Votre question

[RESOLU - Merci Angel] - Le fameux triangle jaune...

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Novembre 2007 12:45:30

Bonjour à tous,
Je suis à mon tour victime d'une série de spywares/malwares/ce-que-voulez-wares qui me font apparaitre dans ma barre des tâches un triangle jaune, avec un point d'exclamation, qui clignote, et qui, sous forme d'infobulles, me donne tout un tas de message. J'ai ainsi, par exemple, ces 5 messages différents :

Security Alert : NetWorm-i.Virus@fp
System Alert : Malware threats
System Performance monitor : Warning
Your computer is infected with last versions PSW.x-Vir Trojan
System Alert : Trojan-Spy.win32@mx

Parfois s'ouvrent également des fenêtres d'internet explorer me proposant divers anti-virus à télécharger pour régler le problème... Pas fou, je ne clique sur rien...
Un scan complet avec Avast (Ed. Familiale) ne donne rien, tout est ok pour lui...

Après avoir consulté plusieurs posts ici, j'ai téléchargé SmitFraudFix, que j'ai executé, et dont j'ai lancé la recherche (choix 1 du menu). Vous trouverez ci-dessous la copie du rapport. J'ai cru comprendre que les étapes suivantes de désinfection étaient fonction de ce premier rapport... J'attends donc des nouvelles de l'un d'entre vous avec impatience, si vous avez un petit moment à consacrer à ce problème.

Merci d'avance, et bonne journée.
Ci-dessous, le rapport de SmitFraudFix :

SmitFraudFix v2.252

Rapport fait à 12:28:16,45, 13/11/2007
Executé à partir de C:\Documents and Settings\ojarret.IRIS\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ydotwxpn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\1&1\1&1 Connexion directe\EasyLogin.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ojarret.IRIS


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ojarret.IRIS\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OJARRE~1.IRI\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\__c00CE100.dat"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau 3Com EtherLink XL 10/100 PCI TX (3C905B-TX) - Miniport d'ordonnancement de paquets
DNS Server Search Order: 210.210.210.2
DNS Server Search Order: 210.210.210.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{861EE201-9CA4-4FB7-A966-42A467B64F07}: DhcpNameServer=210.210.210.2 210.210.210.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{861EE201-9CA4-4FB7-A966-42A467B64F07}: DhcpNameServer=210.210.210.2 210.210.210.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{861EE201-9CA4-4FB7-A966-42A467B64F07}: DhcpNameServer=210.210.210.2 210.210.210.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=210.210.210.2 210.210.210.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=210.210.210.2 210.210.210.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=210.210.210.2 210.210.210.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Autres pages sur : resolu merci angel fameux triangle jaune

a b 8 Sécurité
13 Novembre 2007 12:58:57

Bonjour,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    13 Novembre 2007 13:59:12

    Re !
    Tout d'abord, un double merci : pour la réponse à mon post, bien sur, mais surtout pour la rapidité de celle-ci... C'est très sympa....
    J'ai donc suivi toutes les indications, la machine a redémarré toute seule, puis un rapport est apparu, je le colle ci-dessous.
    On va y arriver, hein ? :wahoo: 

    ComboFix 07-11-08.1 - ojarret 2007-11-13 13:04:36.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.144 [GMT 1:00]
    Running from: C:\Documents and Settings\ojarret.IRIS\Bureau\ComboFix.exe
    * Created a new restore point
    .

    Incapable d'obtenir les privilèges Système

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\Documents and Settings\ojarret.IRIS\Application Data\BestsellerAntivirus
    C:\Documents and Settings\ojarret.IRIS\Application Data\BestsellerAntivirus\avtasks.dat
    C:\Documents and Settings\ojarret.IRIS\Application Data\BestsellerAntivirus\Logs\av.log
    C:\Documents and Settings\ojarret.IRIS\Application Data\BestsellerAntivirus\Logs\ga6Support.log
    C:\Documents and Settings\ojarret.IRIS\Application Data\BestsellerAntivirus\Logs\update.log
    C:\Documents and Settings\ojarret.IRIS\Application Data\BestsellerAntivirus\PGE.dat
    C:\Documents and Settings\ojarret.IRIS\Bureau\Live Safety Center.lnk
    C:\Documents and Settings\ojarret.IRIS\Bureau\Online Security Guide.lnk
    C:\Documents and Settings\ojarret.IRIS\Favoris\Online Security Guide.lnk
    C:\UGA6P
    C:\WINDOWS\system32\__c003FDC4.dat
    C:\WINDOWS\system32\__c004E6B1.dat
    C:\WINDOWS\system32\__c007928.dat
    C:\WINDOWS\system32\__c00AD620.dat
    C:\WINDOWS\system32\__c00CE100.dat
    C:\WINDOWS\system32\__c00E7953.dat
    C:\WINDOWS\system32\__c00EFAC2.dat
    C:\WINDOWS\system32\bfpplagk.dll
    C:\WINDOWS\system32\evmtacre.dll
    C:\WINDOWS\system32\hkiwunqr.dll
    C:\WINDOWS\system32\ippndynb.dll
    C:\WINDOWS\system32\lbhgsmqy.dll
    C:\WINDOWS\system32\llnmp.bak1
    C:\WINDOWS\system32\llnmp.bak2
    C:\WINDOWS\system32\llnmp.ini
    C:\WINDOWS\system32\mljigef.dll
    C:\WINDOWS\system32\ojfyktln.dll
    C:\WINDOWS\system32\pmnll.dll
    C:\WINDOWS\system32\swtjfqip.dllbox
    C:\WINDOWS\system32\wqhybcrb.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-13 13:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-13 12:28 2,054 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-13 11:30 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-11-13 11:30 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-11-13 11:30 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-11-13 11:30 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-11-13 11:30 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-13 11:30 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-11-13 11:29 <REP> d-------- C:\Program Files\Avast4
    2007-11-13 11:29 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-11-13 11:00 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-13 10:28 80,448 --a------ C:\WINDOWS\system32\cthjwtnu.dll
    2007-11-13 10:25 144,480 --a------ C:\WINDOWS\system32\swtjfqip.dll
    2007-11-13 10:25 144,480 --a------ C:\WINDOWS\system32\dyyqvrsy.dll
    2007-11-13 10:22 88,128 --a------ C:\WINDOWS\system32\ysxvxyqk.dll
    2007-11-13 10:16 71,232 --a------ C:\WINDOWS\system32\dkkhwppt.exe
    2007-11-12 10:17 89,664 --------- C:\WINDOWS\system32\svbrkddx.dll
    2007-11-12 10:17 81,472 --a------ C:\WINDOWS\system32\okgapkuv.dll
    2007-11-12 10:11 71,232 --a------ C:\WINDOWS\system32\oqmkphgl.exe
    2007-11-11 10:20 79,936 --a------ C:\WINDOWS\system32\qegsadwa.dll
    2007-11-11 10:17 88,128 --------- C:\WINDOWS\system32\dlhvyykl.dll
    2007-11-11 10:11 71,232 --a------ C:\WINDOWS\system32\dnceberl.exe
    2007-11-10 10:23 81,472 --a------ C:\WINDOWS\system32\mxwweleb.dll
    2007-11-10 10:17 85,056 --------- C:\WINDOWS\system32\pknmvgrr.dll
    2007-11-10 10:11 71,232 --a------ C:\WINDOWS\system32\dfhpayym.exe
    2007-11-09 10:17 88,128 --------- C:\WINDOWS\system32\sodylbob.dll
    2007-11-09 10:14 77,888 --a------ C:\WINDOWS\system32\bfkatkyl.dll
    2007-11-09 10:11 71,232 --a------ C:\WINDOWS\system32\whisoawa.exe
    2007-11-08 10:22 80,448 --a------ C:\WINDOWS\system32\dwgenimy.dll
    2007-11-08 10:16 86,080 --------- C:\WINDOWS\system32\vvhvaddq.dll
    2007-11-08 10:10 71,232 --a------ C:\WINDOWS\system32\mabhdkgy.exe
    2007-11-07 15:35 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2007-11-07 15:35 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2007-11-07 15:35 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-11-07 15:35 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
    2007-11-07 15:35 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
    2007-11-07 15:35 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
    2007-11-07 15:35 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-11-07 10:18 79,936 --a------ C:\WINDOWS\system32\ijuahnpn.dll
    2007-11-07 10:12 86,080 --------- C:\WINDOWS\system32\xtlmjvih.dll
    2007-11-07 10:09 71,232 --a------ C:\WINDOWS\system32\ydotwxpn.exe
    2007-10-31 17:50 <REP> d-------- C:\WINDOWS\system32\DllCache
    2007-10-31 16:45 584,192 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll
    2007-10-31 16:31 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-13 11:43 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-11-13 10:24 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\.gaim
    2007-11-08 14:29 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\AdobeUM
    2007-11-07 16:00 --------- d--h--w C:\Program Files\Installshield Installation Information
    2007-11-05 13:22 --------- d-----w C:\Program Files\e-Campaign 6
    2007-10-22 10:08 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\e-Campaign
    2007-10-17 10:32 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\dvdcss
    2007-10-12 13:24 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\vlc
    2007-10-12 13:12 --------- d-----w C:\Program Files\VideoLAN
    2007-10-09 10:05 --------- d-----w C:\Program Files\Winamp
    2007-10-02 12:02 --------- d-----w C:\Program Files\DVDx
    2007-09-26 09:18 --------- d-----w C:\Program Files\The Bitmap Brothers
    2007-09-17 12:34 --------- d-----w C:\Program Files\eMule
    2007-09-17 10:45 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\1&1
    2007-09-17 10:44 --------- d-----w C:\Program Files\1&1
    2007-09-17 08:22 --------- d-----w C:\Program Files\Java
    2007-09-14 12:29 --------- d-----w C:\Program Files\Gabest
    2007-09-14 12:25 --------- d-----w C:\Program Files\AviSynth 2.5
    2007-09-14 12:22 --------- d-----w C:\Program Files\Morgan
    2007-08-22 12:57 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll
    2007-08-22 12:57 669,696 ------w C:\WINDOWS\system32\DllCache\wininet.dll
    2007-08-22 12:57 620,032 ------w C:\WINDOWS\system32\DllCache\urlmon.dll
    2007-08-22 12:57 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll
    2007-08-22 12:57 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll
    2007-08-22 12:57 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
    2007-08-22 12:57 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll
    2007-08-22 12:57 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll
    2007-08-22 12:57 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll
    2007-08-22 12:57 3,085,824 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
    2007-08-22 12:57 251,904 ------w C:\WINDOWS\system32\DllCache\iepeers.dll
    2007-08-22 12:57 205,824 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll
    2007-08-22 12:57 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll
    2007-08-22 12:57 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
    2007-08-22 12:57 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll
    2007-08-22 12:57 1,498,624 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
    2007-08-22 12:57 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
    2007-08-22 12:57 1,023,488 ------w C:\WINDOWS\system32\DllCache\browseui.dll
    2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\DllCache\inetcomm.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-13 10:25 144480 --a------ C:\WINDOWS\system32\swtjfqip.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4ab69fc-531e-4252-8d76-e091ec8e3a77}]
    2007-11-13 10:28 80448 --a------ C:\WINDOWS\system32\cthjwtnu.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\swtjfqip.dll [2007-11-13 10:25 144480]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
    "40b81a11"="C:\WINDOWS\system32\ysxvxyqk.dll" [2007-11-13 10:22]
    "avast!"="C:\Program Files\Avast4\ashDisp.exe" [2007-09-06 12:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-25 19:11]
    "1&1 Connexion directe"="C:\Program Files\1&1\1&1 Connexion directe\EasyLogin.exe" [2007-06-25 12:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "LSD_III"=%systemroot%\LSD\end.cmd
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\swtjfqip]
    swtjfqip.dll 2007-11-13 10:25 144480 C:\WINDOWS\system32\swtjfqip.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnll.dll

    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-13 13:20:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-13 13:23:04 - machine was rebooted
    .
    --- E O F ---
    Contenus similaires
    a b 8 Sécurité
    13 Novembre 2007 16:21:34

    Reposte un rapport Hijackthis.
    13 Novembre 2007 16:30:58

    Sitôt demandé, sitôt posté...
    Rapport de Hijack...
    Depuis l'apparition du problème, "l'alerte" en barre des tâches a disparu... Ne restent que les pops-up incessantes, et des fenêtres de messages alarmistes, avec "ok" ou "annuler"... On progresse, n'est ce pas, Angeldark ? :-))

    Hop, copier-coller :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:25, on 2007-11-13
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avast4\ashMaiSv.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\1&1\1&1 Connexion directe\EasyLogin.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Gaim\gaim.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\swtjfqip.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: {77a3e8ce-190e-67d8-2524-e135cf96ba4f} - {f4ab69fc-531e-4252-8d76-e091ec8e3a77} - C:\WINDOWS\system32\cthjwtnu.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\swtjfqip.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [40b81a11] rundll32.exe "C:\WINDOWS\system32\ysxvxyqk.dll",b
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [1&1 Connexion directe] "C:\Program Files\1&1\1&1 Connexion directe\EasyLogin.exe" HIDE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Iris.com
    O17 - HKLM\Software\..\Telephony: DomainName = Iris.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{861EE201-9CA4-4FB7-A966-42A467B64F07}: Domain = IRIS.COM
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Iris.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Iris.com
    O20 - Winlogon Notify: swtjfqip - C:\WINDOWS\SYSTEM32\swtjfqip.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    --
    End of file - 5512 bytes
    a b 8 Sécurité
    13 Novembre 2007 18:17:50

    Il y a encore de l'infection :D  Refais un scan Combofix, on attaque.
    13 Novembre 2007 18:39:48

    Damned ! Le fameux triangle jaune est revenu (après le redemarrage de la mchine, suite au scan de combofix..) ! Est-ce un retour en arrière ? Est-ce la fin des antibiotiques ? Angeldark, la vie de mon pc (de bureau) est entre tes mains !!

    Ci-dessous, le log de combofix... Et merci une nouvelle fois de te pencher sur mon cas... @+


    ComboFix 07-11-08.1 - ojarret 2007-11-13 18:20:39.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.177 [GMT 1:00]
    Running from: C:\Documents and Settings\ojarret.IRIS\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\WINDOWS\system32\swtjfqip.dllbox

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-13 13:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-13 12:28 2,054 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-13 11:30 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-11-13 11:30 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-11-13 11:30 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-11-13 11:30 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-11-13 11:30 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-13 11:30 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-11-13 11:29 <REP> d-------- C:\Program Files\Avast4
    2007-11-13 11:29 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-11-13 11:00 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-13 10:28 80,448 --a------ C:\WINDOWS\system32\cthjwtnu.dll
    2007-11-13 10:25 144,480 --a------ C:\WINDOWS\system32\swtjfqip.dll
    2007-11-13 10:25 144,480 --a------ C:\WINDOWS\system32\dyyqvrsy.dll
    2007-11-13 10:22 88,128 --a------ C:\WINDOWS\system32\ysxvxyqk.dll
    2007-11-13 10:16 71,232 --a------ C:\WINDOWS\system32\dkkhwppt.exe
    2007-11-12 10:17 89,664 --------- C:\WINDOWS\system32\svbrkddx.dll
    2007-11-12 10:17 81,472 --a------ C:\WINDOWS\system32\okgapkuv.dll
    2007-11-12 10:11 71,232 --a------ C:\WINDOWS\system32\oqmkphgl.exe
    2007-11-11 10:20 79,936 --a------ C:\WINDOWS\system32\qegsadwa.dll
    2007-11-11 10:17 88,128 --------- C:\WINDOWS\system32\dlhvyykl.dll
    2007-11-11 10:11 71,232 --a------ C:\WINDOWS\system32\dnceberl.exe
    2007-11-10 10:23 81,472 --a------ C:\WINDOWS\system32\mxwweleb.dll
    2007-11-10 10:17 85,056 --------- C:\WINDOWS\system32\pknmvgrr.dll
    2007-11-10 10:11 71,232 --a------ C:\WINDOWS\system32\dfhpayym.exe
    2007-11-09 10:17 88,128 --------- C:\WINDOWS\system32\sodylbob.dll
    2007-11-09 10:14 77,888 --a------ C:\WINDOWS\system32\bfkatkyl.dll
    2007-11-09 10:11 71,232 --a------ C:\WINDOWS\system32\whisoawa.exe
    2007-11-08 10:22 80,448 --a------ C:\WINDOWS\system32\dwgenimy.dll
    2007-11-08 10:16 86,080 --------- C:\WINDOWS\system32\vvhvaddq.dll
    2007-11-08 10:10 71,232 --a------ C:\WINDOWS\system32\mabhdkgy.exe
    2007-11-07 15:35 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2007-11-07 15:35 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2007-11-07 15:35 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-11-07 15:35 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
    2007-11-07 15:35 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
    2007-11-07 15:35 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
    2007-11-07 15:35 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-11-07 10:18 79,936 --a------ C:\WINDOWS\system32\ijuahnpn.dll
    2007-11-07 10:12 86,080 --------- C:\WINDOWS\system32\xtlmjvih.dll
    2007-11-07 10:09 71,232 --a------ C:\WINDOWS\system32\ydotwxpn.exe
    2007-10-31 17:50 <REP> d-------- C:\WINDOWS\system32\DllCache
    2007-10-31 16:45 584,192 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll
    2007-10-31 16:31 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-13 14:46 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-11-13 13:49 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\.gaim
    2007-11-08 14:29 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\AdobeUM
    2007-11-07 16:00 --------- d--h--w C:\Program Files\Installshield Installation Information
    2007-11-05 13:22 --------- d-----w C:\Program Files\e-Campaign 6
    2007-10-22 10:08 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\e-Campaign
    2007-10-17 10:32 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\dvdcss
    2007-10-12 13:24 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\vlc
    2007-10-12 13:12 --------- d-----w C:\Program Files\VideoLAN
    2007-10-09 10:05 --------- d-----w C:\Program Files\Winamp
    2007-10-02 12:02 --------- d-----w C:\Program Files\DVDx
    2007-09-26 09:18 --------- d-----w C:\Program Files\The Bitmap Brothers
    2007-09-17 12:34 --------- d-----w C:\Program Files\eMule
    2007-09-17 10:45 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\1&1
    2007-09-17 10:44 --------- d-----w C:\Program Files\1&1
    2007-09-17 08:22 --------- d-----w C:\Program Files\Java
    2007-09-14 12:29 --------- d-----w C:\Program Files\Gabest
    2007-09-14 12:25 --------- d-----w C:\Program Files\AviSynth 2.5
    2007-09-14 12:22 --------- d-----w C:\Program Files\Morgan
    2007-08-22 12:57 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll
    2007-08-22 12:57 669,696 ------w C:\WINDOWS\system32\DllCache\wininet.dll
    2007-08-22 12:57 620,032 ------w C:\WINDOWS\system32\DllCache\urlmon.dll
    2007-08-22 12:57 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll
    2007-08-22 12:57 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll
    2007-08-22 12:57 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
    2007-08-22 12:57 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll
    2007-08-22 12:57 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll
    2007-08-22 12:57 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll
    2007-08-22 12:57 3,085,824 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
    2007-08-22 12:57 251,904 ------w C:\WINDOWS\system32\DllCache\iepeers.dll
    2007-08-22 12:57 205,824 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll
    2007-08-22 12:57 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll
    2007-08-22 12:57 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
    2007-08-22 12:57 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll
    2007-08-22 12:57 1,498,624 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
    2007-08-22 12:57 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
    2007-08-22 12:57 1,023,488 ------w C:\WINDOWS\system32\DllCache\browseui.dll
    2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\DllCache\inetcomm.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-13_13.21.44.79 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-13 17:26:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-13 10:25 144480 --a------ C:\WINDOWS\system32\swtjfqip.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4ab69fc-531e-4252-8d76-e091ec8e3a77}]
    2007-11-13 10:28 80448 --a------ C:\WINDOWS\system32\cthjwtnu.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\swtjfqip.dll [2007-11-13 10:25 144480]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\swtjfqip.dll [2007-11-13 10:25 144480]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
    "40b81a11"="C:\WINDOWS\system32\ysxvxyqk.dll" [2007-11-13 10:22]
    "avast!"="C:\Program Files\Avast4\ashDisp.exe" [2007-09-06 12:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-25 19:11]
    "1&1 Connexion directe"="C:\Program Files\1&1\1&1 Connexion directe\EasyLogin.exe" [2007-06-25 12:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "LSD_III"=%systemroot%\LSD\end.cmd
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\swtjfqip]
    swtjfqip.dll 2007-11-13 10:25 144480 C:\WINDOWS\system32\swtjfqip.dll

    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-13 18:31:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-13 18:34:12 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-13 13:23
    .
    --- E O F ---
    a b 8 Sécurité
    13 Novembre 2007 18:56:13

    Re,

    BBBBBBBBBAAAAAAAAAANNNNNNNNNNZAAAAAAAAIIIIIIIIIII !!!!

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\cthjwtnu.dll
    C:\WINDOWS\system32\swtjfqip.dll
    C:\WINDOWS\system32\dyyqvrsy.dll
    C:\WINDOWS\system32\ysxvxyqk.dll
    C:\WINDOWS\system32\dkkhwppt.exe
    C:\WINDOWS\system32\svbrkddx.dll
    C:\WINDOWS\system32\okgapkuv.dll
    C:\WINDOWS\system32\oqmkphgl.exe
    C:\WINDOWS\system32\qegsadwa.dll
    C:\WINDOWS\system32\dlhvyykl.dll
    C:\WINDOWS\system32\dnceberl.exe
    C:\WINDOWS\system32\mxwweleb.dll
    C:\WINDOWS\system32\pknmvgrr.dll
    C:\WINDOWS\system32\dfhpayym.exe
    C:\WINDOWS\system32\sodylbob.dll
    C:\WINDOWS\system32\bfkatkyl.dll
    C:\WINDOWS\system32\whisoawa.exe
    C:\WINDOWS\system32\dwgenimy.dll
    C:\WINDOWS\system32\vvhvaddq.dll
    C:\WINDOWS\system32\mabhdkgy.exe
    C:\WINDOWS\system32\ijuahnpn.dll
    C:\WINDOWS\system32\xtlmjvih.dll
    C:\WINDOWS\system32\ydotwxpn.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4ab69fc-531e-4252-8d76-e091ec8e3a77}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "40b81a11"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\swtjfqip]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    14 Novembre 2007 10:45:59

    Salut à toi, Angeldark...
    J'espère que la nuit fût bonne...
    Alors, j'ai bien réalisé les opérations décrites ci-dessus, et effectivement, il semblerait que tout soit fini... Mais comme disait mon grand-père trappeur : ne vendons pas la peau de l'ours...

    J'attends ta confirmation suite à ce post pour pouvoir écrire en gros et gras "RESOLU" devant ce sujet...
    Ci-dessous, les copies des deux rapports, en commencant par Combofix...
    (Mon ordi semble souffler un peu... internet explorer ne s'ouvre plus, seul firefox peuple mon écran... c'est beau la vie...)
    Allez, on y va :

    ComboFix 07-11-08.1 - ojarret 2007-11-14 10:26:03.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.140 [GMT 1:00]
    Running from: C:\Documents and Settings\ojarret.IRIS\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\ojarret.IRIS\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\bfkatkyl.dll
    C:\WINDOWS\system32\cthjwtnu.dll
    C:\WINDOWS\system32\dfhpayym.exe
    C:\WINDOWS\system32\dkkhwppt.exe
    C:\WINDOWS\system32\dlhvyykl.dll
    C:\WINDOWS\system32\dnceberl.exe
    C:\WINDOWS\system32\dwgenimy.dll
    C:\WINDOWS\system32\dyyqvrsy.dll
    C:\WINDOWS\system32\ijuahnpn.dll
    C:\WINDOWS\system32\mabhdkgy.exe
    C:\WINDOWS\system32\mxwweleb.dll
    C:\WINDOWS\system32\okgapkuv.dll
    C:\WINDOWS\system32\oqmkphgl.exe
    C:\WINDOWS\system32\pknmvgrr.dll
    C:\WINDOWS\system32\qegsadwa.dll
    C:\WINDOWS\system32\sodylbob.dll
    C:\WINDOWS\system32\svbrkddx.dll
    C:\WINDOWS\system32\swtjfqip.dll
    C:\WINDOWS\system32\vvhvaddq.dll
    C:\WINDOWS\system32\whisoawa.exe
    C:\WINDOWS\system32\xtlmjvih.dll
    C:\WINDOWS\system32\ydotwxpn.exe
    C:\WINDOWS\system32\ysxvxyqk.dll
    .

    Incapable d'obtenir les privilèges Système

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\Documents and Settings\ojarret.IRIS\Bureau\Live Safety Center.lnk
    C:\Documents and Settings\ojarret.IRIS\Bureau\Online Security Guide.lnk
    C:\Documents and Settings\ojarret.IRIS\Favoris\Online Security Guide.lnk
    C:\WINDOWS\system32\bfkatkyl.dll
    C:\WINDOWS\system32\cthjwtnu.dll
    C:\WINDOWS\system32\dfhpayym.exe
    C:\WINDOWS\system32\dkkhwppt.exe
    C:\WINDOWS\system32\dlhvyykl.dll
    C:\WINDOWS\system32\dnceberl.exe
    C:\WINDOWS\system32\dwgenimy.dll
    C:\WINDOWS\system32\dyyqvrsy.dll
    C:\WINDOWS\system32\ijuahnpn.dll
    C:\WINDOWS\system32\mabhdkgy.exe
    C:\WINDOWS\system32\mxwweleb.dll
    C:\WINDOWS\system32\okgapkuv.dll
    C:\WINDOWS\system32\oqmkphgl.exe
    C:\WINDOWS\system32\pknmvgrr.dll
    C:\WINDOWS\system32\qegsadwa.dll
    C:\WINDOWS\system32\sodylbob.dll
    C:\WINDOWS\system32\svbrkddx.dll
    C:\WINDOWS\system32\swtjfqip.dll
    C:\WINDOWS\system32\swtjfqip.dllbox
    C:\WINDOWS\system32\vvhvaddq.dll
    C:\WINDOWS\system32\whisoawa.exe
    C:\WINDOWS\system32\xtlmjvih.dll
    C:\WINDOWS\system32\ydotwxpn.exe
    C:\WINDOWS\system32\ysxvxyqk.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-13 13:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-13 12:28 2,054 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-13 11:30 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-11-13 11:30 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-11-13 11:30 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-11-13 11:30 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-11-13 11:30 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-13 11:30 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-11-13 11:29 <REP> d-------- C:\Program Files\Avast4
    2007-11-13 11:29 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-11-13 11:00 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-07 15:35 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2007-11-07 15:35 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2007-11-07 15:35 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-11-07 15:35 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
    2007-11-07 15:35 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
    2007-11-07 15:35 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
    2007-11-07 15:35 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-10-31 17:50 <REP> d-------- C:\WINDOWS\system32\DllCache
    2007-10-31 16:45 584,192 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll
    2007-10-31 16:31 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-13 17:34 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-11-13 13:49 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\.gaim
    2007-11-08 14:29 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\AdobeUM
    2007-11-07 16:00 --------- d--h--w C:\Program Files\Installshield Installation Information
    2007-11-05 13:22 --------- d-----w C:\Program Files\e-Campaign 6
    2007-10-22 10:08 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\e-Campaign
    2007-10-17 10:32 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\dvdcss
    2007-10-12 13:24 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\vlc
    2007-10-12 13:12 --------- d-----w C:\Program Files\VideoLAN
    2007-10-09 10:05 --------- d-----w C:\Program Files\Winamp
    2007-10-02 12:02 --------- d-----w C:\Program Files\DVDx
    2007-09-26 09:18 --------- d-----w C:\Program Files\The Bitmap Brothers
    2007-09-17 12:34 --------- d-----w C:\Program Files\eMule
    2007-09-17 10:45 --------- d-----w C:\Documents and Settings\ojarret.IRIS\Application Data\1&1
    2007-09-17 10:44 --------- d-----w C:\Program Files\1&1
    2007-09-17 08:22 --------- d-----w C:\Program Files\Java
    2007-09-14 12:29 --------- d-----w C:\Program Files\Gabest
    2007-09-14 12:25 --------- d-----w C:\Program Files\AviSynth 2.5
    2007-09-14 12:22 --------- d-----w C:\Program Files\Morgan
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-13_13.21.44.79 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-14 09:35:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4d8.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
    "avast!"="C:\Program Files\Avast4\ashDisp.exe" [2007-09-06 12:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-25 19:11]
    "1&1 Connexion directe"="C:\Program Files\1&1\1&1 Connexion directe\EasyLogin.exe" [2007-06-25 12:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "LSD_III"=%systemroot%\LSD\end.cmd
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-14 10:36:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-14 10:38:08 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-13 18:34
    C:\ComboFix3.txt ... 2007-11-13 13:23
    .
    --- E O F ---

    Et HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:38, on 2007-11-14
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avast4\ashMaiSv.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\1&1\1&1 Connexion directe\EasyLogin.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [1&1 Connexion directe] "C:\Program Files\1&1\1&1 Connexion directe\EasyLogin.exe" HIDE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Iris.com
    O17 - HKLM\Software\..\Telephony: DomainName = Iris.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{861EE201-9CA4-4FB7-A966-42A467B64F07}: Domain = IRIS.COM
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Iris.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Iris.com
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    --
    End of file - 4844 bytes
    14 Novembre 2007 17:43:25

    Et re again !

    La tranquilité règne sur mon poste de travail.... Tout est calme et tranquille... J'enlève Avast, il ne résiste pas... J'installe Antivir, qui prend gentiment possession de ma machine... Et je lui fait faire un scan complet...

    tu trouveras ci-dessous le rapport... 59 alertes, 1 mise en garde, et tout balancé en quarantaine... Comment faire maintenant pour virer dé-fi-ni-ti-ve-ment ces p**** de fichiers vérolés ? Je peux effacer ce qu'il a mis en quarantaine ? Ou bien dois-je encore faire attention ?

    En tous cas, merci, une nouvelle fois, mille nouvelles fois... Angeldark, prince de la désinfection !
    :-)


    Rapport d'Antivir :



    AntiVir PersonalEdition Classic
    Report file date: mercredi 14 novembre 2007 15:10

    Scanning for 928939 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: ACTE2

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:06:22
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:06:22
    ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 14:06:23
    ANTIVIR3.VDF : 7.0.0.214 56320 Bytes 14/11/2007 14:06:23
    AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 14/11/2007 14:06:24
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: F:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 14 novembre 2007 15:10

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'acrotray.exe' - '1' Module(s) have been scanned
    Scan process 'EasyLogin.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    27 processes with 27 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'F:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '28' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\qoobox\Quarantine\catchme2007-11-13_132034.10.zip
    [0] Archive type: ZIP
    --> __c00CE100.dat
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    --> pmnll.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DQC
    [INFO] The file was moved to '47af1d94.qua'!
    C:\qoobox\Quarantine\catchme2007-11-14_103638.01.zip
    [DETECTION] Is the Trojan horse TR/BHO.Agent.AW
    [INFO] The file was moved to '47af1d9c.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\bfkatkyl.dll.vir
    [DETECTION] Is the Trojan horse TR/BHO.SK
    [INFO] The file was moved to '47a61da7.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\bfpplagk.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '47ab1db0.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\dfhpayym.exe.vir
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '47a31db4.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\dkkhwppt.exe.vir
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '47a61db9.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\dnceberl.exe.vir
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '479e1dbd.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\dwgenimy.dll.vir
    [DETECTION] Is the Trojan horse TR/Spy.Vundo.79937
    [INFO] The file was moved to '47a21dc6.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\dyyqvrsy.dll.vir
    [DETECTION] Is the Trojan horse TR/BHO.Agent.AW
    [INFO] The file was moved to '47b41dc9.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\evmtacre.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '47a81dc6.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\hkiwunqr.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '47a41dbb.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\ijuahnpn.dll.vir
    [DETECTION] Is the Trojan horse TR/Agent.AFSK
    [INFO] The file was moved to '47b01dba.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\ippndynb.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '47ab1dc1.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\lbhgsmqy.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '47a31db3.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\mabhdkgy.exe.vir
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '479d1db2.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\mljigef.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.dlu
    [INFO] The file was moved to '47a51dbe.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\mxwweleb.dll.vir
    [DETECTION] Is the Trojan horse TR/Spy.Vundo.79936
    [INFO] The file was moved to '47b21dca.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\ojfyktln.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '47a11dbc.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\oqmkphgl.exe.vir
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '47a81dc4.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\pmnll.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '47a91dc0.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\sodylbob.dll.vir
    [DETECTION] Is the Trojan horse TR/Agent.AFTJ
    [INFO] The file was moved to '479f1dc3.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\swtjfqip.dll.vir
    [DETECTION] Is the Trojan horse TR/BHO.Agent.AW
    [INFO] The file was moved to '47af1dcb.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\vvhvaddq.dll.vir
    [DETECTION] Is the Trojan horse TR/Agent.AFSP
    [INFO] The file was moved to '47a31dca.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\whisoawa.exe.vir
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '47a41dbd.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\wqhybcrb.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '47a31dc6.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\ydotwxpn.exe.vir
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '47aa1db9.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\__c003FDC4.dat.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '479e1db5.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\__c004E6B1.dat.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '461e5f5e.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\__c007928.dat.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '479e1db7.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\__c00AD620.dat.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '479e1db6.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\__c00CE100.dat.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '461e5f5f.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\__c00E7953.dat.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '479e1d88.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\__c00EFAC2.dat.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '461e5f61.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP2\A0000010.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '476b1d8d.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP2\A0000011.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '476b1d8e.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP2\A0000012.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '46152a57.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP2\A0000013.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '476b1d80.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP2\A0000014.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '46152a59.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP2\A0000015.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.dlu
    [INFO] The file was moved to '476b1d8f.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP2\A0000016.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '46152a48.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP2\A0000017.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '476b1d91.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP2\A0000021.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DQC
    [INFO] The file was moved to '46152a4a.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000149.dll
    [DETECTION] Is the Trojan horse TR/BHO.SK
    [INFO] The file was moved to '476b1d96.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000151.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '476b1d97.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000152.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '46152a40.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000154.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '476b1d99.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000155.dll
    [DETECTION] Is the Trojan horse TR/Spy.Vundo.79937
    [INFO] The file was moved to '46152a42.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000156.dll
    [DETECTION] Is the Trojan horse TR/BHO.Agent.AW
    [INFO] The file was moved to '476b1d98.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000157.dll
    [DETECTION] Is the Trojan horse TR/Agent.AFSK
    [INFO] The file was moved to '46152a41.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000158.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '476b1d9a.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000159.dll
    [DETECTION] Is the Trojan horse TR/Spy.Vundo.79936
    [INFO] The file was moved to '46152a43.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000161.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '46152b7a.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000164.dll
    [DETECTION] Is the Trojan horse TR/Agent.AFTJ
    [INFO] The file was moved to '476b1d9b.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000166.dll
    [DETECTION] Is the Trojan horse TR/Agent.AFSP
    [INFO] The file was moved to '46152b7b.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000167.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '476b1d9c.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000169.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '46152b7d.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000174.dll
    [DETECTION] Is the Trojan horse TR/BHO.Agent.AW
    [INFO] The file was moved to '46152b7c.qua'!
    C:\System Volume Information\_restore{D1605A38-6B68-4E7E-9EB4-8C3D46498152}\RP3\A0000180.dll
    [DETECTION] Is the Trojan horse TR/BHO.Agent.AW
    [INFO] The file was moved to '476b1d9d.qua'!
    Begin scan in 'F:\' <DONNEES>


    End of the scan: mercredi 14 novembre 2007 17:25
    Used time: 2:15:48 min

    The scan has been done completely.

    4790 Scanning directories
    249596 Files were scanned
    59 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    58 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    249537 Files not concerned
    1692 Archives were scanned
    1 Warnings
    16 Notes

    a b 8 Sécurité
    15 Novembre 2007 13:45:33

    Reposte un rapport Hijackthis :) 
    16 Novembre 2007 11:05:58

    Sa seigneurerie Dark ;) 
    Voici le rapport de nos agents infiltrés en machine... en particulier du petit Hijack, sondeur des profondeurs des machines...
    Bien à vous !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:42, on 2007-11-16
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\e-Campaign 6\eCampaign.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Gaim\gaim.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Iris.com
    O17 - HKLM\Software\..\Telephony: DomainName = Iris.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{861EE201-9CA4-4FB7-A966-42A467B64F07}: Domain = IRIS.COM
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Iris.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Iris.com
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    --
    End of file - 4756 bytes
    a b 8 Sécurité
    16 Novembre 2007 18:03:52

    C'est mieux ?
    18 Novembre 2007 20:24:00

    et voila j ai le meme probleme:(  foutu triangle jaune koi faire!!!! merci a l avance
    19 Novembre 2007 10:24:08

    Salut Angel...

    Je suis un peu étonné par ton dernier post... C'est mieux, c'est mieux ? Ben j'en sais rien !! Ce qui est sur, c'est que je n'ai plus de triangle, plus de pop-up intempestives, rien de tout cela... Donc pour moi, c'est plus que mieux, c'est carrément parfait !!

    Mais pour la désinfection complète du système, je suis obligé de m'en remettre à toi, car les rapports que je poste à ta demande sont du chinois (ou du mandarin, ou du coréen... mais également du hongrois, ou du sri-lankais... Je ne parle aucune de ces langues...)...

    Donc si à la vue de ces derniers posts tu penses que la désinfection est complète, laisse moi juste un mot, et je me ferai un plaisir de modifier le titre du post en ajoutant un gros "RESOLU" devant...
    Voilà, merci mille fois à nouveau, et bonne journée...
    a b 8 Sécurité
    19 Novembre 2007 18:26:23

    Si je t'ai dit ça, c'est que c'est ok de mon côté ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS