi 6 novembre 2008 12:19 Used time: 39:19 Minute(s) The scan has been done completely. 17434 Scanning directories 379990 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 379988 Files not concerned 3366 Archives were scanned 6 Warnings 1 Notes 100509 Objects were scanned with rootkit scan 0 Hidden objects were found

Bonjour Finalement j'ai réussi avec MBAM, mais pendant son exécution, j'ai eu plusieurs fois un écran bleu, qui apparemment n'est pas le vrai puisque le PC ne redémarrait pas à partir du Bios, j'avais simplement l'écran Windows avec la barre qui défile en bas, mais tout décalé (Windows sur le côté droit de l'écran et la barre défilante en dessous du rectangle habituel) et faux puisqu'il affichait Windows XP alors que c'est un Vista. En plus des fenêtres s'ouvraient (antivirus 2009 et Windows security) dont certaines étaient impossibles à fermer et cachait la fenêtre MBAM. Voila pour les symptômes, et je joins le rapport MBAM, mais après redémarrage, il n'y a apparemment plus d'antivirus 2009, mais Antivir que je vois dans la liste des programmes ne se relance pas (je suppose à réinstaller) : Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1368 Windows 6.0.6001 Service Pack 1 05/11/2008 22:53:33 mbam-log-2008-11-05 (22-53-33).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 151773 Temps écoulé: 52 minute(s), 47 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\96633022649933583271814473511533 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Users\Invité\Desktop\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully. C:\Users\Invité\Desktop\BitDownload.lnk (Trojan.Lop) -> Quarantined and deleted successfully. C:\Users\crapaud\Desktop\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully. C:\Users\crapaud\Desktop\BitDownload.lnk (Trojan.Lop) -> Quarantined and deleted successfully.

Bonsoir Pear J'ai installe une connexion internet sur le Pc pour pouvoir faire la mise a jour de MBAM, et j'ai lancé le scan complet, mais je pense que ça va être long et donc la suite sûrement pour demain. Bonne soirée à toi. Dès que j'ai le rapport je le posterai

Voila tout est fait et voici les rapports : Analyse : Search Navipromo version 3.6.8 commencé le 05/11/2008 à 18:16:04,22 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "gcoquillard" Mise à jour le 03.11.2008 à 18h00 par IL-MAFIOSO Microsoft Windows Vista 6.0.6001 Internet Explorer : 7.0.6001.18000 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\Windows" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "c:\users\gcoqui~1\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "C:\Users\gcoquillard\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\chantal\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\crapaud\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\INVIT~1\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\gcoquillard\AppData\Roaming" *** *** Recherche dossiers dans "C:\Users\chantal\appdata\roaming" *** *** Recherche dossiers dans "C:\Users\crapaud\appdata\roaming" *** *** Recherche dossiers dans "C:\Users\INVIT~1\appdata\roaming" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\Windows\system32" * * Recherche dans "C:\Users\gcoquillard\AppData\Local\Microsoft" * * Recherche dans "C:\Users\gcoquillard\AppData\Local\virtualstore\windows\system32" * * Recherche dans "C:\Users\gcoquillard\AppData\Local" * * Recherche dans "C:\Users\chantal\AppData\Local" * * Recherche dans "C:\Users\crapaud\AppData\Local" * * Recherche dans "C:\Users\INVIT~1\AppData\Local" * *** Recherche fichiers *** C:\Windows\system32\nvs2.inf trouvé ! *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\Windows\system32" : * Dans "C:\Users\gcoquillard\AppData\Local\Microsoft" : * Dans "C:\Users\gcoquillard\AppData\Local\virtualstore\windows\system32" : * Dans "C:\Users\gcoquillard\AppData\Local" : * Dans "C:\Users\chantal\AppData\Local" : * Dans "C:\Users\crapaud\AppData\Local" : * Dans "C:\Users\INVIT~1\AppData\Local" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 05/11/2008 à 18:28:33,47 *** Après redémarrage : Clean Navipromo version 3.6.8 commencé le 05/11/2008 à 18:30:24,06 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "gcoquillard" Mise à jour le 03.11.2008 à 18h00 par IL-MAFIOSO Microsoft Windows Vista 6.0.6001 Internet Explorer : 7.0.6001.18000 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\Windows\System32" * * Suppression dans "C:\Users\gcoquillard\AppData\Local\Microsoft" * * Suppression dans "C:\Users\gcoquillard\AppData\Local\virtualstore\windows\system32" * * Suppression dans "C:\Users\gcoquillard\AppData\Local" * * Suppression dans "C:\Users\chantal\AppData\Local" * * Suppression dans "C:\Users\crapaud\AppData\Local" * * Suppression dans "C:\Users\INVIT~1\AppData\Local" * *** Suppression dossiers dans "C:\Windows" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Suppression dossiers dans "C:\ProgramData" *** *** Suppression dossiers dans c:\users\gcoqui~1\appdata\roaming\micros~1\windows\startm~1\programs *** *** Suppression dossiers dans "C:\Users\chantal\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Suppression dossiers dans "C:\Users\crapaud\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Suppression dossiers dans "C:\Users\INVIT~1\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Suppression dossiers dans "C:\Users\gcoquillard\AppData\Local\virtualstore\Program Files" *** *** Suppression dossiers dans "C:\Users\chantal\AppData\Local\virtualstore\Program Files" *** *** Suppression dossiers dans "C:\Users\crapaud\AppData\Local\virtualstore\Program Files" *** *** Suppression dossiers dans "C:\Users\INVIT~1\AppData\Local\virtualstore\Program Files" *** *** Suppression dossiers dans "C:\Users\gcoquillard\AppData\Roaming" *** *** Suppression dossiers dans "C:\Users\chantal\appdata\roaming" *** *** Suppression dossiers dans "C:\Users\crapaud\appdata\roaming" *** *** Suppression dossiers dans "C:\Users\INVIT~1\appdata\roaming" *** *** Suppression fichiers *** C:\Windows\system32\nvs2.inf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\Windows\Temp effectué ! Nettoyage contenu C:\Users\GCOQUI~1\AppData\Local\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\Windows\system32" * * Dans "C:\Users\gcoquillard\AppData\Local\Microsoft" * * Dans "C:\Users\gcoquillard\AppData\Local\virtualstore\windows\system32" * * Dans "C:\Users\gcoquillard\AppData\Local" * * Dans "C:\Users\chantal\AppData\Local" * * Dans "C:\Users\crapaud\AppData\Local" * * Dans "C:\Users\INVIT~1\AppData\Local" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 05/11/2008 à 18:34:24,36 *** Et je n'ai pas trouve les noms cités dans les certificats. Mais j'ai toujours l'anti virus 2009.

Bon la c'est de pire en pire. Apparemment Smitfraudfix n'a pas fait grand chose au contraire, maintenant j'ai des fenêtres qui s'ouvrent toutes les minutes pour me dire qu'il y a 400 infections et au bout d'une demi heure le PC revient sur l'écran Windows de démarrage et relance Windows automatiquement.

Ok je continue avec Pear, mais merci à toi quand même d'être intervenu pour m'aider

Bonjour oGu Dois je faire ce que tu m'as dit ou je continue avec Pear? Je peux faire les 2 ça ne me dérange pas, de toute façon il a réinstallé Avast parce que Antivir ne marchait plus.

Bonjour Pear Merci de ton aide. Voici les 2 rapports Analyse SmitFraudFix v2.371 Scan done at 15:13:57,34, 05/11/2008 Run from C:\Users\gcoquillard\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6001] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxddcoms.exe C:\Program Files\BVRP Connection Manager\NomadSvr.exe C:\Windows\system32\svchost.exe C:\Windows\system32\locator.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Omni\OmniMouse Driver\4.06\Mouse32A.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Antivirus 2009\av2009.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehsched.exe C:\Windows\ehome\ehRecvr.exe C:\Windows\System32\msdtc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conime.exe C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\gcoquillard »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GCOQUI~1\AppData\Local\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\gcoquillard\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GCOQUI~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL C:\\Windows\\system32\\guard32.dll" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{62F5D47A-596E-462F-9B59-5F93D1D703A3}: NameServer=80.10.246.2,80.10.246.129 HKLM\SYSTEM\CCS\Services\Tcpip\..\{88FD0ECD-A4D8-468A-9857-C1AD46DF13E5}: NameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4F7AD1D-C4E8-417F-B331-1968F658008E}: NameServer=212.30.96.108,212.30.124.146 HKLM\SYSTEM\CS1\Services\Tcpip\..\{62F5D47A-596E-462F-9B59-5F93D1D703A3}: NameServer=80.10.246.2,80.10.246.129 HKLM\SYSTEM\CS1\Services\Tcpip\..\{88FD0ECD-A4D8-468A-9857-C1AD46DF13E5}: NameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B4F7AD1D-C4E8-417F-B331-1968F658008E}: NameServer=212.30.96.108,212.30.124.146 HKLM\SYSTEM\CS2\Services\Tcpip\..\{62F5D47A-596E-462F-9B59-5F93D1D703A3}: NameServer=80.10.246.2,80.10.246.129 HKLM\SYSTEM\CS2\Services\Tcpip\..\{88FD0ECD-A4D8-468A-9857-C1AD46DF13E5}: NameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B4F7AD1D-C4E8-417F-B331-1968F658008E}: NameServer=212.30.96.108,212.30.124.146 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Après nettoyage SmitFraudFix v2.371 Scan done at 15:19:09,12, 05/11/2008 Run from C:\Users\gcoquillard\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6001] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{62F5D47A-596E-462F-9B59-5F93D1D703A3}: NameServer=80.10.246.2,80.10.246.129 HKLM\SYSTEM\CCS\Services\Tcpip\..\{88FD0ECD-A4D8-468A-9857-C1AD46DF13E5}: NameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4F7AD1D-C4E8-417F-B331-1968F658008E}: NameServer=212.30.96.108,212.30.124.146 HKLM\SYSTEM\CS1\Services\Tcpip\..\{62F5D47A-596E-462F-9B59-5F93D1D703A3}: NameServer=80.10.246.2,80.10.246.129 HKLM\SYSTEM\CS1\Services\Tcpip\..\{88FD0ECD-A4D8-468A-9857-C1AD46DF13E5}: NameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B4F7AD1D-C4E8-417F-B331-1968F658008E}: NameServer=212.30.96.108,212.30.124.146 HKLM\SYSTEM\CS2\Services\Tcpip\..\{62F5D47A-596E-462F-9B59-5F93D1D703A3}: NameServer=80.10.246.2,80.10.246.129 HKLM\SYSTEM\CS2\Services\Tcpip\..\{88FD0ECD-A4D8-468A-9857-C1AD46DF13E5}: NameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B4F7AD1D-C4E8-417F-B331-1968F658008E}: NameServer=212.30.96.108,212.30.124.146 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

Bonjour Il y a peu de temps Apollo m'a aidé à désinfecter le PC de mon voisin, j'avais même réussi à lui faire acheter Antivir, mais là il vient de récupérer Anti virus 2009 après avoir cliqué sur une fenêtre qui lui disait qu'il était infecté. Bien sur Antivir ne démarre plus, et seul MBAM détecte un rootkit. Je joins le rapport Hijackthis afin d'obtenir votre aide si précieuse : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:43:51, on 05/11/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Omni\OmniMouse Driver\4.06\Mouse32A.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Antivirus 2009\av2009.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\Taskmgr.exe C:\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [96633022649933583271814473511533] C:\Program Files\Antivirus 2009\av2009.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1221979906436 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221649395589 O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{62F5D47A-596E-462F-9B59-5F93D1D703A3}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{88FD0ECD-A4D8-468A-9857-C1AD46DF13E5}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{B4F7AD1D-C4E8-417F-B331-1968F658008E}: NameServer = 212.30.96.108,212.30.124.146 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\Windows\system32\guard32.dll O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Partition Suite\oss_reinstall_svc.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe O23 - Service: Connection Manager (Nomad) - Unknown owner - C:\Program Files\BVRP Connection Manager\NomadSvr.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9816 bytes Merci d'avance Alain

Merci de ton aide KewlCat, grâce à ça j'ai pu trouver, l'hébergeur crée un répertoire pour mettre les images mais avec un .htaccess où il y a ForceType text/html. J'ai changé les images de répertoire et là tout marche. Je mets le post en résolu Merci encore d'avoir vu ce petit détail que je n'avais même pas regardé

Je n'avais pas vu ta réponse KewlCat avant de répondre, la fatigue sans doute, et en plus je n'avais pas vu ça, persuadé que c'était une image. Je vais donc chercher pourquoi il la renvoie comme cela. Je vous tient au courant si je trouve.

Re La configuration du serveur, je ne peux pas intervenir dessus, mais je pense que si cela venait de la j'aurais le même problème avec IE. Ce que je ne m'explique pas c'est qu'en ayant : <div align="center"><a target="_blank" href="images/carte.jpg"><img src="images/cartep.jpg" alt="carte d'accès au garage Lenotte à Varreddes" width="414" height="413" border="0"></a></div> il crée une page puisque le "affichage du source" est possible, alors que sur href en jpg il ne devrait pas l'être. Ou alors je fais une erreur monstrueuse dans le code, et tellement grosse que je ne la vois pas.

Bonjour J'ai un petit soucis avec Firefox. Quand je clique sur une image qui a en lien une image plus grande, Firefox me montre le source de l'image mais pas l'image, alors qu'avec IE je n'ai pas ce problème. Un exemple sur la page -http://www.voiture-sans-permis-77.com/acces.htm si je clique sur la carte pour l'avoir en grand, j'obtiens ceci (je ne mets que le début de l'affichage) cÜà×Vt±ÇôÍÛ}^ïæÑ™Ex6Þì€÷îkýŒkL;Ùa¬»ô–5Ûý=©«6¶¶‡Æ=–:òëç@nÍÖ]îuUýüŒ¨ïa¡õ Œ¬¹ÛÆÒ7²Òèk˜Ç»ÛþÞ§$Ÿ›ôµóX(j:läÓÐE–9‚ü‡XèßUá¥àýÐz¯£ô-üëXÏë£ãtáEÃ!¶—¸ÊZjµ¤9[÷ìöý/¦´môé-uö ê°M®ik‡Ò>§ô¯a¯è¿b€³«E!Ít´;²6ºÉ;Úêr)k]íw³ÜÍÿ�ÛR{ó1”½&ǤSLü;—÷#–8Ç» LÎ'ËóKôx}(n>8›Y È—±ä8ì_Os½OøÇûTDzƓ¾ß{qì`õXAÛµµ²¡gè^Ö~“Ôó• XëC*¶ÏÓÞàI½ûÚíÁÛ?í&Ö;ÒcY_±Ÿ¸¬»$nÖßZ§¸{w81ûF÷¹þ¥µµŸð¾¢lA$Ðð?Õú¶g8Dð™ ÏOr¿r2õÿ�ݵòòs DZk9¾£\Ç’ï£]¬=Íý·ÿ�8P£ès*©ìÚ:Ç´~‹÷îÒþBz÷‡ ²ØÇd;pnÙ% D'où cela peut il provenir? Merci d'avance de vos réponses Alain

Voila pour le petit service, mais je suis déjà inscrit sur Malware Complaints et j'y vais à chaque fois rajouter un post pour les infections. Le "message sympa" tu le mérites avec le temps que tu passes à aider les gens qui sont dans la galère, et même si "l'interlocuteur (toi) comprenant très facilement les manoeuvres qu'on lui indique de faire" (être informaticien même si c'est en grand système ça aide un peu), ce n'est pas partout qu'on a des réponses aussi rapides et explicites que sur Zebulon. Vous répondez très vite et si de notre côté nous essayons d'agir vite, le problème peut être résolu rapidement, la preuve avec toutes les infections trouvées il t'as fallu moins de 12 heures pour que le PC refonctionne correctement. Donc le "petit service" demandé et des remerciements pour le temps que tu as passé (en plus de tes occupations personnelles), j'estime que c'est très peu et que c'est la moindre des choses à faire. Pour l'examen complet de MBAM, il s'est terminé en découvrant (MyWebSearch dans un fichier et 2 VUNDO dans les clés de registre). Voila donc MERCI encore et surement à dans très peu de temps avec un nouveau PC infecté (j'espère que non) Bonne continuation à tous et surtout ne changez rien, c'est le meilleur forum que j'ai pu trouver

Oui mais bravo à toi aussi pour Norton sinon le tranfert via clé USB de tous les logs et des rapports ça aurait été un pu lassant

Bon déjà le répertoire ProgramData n'existe pas mais rien de surprenant c'est un Vista de Packard Bell. Je tiens à te remercier profondément, je sais que ce n'est pas grand chose mais je ne peux pas faire mieux. J'ai eu souvent à demander votre aide à tous et je sais que ce n'est surement pas fini, mais je ne cherche aucun autre forum pour me faire aider. Toutes les fois où je suis venu ici j'ai toujours eu toute l'aide nécessaire pour résoudre mes problèmes et malheureusement souvent ceux des autres. Un grand merci à toi et à tous ceux qui m'ont déjà aidé ( Wawaseb, Gof, Angélique, Berfizan). Si ça continue je vais bientôt tous vous connaître. Vous êtes une équipe super et très sympathique et je ne peux dire qu'un mot continuez comme ça. C'est un grand réconfort quand on sait que quoi qu'il se passe sur Zebulon on trouvera toujours l'aide nécessaire Un grand merci à tous et à toi en particulier pour avoir résolu tous ces problèmes en 1 journée

Dernière version de Java installé et toutes les anciennes versions sont supprimées (j'ai vérifié dans ajout/suppression de programmes) et nettoyage fait Voici les rapports : Javara JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Oct 15 19:22:23 2008 Found and removed: C:\Program Files\Java\jre1.6.0_02 Found and removed: C:\Program Files\Java\jre1.6.0_03 Found and removed: C:\Program Files\Java\jre1.6.0_05 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\JavaPlugin.160_02 Found and removed: SOFTWARE\Classes\JavaPlugin.160_03 Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\JavaPlugin.160_02 Found and removed: Software\Classes\JavaPlugin.160_03 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\ Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: Software\JavaSoft\Java2D\1.6.0_02 Found and removed: Software\JavaSoft\Java2D\1.6.0_03 Found and removed: Software\JavaSoft\Java2D\1.6.0_05 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting. Toolscleaner (dans la fenêtre blanche) [ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\fixnavi.txt: trouvé ! C:\cleannavi.txt: trouvé ! C:\lopR.txt: trouvé ! C:\Lop SD: trouvé ! C:\HJT\HijackThis.exe: trouvé ! C:\HJT\hijackthis.log: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\Navilog1\Navilog1.bat: trouvé ! C:\Program Files\VCOM\Fix-It\LSPFix.exe: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\LopSD.exe: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\Navilog1.exe: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\Navilog1.lnk: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\hijackthis.log: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\fixnavi.txt: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\lopR.txt: trouvé ! --------------------------------- -->- Suppression: C:\HJT\HijackThis.exe: supprimé ! C:\Program Files\Navilog1\Navilog1.bat: supprimé ! C:\Program Files\VCOM\Fix-It\LSPFix.exe: supprimé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\LopSD.exe: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\Navilog1.exe: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\Navilog1.lnk: supprimé ! C:\fixnavi.txt: supprimé ! C:\cleannavi.txt: supprimé ! C:\lopR.txt: supprimé ! C:\HJT\hijackthis.log: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\hijackthis.log: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\fixnavi.txt: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\lopR.txt: supprimé ! C:\Lop SD: supprimé ! C:\Program Files\Navilog1: supprimé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: supprimé ! Toolscleaner (rapport) mais j'ai l'impression que c'est la même chose [ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\fixnavi.txt: trouvé ! C:\cleannavi.txt: trouvé ! C:\lopR.txt: trouvé ! C:\Lop SD: trouvé ! C:\HJT\HijackThis.exe: trouvé ! C:\HJT\hijackthis.log: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\Navilog1\Navilog1.bat: trouvé ! C:\Program Files\VCOM\Fix-It\LSPFix.exe: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\LopSD.exe: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\Navilog1.exe: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\Navilog1.lnk: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\hijackthis.log: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\fixnavi.txt: trouvé ! C:\Users\gcoquillard\Desktop\a supprimer\lopR.txt: trouvé ! --------------------------------- -->- Suppression: C:\HJT\HijackThis.exe: supprimé ! C:\Program Files\Navilog1\Navilog1.bat: supprimé ! C:\Program Files\VCOM\Fix-It\LSPFix.exe: supprimé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\LopSD.exe: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\Navilog1.exe: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\Navilog1.lnk: supprimé ! C:\fixnavi.txt: supprimé ! C:\cleannavi.txt: supprimé ! C:\lopR.txt: supprimé ! C:\HJT\hijackthis.log: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\hijackthis.log: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\fixnavi.txt: supprimé ! C:\Users\gcoquillard\Desktop\a supprimer\lopR.txt: supprimé ! C:\Lop SD: supprimé ! C:\Program Files\Navilog1: supprimé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: supprimé ! Et bien sur le reste j'ai fait aussi

Voila Norton est enfin complètement parti, du moins j'espère Comodo est installé. Je vais faire le nécessaire pour adobe reader, je vais le lui laisser, je veux pas trop le perturber avec des logs qu'il connait pas. Affaire rondement menée dans la journée. BRAVO Je pense qu'il ne reste plus qu'à tout désinstaller

Ben pour etre meilleur qu'Avast ou Norton c'est pas dur, mais effectivement je n'avais jamais eu l'occasion de le voir travailler, c'est assez impressionnant. Pour le firewall oui vas y, celui de Windows ne vaut pas grand chose et je me méfie de son soit disant futur achat. Voila le rapport Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:12:12, on 15/10/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Omni\OmniMouse Driver\4.06\Mouse32A.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DialMessenger\dialmessenger.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Neuf\Media Center\MediaCenter.exe C:\Program Files\BVRP Connection Manager\Nomad.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DialMessenger] "C:\Program Files\DialMessenger\dialmessenger.exe" -background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: OFFICE One Startup v7.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1221979906436 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221649395589 O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{62F5D47A-596E-462F-9B59-5F93D1D703A3}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{ABB67AA7-D1CA-44B2-ABC8-B1676A936CB4}: NameServer = 80.118.91.100,80.118.196.36 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Partition Suite\oss_reinstall_svc.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe O23 - Service: Connection Manager (Nomad) - Unknown owner - C:\Program Files\BVRP Connection Manager\NomadSvr.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 10184 bytes

Bon voila le rapport Antivir. Tout ce qu'il a trouvé je l'ai mis en quarantaine Avira AntiVir Personal Report file date: mercredi 15 octobre 2008 16:39 Scanning for 1686371 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DE-GC Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 08/10/2008 14:38:09 ANTIVIR3.VDF : 7.0.7.44 237568 Bytes 15/10/2008 14:38:10 Engineversion : 8.2.0.4 AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 14:38:21 AESCRIPT.DLL : 8.1.1.8 319866 Bytes 15/10/2008 14:38:20 AESCN.DLL : 8.1.1.3 123252 Bytes 15/10/2008 14:38:19 AERDL.DLL : 8.1.1.2 438644 Bytes 15/10/2008 14:38:18 AEPACK.DLL : 8.1.2.4 369014 Bytes 15/10/2008 14:38:17 AEOFFICE.DLL : 8.1.0.28 196987 Bytes 15/10/2008 14:38:16 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 15/10/2008 14:38:16 AEHELP.DLL : 8.1.1.2 115062 Bytes 15/10/2008 14:38:14 AEGEN.DLL : 8.1.0.41 319861 Bytes 15/10/2008 14:38:14 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 14:38:13 AECORE.DLL : 8.1.2.6 172406 Bytes 15/10/2008 14:38:12 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 14:38:11 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 15/10/2008 14:38:10 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 15 octobre 2008 16:39 Starting search for hidden objects. '96776' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'msdtc.exe' - '1' Module(s) have been scanned Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned Scan process 'ehsched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'Nomad.exe' - '1' Module(s) have been scanned Scan process 'MediaCenter.exe' - '1' Module(s) have been scanned Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'dialmessenger.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'SmpSys.exe' - '1' Module(s) have been scanned Scan process 'Mouse32A.exe' - '1' Module(s) have been scanned Scan process 'wpcumi.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'lxddamon.exe' - '1' Module(s) have been scanned Scan process 'lxddmon.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Locator.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'NomadSvr.exe' - '1' Module(s) have been scanned Scan process 'lxddcoms.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 62 processes with 62 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '47' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\pagefile.sys [WARNING] The file could not be opened! C:\Lop SD\Backup-Lop\LopScript\Users\GCOQUI~1\Shared\lime wirecrack bittorrent downloader.zip [0] Archive type: ZIP --> BitDownload Setup.exe [DETECTION] Contains recognition pattern of the DR/BitDload.1 dropper [DETECTION] Contains recognition pattern of the DR/BitDload.1 dropper [NOTE] The file was moved to '496301e9.qua'! C:\Program Files\Navilog1\Backupnavi\aqqstk.exe.xpx [0] Archive type: HIDDEN --> FIL\\\?\C:\Program Files\Navilog1\Backupnavi\aqqstk.exe.xpx [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49670362.qua'! C:\Program Files\Navilog1\Backupnavi\fjocjnrpah.exe.xpx [0] Archive type: HIDDEN --> FIL\\\?\C:\Program Files\Navilog1\Backupnavi\fjocjnrpah.exe.xpx [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '4965035f.qua'! C:\Program Files\Navilog1\Backupnavi\maqgpfu.exe.xpx [0] Archive type: HIDDEN --> FIL\\\?\C:\Program Files\Navilog1\Backupnavi\maqgpfu.exe.xpx [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan [NOTE] The file was moved to '49670359.qua'! C:\Program Files\Navilog1\Backupnavi\mflzjppdif.exe.xpx [0] Archive type: HIDDEN --> FIL\\\?\C:\Program Files\Navilog1\Backupnavi\mflzjppdif.exe.xpx [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan [NOTE] The file was moved to '49620361.qua'! C:\Program Files\Navilog1\Backupnavi\mtzbto.exe.xpx [0] Archive type: HIDDEN --> FIL\\\?\C:\Program Files\Navilog1\Backupnavi\mtzbto.exe.xpx [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49700372.qua'! C:\Program Files\Navilog1\Backupnavi\pvkqtto.exe.xpx [0] Archive type: HIDDEN --> FIL\\\?\C:\Program Files\Navilog1\Backupnavi\pvkqtto.exe.xpx [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49610376.qua'! C:\ProgramData\MEALTITLEDUMB\kkonnkye.exe [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan [NOTE] The file was moved to '4965048a.qua'! C:\Users\crapaud\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1KZXHHS\swflash[1].cab [0] Archive type: CAB (Microsoft) --> Flash9d.ocx [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Users\gcoquillard\AppData\Local\Microsoft\lppbgve.exe.xpx [0] Archive type: HIDDEN --> FIL\\\?\C:\Users\gcoquillard\AppData\Local\Microsoft\lppbgve.exe.xpx [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan [NOTE] The file was moved to '49660560.qua'! C:\Users\gcoquillard\AppData\Local\Microsoft\meoynri.exe.xpx [0] Archive type: HIDDEN --> FIL\\\?\C:\Users\gcoquillard\AppData\Local\Microsoft\meoynri.exe.xpx [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan [NOTE] The file was moved to '49650558.qua'! C:\Users\gcoquillard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\2485e150-6005c46c [0] Archive type: ZIP --> OP.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit [NOTE] The file was moved to '492e055a.qua'! C:\Users\gcoquillard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\2f7fa3d1-39a7decd [0] Archive type: ZIP --> OP.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit [NOTE] The file was moved to '492d0592.qua'! C:\Users\gcoquillard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\7e615cf4-3943b40a [0] Archive type: ZIP --> BnnnnBaa.class [DETECTION] Is the TR/Java.Downloader.Gen Trojan --> VaannnaaBaa.class [DETECTION] Is the TR/ClassLoader Trojan --> Dnnny.class [DETECTION] Contains recognition pattern of the JAVA/Exploit.Bytverify.5 Java virus --> Bnnnnn.class [DETECTION] Is the TR/Java.ClassLoader.AS Trojan --> Den.class [DETECTION] Is the TR/Exploit.Bytverify Trojan --> Din.class [DETECTION] Is the TR/Exploit.Bytverify.A Trojan --> Dun.class [DETECTION] Is the TR/Exploit.Bytverify.B Trojan [NOTE] The file was moved to '492c0594.qua'! C:\Users\gcoquillard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\20b605b7-292e24cc [0] Archive type: ZIP --> OP.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit [NOTE] The file was moved to '49580561.qua'! C:\Users\gcoquillard\Documents\LimeWire\Saved\Agnetha Faltskog - When You Walk In The Room.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to '496405c1.qua'! C:\Users\gcoquillard\Documents\LimeWire\Saved\Mad Love things in this house Country Brad Paisley.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to '495a060c.qua'! C:\Users\gcoquillard\Downloads\blog.exe [DETECTION] Is the TR/Dldr.Zlob.AC.8.A Trojan [NOTE] The file was moved to '49650642.qua'! C:\Users\gcoquillard\Downloads\setup.exe [DETECTION] Is the TR/Dldr.Zlob.AC.8.A Trojan [NOTE] The file was moved to '496a067d.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KS18DOR3\wpad[1].cache [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.KO Java script virus [NOTE] The file was moved to '49570750.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJU4U0CH\wpad[1].cache [DETECTION] Contains recognition pattern of the JS/Dldr.IFrame.EI Java script virus [NOTE] The file was moved to '49570754.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7EZ9G5Z\wpad[1].cache [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.KO Java script virus [NOTE] The file was moved to '49570757.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7EZ9G5Z\wpad[2].cache [DETECTION] Contains recognition pattern of the JS/Dldr.IFrame.EI Java script virus [NOTE] The file was moved to '49570759.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7EZ9G5Z\wpad[3].cache [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.KO Java script virus [NOTE] The file was moved to '4957075b.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAQOQ4NS\wpad[3].cache [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.KO Java script virus [NOTE] The file was moved to '4957075d.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\7S33WHZY\wpad[1].cache [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.KO Java script virus [NOTE] The file was moved to '4957075f.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\7S33WHZY\wpad[2].cache [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.KO Java script virus [NOTE] The file was moved to '49570761.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\PZBF3VAP\wpad[3].cache [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.KO Java script virus [NOTE] The file was moved to '49570763.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\PZBF3VAP\wpad[4].cache [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.KO Java script virus [NOTE] The file was moved to '49570765.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\T89HSJJ7\wpad[1].cache [DETECTION] Contains recognition pattern of the JS/Dldr.IFrame.EI Java script virus [NOTE] The file was moved to '49570767.qua'! C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\T89HSJJ7\wpad[3].cache [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.KO Java script virus [NOTE] The file was moved to '49570769.qua'! C:\Windows\System32\dmxrd.exe [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '496e078f.qua'! C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.KO Java script virus [NOTE] The file was moved to '49290798.qua'! End of the scan: mercredi 15 octobre 2008 17:21 Used time: 42:25 Minute(s) The scan has been done completely. 17160 Scanning directories 409419 Files were scanned 32 viruses and/or unwanted programs were found 7 Files were classified as suspicious: 0 files were deleted 0 files were repaired 32 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 409379 Files not concerned 3324 Archives were scanned 6 Warnings 32 Notes 96776 Objects were scanned with rootkit scan 0 Hidden objects were found

Oui et en plus sur pacard poubelle le logiciel livré soit disant pour supprimer les programmes ne marche pas puisque j'ai aussi eu le pb avec AOL que j'ai désinstallé avec leur log et il continuait a se lancer au démarrage quand même. Mais pour Norton j'avais rien vu puisqu'il se lançait pas apparemment.

Je l'avais déjà fait, mais j'ai recommencé après la suppression de Norton, mais je n'ai pas plus ce fichier, j'ai même fait une recherche sur le disque entier et je ne le trouve pas. BIZARRE?

Oui c'est Apollo qui m'a demandé de le faire analyser donc j'attends sa réponse mais je sais que je ne suis pas le seul donc je patiente calmement. De toute façon merci à toi déjà tu avais vu le problème dès le départ, mais il est vrai qu'avec tout ce qu'il y a dans ce PC c'est un peu de la folie, si tu voyais la barre des taches tu rirais, les pgm en permanent en tiennent la moitié (je vais faire violemment le ménage), il y a 73 processus qui tournent en permanence. Encore merci de ton aide.

Bon j'ai viré Norton et OH miracle je peux me connecter à Internet et ouvrir des pages. Par contre je ne trouve pas le fichier C:\Users\gcoquillard\AppData\Local\iaqmqos.exe Est ce utile que j'aille quand même voir Berfizan sur l'autre forum? Je ne veux pas non plus lui faire perdre son temps si ce n'est pas nécessaire.