decorsdejulie

Bonsoir, Besoin d'aide absolument car je ne sais vraiment pas quoi faire. Mon pc ne se rallume plus et plante à chaque fois en m'indiquant sur un écran bleu au démarrage : "autochk program not found - skipping autocheck" J'ai peur de perdre toutes mes données et s'il vous plait, dites moi que mon pc n'est pas mort !!! Merci d'avance à celui qui voudra bien me donner un peu de son savoir.

Oui, je pense que c'est bon maintenant, en tout cas merci mille fois pour ta grande aide et ta patience. Je pensais que ces forums était beaucoup trop compliqué pour une novice comme moi mais avec beaucoup de patience et surtout des gens compétents, on arrive au bout de ces satanés virus. Alors, est ce que je peux mettre résolu, maintenant ? Bon, merci encore et longue vie à Zébulon !

Effectivement, ce doit être la quarantaine d'OTMoveIT mais comment éditer le rapport antivir, en source j'ai 4 fichiers C:\_OTMoveIT\MovedFiles\03192008_200201\windows\system32.....

Antivir a trouvé des trucs et comme au précédents messages, je les ai mis en quarantaine Bon, pour être et tu vas me dire si c'est résolu ou pas, je te poste le rapport kaspersky : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, March 19, 2008 9:25:42 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 19/03/2008 Kaspersky Anti-Virus database records: 641323 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 55715 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 01:00:20 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\BVRP Software\Connection Manager\NomadDBS.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\PC01\Cookies\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Historique\History.IE5\MSHist012008031920080320\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temp\~DFB4E8.tmp Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\PC01\NTUSER.DAT Object is locked skipped C:\Documents and Settings\PC01\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP152\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\RTacDbg.txt Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{DDB5EF32-BA12-44E2-828F-F47D7C17F6F2}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. D'après toi d'après antivir est ce qu'il a encore des mauvais trucs, comment puis je éditer son rapport ? Ou alors n'est ce pas nécessaire et mon cas est résolu ?

merci chef, je m'y met de suite et te poste ça !!!

Bon, ça me rassure, va t-on s'en sortir ? Voici le dernier rapport OTMoveit2 : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41QRGHQZ\niushkmpx[1].htm moved successfully. C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\wjkbcttklc[1].htm moved successfully. C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\zgshj[1].htm moved successfully. C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S92BG9IZ\wjkbcttklc[1].htm moved successfully. [Custom Input] < EmptyTemp > File delete failed. C:\DOCUME~1\PC01\LOCALS~1\Temp\~DFF0F5.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03192008_200201

nouveau rapport kaspersky, apparemment y'a toujours des pbs, ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, March 19, 2008 6:29:26 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 19/03/2008 Kaspersky Anti-Virus database records: 640187 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 55486 Number of viruses found: 3 Number of infected objects: 4 Number of suspicious objects: 0 Duration of the scan process: 00:56:03 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\BVRP Software\Connection Manager\NomadDBS.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\PC01\Cookies\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Historique\History.IE5\MSHist012008031920080320\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temp\~DFF0F5.tmp Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\PC01\NTUSER.DAT Object is locked skipped C:\Documents and Settings\PC01\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP152\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\RTacDbg.txt Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{CFBF69B6-6F1C-44FA-975A-0BF8DDF53952}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41QRGHQZ\niushkmpx[1].htm Infected: Trojan-Dropper.Win32.Mudrop.gi skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\wjkbcttklc[1].htm Infected: Trojan-Downloader.Win32.Diehard.ef skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\zgshj[1].htm Infected: Trojan.Win32.Pakes.caw skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S92BG9IZ\wjkbcttklc[1].htm Infected: Trojan-Downloader.Win32.Diehard.ef skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. de plus, je ne sais pas si c'est important ou non, je te le dis pour info : easy cleaner n'a pas voulu me supprimer ces deux éléments suivants : C:\Documents and Settings\PC01\Local Settings\Temp\~DFF0F5.tmp 32768 Fichier TMP 19/03/2008 16:50:10 A C:\Documents and Settings\PC01\Local Settings\Historique\History.IE5\index.dat 2080768 19/03/2008 17:06:44 A

voici le rapport OTmoveit2 : C:\WINDOWS\explorer.bak moved successfully. [Custom Input] < EmptyTemp > File delete failed. C:\DOCUME~1\PC01\LOCALS~1\Temp\~DF33AE.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03192008_164633

et le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:08:11, on 19/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\BVRP Connection Manager\Nomad.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{51C8F4E7-5F4D-423E-ABFE-D408B99DDC49}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{5764A35A-6E0B-47B4-A225-17A327888C48}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{6351C54F-9C60-46D5-99EE-8DA91EF2410B}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{83CC73C7-29AB-4A4C-A77D-87DC49BC8764}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{A9564139-B065-41EE-B050-FCAFEBD22028}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{E0B4952C-5065-48F1-99AF-CA876021D661}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{51C8F4E7-5F4D-423E-ABFE-D408B99DDC49}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{51C8F4E7-5F4D-423E-ABFE-D408B99DDC49}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Connection Manager (Nomad) - Unknown owner - C:\Program Files\BVRP Connection Manager\NomadSvr.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 7828 bytes

Voici le nouveau rapport kaspersky : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, March 19, 2008 4:01:43 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 19/03/2008 Kaspersky Anti-Virus database records: 640079 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 56442 Number of viruses found: 4 Number of infected objects: 5 Number of suspicious objects: 0 Duration of the scan process: 00:58:03 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\BVRP Software\Connection Manager\NomadDBS.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\PC01\Cookies\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Historique\History.IE5\MSHist012008031920080320\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temp\~DF33AE.tmp Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\PC01\NTUSER.DAT Object is locked skipped C:\Documents and Settings\PC01\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP151\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\explorer.bak Infected: Trojan.Win32.Patched.bl skipped C:\WINDOWS\RTacDbg.txt Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{0F197330-696E-4CC9-B076-B30A30F1B14F}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41QRGHQZ\niushkmpx[1].htm Infected: Trojan-Dropper.Win32.Mudrop.gi skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\wjkbcttklc[1].htm Infected: Trojan-Downloader.Win32.Diehard.ef skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\zgshj[1].htm Infected: Trojan.Win32.Pakes.caw skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S92BG9IZ\wjkbcttklc[1].htm Infected: Trojan-Downloader.Win32.Diehard.ef skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

J'ai ensuite fait le scan avec ewido, il n'a pas dooné de rapport puisqu'il a indiqué : scan finished 0 infections found voilà que faire maintenant, est ce que tu veux un nouveau rapport de hjt, ewido, antivir, ou combofix

voici le rapport antivir : AntiVir PersonalEdition Classic Report file date: mardi 18 mars 2008 20:29 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: PC01 Computer name: PC Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 18 mars 2008 20:29 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'WG111v2.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'Nomad.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'VCDDaemon.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'pctspk.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 41 processes with 41 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '32' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip [DETECTION] Contains suspicious code HEUR/PwdZIP [iNFO] The file was moved to '4852189d.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip [DETECTION] Contains suspicious code HEUR/PwdZIP [iNFO] The file was moved to '485218a4.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentbid4.zip [DETECTION] Contains suspicious code HEUR/PwdZIP [iNFO] The file was moved to '484e18ab.qua'! C:\QooBox\Quarantine\C\Documents and Settings\PC01\gvffri.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48461ed8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\PC01\ijhcum.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48481ecc.qua'! C:\QooBox\Quarantine\C\Documents and Settings\PC01\iypikm.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48501edc.qua'! C:\QooBox\Quarantine\C\Documents and Settings\PC01\mmuzzb.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48551ed0.qua'! C:\QooBox\Quarantine\C\Documents and Settings\PC01\mylbkbpe.exe.vir [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '484c1edc.qua'! C:\QooBox\Quarantine\C\Documents and Settings\PC01\otaurw.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48411ed7.qua'! C:\QooBox\Quarantine\C\Documents and Settings\PC01\qfaqrb.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48411eca.qua'! C:\QooBox\Quarantine\C\Documents and Settings\PC01\ryfoxs.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48461edd.qua'! C:\QooBox\Quarantine\C\Documents and Settings\PC01\stmltq.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '484d1ed8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\PC01\usmgrp.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '484d1ed7.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\lyqmbd.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48511ede.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41QRGHQZ\iftkk[1].htm [DETECTION] Is the Trojan horse TR/Tiny.705 [iNFO] The file was moved to '48542036.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41QRGHQZ\vsskkopgtx[1].htm [DETECTION] Contains detection pattern of the HEUR-DBLEXT/Crypted virus [iNFO] The file was moved to '48532045.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHYNKTAB\lmmqrv[1].htm [DETECTION] Is the Trojan horse TR/Tiny.705 [iNFO] The file was moved to '484d203f.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHYNKTAB\sgxllcqhhy[1].htm [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '4858203a.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\lsegihwln[1].txt [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen [iNFO] The file was moved to '48452046.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\nwabo[1].txt [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen [iNFO] The file was moved to '4841204a.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S92BG9IZ\ad8264b7c8[1].exe [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen [iNFO] The file was moved to '48182038.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S92BG9IZ\loadadv642[1].exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48412043.qua'! Begin scan in 'A:\' Search path A:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'D:\' Search path D:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: mardi 18 mars 2008 21:03 Used time: 34:37 min The scan has been done completely. 4951 Scanning directories 135344 Files were scanned 17 viruses and/or unwanted programs were found 5 Files were classified as suspicious: 0 files were deleted 0 files were repaired 22 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 135327 Files not concerned 932 Archives were scanned 1 Warnings 0 Notes

voici le nouveau rapport combo fix : ComboFix 08-03-17.1 - PC01 2008-03-18 19:43:01.22 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.172 [GMT 1:00] Endroit: C:\Documents and Settings\PC01\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\PC01\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Documents and Settings\PC01\gvffri.exe C:\Documents and Settings\PC01\ijhcum.exe C:\Documents and Settings\PC01\iypikm.exe C:\Documents and Settings\PC01\mmuzzb.exe C:\Documents and Settings\PC01\mylbkbpe.exe C:\Documents and Settings\PC01\otaurw.exe C:\Documents and Settings\PC01\qfaqrb.exe C:\Documents and Settings\PC01\ryfoxs.exe C:\Documents and Settings\PC01\stmltq.exe C:\Documents and Settings\PC01\usmgrp.exe C:\explorer.exe C:\WINDOWS\System32\drivers\Oyc35.sys C:\WINDOWS\system32\lyqmbd.exe C:\WINDOWS\system32\tcpip_patcher.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\PC01\gvffri.exe C:\Documents and Settings\PC01\ijhcum.exe C:\Documents and Settings\PC01\iypikm.exe C:\Documents and Settings\PC01\mmuzzb.exe C:\Documents and Settings\PC01\mylbkbpe.exe C:\Documents and Settings\PC01\otaurw.exe C:\Documents and Settings\PC01\qfaqrb.exe C:\Documents and Settings\PC01\ryfoxs.exe C:\Documents and Settings\PC01\stmltq.exe C:\Documents and Settings\PC01\usmgrp.exe C:\explorer.exe C:\WINDOWS\System32\drivers\Oyc35.sys C:\WINDOWS\system32\lyqmbd.exe C:\WINDOWS\system32\tcpip_patcher.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Oyc35 ((((((((((((((((((((((((((((( Fichiers créés 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))))))) . 2008-03-18 19:44 . 2008-03-18 19:44 268 --ah----- C:\sqmdata17.sqm 2008-03-18 19:44 . 2008-03-18 19:44 244 --ah----- C:\sqmnoopt17.sqm 2008-03-18 15:47 . 2008-03-03 20:29 761,856 --a------ C:\gmer.exe 2008-03-18 15:47 . 2008-03-18 15:47 698,623 --a------ C:\gmer.zip 2008-03-18 15:47 . 2008-03-18 15:47 250 --a------ C:\WINDOWS\gmer.ini 2008-03-18 14:55 . 2008-03-18 14:55 268 --ah----- C:\sqmdata16.sqm 2008-03-18 14:55 . 2008-03-18 14:55 244 --ah----- C:\sqmnoopt16.sqm 2008-03-18 14:54 . 2008-03-18 14:54 1,036,288 --a------ C:\WINDOWS\explorer.exe 2008-03-18 14:21 . 2008-03-18 14:21 268 --ah----- C:\sqmdata15.sqm 2008-03-18 14:21 . 2008-03-18 14:21 244 --ah----- C:\sqmnoopt15.sqm 2008-03-18 14:11 . 2008-03-18 14:11 268 --ah----- C:\sqmdata14.sqm 2008-03-18 14:11 . 2008-03-18 14:11 244 --ah----- C:\sqmnoopt14.sqm 2008-03-17 21:43 . 2008-03-17 21:43 244 --ah----- C:\sqmnoopt13.sqm 2008-03-17 21:43 . 2008-03-17 21:43 232 --ah----- C:\sqmdata13.sqm 2008-03-17 21:40 . 2008-03-17 21:40 268 --ah----- C:\sqmdata12.sqm 2008-03-17 21:40 . 2008-03-17 21:40 244 --ah----- C:\sqmnoopt12.sqm 2008-03-17 21:31 . 2008-03-17 21:31 268 --ah----- C:\sqmdata11.sqm 2008-03-17 21:31 . 2008-03-17 21:31 244 --ah----- C:\sqmnoopt11.sqm 2008-03-17 13:51 . 2008-03-17 13:51 268 --ah----- C:\sqmdata10.sqm 2008-03-17 13:51 . 2008-03-17 13:51 244 --ah----- C:\sqmnoopt10.sqm 2008-03-16 21:41 . 2008-03-16 21:41 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-16 21:41 . 2008-03-16 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-16 21:24 . 2008-03-16 21:24 268 --ah----- C:\sqmdata09.sqm 2008-03-16 21:24 . 2008-03-16 21:24 244 --ah----- C:\sqmnoopt09.sqm 2008-03-16 19:42 . 2008-03-16 19:42 268 --ah----- C:\sqmdata08.sqm 2008-03-16 19:42 . 2008-03-16 19:42 244 --ah----- C:\sqmnoopt08.sqm 2008-03-16 12:51 . 2008-03-16 12:51 <REP> d-------- C:\WINDOWS\ERUNT 2008-03-16 12:47 . 2008-03-16 12:47 268 --ah----- C:\sqmdata07.sqm 2008-03-16 12:47 . 2008-03-16 12:47 244 --ah----- C:\sqmnoopt07.sqm 2008-03-15 21:12 . 2008-03-15 21:12 268 --ah----- C:\sqmdata06.sqm 2008-03-15 21:12 . 2008-03-15 21:12 244 --ah----- C:\sqmnoopt06.sqm 2008-03-14 22:02 . 2008-03-14 22:02 268 --ah----- C:\sqmdata05.sqm 2008-03-14 22:02 . 2008-03-14 22:02 244 --ah----- C:\sqmnoopt05.sqm 2008-03-14 18:58 . 2008-03-14 18:58 268 --ah----- C:\sqmdata04.sqm 2008-03-14 18:58 . 2008-03-14 18:58 244 --ah----- C:\sqmnoopt04.sqm 2008-03-14 08:38 . 2008-03-14 08:38 <REP> d-------- C:\Program Files\Trend Micro 2008-03-13 18:53 . 2008-03-13 18:53 268 --ah----- C:\sqmdata03.sqm 2008-03-13 18:53 . 2008-03-13 18:53 244 --ah----- C:\sqmnoopt03.sqm 2008-03-13 17:40 . 2008-03-13 17:40 268 --ah----- C:\sqmdata02.sqm 2008-03-13 17:40 . 2008-03-13 17:40 244 --ah----- C:\sqmnoopt02.sqm 2008-03-03 20:33 . 2008-03-03 20:33 268 --ah----- C:\sqmdata01.sqm 2008-03-03 20:33 . 2008-03-03 20:33 244 --ah----- C:\sqmnoopt01.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-17 02:02 --------- d-----w C:\Program Files\Windows Live 2008-02-13 10:46 --------- d-----w C:\Documents and Settings\PC01\Application Data\Grisoft 2008-02-13 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-12 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-12 16:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-12 13:40 --------- d-----w C:\Documents and Settings\PC01\Application Data\Image Zone Express 2008-02-11 20:57 --------- d-----w C:\Program Files\BVRP Connection Manager 2008-02-11 12:59 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-11 12:55 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-02-11 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-10 09:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-01-27 11:48 70,528 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-01-27 09:35 --------- d-----w C:\Program Files\Zuma Deluxe 2008-01-25 17:12 --------- d-----w C:\Documents and Settings\PC01\Application Data\ArcSoft 2008-01-22 20:32 --------- d-----w C:\Documents and Settings\PC01\Application Data\dvdcss 2008-01-20 20:33 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2008-01-20 20:31 --------- d-----w C:\Program Files\Hercules 1996-12-02 17:44 582,144 ----a-w C:\Program Files\Fichiers communs\dao350.dll . ------- Sigcheck ------- 2008-03-18 14:54 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\explorer.exe 2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-18_18.44.58,76 ))))))))))))))))))))))))))))))))))))))))) . + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-03-18 18:46:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_668.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2005-04-18 09:29 65536] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-03-02 00:22 577536 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-10 23:03 8429568] "nwiz"="nwiz.exe" [2007-05-10 23:03 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-10 23:03 81920] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 11:28 45056] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] "Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2005-04-18 09:29 65536] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\system32\\sessmgr.exe"= R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38] R2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;C:\Program Files\BVRP Connection Manager\BVRPNDIS.SYS [2004-06-02 16:56] R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-23 18:47] R3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53] S2 Nomad;Connection Manager;"C:\Program Files\BVRP Connection Manager\NomadSvr.exe" [] S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1aa98d1-6eb6-11dc-a856-0019663115b7}] \Shell\AutoRun\command - F:\setupSNK.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-18 18:46:27 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job" - C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-18 19:46:41 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\RtlGina2.dll PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180] -> C:\Program Files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-18 19:50:10 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-18 18:50:06 ComboFix2.txt 2008-03-18 17:45:17 . 2008-03-17 02:03:56 --- E O F ---

oui cool, ça a marché, en voici le rapport : ComboFix 08-03-17.1 - PC01 2008-03-18 18:42:31.21 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.164 [GMT 1:00] Endroit: C:\Documents and Settings\PC01\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))))))) . 2008-03-18 16:59 . 2008-03-18 16:59 <REP> d-------- C:\WINDOWS\LastGood 2008-03-18 15:47 . 2008-03-03 20:29 761,856 --a------ C:\gmer.exe 2008-03-18 15:47 . 2008-03-18 15:47 698,623 --a------ C:\gmer.zip 2008-03-18 15:47 . 2008-03-18 15:47 250 --a------ C:\WINDOWS\gmer.ini 2008-03-18 14:55 . 2008-03-18 14:55 268 --ah----- C:\sqmdata16.sqm 2008-03-18 14:55 . 2008-03-18 14:55 244 --ah----- C:\sqmnoopt16.sqm 2008-03-18 14:54 . 2008-03-18 14:54 1,036,288 --a------ C:\WINDOWS\explorer.exe 2008-03-18 14:54 . 2008-03-18 14:54 1,036,288 --a------ C:\explorer.exe 2008-03-18 14:21 . 2008-03-18 14:21 268 --ah----- C:\sqmdata15.sqm 2008-03-18 14:21 . 2008-03-18 14:21 244 --ah----- C:\sqmnoopt15.sqm 2008-03-18 14:11 . 2008-03-18 14:11 268 --ah----- C:\sqmdata14.sqm 2008-03-18 14:11 . 2008-03-18 14:11 244 --ah----- C:\sqmnoopt14.sqm 2008-03-17 21:43 . 2008-03-17 21:43 244 --ah----- C:\sqmnoopt13.sqm 2008-03-17 21:43 . 2008-03-17 21:43 232 --ah----- C:\sqmdata13.sqm 2008-03-17 21:40 . 2008-03-17 21:40 268 --ah----- C:\sqmdata12.sqm 2008-03-17 21:40 . 2008-03-17 21:40 244 --ah----- C:\sqmnoopt12.sqm 2008-03-17 21:33 . 2008-03-18 14:31 34,305 --a------ C:\Documents and Settings\PC01\mylbkbpe.exe 2008-03-17 21:31 . 2008-03-17 21:31 268 --ah----- C:\sqmdata11.sqm 2008-03-17 21:31 . 2008-03-17 21:31 244 --ah----- C:\sqmnoopt11.sqm 2008-03-17 13:51 . 2008-03-17 13:51 268 --ah----- C:\sqmdata10.sqm 2008-03-17 13:51 . 2008-03-17 13:51 244 --ah----- C:\sqmnoopt10.sqm 2008-03-16 21:41 . 2008-03-16 21:41 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-16 21:41 . 2008-03-16 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-16 21:24 . 2008-03-16 21:24 268 --ah----- C:\sqmdata09.sqm 2008-03-16 21:24 . 2008-03-16 21:24 244 --ah----- C:\sqmnoopt09.sqm 2008-03-16 19:42 . 2008-03-16 19:42 268 --ah----- C:\sqmdata08.sqm 2008-03-16 19:42 . 2008-03-16 19:42 244 --ah----- C:\sqmnoopt08.sqm 2008-03-16 12:51 . 2008-03-16 12:51 <REP> d-------- C:\WINDOWS\ERUNT 2008-03-16 12:47 . 2008-03-16 12:47 268 --ah----- C:\sqmdata07.sqm 2008-03-16 12:47 . 2008-03-16 12:47 244 --ah----- C:\sqmnoopt07.sqm 2008-03-15 21:12 . 2008-03-15 21:12 268 --ah----- C:\sqmdata06.sqm 2008-03-15 21:12 . 2008-03-15 21:12 244 --ah----- C:\sqmnoopt06.sqm 2008-03-14 22:02 . 2008-03-14 22:02 268 --ah----- C:\sqmdata05.sqm 2008-03-14 22:02 . 2008-03-14 22:02 244 --ah----- C:\sqmnoopt05.sqm 2008-03-14 18:58 . 2008-03-14 18:58 268 --ah----- C:\sqmdata04.sqm 2008-03-14 18:58 . 2008-03-14 18:58 244 --ah----- C:\sqmnoopt04.sqm 2008-03-14 08:38 . 2008-03-14 08:38 <REP> d-------- C:\Program Files\Trend Micro 2008-03-13 18:53 . 2008-03-13 18:53 268 --ah----- C:\sqmdata03.sqm 2008-03-13 18:53 . 2008-03-13 18:53 244 --ah----- C:\sqmnoopt03.sqm 2008-03-13 17:40 . 2008-03-13 17:40 268 --ah----- C:\sqmdata02.sqm 2008-03-13 17:40 . 2008-03-13 17:40 244 --ah----- C:\sqmnoopt02.sqm 2008-03-03 20:33 . 2008-03-03 20:33 268 --ah----- C:\sqmdata01.sqm 2008-03-03 20:33 . 2008-03-03 20:33 244 --ah----- C:\sqmnoopt01.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-17 02:02 --------- d-----w C:\Program Files\Windows Live 2008-02-13 10:46 --------- d-----w C:\Documents and Settings\PC01\Application Data\Grisoft 2008-02-13 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-13 08:53 4,525 ----a-w C:\Documents and Settings\PC01\iypikm.exe 2008-02-13 07:18 4,525 ----a-w C:\Documents and Settings\PC01\usmgrp.exe 2008-02-12 18:16 4,525 ----a-w C:\Documents and Settings\PC01\ryfoxs.exe 2008-02-12 18:05 4,525 ----a-w C:\WINDOWS\system32\lyqmbd.exe 2008-02-12 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-12 16:22 4,525 ----a-w C:\Documents and Settings\PC01\gvffri.exe 2008-02-12 16:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-12 13:40 --------- d-----w C:\Documents and Settings\PC01\Application Data\Image Zone Express 2008-02-11 23:22 4,525 ----a-w C:\Documents and Settings\PC01\mmuzzb.exe 2008-02-11 22:41 4,525 ----a-w C:\Documents and Settings\PC01\stmltq.exe 2008-02-11 22:29 4,525 ----a-w C:\Documents and Settings\PC01\ijhcum.exe 2008-02-11 22:20 4,525 ----a-w C:\Documents and Settings\PC01\otaurw.exe 2008-02-11 20:58 16,768 ----a-w C:\WINDOWS\system32\tcpip_patcher.sys 2008-02-11 20:57 4,525 ----a-w C:\Documents and Settings\PC01\qfaqrb.exe 2008-02-11 20:57 --------- d-----w C:\Program Files\BVRP Connection Manager 2008-02-11 12:59 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-11 12:55 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-02-11 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-10 09:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-01-27 11:48 70,528 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-01-27 09:35 --------- d-----w C:\Program Files\Zuma Deluxe 2008-01-25 17:12 --------- d-----w C:\Documents and Settings\PC01\Application Data\ArcSoft 2008-01-25 11:51 25,984 ----a-w C:\WINDOWS\system32\drivers\Oyc35.sys 2008-01-22 20:32 --------- d-----w C:\Documents and Settings\PC01\Application Data\dvdcss 2008-01-20 20:33 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2008-01-20 20:31 --------- d-----w C:\Program Files\Hercules 1996-12-02 17:44 582,144 ----a-w C:\Program Files\Fichiers communs\dao350.dll . ------- Sigcheck ------- 2008-03-18 14:54 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\explorer.exe 2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2005-04-18 09:29 65536] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-03-02 00:22 577536 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-10 23:03 8429568] "nwiz"="nwiz.exe" [2007-05-10 23:03 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-10 23:03 81920] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 11:28 45056] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] "Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2005-04-18 09:29 65536] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520] NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52 2297856] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Documents and Settings\\PC01\\mylbkbpe.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\system32\\sessmgr.exe"= R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38] R2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;C:\Program Files\BVRP Connection Manager\BVRPNDIS.SYS [2004-06-02 16:56] R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-23 18:47] R3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53] S2 Nomad;Connection Manager;"C:\Program Files\BVRP Connection Manager\NomadSvr.exe" [] S3 Oyc35;Oyc35;C:\WINDOWS\System32\drivers\Oyc35.sys [2008-01-25 12:51] S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1aa98d1-6eb6-11dc-a856-0019663115b7}] \Shell\AutoRun\command - F:\setupSNK.exe *Newly Created Service* - GMER . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-18 14:10:58 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job" - C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-18 18:44:42 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\RtlGina2.dll PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180] -> C:\Program Files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll . Temps d'accomplissement: 2008-03-18 18:45:16 . 2008-03-17 02:03:56 --- E O F ---

oui, je pense avoir réussi car aucun message d'erreur, j'ai fait comme tu m'as dit j'ai telechargé explorer.exe sur http://www.sendspace.com/file/5h0uxw puis j'ai redémarrer avec le cd de windows xp dans la console de récupération j'ai écrit ren explorer.exe explorer.bak puis j'ai mis expand d:\i386\EXPLORER.EX_ c:\windows\EXPLORER.EXE mais là, il m'a dit impossible d'y avoir accès donc j'ai opté pour la deuxième solution, j'ai inscrit : copy c:\explorer.exe c:\windows\explorer.exe puis exit et là, nickel , il a redémarré et j'ai continué les manips que tu m'a demandé.

voici le rapport donné des différents scans antivirus : File: explorer.exe Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 2a7bd330924252a2fd80344fc949bb72 Packers detected: - Bit9 reports: No threat detected (more info) Scan taken on 18 Mar 2008 14:31:34 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing et le rapport gmer : GMER 1.0.14.14205 - http://www.gmer.net Rootkit scan 2008-03-18 15:59:51 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xF8BB08AC] SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF8BB0812] ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2272] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2904] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2904] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 445117EF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2904] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44511770 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2904] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 445117B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2904] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 445116FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2904] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 44511736 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2904] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4451182A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2904] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 ---- EOF - GMER 1.0.14 ----

Apparemment combofix a du mal lui aussi ! Je l'ai lancé en mode sans échec, il démarre correctement et fait sa recherche de fichiers infectieux et puis il me dit : C:\ComboFix\NdisChk.dat Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus C:\ComboFix\NdisBad.dat Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus C:\ComboFix\NdisChk.dat Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus puis windows me met deux messages d'erreur grep.cfexe a rencontré un pb et doit fermer puis VFind a rencontré un pb et doit fermer C'est grave docteur ???

bon, sans attendre voyant que le pc s'est rallumé, je suis tes précédents conseils, voici le rapport OTmoveit2 : C:\WINDOWS\tbuqnal.exe moved successfully. C:\cjlxhy.exe moved successfully. C:\Documents and Settings\PC01\Bureau\catchme.zip moved successfully. C:\Documents and Settings\PC01\mylbkbpe.exe moved successfully. C:\fnjb.exe moved successfully. C:\MSNFix\incl\service moved successfully. C:\MSNFix\incl moved successfully. C:\MSNFix moved successfully. File/Folder C:\QooBox not found. File/Folder C:\SDFix not found. C:\WINDOWS\system32\drivers\Nsq53.sys moved successfully. C:\WINDOWS\system32\drivers\Wymd49.sys moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\fmdgbqtkbmlof.dll C:\WINDOWS\system32\fmdgbqtkbmlof.dll NOT unregistered. C:\WINDOWS\system32\fmdgbqtkbmlof.dll moved successfully. C:\WINDOWS\system32\ttzdos.exe moved successfully. [Custom Input] < EmptyTemp > File delete failed. C:\DOCUME~1\PC01\LOCALS~1\Temp\~DF2477.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\PC01\LOCALS~1\Temp\~DF33BD.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\PC01\LOCALS~1\Temp\~DF8073.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_55c.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03172008_212938

ah, je n'avais pas vu ton dernier message je viens de l'écrire et dans l'invit de commande et maintenant est ce que je refais la manip suivante ? : • copie colle la ligne ci dessous dans executer et valide la par "enter" Code ComboFix /u • Télécharger OTMoveIt2 par OldTimer. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe et etc ???

J'ai noté ce que tu m'as dit et bien inscrit ce qui suit : expand d:\i386\EXPLORER.EX_EXPLORER.EXE et il me répond "le système n'a pas pu trouver le fichier ou le répertoire spécifié

J'ai fait la manip avec le cd de windows mais je ne comprends pas, je suis arrivée dans la console de récupération, j'ai rentré les champs cités, l'ordi a redémarré et maintenant plus rien. Dès que le bureau apparait, il n'y a plus rien qui s'affiche et les icones ne s'installe pas. Y'a bien le fond d'écran du bureau mais rien ne se fait. Après avoir patienté un petit moment, j'ai essayé de le redémarrer mais toujours le même problème. Je me dis que j'ai peut etre fait une erreur en inscrivant "c" au lieu de "d" à la place du "e" dans le champ : expand e:\i386\EXPLORER.EX_ EXPLORER.EXE

et voici maintenant celui de kaspersky : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, March 17, 2008 7:15:46 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 16/03/2008 Kaspersky Anti-Virus database records: 634270 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 61913 Number of viruses found: 32 Number of infected objects: 167 Number of suspicious objects: 0 Duration of the scan process: 00:56:54 Infected Object Name / Virus Name / Last Action C:\cjlxhy.exe Infected: Trojan-Downloader.Win32.Agent.hyy skipped C:\Documents and Settings\All Users\Application Data\BVRP Software\Connection Manager\NomadDBS.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\PC01\Bureau\catchme.zip/MIW68.sys Infected: Trojan-Downloader.Win32.Agent.ici skipped C:\Documents and Settings\PC01\Bureau\catchme.zip ZIP: infected - 1 skipped C:\Documents and Settings\PC01\Cookies\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Historique\History.IE5\MSHist012008031620080317\index.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\PC01\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\PC01\mylbkbpe.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\Documents and Settings\PC01\NTUSER.DAT Object is locked skipped C:\Documents and Settings\PC01\ntuser.dat.LOG Object is locked skipped C:\fnjb.exe Infected: Backdoor.Win32.Small.crw skipped C:\MSNFix\06022008_18105278.zip/backup/cxtrpu.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\MSNFix\06022008_18105278.zip/backup/dllhost.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\MSNFix\06022008_18105278.zip/backup/gmkhws.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\MSNFix\06022008_18105278.zip/backup/lfyojj.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\MSNFix\06022008_18105278.zip/backup/oxthuz.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\MSNFix\06022008_18105278.zip/backup/partnership.dll Infected: Trojan-Proxy.Win32.Xorpix.cs skipped C:\MSNFix\06022008_18105278.zip/backup/qbcvmd.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\MSNFix\06022008_18105278.zip/backup/vvgxan.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\MSNFix\06022008_18105278.zip ZIP: infected - 8 skipped C:\MSNFix\mylbkbpe.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped C:\QooBox\Quarantine\C\d.exe.vir Infected: Backdoor.Win32.Agent.alm skipped C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\symavc32.sys.vir Infected: Rootkit.Win32.Agent.aeh skipped C:\QooBox\Quarantine\catchme2008-03-15_214429.56.zip/jkghje.dll Infected: Trojan.Win32.Agent.fgw skipped C:\QooBox\Quarantine\catchme2008-03-15_214429.56.zip ZIP: infected - 1 skipped C:\SDFix\SDFix\backups\backups.zip/backups/diperto1105-280d.sys Infected: Email-Worm.Win32.Zhelatin.vd skipped C:\SDFix\SDFix\backups\backups.zip/backups/ixbxput.exe Infected: Trojan.Win32.Inject.wc skipped C:\SDFix\SDFix\backups\backups.zip/backups/LogCrypt.dll Infected: Trojan.Win32.Agent.eub skipped C:\SDFix\SDFix\backups\backups.zip ZIP: infected - 3 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP113\A0016795.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP113\A0016894.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP113\A0016906.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP114\A0016924.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP114\A0016935.exe Infected: Trojan-Downloader.Win32.Agent.hyy skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP114\A0016945.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP114\A0016949.exe Infected: Trojan.Win32.Pakes.caw skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP114\A0016951.exe Infected: Trojan-Downloader.Win32.Agent.hyy skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP114\A0016959.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP115\A0016980.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP117\A0017068.exe Infected: Trojan.Win32.Pakes.caw skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP117\A0017071.exe Infected: Trojan-Downloader.Win32.Agent.hyy skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP117\A0017091.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP117\A0017127.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP117\A0017134.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP117\A0017138.exe Infected: Trojan-Downloader.Win32.Agent.hyy skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP117\A0018134.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP119\A0018174.exe Infected: Trojan-Proxy.Win32.Xorpix.cs skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP119\A0018175.sys Infected: Rootkit.Win32.Agent.zf skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP119\A0020136.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP119\A0020150.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP119\A0020157.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP119\A0020176.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP120\A0020190.exe Infected: Trojan-Downloader.Win32.Agent.hyy skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP120\A0020191.exe Infected: Trojan-Proxy.Win32.Xorpix.cs skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP120\A0020193.exe Infected: Trojan-Proxy.Win32.Xorpix.cs skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP120\A0020232.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0020236.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0020237.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0020238.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0020239.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0020240.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0020241.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021232.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021233.sys Infected: Trojan-Clicker.Win32.Costrat.de skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021234.sys Infected: Rootkit.Win32.Agent.xn skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021235.sys Infected: Rootkit.Win32.Agent.zf skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021242.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021243.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021244.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021252.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021253.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021255.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0021258.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0022232.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP121\A0022240.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP122\A0022263.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP124\A0022333.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP125\A0022349.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP125\A0022360.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP125\A0022468.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP125\A0022478.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP125\A0022489.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP125\A0023489.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023514.exe Infected: Trojan.Win32.Pakes.ccx skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023515.dll Infected: Trojan.Win32.Agent.eub skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023518.exe Infected: Trojan.Win32.Inject.wc skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023519.exe Infected: Trojan-Downloader.Win32.Diehard.dz skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023533.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023541.sys Infected: Trojan-Downloader.Win32.Diehard.dr skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023542.dll Infected: Trojan-Spy.Win32.BZub.btx skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023549.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023554.sys Infected: Trojan-Downloader.Win32.Agent.ici skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023555.dll Infected: Trojan.Win32.Agent.eub skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023562.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP128\A0023563.sys Infected: Trojan.Win32.Agent.asu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP129\snapshot\MFEX-1.DAT Infected: Trojan.Win32.Agent.eub skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0023633.sys Infected: Trojan-Downloader.Win32.Agent.ici skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0023634.dll Infected: Trojan.Win32.Agent.eub skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0023644.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0023645.exe Infected: Trojan.Win32.Inject.wc skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0023646.exe Infected: Trojan-Downloader.Win32.Diehard.dz skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0023647.dll Infected: not-a-virus:AdWare.Win32.E404.a skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0023659.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0024659.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0024660.exe Infected: Trojan.Win32.Inject.wc skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0024661.exe Infected: Trojan-Downloader.Win32.Tiny.aih skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0024662.exe Infected: Trojan-Dropper.Win32.Agent.emn skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0025658.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0025661.exe Infected: Email-Worm.Win32.Zhelatin.vg skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0025663.exe Infected: Trojan-PSW.Win32.Sinowal.gj skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0025664.exe Infected: Trojan.Win32.Inject.wc skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0026660.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0026664.exe Infected: Trojan.Win32.DNSChanger.aum skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0027651.dll Infected: Trojan.Win32.Agent.eub skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0027654.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0027665.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0027666.exe Infected: Trojan-PSW.Win32.Sinowal.gj skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0027667.exe Infected: Trojan.Win32.Inject.wc skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0027668.exe Infected: Trojan-Downloader.Win32.Diehard.ef skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\A0027669.exe Infected: Trojan-Dropper.Win32.Agent.emn skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP130\snapshot\MFEX-1.DAT Infected: Trojan.Win32.Agent.eub skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP131\A0027766.sys Infected: Trojan-Downloader.Win32.Agent.ici skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP131\A0027767.dll Infected: Trojan.Win32.Agent.eub skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP131\A0027791.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP131\snapshot\MFEX-1.DAT Infected: Trojan.Win32.Agent.eub skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP132\A0028774.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP133\A0028801.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP133\A0028804.exe Infected: Trojan-Downloader.Win32.Diehard.ef skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP135\A0028816.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP135\A0028827.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP137\A0028837.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP137\A0028848.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP138\A0028878.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP139\A0028907.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP139\A0028915.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP141\A0028960.exe Infected: Backdoor.Win32.Agent.alm skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP141\A0029918.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP141\A0030061.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP141\A0030224.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP141\A0030320.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0031322.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0031412.sys Infected: Rootkit.Win32.Agent.aeh skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0031425.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0032425.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0033425.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0034425.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0034428.exe Infected: Trojan-PSW.Win32.Sinowal.gj skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0034436.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0035439.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0035448.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0035481.exe Infected: Trojan.Win32.Inject.wc skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP142\A0035483.dll Infected: Trojan.Win32.Agent.eub skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP143\A0035489.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP143\A0035490.sys Infected: Email-Worm.Win32.Zhelatin.vd skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP143\A0035494.exe Infected: Trojan.Win32.Inject.wc skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP143\A0035495.dll Infected: Trojan.Win32.Agent.eub skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP143\A0035546.exe Infected: Backdoor.Win32.Delf.dbu skipped C:\System Volume Information\_restore{E2033D2E-501D-42BE-90F2-F042E07D4DCE}\RP143\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\explorer.exe Infected: Trojan.Win32.Patched.bl skipped C:\WINDOWS\RTacDbg.txt Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41QRGHQZ\niushkmpx[1].htm Infected: Trojan-Dropper.Win32.Mudrop.gi skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41QRGHQZ\vsskkopgtx[1].htm Infected: Trojan-PSW.Win32.Sinowal.gj skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHYNKTAB\sgxllcqhhy[1].htm Infected: Trojan.Win32.Inject.wc skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\lsegihwln[1].txt Infected: Trojan-Downloader.Win32.Agent.hyy skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\nwabo[1].txt Infected: Trojan-Downloader.Win32.Agent.hyy skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\wjkbcttklc[1].htm Infected: Trojan-Downloader.Win32.Diehard.ef skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXA3GT6F\zgshj[1].htm Infected: Trojan.Win32.Pakes.caw skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S92BG9IZ\ad8264b7c8[1].exe Infected: Packed.Win32.CPEX-based.ao skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S92BG9IZ\wjkbcttklc[1].htm Infected: Trojan-Downloader.Win32.Diehard.ef skipped C:\WINDOWS\system32\dllcache\explorer.exe Infected: Trojan.Win32.Patched.bl skipped C:\WINDOWS\system32\drivers\Nsq53.sys Infected: Trojan.Win32.Srizbi.h skipped C:\WINDOWS\system32\drivers\Wymd49.sys Infected: Rootkit.Win32.Agent.aeh skipped C:\WINDOWS\system32\fmdgbqtkbmlof.dll Infected: Email-Worm.Win32.Locksky.cc skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\ttzdos.exe Infected: Packed.Win32.CPEX-based.ao skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\tbuqnal.exe Infected: Trojan.Win32.Patched.bl skipped C:\WINDOWS\Temp\Perflib_Perfdata_560.dat Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Voici le rapport SDFix : SDFix: Version 1.158 Run by PC01 on 2008-03-16 at 19:50 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix\SDFix Checking Services : Name: diperto1105-280d diperto1105-280d MIW68 MIW68 Path: \??\C:\WINDOWS\system32\diperto1105-280d.sys \??\C:\WINDOWS\system32\diperto1105-280d.sys System32\Drivers\Miw68.sys System32\Drivers\Miw68.sys diperto1105-280d - Deleted diperto1105-280d - Deleted MIW68 - Deleted MIW68 - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Session Manager\SubSystems: Trojan File basesrv.dll and startup entry Found! basesrv.dll will be removed after reboot if registry value is repaired Restoring Missing SharedAccess Service Rebooting Service MIW68 - Deleted after Reboot Session Manager\SubSystems: ServerDll value restored to basesrv.dll Key export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "Windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 Removing C:\WINDOWS\system32\basesrv.dll Checking Files : Trojan Files Found: C:\-10587~1 - Deleted C:\IXBXPUT.EXE - Deleted C:\WINDOWS\system32\diperto.ini - Deleted C:\WINDOWS\system32\LogCrypt.dll - Deleted C:\WINDOWS\system32\basesrv.dll - Deleted C:\WINDOWS\system32\diperto1105-280d.sys - Deleted C:\WINDOWS\system32\diperto1105-280d.sys - Deleted C:\WINDOWS\system32\diperto1105-280d.sys - Deleted C:\WINDOWS\system32\drivers\MIW68.sys - Deleted C:\WINDOWS\system32\drivers\MIW68.sys - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 21:12:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\Documents and Settings\PC01\mylbkbpe.exe [2472] 0x81A35D00 scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden processes: 1 hidden services: 0 hidden files: 1 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Documents and Settings\\PC01\\mylbkbpe.exe"="C:\\Documents and Settings\\PC01\\mylbkbpe.exe:*:Enabled:Flash Player2" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : C:\WINDOWS\system32\basesrv.dll Found File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Mon 22 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 16 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 10 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BITD.tmp" Finished!

Du nouveau... Voyant que rien ne se passait, j'ai redémarrer une nouvelle fois combofix, il a lancé différentes étapes puis supprimé 2 fichiers dont je n'ai pas eu le tps de noter, il a redémarré mon ordi et a ouvert une nouvelle fenêtre fond bleu vide avec pour nom : C:\windows\system32\CF11184.exe et puis plus rien ???

J'ai fait ce que tu m'as dit, combo fix démarre correctement, windows me fait un message d'erreur en me disant : "Vfind.exe a rencontré un problème et doit fermer" Je l'ai relancé car il ne s'est rien passé de plus pendant 2 heures, et là meme message d'erreur, j'ai laissé faire et là combofix m'indique suppression de fichiers/dossiers : "C:\windows\system32\drivers\symavc32.sys" et puis rien ne se passe... ?