norbert-paul

Bonsoir Merci pour vos conseils. Ils sont efficace. Effectivement à l'aide d'une bombe j'ai dépoussiéré le ventilateur. En fait il n'y en a qu'un. Maintenant il tourne sans soucis. Le seul problème c'est que mon écran est noir. C'est un PC HP Pavilion DV7. J'ai remarqué lorsqu'il démarre (On entend le ventilo qui se met en route) qu'une diode clignote 4 fois. J'ai essayé d'appuyer sur les touches "F" sans résultat. L'un d'entre vous peut-il a nouveau m'aider ?

Bonjour Excuse moi de ne pas avoir répondu plus vite mais j'ai eu quelques petits problèmes. Je vais essayer de faire les vérif que tu as indiqué dès que possible. Je ne suis pas un as. Merci de ta compréhension.

Bonjour Je ne pouvais répondre plus vite car j'étais hospitalisé. Je vais donc essayer un démontage pour dépoussiérer mais comment faire ensuite pour réinitialiser le Bios ? Merci.

Bonjour à tous Je suis un peu perdu avec mon portable et avec le forum. Voici mon problème. Mon PC portable HP Pavillon âgé de 2 ans s'arrête rapidement dès qu'il travaille. Il monte en température car les 3 ventilateurs ne démarrent pas. On m'a dit que çà pouvait venir du BIOS qu'il faut réinitialiser. Pouvez-vous m'aider. Je ne sais pas quoi faire et il y a peut-être un moyen moins couteux que d'en acheter un nouveau. Merci pour votre aide.

Bonjour Il semble que malgré les tutos je ne puisse créer un homegroup avec Starter. Certaines fonctions sont grisées et ne peuvent être utilisées>.Je ne comprends pas pourquoi. J'avais acheté ce mini PC HP dans le but de pouvoir l'utiliser partout dans la maison et j'espérais pouvoir aussi le partager avec mon pc de bureau. Si ce n'est pas possible alors à quoi sert un mini pc ? Il doit y avoir des solutions. Merci pour vos réponses

Bonsoir fifi29 CAEN-BREST 0/0 pour l'instant. Bon à part le foot, merci pour ton aide. Malheureusement, il semble que malgré ton tuto il ne sioit pas possible de créer un groupe résidentiel avec windows 7 stater. Sinon j'ai mis mes 2 pc avec le groupe de travail MSHOME. Peux-tu m'en dire plus. Merci

Bonjour Je ne suis pas un as de l'informatique. J'ai mon PC de bureau qui fonctionne avec Windows XP et je viens d'acheter un netbook HP Mini qui fonctionne avec Windows 7 starter. Je voudrai faire un réseau domestique pour pouvoir accéder au contenu de l'un avec l'autre et inversement. Je n'y arrive pas et je n'ai rien vu qui correspond exactement à mon problème dans le forum. Quelqu'un peut-il m'aider à résoudre mon problème ? Merci

Bonjour Je suis actuellement protégé par Avira AntiVir en version gratuite. Je souhaite savoir si la version payante est plus sûre ou si un autre anti-virus gratuit ou payant est plus performant sans toutefois ralentir de trop mon PC. Merci d'éclairer ma lanterne.

Bonsoir Gof Cà y est. TratBHO a enfin disparu de mon PC GRACE A TOI GOF. MERCI ENCORE POUR TON AIDE. Je pense que je vais suivre ton conseil. Je vais installer Antivir et imprimé le Tuto car l'anglais et moi, cà fait 2. Donc, je vais aussi supprimer Avast mais je vais garder Spybot et CCleaner. Qu'en penses-tu ? A plus tard

Bonsoir Gof J'ai bien exécuté la mission, qui est arrivée à son terme sans problème particulier. Je suis prêt pour la mission suivante. Merci pour ta "prise en charge". A plus tard.

Bonjour Gof Heureux de te lire. Voici les rapports Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:15:32, on 21/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191512715968 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5864 bytes MSNFix 1.639-2 C:\Documents and Settings\USER\Bureau\MSNFix Fix exécuté le 21/01/2008 - 10:03:01,56 By USER mode normal ************************ Recherche les fichiers présents Aucun Fichier trouvé ************************ Recherche les dossiers présents Aucun dossier trouvé ************************ Fichiers suspects Aucun Fichier trouvé ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, January 21, 2008 11:10:10 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 21/01/2008 Kaspersky Anti-Virus database records: 525566 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 68826 Number of viruses found: 4 Number of infected objects: 207 Number of suspicious objects: 0 Duration of the scan process: 00:37:28 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\USER\Cookies\index.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\USER\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\USER\NTUSER.DAT Object is locked skipped C:\Documents and Settings\USER\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\system32\awtrpml.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\awtsqpo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\awtsqrp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\awturst.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\bcwsvc.exe.vir Infected: Trojan-Downloader.Win32.Agent.hgr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\brqmythwzm.exe.vir Infected: Trojan.Win32.Pakes.bzq skipped C:\QooBox\Quarantine\C\WINDOWS\system32\byxurss.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\byxyvtq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ddcawxw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ddcbyyw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ddcccba.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ddccccd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\dvxfhyifqwu.exe.vir Infected: Trojan.Win32.Pakes.bzq skipped C:\QooBox\Quarantine\C\WINDOWS\system32\efcaxxu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\efcbaay.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\efcbbcc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\efcbxwu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\efcbyax.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\efccbyx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\efcdbxv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\efcyvsq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fcccddd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fccdabc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fccdcya.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fccyywu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gebayvu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gebbxvv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gebxwtt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gebxwwu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gebxwxy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hggdaba.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hggefgf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hggggde.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\iifcyyv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\iifddax.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\iifecbx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\iifghhe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjiih.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jkkljhg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jkklmkk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\khfcbxx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\khfdebb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\khfedcb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\khfeeed.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\khffdcd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ljjijhi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mljggec.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mljghec.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mljhghe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mljifge.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mljihhe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mljjiji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mljkigh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mnf.exe.vir Infected: Trojan.Win32.Pakes.bzq skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nnnljij.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nnnllkk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolij.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nnnopnk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\okjmpqe.exe.vir Infected: Trojan.Win32.Pakes.bzq skipped C:\QooBox\Quarantine\C\WINDOWS\system32\opnkjih.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\opnkljk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\opnlmno.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\opnnmnn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pmnklki.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlkii.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlkjj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pmnoomj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qomkkih.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qomklmm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qomlifc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rqrolif.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rqrpooo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rqrppnn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ssqnmki.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tuvtqoo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tuvuvsr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvwuu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvwwv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\urqnljj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\urqqolm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vturrqo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vtuussq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuutq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wvurstr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wvusrpq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wvuuuvt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wvuuvvt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xxyvuss.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xxywvur.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xxywwvu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xxyxxyw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyaya.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\yayvwtq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\yayxwvu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\yayyawx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\catchme2008-01-15_202820.12.zip/ljjifdc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\catchme2008-01-15_202820.12.zip ZIP: infected - 1 skipped C:\QooBox\Quarantine\catchme2008-01-16_171545.57.zip/hgghfge.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\catchme2008-01-16_171545.57.zip ZIP: infected - 1 skipped C:\QooBox\Quarantine\catchme2008-01-16_173315.96.zip/gebayaw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\catchme2008-01-16_173315.96.zip ZIP: infected - 1 skipped C:\QooBox\Quarantine\catchme2008-01-17_ 94804.67.zip/efcabyw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\QooBox\Quarantine\catchme2008-01-17_ 94804.67.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023623.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023625.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023626.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023627.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023628.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023629.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023630.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023631.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023632.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023633.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023634.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023635.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023636.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023637.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023638.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023639.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023640.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023641.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023643.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023644.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023645.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023646.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023647.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023648.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023649.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023650.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023651.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023652.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023653.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023654.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023655.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023656.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023657.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023658.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023659.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023660.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023661.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023662.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023664.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023665.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023666.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023667.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023668.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023669.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023670.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023671.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023672.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023673.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023674.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023675.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP91\A0023679.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP92\A0024653.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP92\A0024654.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP92\A0024658.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP93\A0025771.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP93\A0025772.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP93\A0025774.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP93\A0025775.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP93\A0025779.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025904.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025905.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025907.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025908.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025909.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025910.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025911.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025912.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025913.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025914.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025915.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025916.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025917.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025918.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025920.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025921.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025922.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025923.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025925.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025926.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025927.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025928.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025932.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025933.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025934.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025935.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025936.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025937.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025938.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025939.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025940.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025941.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025942.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025943.exe Infected: Trojan-Downloader.Win32.Agent.hgr skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025944.exe Infected: Trojan.Win32.Pakes.bzq skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025945.exe Infected: Trojan.Win32.Pakes.bzq skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025946.exe Infected: Trojan.Win32.Pakes.bzq skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP94\A0025947.exe Infected: Trojan.Win32.Pakes.bzq skipped C:\System Volume Information\_restore{41A27F3A-3F0A-4268-9807-CA87F09C6679}\RP98\change.log Object is locked skipped C:\VundoFix Backups\iifcyyv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\VundoFix Backups\ljjgfcy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\VundoFix Backups\rqrsrrr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnj skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SA6D03553.tmp Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TEMP\Perflib_Perfdata_688.dat Object is locked skipped C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Mes Documents\Téléchargement\instala-emule.exe Infected: not-a-virus:FraudTool.Win32.Takedawnload.a skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. Bon courage pour le déchiffrement Gof. A bientôt

Bonjour Gof Voilà enfin le résultat tant attendu de Total Virus. En fait, c'est ma fille qui a réussi la manip. Elle peutfaire çà ; c'est elle qui a eu le virus !!! Fichier Submit__20-01-2008_12.04.09_21_.z reçu le 2008.01.20 12:09:03 (CET)Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.1.19.10 2008.01.18 - AntiVir 7.6.0.48 2008.01.20 - Authentium 4.93.8 2008.01.20 - Avast 4.7.1098.0 2008.01.20 - AVG 7.5.0.516 2008.01.19 - BitDefender 7.2 2008.01.20 - CAT-QuickHeal 9.00 2008.01.19 - ClamAV 0.91.2 2008.01.20 - DrWeb 4.44.0.09170 2008.01.20 - eSafe 7.0.15.0 2008.01.16 - eTrust-Vet 31.3.5470 2008.01.18 - Ewido 4.0 2008.01.20 - FileAdvisor 1 2008.01.20 - Fortinet 3.14.0.0 2008.01.20 - F-Prot 4.4.2.54 2008.01.19 - F-Secure 6.70.13260.0 2008.01.19 - Ikarus T3.1.1.20 2008.01.20 - Kaspersky 7.0.0.125 2008.01.20 - McAfee 5211 2008.01.18 - Microsoft 1.3109 2008.01.20 - NOD32v2 2807 2008.01.19 - Norman 5.80.02 2008.01.18 - Panda 9.0.0.4 2008.01.19 - Prevx1 V2 2008.01.20 - Rising 20.27.62.00 2008.01.20 - Sophos 4.24.0 2008.01.20 - Sunbelt 2.2.907.0 2008.01.17 - Symantec 10 2008.01.20 - TheHacker 6.2.9.191 2008.01.19 - VBA32 3.12.2.5 2008.01.19 - VirusBuster 4.3.26:9 2008.01.20 - Webwasher-Gateway 6.6.2 2008.01.20 - Information additionnelle File size: 402 bytes MD5: 191e849b2d256daa326f8349b9b6a07c SHA1: 2db7b2ed39447845d31f8820a5dfaf3e9e6c44e9 PEiD: - Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.1.19.10 2008.01.18 - AntiVir 7.6.0.48 2008.01.20 - Authentium 4.93.8 2008.01.20 - Avast 4.7.1098.0 2008.01.20 - AVG 7.5.0.516 2008.01.19 - BitDefender 7.2 2008.01.20 - CAT-QuickHeal 9.00 2008.01.19 - ClamAV 0.91.2 2008.01.20 - DrWeb 4.44.0.09170 2008.01.20 - eSafe 7.0.15.0 2008.01.16 - eTrust-Vet 31.3.5470 2008.01.18 - Ewido 4.0 2008.01.20 - FileAdvisor 1 2008.01.20 - Fortinet 3.14.0.0 2008.01.20 - F-Prot 4.4.2.54 2008.01.19 - F-Secure 6.70.13260.0 2008.01.19 - Ikarus T3.1.1.20 2008.01.20 - Kaspersky 7.0.0.125 2008.01.20 - McAfee 5211 2008.01.18 - Microsoft 1.3109 2008.01.20 - NOD32v2 2807 2008.01.19 - Norman 5.80.02 2008.01.18 - Panda 9.0.0.4 2008.01.19 - Prevx1 V2 2008.01.20 - Rising 20.27.62.00 2008.01.20 - Sophos 4.24.0 2008.01.20 - Sunbelt 2.2.907.0 2008.01.17 - Symantec 10 2008.01.20 - TheHacker 6.2.9.191 2008.01.19 - VBA32 3.12.2.5 2008.01.19 - VirusBuster 4.3.26:9 2008.01.20 - Webwasher-Gateway 6.6.2 2008.01.20 - Information additionnelle File size: 402 bytes MD5: 191e849b2d256daa326f8349b9b6a07c SHA1: 2db7b2ed39447845d31f8820a5dfaf3e9e6c44e9 PEiD: - A plus tard

Bonsoir Gof Cà ne fonctionne toujours pas. Lorsque je fais la manip, çà coince au double clic sur l'icône submit.bat . Une fenêtre noire s'ouvre quelques secondes dans laquelle est inscrit : "Catchme n'est pas reconnu en tant que commande interne, ou executable, ou externe, un programme, ou un fichier de commande". C'est la déprime @+ Gof

Bonjour Gof Cà ne fonctionne pas. J'ai beau essayé dans tout les sens. J'arrive toujours au même message. Que puis-je faire ? Excuses moi mais tu as à faire à quelqu'un qui n'est pas très calé en informatique. A plus tard

Salut Gof Désolé, 'ai encore un problème dans la manip. Je suis bloqué sur le site de Virus Total : Lorsque j'envoie mon fichier la fenêtre d'attente s'ouvre quelques secondes puis sur la page suivante apparait ce texte que je ne comprend pas : "0 bytes size received / Se ha recibido un archivo vacio" Ensuite rien ne se produit. J'ai essayé la manip à 3 reprises et j'arrive toujours à ce texte. Il doit y avoir un bug. Peux tu m'aider ?

Bonjour Gof Je trouve que tu es pourtant un bon pédégogue. C'est de ma faute, j'ai pensé que puisque le script était déjà dans ComboFix, je n'avais pas à le mettre à nouveau. Désolé. Voici le rapport avec le script : ComboFix 08-01-16.4 - USER 2008-01-19 10:37:14.8 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.801 [GMT 1:00] Running from: C:\Documents and Settings\USER\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\USER\Bureau\CFScript.txt FILE C:\WINDOWS\SA6D03553.tmp C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\okjmpqe.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\SA6D03553.tmp . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))))))) . 2008-01-19 10:41 . 2008-01-19 10:41 0 --------- C:\WINDOWS\SA6D03553.tmp 2008-01-17 16:13 . 2008-01-17 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-01-17 15:30 . 2008-01-17 15:30 <REP> d-------- C:\Program Files\Yahoo! 2008-01-16 20:18 . 2008-01-16 20:18 <REP> d-------- C:\Documents and Settings\USER\Application Data\dvdcss 2008-01-16 07:55 . 2008-01-16 07:55 <REP> d-------- C:\Program Files\Trend Micro 2008-01-15 20:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-15 19:58 . 2008-01-18 12:47 <REP> d-------- C:\VundoFix Backups 2008-01-13 16:53 . 2008-01-13 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-01-13 16:18 . 2008-01-13 16:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-01-13 16:12 . 2008-01-13 16:12 <REP> d-------- C:\Program Files\SlySoft 2008-01-13 16:12 . 2008-01-13 16:12 <REP> d-------- C:\Program Files\Elaborate Bytes 2008-01-05 13:07 . 2008-01-05 13:07 <REP> d-------- C:\Program Files\Microsoft Games 2007-12-22 23:10 . 2007-12-22 23:10 <REP> d-------- C:\Program Files\Skyline 2007-12-22 23:09 . 2008-01-07 12:23 <REP> d-------- C:\Program Files\eMule 2007-12-22 18:35 . 2007-12-22 18:35 268 --ah----- C:\sqmdata07.sqm 2007-12-22 18:35 . 2007-12-22 18:35 244 --ah----- C:\sqmnoopt07.sqm 2007-12-19 21:05 . 2007-12-19 21:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 14:52 --------- d-----w C:\Documents and Settings\USER\Application Data\OpenOffice.org2 2008-01-14 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-08 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-05 23:18 --------- d-----w C:\Program Files\RegCleaner 2008-01-05 12:15 --------- d-----w C:\Program Files\Valve 2007-12-22 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline 2007-12-12 12:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-07 10:17 --------- d-----w C:\Program Files\FolderShare 2007-12-06 16:24 --------- d-----w C:\Program Files\Google 2007-12-06 15:17 --------- d-----w C:\Program Files\Program Files 2007-12-06 14:22 --------- d-----w C:\Documents and Settings\USER\Application Data\RegClean 2007-12-04 16:53 --------- d-----w C:\Program Files\Orange HSS 2007-12-04 15:19 --------- d-----w C:\Program Files\Securitoo 2007-12-04 15:19 --------- d-----w C:\Program Files\SAGEM 2007-12-04 15:19 --------- d-----w C:\Documents and Settings\USER\Application Data\InstallShield 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 07:52 --------- d-----w C:\Documents and Settings\USER\Application Data\EPSON 2007-12-04 07:02 --------- d-----w C:\Program Files\MSXML 4.0 2007-12-03 16:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-03 15:45 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-03 15:45 --------- d-----w C:\Documents and Settings\USER\Application Data\Microsoft Web Folders 2007-12-03 11:12 --------- d-----w C:\Program Files\Kodak 2007-12-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\Kodak 2007-12-03 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak 2007-12-01 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-01 21:58 --------- d-----w C:\Program Files\CCleaner 2007-12-01 21:34 --------- d-----w C:\Program Files\epson 2007-12-01 21:34 --------- d-----w C:\Documents and Settings\USER\Application Data\foobar2000 2007-11-29 20:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-29 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL 2007-11-29 17:51 --------- d-----w C:\Program Files\Alwil Software 2007-11-27 13:58 --------- d-----w C:\Documents and Settings\USER\Application Data\DivX . ((((((((((((((((((((((((((((( snapshot@2008-01-15_20.29.48.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-15 19:24:30 1,380,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-19 09:36:54 1,380,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-15 19:24:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-19 09:36:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-15 19:24:30 1,384,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-19 09:37:00 19,406,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-15 19:24:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-19 09:37:00 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2008-01-15 19:28:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_610.dat + 2008-01-19 09:41:17 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_610.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-07 17:13 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 13:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 15:23 1953792] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 13:12] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-19 10:41:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-19 10:42:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-19 09:42:55 ComboFix2.txt 2008-01-18 09:09:49 ComboFix3.txt 2008-01-17 18:04:01 ComboFix4.txt 2008-01-17 08:49:20 ComboFix5.txt 2008-01-16 16:35:02 . 2008-01-09 08:43:12 --- E O F --- @+ Gof

Bonjout Gof Bien que je ne parle pas anglais, je crois que l'on touche au bout. Voilà à nouveau le raport VundoFix puis le ComboFix avec le même Script hier : VundoFix V6.7.7 Checking Java version... Scan started at 18:32:18 17/01/2008 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.7.7 Checking Java version... Scan started at 09:39:05 18/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\awtsq.dll C:\WINDOWS\system32\ddcyx.dll C:\WINDOWS\system32\mljgd.dll C:\WINDOWS\system32\mljjh.dll C:\WINDOWS\system32\pmkhh.dll C:\WINDOWS\system32\pmkhi.dll C:\WINDOWS\system32\pmnlj.dll C:\WINDOWS\system32\ssqrr.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\awtsq.dll C:\WINDOWS\system32\awtsq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcyx.dll C:\WINDOWS\system32\ddcyx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljgd.dll C:\WINDOWS\system32\mljgd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljjh.dll C:\WINDOWS\system32\mljjh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmkhh.dll C:\WINDOWS\system32\pmkhh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmkhi.dll C:\WINDOWS\system32\pmkhi.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnlj.dll C:\WINDOWS\system32\pmnlj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqrr.dll C:\WINDOWS\system32\ssqrr.dll Has been deleted! Performing Repairs to the registry. Done! Le ComboFix : ComboFix 08-01-16.4 - USER 2008-01-18 10:07:17.7 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.795 [GMT 1:00] Running from: C:\Documents and Settings\USER\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))))))) . 2008-01-17 16:13 . 2008-01-17 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-01-17 15:30 . 2008-01-17 15:30 <REP> d-------- C:\Program Files\Yahoo! 2008-01-16 20:18 . 2008-01-16 20:18 <REP> d-------- C:\Documents and Settings\USER\Application Data\dvdcss 2008-01-16 07:55 . 2008-01-16 07:55 <REP> d-------- C:\Program Files\Trend Micro 2008-01-15 20:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-15 19:58 . 2008-01-17 18:15 <REP> d-------- C:\VundoFix Backups 2008-01-13 16:53 . 2008-01-13 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-01-13 16:18 . 2008-01-13 16:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-01-13 16:12 . 2008-01-13 16:12 <REP> d-------- C:\Program Files\SlySoft 2008-01-13 16:12 . 2008-01-13 16:12 <REP> d-------- C:\Program Files\Elaborate Bytes 2008-01-13 16:12 . 2008-01-17 19:02 0 ---hs---- C:\WINDOWS\SA6D03553.tmp 2008-01-05 13:07 . 2008-01-05 13:07 <REP> d-------- C:\Program Files\Microsoft Games 2007-12-22 23:10 . 2007-12-22 23:10 <REP> d-------- C:\Program Files\Skyline 2007-12-22 23:09 . 2008-01-07 12:23 <REP> d-------- C:\Program Files\eMule 2007-12-22 18:35 . 2007-12-22 18:35 268 --ah----- C:\sqmdata07.sqm 2007-12-22 18:35 . 2007-12-22 18:35 244 --ah----- C:\sqmnoopt07.sqm 2007-12-19 21:05 . 2007-12-19 21:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 14:52 --------- d-----w C:\Documents and Settings\USER\Application Data\OpenOffice.org2 2008-01-14 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-08 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-05 23:18 --------- d-----w C:\Program Files\RegCleaner 2008-01-05 12:15 --------- d-----w C:\Program Files\Valve 2007-12-22 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline 2007-12-12 12:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-07 10:17 --------- d-----w C:\Program Files\FolderShare 2007-12-06 16:24 --------- d-----w C:\Program Files\Google 2007-12-06 15:17 --------- d-----w C:\Program Files\Program Files 2007-12-06 14:22 --------- d-----w C:\Documents and Settings\USER\Application Data\RegClean 2007-12-04 16:53 --------- d-----w C:\Program Files\Orange HSS 2007-12-04 15:19 --------- d-----w C:\Program Files\Securitoo 2007-12-04 15:19 --------- d-----w C:\Program Files\SAGEM 2007-12-04 15:19 --------- d-----w C:\Documents and Settings\USER\Application Data\InstallShield 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-12-04 07:52 --------- d-----w C:\Documents and Settings\USER\Application Data\EPSON 2007-12-04 07:02 --------- d-----w C:\Program Files\MSXML 4.0 2007-12-03 16:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-03 15:45 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-03 15:45 --------- d-----w C:\Documents and Settings\USER\Application Data\Microsoft Web Folders 2007-12-03 11:12 --------- d-----w C:\Program Files\Kodak 2007-12-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\Kodak 2007-12-03 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak 2007-12-01 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-01 21:58 --------- d-----w C:\Program Files\CCleaner 2007-12-01 21:34 --------- d-----w C:\Program Files\epson 2007-12-01 21:34 --------- d-----w C:\Documents and Settings\USER\Application Data\foobar2000 2007-11-29 20:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-29 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL 2007-11-29 17:51 --------- d-----w C:\Program Files\Alwil Software 2007-11-27 13:58 --------- d-----w C:\Documents and Settings\USER\Application Data\DivX 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-15_20.29.48.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-15 19:24:30 1,380,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-17 17:58:44 1,380,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-15 19:24:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-17 17:58:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-15 19:24:30 1,384,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-17 17:58:44 1,384,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-15 19:24:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-17 17:58:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-15 19:24:31 19,185,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-17 17:58:45 19,345,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-15 19:24:31 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-17 17:58:45 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-07 17:13 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 13:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 15:23 1953792] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 13:12] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-18 10:09:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-18 10:09:48 ComboFix-quarantined-files.txt 2008-01-18 09:09:40 ComboFix2.txt 2008-01-17 18:04:01 ComboFix3.txt 2008-01-17 08:49:20 ComboFix4.txt 2008-01-16 16:35:02 ComboFix5.txt 2008-01-16 16:17:29 . 2008-01-09 08:43:12 --- E O F --- Voilà Gof - A plus tard

Toujours moi Voilà le rapport ComboFix : ComboFix 08-01-16.4 - USER 2008-01-17 18:58:49.6 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.688 [GMT 1:00] Running from: C:\Documents and Settings\USER\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\USER\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\SA6D03553.tmp C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\okjmpqe.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\SA6D03553.tmp . . . . Echec de suppression . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))))))) . 2008-01-17 16:13 . 2008-01-17 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-01-17 15:30 . 2008-01-17 15:30 <REP> d-------- C:\Program Files\Yahoo! 2008-01-16 20:18 . 2008-01-16 20:18 <REP> d-------- C:\Documents and Settings\USER\Application Data\dvdcss 2008-01-16 07:55 . 2008-01-16 07:55 <REP> d-------- C:\Program Files\Trend Micro 2008-01-15 20:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-15 19:58 . 2008-01-17 18:15 <REP> d-------- C:\VundoFix Backups 2008-01-13 16:53 . 2008-01-13 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-01-13 16:18 . 2008-01-13 16:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-01-13 16:12 . 2008-01-13 16:12 <REP> d-------- C:\Program Files\SlySoft 2008-01-13 16:12 . 2008-01-13 16:12 <REP> d-------- C:\Program Files\Elaborate Bytes 2008-01-13 16:12 . 2008-01-17 19:02 0 --------- C:\WINDOWS\SA6D03553.tmp 2008-01-05 13:07 . 2008-01-05 13:07 <REP> d-------- C:\Program Files\Microsoft Games 2007-12-22 23:10 . 2007-12-22 23:10 <REP> d-------- C:\Program Files\Skyline 2007-12-22 23:09 . 2008-01-07 12:23 <REP> d-------- C:\Program Files\eMule 2007-12-22 18:35 . 2007-12-22 18:35 268 --ah----- C:\sqmdata07.sqm 2007-12-22 18:35 . 2007-12-22 18:35 244 --ah----- C:\sqmnoopt07.sqm 2007-12-19 21:05 . 2007-12-19 21:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 14:52 --------- d-----w C:\Documents and Settings\USER\Application Data\OpenOffice.org2 2008-01-14 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-08 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-05 23:18 --------- d-----w C:\Program Files\RegCleaner 2008-01-05 12:15 --------- d-----w C:\Program Files\Valve 2007-12-22 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline 2007-12-12 12:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-07 10:17 --------- d-----w C:\Program Files\FolderShare 2007-12-06 16:24 --------- d-----w C:\Program Files\Google 2007-12-06 15:17 --------- d-----w C:\Program Files\Program Files 2007-12-06 14:22 --------- d-----w C:\Documents and Settings\USER\Application Data\RegClean 2007-12-04 16:53 --------- d-----w C:\Program Files\Orange HSS 2007-12-04 15:19 --------- d-----w C:\Program Files\Securitoo 2007-12-04 15:19 --------- d-----w C:\Program Files\SAGEM 2007-12-04 15:19 --------- d-----w C:\Documents and Settings\USER\Application Data\InstallShield 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 07:52 --------- d-----w C:\Documents and Settings\USER\Application Data\EPSON 2007-12-04 07:02 --------- d-----w C:\Program Files\MSXML 4.0 2007-12-03 16:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-03 15:45 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-03 15:45 --------- d-----w C:\Documents and Settings\USER\Application Data\Microsoft Web Folders 2007-12-03 11:12 --------- d-----w C:\Program Files\Kodak 2007-12-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\Kodak 2007-12-03 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak 2007-12-01 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-01 21:58 --------- d-----w C:\Program Files\CCleaner 2007-12-01 21:34 --------- d-----w C:\Program Files\epson 2007-12-01 21:34 --------- d-----w C:\Documents and Settings\USER\Application Data\foobar2000 2007-11-29 20:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-29 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL 2007-11-29 17:51 --------- d-----w C:\Program Files\Alwil Software 2007-11-27 13:58 --------- d-----w C:\Documents and Settings\USER\Application Data\DivX . ((((((((((((((((((((((((((((( snapshot@2008-01-15_20.29.48.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-15 19:24:30 1,380,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-17 17:58:44 1,380,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-15 19:24:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-17 17:58:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-15 19:24:30 1,384,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-17 17:58:44 1,384,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-15 19:24:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-17 17:58:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-15 19:24:31 19,185,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-17 17:58:45 19,345,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-15 19:24:31 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-17 17:58:45 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-01-17 18:02:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_644.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-07 17:13 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 13:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 15:23 1953792] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 13:12] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-17 19:02:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-17 19:04:01 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-17 18:03:58 ComboFix2.txt 2008-01-17 08:49:20 ComboFix3.txt 2008-01-16 16:35:02 ComboFix4.txt 2008-01-16 16:17:29 ComboFix5.txt 2008-01-15 19:30:08 . 2008-01-09 08:43:12 --- E O F --- A tout à l'heure Gof

Rebonjour Gof Nouveau rapport VundoFix. Ne n'y connais pas grand chose mais quelques chose me dit que çà doit être mieux. VundoFix V6.7.7 Checking Java version... Scan started at 18:32:18 17/01/2008 Listing files found while scanning.... No infected files were found. Beginning removal... Le rapport ComboFix + CFScript suit

Bonjour Gof Volià le nouveau rapport Combofix : ComboFix 08-01-16.4 - USER 2008-01-17 9:43:34.5 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.614 [GMT 1:00] Running from: C:\Documents and Settings\USER\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\USER\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\SA6D03553.tmp C:\WINDOWS\system32\bcwsvc.exe C:\WINDOWS\system32\brqmythwzm.exe C:\WINDOWS\system32\dvxfhyifqwu.exe C:\WINDOWS\system32\efcabyw.dll C:\WINDOWS\system32\iifcyyv.dll C:\WINDOWS\system32\mnf.exe C:\WINDOWS\system32\okjmpqe.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\awtsqpo.dll C:\WINDOWS\system32\awtsqrp.dll C:\WINDOWS\system32\awvvv.dll C:\WINDOWS\system32\bcwsvc.exe C:\WINDOWS\system32\brqmythwzm.exe C:\WINDOWS\system32\byxurss.dll C:\WINDOWS\system32\byxyvtq.dll C:\WINDOWS\system32\ddcawxw.dll C:\WINDOWS\system32\dvxfhyifqwu.exe C:\WINDOWS\system32\efcabyw.dll C:\WINDOWS\system32\efccbyx.dll C:\WINDOWS\system32\efcyvsq.dll C:\WINDOWS\system32\fccdcya.dll C:\WINDOWS\system32\fccyywu.dll C:\WINDOWS\system32\hggefgf.dll C:\WINDOWS\system32\jkklmkk.dll C:\WINDOWS\system32\khfdebb.dll C:\WINDOWS\system32\khfedcb.dll C:\WINDOWS\system32\khffdcd.dll C:\WINDOWS\system32\mljgg.dll C:\WINDOWS\system32\mljggec.dll C:\WINDOWS\system32\mljghec.dll C:\WINDOWS\system32\mljhghe.dll C:\WINDOWS\system32\mljjiji.dll C:\WINDOWS\system32\mlljg.dll C:\WINDOWS\system32\mnf.exe C:\WINDOWS\system32\nnnljij.dll C:\WINDOWS\system32\okjmpqe.exe C:\WINDOWS\system32\opnkljk.dll C:\WINDOWS\system32\opnlmno.dll C:\WINDOWS\system32\pmnklki.dll C:\WINDOWS\system32\pmnlj.dll C:\WINDOWS\system32\pmnlk.dll C:\WINDOWS\system32\pmnnm.dll C:\WINDOWS\system32\qomkkih.dll C:\WINDOWS\system32\qomklmm.dll C:\WINDOWS\system32\rqrpooo.dll C:\WINDOWS\system32\tuvvwuu.dll C:\WINDOWS\system32\vtuussq.dll C:\WINDOWS\system32\vtuuutq.dll C:\WINDOWS\system32\wvurstr.dll C:\WINDOWS\system32\wvuuuvt.dll C:\WINDOWS\system32\wvuuvvt.dll C:\WINDOWS\system32\xxywvur.dll C:\WINDOWS\system32\yayvwtq.dll C:\WINDOWS\SA6D03553.tmp . . . . Echec de suppression . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_RNAXOIUEQC -------\rnaxoiueqc ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))))))) . 2008-01-17 09:33 . 2008-01-17 09:33 334,848 --a------ C:\WINDOWS\system32\ddayw.dll 2008-01-16 20:18 . 2008-01-16 20:18 <REP> d-------- C:\Documents and Settings\USER\Application Data\dvdcss 2008-01-16 07:55 . 2008-01-16 07:55 <REP> d-------- C:\Program Files\Trend Micro 2008-01-15 20:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-15 19:58 . 2008-01-15 22:48 <REP> d-------- C:\VundoFix Backups 2008-01-13 16:53 . 2008-01-13 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-01-13 16:18 . 2008-01-13 16:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-01-13 16:12 . 2008-01-13 16:12 <REP> d-------- C:\Program Files\SlySoft 2008-01-13 16:12 . 2008-01-13 16:12 <REP> d-------- C:\Program Files\Elaborate Bytes 2008-01-13 16:12 . 2008-01-17 09:47 0 --------- C:\WINDOWS\SA6D03553.tmp 2008-01-05 13:07 . 2008-01-05 13:07 <REP> d-------- C:\Program Files\Microsoft Games 2007-12-22 23:10 . 2007-12-22 23:10 <REP> d-------- C:\Program Files\Skyline 2007-12-22 23:09 . 2008-01-07 12:23 <REP> d-------- C:\Program Files\eMule 2007-12-22 18:35 . 2007-12-22 18:35 268 --ah----- C:\sqmdata07.sqm 2007-12-22 18:35 . 2007-12-22 18:35 244 --ah----- C:\sqmnoopt07.sqm 2007-12-19 21:05 . 2007-12-19 21:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 14:52 --------- d-----w C:\Documents and Settings\USER\Application Data\OpenOffice.org2 2008-01-14 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-08 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-05 23:18 --------- d-----w C:\Program Files\RegCleaner 2008-01-05 12:15 --------- d-----w C:\Program Files\Valve 2007-12-22 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline 2007-12-12 12:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-07 10:17 --------- d-----w C:\Program Files\FolderShare 2007-12-06 16:24 --------- d-----w C:\Program Files\Google 2007-12-06 15:17 --------- d-----w C:\Program Files\Program Files 2007-12-06 14:22 --------- d-----w C:\Documents and Settings\USER\Application Data\RegClean 2007-12-04 16:53 --------- d-----w C:\Program Files\Orange HSS 2007-12-04 15:19 --------- d-----w C:\Program Files\Securitoo 2007-12-04 15:19 --------- d-----w C:\Program Files\SAGEM 2007-12-04 15:19 --------- d-----w C:\Documents and Settings\USER\Application Data\InstallShield 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 07:52 --------- d-----w C:\Documents and Settings\USER\Application Data\EPSON 2007-12-04 07:02 --------- d-----w C:\Program Files\MSXML 4.0 2007-12-03 16:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-03 15:45 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-03 15:45 --------- d-----w C:\Documents and Settings\USER\Application Data\Microsoft Web Folders 2007-12-03 11:12 --------- d-----w C:\Program Files\Kodak 2007-12-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\Kodak 2007-12-03 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak 2007-12-01 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-01 21:58 --------- d-----w C:\Program Files\CCleaner 2007-12-01 21:34 --------- d-----w C:\Program Files\epson 2007-12-01 21:34 --------- d-----w C:\Documents and Settings\USER\Application Data\foobar2000 2007-11-29 20:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-29 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL 2007-11-29 17:51 --------- d-----w C:\Program Files\Alwil Software 2007-11-27 13:58 --------- d-----w C:\Documents and Settings\USER\Application Data\DivX . ((((((((((((((((((((((((((((( snapshot@2008-01-15_20.29.48.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-15 19:24:30 1,380,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-17 08:42:56 1,380,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-15 19:24:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-17 08:42:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-15 19:24:30 1,384,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-17 08:42:57 1,384,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-15 19:24:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-17 08:42:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-15 19:24:31 19,185,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-17 08:42:58 19,251,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-15 19:24:31 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-17 08:42:58 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-01-17 08:47:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_618.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-07 17:13 68856] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 13:34 1649600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 13:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 15:23 1953792] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "Windows Computer Browser"="bcwsvc.exe" [] "okjmpqe"="C:\WINDOWS\system32\okjmpqe.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "okjmpqe"="C:\WINDOWS\system32\okjmpqe.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 13:12] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-17 09:48:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-17 9:49:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-17 08:49:17 ComboFix2.txt 2008-01-16 16:35:02 ComboFix3.txt 2008-01-16 16:17:29 ComboFix4.txt 2008-01-15 19:30:08 . 2008-01-09 08:43:12 --- E O F --- A plus tard

C'est toujours moi Gof, Voilà le rapport de HJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:47:47, on 16/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\bcwsvc.exe C:\WINDOWS\system32\brqmythwzm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Computer Browser] bcwsvc.exe O4 - HKLM\..\Run: [mnf] C:\WINDOWS\system32\mnf.exe O4 - HKLM\..\Run: [dvxfhyifqwu] C:\WINDOWS\system32\dvxfhyifqwu.exe O4 - HKLM\..\Run: [brqmythwzm] C:\WINDOWS\system32\brqmythwzm.exe O4 - HKLM\..\RunServices: [mnf] C:\WINDOWS\system32\mnf.exe O4 - HKLM\..\RunServices: [dvxfhyifqwu] C:\WINDOWS\system32\dvxfhyifqwu.exe O4 - HKLM\..\RunServices: [brqmythwzm] C:\WINDOWS\system32\brqmythwzm.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191512715968 O20 - Winlogon Notify: efcabyw - C:\WINDOWS\SYSTEM32\efcabyw.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Print Spooler Service (rnaxoiueqc) - Unknown owner - C:\WINDOWS\system32\okjmpqe.exe -- End of file - 6554 bytes Entre nous je me demande comment tu fais pour t'y retrouver dans cette langue Zébulon, mais j'espère que mes rapports te parlent.

Bonjour Gof Voilà le rapport VunfoFix : VundoFix V6.5.4 Checking Java version... Scan started at 19:58:25 15/01/2008 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.5.4 Checking Java version... Scan started at 20:00:31 15/01/2008 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.5.4 Checking Java version... Scan started at 21:40:38 15/01/2008 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.7.7 Checking Java version... Scan started at 21:44:31 15/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\iifcyyv.dll C:\WINDOWS\system32\ljjgfcy.dll C:\windows\system32\pmkjh.dll C:\WINDOWS\system32\rqrsrrr.dll C:\windows\system32\ssttq.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\iifcyyv.dll C:\WINDOWS\system32\iifcyyv.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ljjgfcy.dll C:\WINDOWS\system32\ljjgfcy.dll Has been deleted! Attempting to delete C:\windows\system32\pmkjh.dll C:\windows\system32\pmkjh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rqrsrrr.dll C:\WINDOWS\system32\rqrsrrr.dll Has been deleted! Attempting to delete C:\windows\system32\ssttq.dll C:\windows\system32\ssttq.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Scan started at 22:03:50 15/01/2008 Listing files found while scanning.... VundoFix V6.7.7 Checking Java version... Scan started at 22:06:44 15/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\iifcyyv.dll Beginning removal... Beginning removal... Attempting to delete C:\WINDOWS\system32\iifcyyv.dll C:\WINDOWS\system32\iifcyyv.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.7.7 Checking Java version... Scan started at 16:38:27 16/01/2008 Listing files found while scanning.... C:\windows\system32\awvtu.dll C:\WINDOWS\system32\ddabc.dll C:\windows\system32\ddcyw.dll Beginning removal... Attempting to delete C:\windows\system32\awvtu.dll C:\windows\system32\awvtu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Has been deleted! Attempting to delete C:\windows\system32\ddcyw.dll C:\windows\system32\ddcyw.dll Has been deleted! Performing Repairs to the registry. Done! Voici celui de ComboFix : ComboFix 08-01-16.4 - USER 2008-01-16 17:30:22.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.636 [GMT 1:00] Running from: C:\Documents and Settings\USER\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\gebayaw.dll C:\WINDOWS\system32\gebbxvv.dll C:\WINDOWS\system32\iifghhe.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))))))) . 2008-01-16 17:16 . 2008-01-16 17:16 131,072 --a------ C:\WINDOWS\system32\brqmythwzm.exe 2008-01-16 16:53 . 2008-01-16 16:53 131,072 --a------ C:\WINDOWS\system32\dvxfhyifqwu.exe 2008-01-16 15:27 . 2008-01-16 15:27 131,072 --a------ C:\WINDOWS\system32\mnf.exe 2008-01-16 07:55 . 2008-01-16 07:55 <REP> d-------- C:\Program Files\Trend Micro 2008-01-15 20:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-15 19:58 . 2008-01-15 22:48 <REP> d-------- C:\VundoFix Backups 2008-01-13 16:53 . 2008-01-13 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-01-13 16:18 . 2008-01-13 16:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-01-13 16:12 . 2008-01-13 16:12 <REP> d-------- C:\Program Files\SlySoft 2008-01-13 16:12 . 2008-01-13 16:12 <REP> d-------- C:\Program Files\Elaborate Bytes 2008-01-13 16:12 . 2008-01-13 16:53 72 ---hs---- C:\WINDOWS\SA6D03553.tmp 2008-01-13 12:57 . 2008-01-13 09:25 96,768 -r-hs---- C:\WINDOWS\system32\bcwsvc.exe 2008-01-05 13:07 . 2008-01-05 13:07 <REP> d-------- C:\Program Files\Microsoft Games 2007-12-22 23:10 . 2007-12-22 23:10 <REP> d-------- C:\Program Files\Skyline 2007-12-22 23:09 . 2008-01-07 12:23 <REP> d-------- C:\Program Files\eMule 2007-12-22 18:35 . 2007-12-22 18:35 268 --ah----- C:\sqmdata07.sqm 2007-12-22 18:35 . 2007-12-22 18:35 244 --ah----- C:\sqmnoopt07.sqm 2007-12-19 21:05 . 2007-12-19 21:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 14:52 --------- d-----w C:\Documents and Settings\USER\Application Data\OpenOffice.org2 2008-01-14 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-08 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-05 23:18 --------- d-----w C:\Program Files\RegCleaner 2008-01-05 12:15 --------- d-----w C:\Program Files\Valve 2007-12-22 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline 2007-12-12 12:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-07 10:17 --------- d-----w C:\Program Files\FolderShare 2007-12-06 16:24 --------- d-----w C:\Program Files\Google 2007-12-06 15:17 --------- d-----w C:\Program Files\Program Files 2007-12-06 14:22 --------- d-----w C:\Documents and Settings\USER\Application Data\RegClean 2007-12-04 16:53 --------- d-----w C:\Program Files\Orange HSS 2007-12-04 15:19 --------- d-----w C:\Program Files\Securitoo 2007-12-04 15:19 --------- d-----w C:\Program Files\SAGEM 2007-12-04 15:19 --------- d-----w C:\Documents and Settings\USER\Application Data\InstallShield 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 07:52 --------- d-----w C:\Documents and Settings\USER\Application Data\EPSON 2007-12-04 07:02 --------- d-----w C:\Program Files\MSXML 4.0 2007-12-03 16:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-03 15:45 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-03 15:45 --------- d-----w C:\Documents and Settings\USER\Application Data\Microsoft Web Folders 2007-12-03 11:12 --------- d-----w C:\Program Files\Kodak 2007-12-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\Kodak 2007-12-03 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak 2007-12-01 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-01 21:58 --------- d-----w C:\Program Files\CCleaner 2007-12-01 21:34 --------- d-----w C:\Program Files\epson 2007-12-01 21:34 --------- d-----w C:\Documents and Settings\USER\Application Data\foobar2000 2007-11-29 20:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-29 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL 2007-11-29 17:51 --------- d-----w C:\Program Files\Alwil Software 2007-11-27 13:58 --------- d-----w C:\Documents and Settings\USER\Application Data\DivX . ((((((((((((((((((((((((((((( snapshot@2008-01-15_20.29.48.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-15 19:24:30 1,380,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-16 16:12:09 1,380,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-15 19:24:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-16 16:12:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-15 19:24:30 1,384,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-16 16:12:09 1,384,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-15 19:24:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-16 16:12:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-15 19:24:31 19,185,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-16 16:12:10 19,222,528 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-15 19:24:31 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-16 16:12:11 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-16 16:33:53 37,888 ----a-w C:\WINDOWS\system32\efcabyw.dll + 2008-01-16 16:33:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_620.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-07 17:13 68856] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 13:34 1649600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 13:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 15:23 1953792] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "Windows Computer Browser"="bcwsvc.exe" [2008-01-13 09:25 96768 C:\WINDOWS\system32\bcwsvc.exe] "mnf"="C:\WINDOWS\system32\mnf.exe" [2008-01-16 15:27 131072] "dvxfhyifqwu"="C:\WINDOWS\system32\dvxfhyifqwu.exe" [2008-01-16 16:53 131072] "brqmythwzm"="C:\WINDOWS\system32\brqmythwzm.exe" [2008-01-16 17:16 131072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "mnf"="C:\WINDOWS\system32\mnf.exe" [2008-01-16 15:27 131072] "dvxfhyifqwu"="C:\WINDOWS\system32\dvxfhyifqwu.exe" [2008-01-16 16:53 131072] "brqmythwzm"="C:\WINDOWS\system32\brqmythwzm.exe" [2008-01-16 17:16 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{838063B6-43F9-44D6-97CB-8A213AF54B27}"= C:\WINDOWS\system32\efcabyw.dll [2008-01-16 17:33 37888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcabyw] efcabyw.dll 2008-01-16 17:33 37888 C:\WINDOWS\system32\efcabyw.dll R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 13:12] S2 rnaxoiueqc;Print Spooler Service;C:\WINDOWS\system32\okjmpqe.exe [2008-01-16 17:33] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-16 17:33:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\efcabyw.dll 37888 bytes executable C:\WINDOWS\system32\okjmpqe.exe 131072 bytes executable scan completed successfully hidden files: 2 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\efcabyw.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\efcabyw.dll . Completion time: 2008-01-16 17:35:01 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-16 16:34:58 ComboFix2.txt 2008-01-16 16:17:29 ComboFix3.txt 2008-01-15 19:30:08 . 2008-01-09 08:43:12 --- E O F --- Celui de Hjack This arrive dans le message suivant. Merci.

Bonsoir Gof et merci de perdre un temps de temps pour moi. Voici le fameux rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:56:45, on 16/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\bcwsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Computer Browser] bcwsvc.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191512715968 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6038 bytes Merci pour la suite. Je vais au boulot a+