mamquentin

Merci Apollon pour ta réponse.

Bonjour, Pour son lycée, ma fille doit exploiter des MP4 (minis scènes filmées avec une petite caméra achetée le mois dernier). Ces petits films sont au format MP4 mais le logiciel qu'elle doit utiliser "Windows Movie Maker" ne prend pas en charge ce format. Pouvez vous me conseiller un logiciel de conversion "GRATUIT" et qui ne laisse pas de trace sur les films convertis (certains gratuits laissent le nom du logiciel tant qu'il n'est pas payé). Je vous remercie par avance pour votre réponse. Cordialement. PS : Si possible pas de logiciel avec SPAM car j'ai du mal à les supprimer ensuite

Voici le rapport de TDSSKiller 22:54:23:875 0292 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31 22:54:23:875 0292 ================================================================================ 22:54:23:875 0292 SystemInfo: 22:54:23:875 0292 OS Version: 5.1.2600 ServicePack: 3.0 22:54:23:875 0292 Product type: Workstation 22:54:23:875 0292 ComputerName: SN100093960318 22:54:23:875 0292 UserName: mss 22:54:23:875 0292 Windows directory: C:\WINDOWS 22:54:23:875 0292 Processor architecture: Intel x86 22:54:23:875 0292 Number of processors: 1 22:54:23:875 0292 Page size: 0x1000 22:54:23:890 0292 Boot type: Normal boot 22:54:23:890 0292 ================================================================================ 22:54:24:046 0292 UnloadDriverW: NtUnloadDriver error 2 22:54:24:046 0292 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 22:54:24:046 0292 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 22:54:24:250 0292 UtilityInit: KLMD drop and load success 22:54:24:250 0292 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010) 22:54:24:250 0292 UtilityInit: KLMD open success 22:54:24:250 0292 UtilityInit: Initialize success 22:54:24:250 0292 22:54:24:250 0292 Scanning Services ... 22:54:24:250 0292 CreateRegParser: Registry parser init started 22:54:24:250 0292 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 22:54:24:250 0292 CreateRegParser: DisableWow64Redirection error 22:54:24:250 0292 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 22:54:24:250 0292 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 22:54:24:250 0292 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 22:54:24:250 0292 wfopen_ex: Trying to KLMD file open 22:54:24:250 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 22:54:24:250 0292 wfopen_ex: File opened ok (Flags 2) 22:54:24:250 0292 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 394938 22:54:24:250 0292 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 22:54:24:250 0292 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 22:54:24:250 0292 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 22:54:24:250 0292 wfopen_ex: Trying to KLMD file open 22:54:24:250 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 22:54:24:250 0292 wfopen_ex: File opened ok (Flags 2) 22:54:24:250 0292 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 3949E0 22:54:24:250 0292 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 22:54:24:250 0292 CreateRegParser: EnableWow64Redirection error 22:54:24:250 0292 CreateRegParser: RegParser init completed 22:54:24:828 0292 GetAdvancedServicesInfo: Raw services enum returned 408 services 22:54:24:859 0292 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 22:54:24:859 0292 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 22:54:24:859 0292 22:54:24:859 0292 Scanning Kernel memory ... 22:54:24:875 0292 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 22:54:24:875 0292 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 836B6B60 22:54:24:875 0292 DetectCureTDL3: KLMD_GetDeviceObjectList returned 10 DevObjects 22:54:24:875 0292 22:54:24:875 0292 DetectCureTDL3: DEVICE_OBJECT: 827F4A70 22:54:24:875 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 827F4A70 22:54:24:875 0292 KLMD_ReadMem: Trying to ReadMemory 0x827F4A70[0x38] 22:54:24:875 0292 DetectCureTDL3: DRIVER_OBJECT: 836B6B60 22:54:24:875 0292 KLMD_ReadMem: Trying to ReadMemory 0x836B6B60[0xA8] 22:54:24:875 0292 KLMD_ReadMem: Trying to ReadMemory 0xE1F64820[0x18] 22:54:24:875 0292 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_CREATE : F877CBB0 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_CLOSE : F877CBB0 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_READ : F8776D1F 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_WRITE : F8776D1F 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_SET_EA : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F87772E2 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F87773BB 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F877AF28 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_SHUTDOWN : F87772E2 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_POWER : F8778C82 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F877D99E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA88E 22:54:24:875 0292 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA88E 22:54:24:875 0292 TDL3_FileDetect: Processing driver: Disk 22:54:24:875 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:875 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:890 0292 TDL3_FileDetect: Processing driver: Disk 22:54:24:890 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:890 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:906 0292 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 22:54:24:906 0292 22:54:24:906 0292 DetectCureTDL3: DEVICE_OBJECT: 827F2030 22:54:24:906 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 827F2030 22:54:24:906 0292 KLMD_ReadMem: Trying to ReadMemory 0x827F2030[0x38] 22:54:24:906 0292 DetectCureTDL3: DRIVER_OBJECT: 836B6B60 22:54:24:906 0292 KLMD_ReadMem: Trying to ReadMemory 0x836B6B60[0xA8] 22:54:24:906 0292 KLMD_ReadMem: Trying to ReadMemory 0xE1F64820[0x18] 22:54:24:906 0292 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_CREATE : F877CBB0 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_CLOSE : F877CBB0 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_READ : F8776D1F 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_WRITE : F8776D1F 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_SET_EA : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F87772E2 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F87773BB 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F877AF28 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_SHUTDOWN : F87772E2 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_POWER : F8778C82 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F877D99E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA88E 22:54:24:906 0292 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA88E 22:54:24:906 0292 TDL3_FileDetect: Processing driver: Disk 22:54:24:906 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:906 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:906 0292 TDL3_FileDetect: Processing driver: Disk 22:54:24:906 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:906 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:921 0292 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 22:54:24:921 0292 22:54:24:921 0292 DetectCureTDL3: DEVICE_OBJECT: 82B7D030 22:54:24:921 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82B7D030 22:54:24:921 0292 KLMD_ReadMem: Trying to ReadMemory 0x82B7D030[0x38] 22:54:24:921 0292 DetectCureTDL3: DRIVER_OBJECT: 836B6B60 22:54:24:921 0292 KLMD_ReadMem: Trying to ReadMemory 0x836B6B60[0xA8] 22:54:24:921 0292 KLMD_ReadMem: Trying to ReadMemory 0xE1F64820[0x18] 22:54:24:921 0292 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_CREATE : F877CBB0 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_CLOSE : F877CBB0 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_READ : F8776D1F 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_WRITE : F8776D1F 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SET_EA : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F87772E2 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F87773BB 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F877AF28 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SHUTDOWN : F87772E2 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_POWER : F8778C82 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F877D99E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA88E 22:54:24:921 0292 TDL3_FileDetect: Processing driver: Disk 22:54:24:921 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:921 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:921 0292 TDL3_FileDetect: Processing driver: Disk 22:54:24:921 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:921 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:921 0292 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 22:54:24:921 0292 22:54:24:921 0292 DetectCureTDL3: DEVICE_OBJECT: 82B7F030 22:54:24:921 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82B7F030 22:54:24:921 0292 KLMD_ReadMem: Trying to ReadMemory 0x82B7F030[0x38] 22:54:24:921 0292 DetectCureTDL3: DRIVER_OBJECT: 836B6B60 22:54:24:921 0292 KLMD_ReadMem: Trying to ReadMemory 0x836B6B60[0xA8] 22:54:24:921 0292 KLMD_ReadMem: Trying to ReadMemory 0xE1F64820[0x18] 22:54:24:921 0292 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_CREATE : F877CBB0 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_CLOSE : F877CBB0 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_READ : F8776D1F 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_WRITE : F8776D1F 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SET_EA : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F87772E2 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F87773BB 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F877AF28 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SHUTDOWN : F87772E2 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_POWER : F8778C82 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F877D99E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA88E 22:54:24:921 0292 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA88E 22:54:24:921 0292 TDL3_FileDetect: Processing driver: Disk 22:54:24:921 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:921 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:937 0292 TDL3_FileDetect: Processing driver: Disk 22:54:24:937 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:937 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:24:937 0292 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 22:54:24:937 0292 22:54:24:937 0292 DetectCureTDL3: DEVICE_OBJECT: 830A88A0 22:54:24:937 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 830A88A0 22:54:24:937 0292 DetectCureTDL3: DEVICE_OBJECT: 82824A60 22:54:24:937 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82824A60 22:54:24:937 0292 KLMD_ReadMem: Trying to ReadMemory 0x82824A60[0x38] 22:54:24:937 0292 DetectCureTDL3: DRIVER_OBJECT: 82826848 22:54:24:937 0292 KLMD_ReadMem: Trying to ReadMemory 0x82826848[0xA8] 22:54:24:937 0292 KLMD_ReadMem: Trying to ReadMemory 0xE20C5420[0x1E] 22:54:24:937 0292 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_CREATE : F89E3218 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_CLOSE : F89E3218 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_READ : F89E323C 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_WRITE : F89E323C 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_SET_EA : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F89E3180 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F89DE9E6 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_POWER : F89E25F0 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F89E0A6E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA88E 22:54:24:937 0292 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA88E 22:54:24:937 0292 TDL3_FileDetect: Processing driver: USBSTOR 22:54:24:937 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:937 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:968 0292 KLMD_ReadMem: Trying to ReadMemory 0xF89DFF26[0x400] 22:54:24:968 0292 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 22:54:24:968 0292 TDL3_FileDetect: Processing driver: USBSTOR 22:54:24:968 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:968 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:968 0292 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 22:54:24:968 0292 22:54:24:968 0292 DetectCureTDL3: DEVICE_OBJECT: 82829AB8 22:54:24:968 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82829AB8 22:54:24:968 0292 DetectCureTDL3: DEVICE_OBJECT: 82828EA0 22:54:24:968 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82828EA0 22:54:24:968 0292 KLMD_ReadMem: Trying to ReadMemory 0x82828EA0[0x38] 22:54:24:968 0292 DetectCureTDL3: DRIVER_OBJECT: 82826848 22:54:24:968 0292 KLMD_ReadMem: Trying to ReadMemory 0x82826848[0xA8] 22:54:24:968 0292 KLMD_ReadMem: Trying to ReadMemory 0xE20C5420[0x1E] 22:54:24:968 0292 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_CREATE : F89E3218 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_CLOSE : F89E3218 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_READ : F89E323C 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_WRITE : F89E323C 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SET_EA : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F89E3180 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F89DE9E6 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_POWER : F89E25F0 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F89E0A6E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA88E 22:54:24:968 0292 TDL3_FileDetect: Processing driver: USBSTOR 22:54:24:968 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:968 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:968 0292 KLMD_ReadMem: Trying to ReadMemory 0xF89DFF26[0x400] 22:54:24:968 0292 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 22:54:24:968 0292 TDL3_FileDetect: Processing driver: USBSTOR 22:54:24:968 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:968 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:968 0292 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 22:54:24:968 0292 22:54:24:968 0292 DetectCureTDL3: DEVICE_OBJECT: 82B7F950 22:54:24:968 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82B7F950 22:54:24:968 0292 DetectCureTDL3: DEVICE_OBJECT: 82B7AEA0 22:54:24:968 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82B7AEA0 22:54:24:968 0292 KLMD_ReadMem: Trying to ReadMemory 0x82B7AEA0[0x38] 22:54:24:968 0292 DetectCureTDL3: DRIVER_OBJECT: 82826848 22:54:24:968 0292 KLMD_ReadMem: Trying to ReadMemory 0x82826848[0xA8] 22:54:24:968 0292 KLMD_ReadMem: Trying to ReadMemory 0xE20C5420[0x1E] 22:54:24:968 0292 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_CREATE : F89E3218 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_CLOSE : F89E3218 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_READ : F89E323C 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_WRITE : F89E323C 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SET_EA : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F89E3180 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F89DE9E6 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_POWER : F89E25F0 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F89E0A6E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA88E 22:54:24:968 0292 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA88E 22:54:24:968 0292 TDL3_FileDetect: Processing driver: USBSTOR 22:54:24:968 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:968 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:984 0292 KLMD_ReadMem: Trying to ReadMemory 0xF89DFF26[0x400] 22:54:24:984 0292 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 22:54:24:984 0292 TDL3_FileDetect: Processing driver: USBSTOR 22:54:24:984 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:984 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:984 0292 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 22:54:24:984 0292 22:54:24:984 0292 DetectCureTDL3: DEVICE_OBJECT: 827F28B8 22:54:24:984 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 827F28B8 22:54:24:984 0292 DetectCureTDL3: DEVICE_OBJECT: 830B1DC8 22:54:24:984 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 830B1DC8 22:54:24:984 0292 KLMD_ReadMem: Trying to ReadMemory 0x830B1DC8[0x38] 22:54:24:984 0292 DetectCureTDL3: DRIVER_OBJECT: 82826848 22:54:24:984 0292 KLMD_ReadMem: Trying to ReadMemory 0x82826848[0xA8] 22:54:24:984 0292 KLMD_ReadMem: Trying to ReadMemory 0xE20C5420[0x1E] 22:54:24:984 0292 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_CREATE : F89E3218 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_CLOSE : F89E3218 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_READ : F89E323C 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_WRITE : F89E323C 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_SET_EA : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F89E3180 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F89DE9E6 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_POWER : F89E25F0 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F89E0A6E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA88E 22:54:24:984 0292 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA88E 22:54:24:984 0292 TDL3_FileDetect: Processing driver: USBSTOR 22:54:24:984 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:24:984 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:25:000 0292 KLMD_ReadMem: Trying to ReadMemory 0xF89DFF26[0x400] 22:54:25:000 0292 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 22:54:25:000 0292 TDL3_FileDetect: Processing driver: USBSTOR 22:54:25:000 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:25:000 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:54:25:000 0292 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 22:54:25:000 0292 22:54:25:000 0292 DetectCureTDL3: DEVICE_OBJECT: 836ADC68 22:54:25:000 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 836ADC68 22:54:25:000 0292 KLMD_ReadMem: Trying to ReadMemory 0x836ADC68[0x38] 22:54:25:000 0292 DetectCureTDL3: DRIVER_OBJECT: 836B6B60 22:54:25:000 0292 KLMD_ReadMem: Trying to ReadMemory 0x836B6B60[0xA8] 22:54:25:000 0292 KLMD_ReadMem: Trying to ReadMemory 0xE1F64820[0x18] 22:54:25:000 0292 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_CREATE : F877CBB0 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_CLOSE : F877CBB0 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_READ : F8776D1F 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_WRITE : F8776D1F 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_SET_EA : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F87772E2 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F87773BB 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F877AF28 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_SHUTDOWN : F87772E2 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_POWER : F8778C82 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F877D99E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA88E 22:54:25:000 0292 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA88E 22:54:25:000 0292 TDL3_FileDetect: Processing driver: Disk 22:54:25:000 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:25:000 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:25:000 0292 TDL3_FileDetect: Processing driver: Disk 22:54:25:000 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:25:000 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 22:54:25:015 0292 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 22:54:25:015 0292 22:54:25:015 0292 DetectCureTDL3: DEVICE_OBJECT: 836B6488 22:54:25:015 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 836B6488 22:54:25:015 0292 DetectCureTDL3: DEVICE_OBJECT: 8376A9A0 22:54:25:015 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8376A9A0 22:54:25:015 0292 DetectCureTDL3: DEVICE_OBJECT: 8375FD98 22:54:25:015 0292 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8375FD98 22:54:25:015 0292 KLMD_ReadMem: Trying to ReadMemory 0x8375FD98[0x38] 22:54:25:015 0292 DetectCureTDL3: DRIVER_OBJECT: 83765660 22:54:25:015 0292 KLMD_ReadMem: Trying to ReadMemory 0x83765660[0xA8] 22:54:25:015 0292 KLMD_ReadMem: Trying to ReadMemory 0xE1EBB648[0x1A] 22:54:25:015 0292 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_CREATE : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_CLOSE : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_READ : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_WRITE : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_QUERY_EA : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_SET_EA : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_SHUTDOWN : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_CLEANUP : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_SET_SECURITY : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_POWER : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 8357B008 22:54:25:015 0292 DetectCureTDL3: IRP_MJ_SET_QUOTA : 8357B008 22:54:25:015 0292 TDL3_FileDetect: Processing driver: atapi 22:54:25:015 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 22:54:25:015 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 22:54:25:015 0292 DetectCureTDL3: All IRP handlers pointed to one addr: 8357B008 22:54:25:015 0292 KLMD_ReadMem: Trying to ReadMemory 0x8357B008[0x400] 22:54:25:015 0292 TDL3_IrpHookDetect: CheckParameters: 0, 0, 0, 0, 0, 0 22:54:25:015 0292 KLMD_ReadMem: Trying to ReadMemory 0xF85E57C6[0x400] 22:54:25:015 0292 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 22:54:25:015 0292 TDL3_FileDetect: Processing driver: atapi 22:54:25:015 0292 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 22:54:25:015 0292 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 22:54:25:031 0292 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean 22:54:25:031 0292 22:54:25:031 0292 Completed 22:54:25:031 0292 22:54:25:031 0292 Results: 22:54:25:031 0292 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 22:54:25:031 0292 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 22:54:25:031 0292 File objects infected / cured / cured on reboot: 0 / 0 / 0 22:54:25:031 0292 22:54:25:031 0292 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 22:54:25:031 0292 UtilityDeinit: KLMD(ARK) unloaded successfully et je dispose de 512Mo de RAM ... c'est pas bcp malheureusement Je viens de passer en mémoire vive personnalisée à 1024 en taille initiale et maximale. Je reboote mon ordinateur.

Bonsoir, Je ne sais pas si je suis tranquille au niveau des virus ? J'ai fait un Defrag cet apres midi mais je trouve que l'ordi est toujours lent dès que l'on fait une action. Les fenêtres arrivent lentement ... est-ce lié aux différents virus trouvés ? Une petite question : Dois-je laisser les virus trouvés à l'état "quarantaine" ? ou dois-je les supprimer définitivement. Merci pour ce dernier renseignement, je suis bien consciente que je ne suis pas la seule personne à avoir des soucis.

Voici le résultat du scan COMPLET - Apparemment il y avait encore des virus ! c'est bizarre !? Avira AntiVir Personal Date de création du fichier de rapport : vendredi 19 février 2010 16:03 La recherche porte sur 1774441 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : SN100093960318 Informations de version : BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:25:46 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 14:52:20 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 14:52:33 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 14:52:37 VBASE004.VDF : 7.10.3.76 2048 Bytes 26/01/2010 14:52:37 VBASE005.VDF : 7.10.3.77 2048 Bytes 26/01/2010 14:52:37 VBASE006.VDF : 7.10.3.78 2048 Bytes 26/01/2010 14:52:37 VBASE007.VDF : 7.10.3.79 2048 Bytes 26/01/2010 14:52:37 VBASE008.VDF : 7.10.3.80 2048 Bytes 26/01/2010 14:52:37 VBASE009.VDF : 7.10.3.81 2048 Bytes 26/01/2010 14:52:38 VBASE010.VDF : 7.10.3.82 2048 Bytes 26/01/2010 14:52:38 VBASE011.VDF : 7.10.3.83 2048 Bytes 26/01/2010 14:52:38 VBASE012.VDF : 7.10.3.84 2048 Bytes 26/01/2010 14:52:38 VBASE013.VDF : 7.10.3.85 2048 Bytes 26/01/2010 14:52:38 VBASE014.VDF : 7.10.3.122 172544 Bytes 29/01/2010 14:52:39 VBASE015.VDF : 7.10.3.149 79872 Bytes 01/02/2010 14:52:39 VBASE016.VDF : 7.10.3.174 68608 Bytes 03/02/2010 14:52:40 VBASE017.VDF : 7.10.3.199 76800 Bytes 04/02/2010 14:52:40 VBASE018.VDF : 7.10.3.222 64512 Bytes 05/02/2010 14:52:40 VBASE019.VDF : 7.10.3.243 75776 Bytes 08/02/2010 14:52:41 VBASE020.VDF : 7.10.4.6 81920 Bytes 09/02/2010 14:52:41 VBASE021.VDF : 7.10.4.30 78848 Bytes 11/02/2010 14:52:42 VBASE022.VDF : 7.10.4.50 107520 Bytes 15/02/2010 14:52:42 VBASE023.VDF : 7.10.4.62 105472 Bytes 15/02/2010 14:52:43 VBASE024.VDF : 7.10.4.85 111616 Bytes 17/02/2010 14:52:43 VBASE025.VDF : 7.10.4.86 2048 Bytes 17/02/2010 14:52:43 VBASE026.VDF : 7.10.4.87 2048 Bytes 17/02/2010 14:52:43 VBASE027.VDF : 7.10.4.88 2048 Bytes 17/02/2010 14:52:43 VBASE028.VDF : 7.10.4.89 2048 Bytes 17/02/2010 14:52:43 VBASE029.VDF : 7.10.4.90 2048 Bytes 17/02/2010 14:52:44 VBASE030.VDF : 7.10.4.91 2048 Bytes 17/02/2010 14:52:44 VBASE031.VDF : 7.10.4.103 82432 Bytes 19/02/2010 14:52:44 Version du moteur : 8.2.1.170 AEVDF.DLL : 8.1.1.3 106868 Bytes 19/02/2010 14:52:54 AESCRIPT.DLL : 8.1.3.15 827771 Bytes 19/02/2010 14:52:54 AESCN.DLL : 8.1.4.0 127348 Bytes 19/02/2010 14:52:52 AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44 AERDL.DLL : 8.1.4.2 479602 Bytes 19/02/2010 14:52:52 AEPACK.DLL : 8.2.0.8 426357 Bytes 19/02/2010 14:52:51 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38 AEHEUR.DLL : 8.1.1.5 2326901 Bytes 19/02/2010 14:52:50 AEHELP.DLL : 8.1.10.0 237942 Bytes 19/02/2010 14:52:46 AEGEN.DLL : 8.1.1.86 369012 Bytes 19/02/2010 14:52:45 AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26 AECORE.DLL : 8.1.11.1 184694 Bytes 19/02/2010 14:52:45 AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:13:31 AVREP.DLL : 8.0.0.7 159784 Bytes 19/02/2010 14:52:54 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26 RCTEXT.DLL : 9.0.73.0 88321 Bytes 02/11/2009 15:58:32 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : vendredi 19 février 2010 16:03 La recherche d'objets cachés commence. '76037' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'msimn.exe' - '1' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'NclRSSrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'NclUSBSrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'ServiceLayer.exe' - '1' module(s) sont contrôlés Processus de recherche 'Watch.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'ALERTM~1.EXE' - '1' module(s) sont contrôlés Processus de recherche 'PollingModule.exe' - '1' module(s) sont contrôlés Processus de recherche 'Inactivity.exe' - '1' module(s) sont contrôlés Processus de recherche 'Toaster.exe' - '1' module(s) sont contrôlés Processus de recherche 'ComComp.exe' - '1' module(s) sont contrôlés Processus de recherche 'antipub.exe' - '1' module(s) sont contrôlés Processus de recherche 'GestionnaireInternet.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'PCSuite.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés Processus de recherche 'SUPERAntiSpyware.exe' - '1' module(s) sont contrôlés Processus de recherche 'TaskBarIcon.exe' - '1' module(s) sont contrôlés Processus de recherche 'V0610Mon.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'apdproxy.exe' - '1' module(s) sont contrôlés Processus de recherche 'QTTask.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'slserv.exe' - '1' module(s) sont contrôlés Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés Processus de recherche 'SeaPort.exe' - '1' module(s) sont contrôlés Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleUpdate.exe' - '1' module(s) sont contrôlés Processus de recherche 'HidService.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'FTRTSVC.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLMLService.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLMLServer.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLSched.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLCapSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'AOLacsd.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '60' processus ont été contrôlés avec '60' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD2 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD3 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD4 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '64' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <HDD> C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\Documents and Settings\mss\Mes documents\Mes fichiers reçus\photoshop\Crack et Keygen\Keygen Photoshop CS2 Fr.exe [RESULTAT] Contient le modèle de détection du ver WORM/Autorun.cxl C:\Program Files\eMule\Incoming\(Incl 04.02.2009 Update) Google Maps Nokia 5800.zip [0] Type d'archive: ZIP --> Setup.exe [1] Type d'archive: RSRC --> Object [2] Type d'archive: CAB (Microsoft) --> Install.exe [RESULTAT] Contient le cheval de Troie TR/Genome.bjgv C:\Program Files\eMule\Incoming\Avs4You Keygen (Incl 04.02.2009 Update).rar [0] Type d'archive: RAR --> crack\patch.exe [RESULTAT] Contient le cheval de Troie TR/Genome.bjgv C:\Program Files\eMule\Incoming\Clonedvd2 v2.9.1.9 Keygens (Multilenguaje) (Windows Xp-Vista Compatible) - By Danielloco.rar [0] Type d'archive: RAR --> KEYGEN 2.exe [RESULTAT] Contient le cheval de Troie TR/Renaz.79817 C:\Program Files\eMule\Incoming\Genuine Licence Nero 9 Trial.rar [0] Type d'archive: RAR --> Setup.exe [1] Type d'archive: RSRC [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen C:\Program Files\eMule\Incoming\Nero 9 Trial Crack.rar [0] Type d'archive: RAR --> Setup.exe [1] Type d'archive: RSRC [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen C:\Program Files\Navilog1\gnc.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen C:\WINDOWS\$NtServicePackUninstall$\ftp.exe [RESULTAT] Contient le cheval de Troie TR/Agent.49664.J C:\WINDOWS\system32\uxjscaczl.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen C:\WINDOWS\system32\vcprehre.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen C:\WINDOWS\system32\vmaiud.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen C:\WINDOWS\system32\drivers\atapi.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Début de la désinfection : C:\Documents and Settings\mss\Mes documents\Mes fichiers reçus\photoshop\Crack et Keygen\Keygen Photoshop CS2 Fr.exe [RESULTAT] Contient le modèle de détection du ver WORM/Autorun.cxl [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf7c756.qua' ! C:\Program Files\eMule\Incoming\(Incl 04.02.2009 Update) Google Maps Nokia 5800.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4becc73a.qua' ! C:\Program Files\eMule\Incoming\Avs4You Keygen (Incl 04.02.2009 Update).rar [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf1c767.qua' ! C:\Program Files\eMule\Incoming\Clonedvd2 v2.9.1.9 Keygens (Multilenguaje) (Windows Xp-Vista Compatible) - By Danielloco.rar [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bedc75d.qua' ! C:\Program Files\eMule\Incoming\Genuine Licence Nero 9 Trial.rar [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4becc756.qua' ! C:\Program Files\eMule\Incoming\Nero 9 Trial Crack.rar [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf0c759.qua' ! C:\Program Files\Navilog1\gnc.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4be1c762.qua' ! C:\WINDOWS\$NtServicePackUninstall$\ftp.exe [RESULTAT] Contient le cheval de Troie TR/Agent.49664.J [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4beec768.qua' ! C:\WINDOWS\system32\uxjscaczl.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4be8c76c.qua' ! C:\WINDOWS\system32\vcprehre.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4beec758.qua' ! C:\WINDOWS\system32\vmaiud.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bdfc762.qua' ! Fin de la recherche : vendredi 19 février 2010 18:14 Temps nécessaire: 2:04:24 Heure(s) La recherche a été effectuée intégralement 9960 Les répertoires ont été contrôlés 425208 Des fichiers ont été contrôlés 11 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 11 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 3 Impossible de contrôler des fichiers 425194 Fichiers non infectés 9064 Les archives ont été contrôlées 3 Avertissements 13 Consignes 76037 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés

Avast est désormais désinstallé et j'ai installé Antivir Le scan a donné ceci : Avira AntiVir Personal Date de création du fichier de rapport : vendredi 19 février 2010 15:54 La recherche porte sur 1774441 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : mss Nom de l'ordinateur : SN100093960318 Informations de version : BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:25:46 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 14:52:20 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 14:52:33 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 14:52:37 VBASE004.VDF : 7.10.3.76 2048 Bytes 26/01/2010 14:52:37 VBASE005.VDF : 7.10.3.77 2048 Bytes 26/01/2010 14:52:37 VBASE006.VDF : 7.10.3.78 2048 Bytes 26/01/2010 14:52:37 VBASE007.VDF : 7.10.3.79 2048 Bytes 26/01/2010 14:52:37 VBASE008.VDF : 7.10.3.80 2048 Bytes 26/01/2010 14:52:37 VBASE009.VDF : 7.10.3.81 2048 Bytes 26/01/2010 14:52:38 VBASE010.VDF : 7.10.3.82 2048 Bytes 26/01/2010 14:52:38 VBASE011.VDF : 7.10.3.83 2048 Bytes 26/01/2010 14:52:38 VBASE012.VDF : 7.10.3.84 2048 Bytes 26/01/2010 14:52:38 VBASE013.VDF : 7.10.3.85 2048 Bytes 26/01/2010 14:52:38 VBASE014.VDF : 7.10.3.122 172544 Bytes 29/01/2010 14:52:39 VBASE015.VDF : 7.10.3.149 79872 Bytes 01/02/2010 14:52:39 VBASE016.VDF : 7.10.3.174 68608 Bytes 03/02/2010 14:52:40 VBASE017.VDF : 7.10.3.199 76800 Bytes 04/02/2010 14:52:40 VBASE018.VDF : 7.10.3.222 64512 Bytes 05/02/2010 14:52:40 VBASE019.VDF : 7.10.3.243 75776 Bytes 08/02/2010 14:52:41 VBASE020.VDF : 7.10.4.6 81920 Bytes 09/02/2010 14:52:41 VBASE021.VDF : 7.10.4.30 78848 Bytes 11/02/2010 14:52:42 VBASE022.VDF : 7.10.4.50 107520 Bytes 15/02/2010 14:52:42 VBASE023.VDF : 7.10.4.62 105472 Bytes 15/02/2010 14:52:43 VBASE024.VDF : 7.10.4.85 111616 Bytes 17/02/2010 14:52:43 VBASE025.VDF : 7.10.4.86 2048 Bytes 17/02/2010 14:52:43 VBASE026.VDF : 7.10.4.87 2048 Bytes 17/02/2010 14:52:43 VBASE027.VDF : 7.10.4.88 2048 Bytes 17/02/2010 14:52:43 VBASE028.VDF : 7.10.4.89 2048 Bytes 17/02/2010 14:52:43 VBASE029.VDF : 7.10.4.90 2048 Bytes 17/02/2010 14:52:44 VBASE030.VDF : 7.10.4.91 2048 Bytes 17/02/2010 14:52:44 VBASE031.VDF : 7.10.4.103 82432 Bytes 19/02/2010 14:52:44 Version du moteur : 8.2.1.170 AEVDF.DLL : 8.1.1.3 106868 Bytes 19/02/2010 14:52:54 AESCRIPT.DLL : 8.1.3.15 827771 Bytes 19/02/2010 14:52:54 AESCN.DLL : 8.1.4.0 127348 Bytes 19/02/2010 14:52:52 AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44 AERDL.DLL : 8.1.4.2 479602 Bytes 19/02/2010 14:52:52 AEPACK.DLL : 8.2.0.8 426357 Bytes 19/02/2010 14:52:51 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38 AEHEUR.DLL : 8.1.1.5 2326901 Bytes 19/02/2010 14:52:50 AEHELP.DLL : 8.1.10.0 237942 Bytes 19/02/2010 14:52:46 AEGEN.DLL : 8.1.1.86 369012 Bytes 19/02/2010 14:52:45 AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26 AECORE.DLL : 8.1.11.1 184694 Bytes 19/02/2010 14:52:45 AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:13:31 AVREP.DLL : 8.0.0.7 159784 Bytes 19/02/2010 14:52:54 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26 RCTEXT.DLL : 9.0.73.0 88321 Bytes 02/11/2009 15:58:32 Configuration pour la recherche actuelle : Nom de la tâche...............................: Bref contrôle système après installation Fichier de configuration......................: c:\program files\avira\antivir desktop\setupprf.dat Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: arrêt Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Sélection de fichiers intelligente Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : vendredi 19 février 2010 15:54 La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'msiexec.exe' - '1' module(s) sont contrôlés Processus de recherche 'NclRSSrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'NclUSBSrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'ServiceLayer.exe' - '1' module(s) sont contrôlés Processus de recherche 'Watch.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'ALERTM~1.EXE' - '1' module(s) sont contrôlés Processus de recherche 'PollingModule.exe' - '1' module(s) sont contrôlés Processus de recherche 'Inactivity.exe' - '1' module(s) sont contrôlés Processus de recherche 'Toaster.exe' - '1' module(s) sont contrôlés Processus de recherche 'ComComp.exe' - '1' module(s) sont contrôlés Processus de recherche 'antipub.exe' - '1' module(s) sont contrôlés Processus de recherche 'GestionnaireInternet.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'PCSuite.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés Processus de recherche 'SUPERAntiSpyware.exe' - '1' module(s) sont contrôlés Processus de recherche 'TaskBarIcon.exe' - '1' module(s) sont contrôlés Processus de recherche 'V0610Mon.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'apdproxy.exe' - '1' module(s) sont contrôlés Processus de recherche 'QTTask.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'slserv.exe' - '1' module(s) sont contrôlés Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés Processus de recherche 'SeaPort.exe' - '1' module(s) sont contrôlés Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleUpdate.exe' - '1' module(s) sont contrôlés Processus de recherche 'HidService.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'FTRTSVC.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLMLService.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLMLServer.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLSched.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLCapSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'AOLacsd.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '59' processus ont été contrôlés avec '59' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD2 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD3 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD4 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '71' fichiers). Fin de la recherche : vendredi 19 février 2010 15:54 Temps nécessaire: 00:30 Minute(s) La recherche a été effectuée intégralement 0 Les répertoires ont été contrôlés 130 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 0 Impossible de contrôler des fichiers 130 Fichiers non infectés 0 Les archives ont été contrôlées 0 Avertissements 0 Consignes Je n'ai plus Antispyware ? est-ce que ce logiciel était couplé avec Avast ? Antivir joue t'il le même rôle à lui tout seul ?

Et voici le second rapport (qui a été assez long). Mon ordi semble super lent ... ############################## | FindyKill V5.037 | # User : mss (Administrateurs) # SN100093960318 # Update on 18/02/2010 by El Desaparecido # Start at: 14:24:35 | 19/02/2010 # Website : http://pagesperso-orange.fr/NosTools/index.html # Contact : [email protected] # # # Internet Explorer 8.0.6001.18702 # Windows Firewall Status : Enabled ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\FTRTSVC.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe ################## | C: | ################## | C:\WINDOWS | ################## | C:\WINDOWS\Prefetch | ################## | C:\WINDOWS\system32 | ################## | C:\WINDOWS\system32\drivers | ################## | C:\Documents and Settings\mss\Application Data | Supprimé ! C:\Documents and Settings\mss\Application Data\drivers ################## | MD5 ... | ################## | CRC32 ... | ################## | Temporary Internet Files | ################## | Registre | Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\run] ################## | Etat | # Mode sans echec : OK # Affichage des fichiers cachés : OK # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) # EapHost -> Start = 2 ( Good = 2 | Bad = 4 ) # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | Fichiers corrompus # Réinstallation requise | ... OK ! ################## | Upload | Veuillez envoyer le fichier : C:\FindyKill_Upload_Me_SN100093960318.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution . ################## | ! Fin du rapport # FindyKill V5.037 ! |

Voici le premier rapport de FindyKill : ############################## | FindyKill V5.037 | # User : mss (Administrateurs) # SN100093960318 # Update on 18/02/2010 by El Desaparecido # Start at: 14:17:57 | 19/02/2010 # Website : http://pagesperso-orange.fr/NosTools/index.html # Contact : [email protected] # # # Internet Explorer 8.0.6001.18702 # Windows Firewall Status : Enabled ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\FTRTSVC.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\V0610Mon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Antipub\antipub.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe ################## | C: | ################## | C:\WINDOWS | ################## | C:\WINDOWS\Prefetch | ################## | C:\WINDOWS\system32 | ################## | C:\WINDOWS\system32\drivers | ################## | C:\Documents and Settings\mss\Application Data | C:\Documents and Settings\mss\Application Data\drivers ################## | Temporary Internet Files | ################## | Registre | [HKCU\Software\Local AppWizard-Generated Applications\run] [HKU\S-1-5-21-1816353710-3669559888-3047474470-1006\Software\Local AppWizard-Generated Applications\run] ################## | Etat | # Affichage des fichiers cachés : OK # Mode sans echec : OK # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) # EapHost -> Start = 2 ( Good = 2 | Bad = 4 ) # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | ! Fin du rapport # FindyKill V5.037 ! |

Merci pour le tps passé sur mon cas ... Installation I.E. 8 faite - Procédure OTM effectuée. Voici le résultat après redémarrage : All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== C:\Program Files\Bonjour folder moved successfully. File/Folder c:\documents and settings\mss\locals~1\temp\services.exe not found. ========== SERVICES/DRIVERS ========== Service Bonjour Service stopped successfully! Service Bonjour Service deleted successfully! ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Flash Media deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 115616 bytes ->Temporary Internet Files folder emptied: 13729421 bytes User: mss ->Temp folder emptied: 18634649 bytes ->Temporary Internet Files folder emptied: 7408267 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 40489209 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 36038 bytes User: Propriétaire %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 21273 bytes %systemroot%\System32 .tmp files removed: 21820067 bytes %systemroot%\System32\dllcache .tmp files removed: 12300800 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 66200 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23990736 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 132,00 mb OTM by OldTimer - Version 3.1.9.0 log created on 02192010_110740 Files moved on Reboot... File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_690.dat not found! Registry entries deleted on Reboot...

Bonjour, Désolée, hier soir je ne me sentais plus la force de continuer l'installation ... Donc, je repars ce matin sur tes conseils. J'installe I.E 8. Dois-je désinstaller Firefox ? dommage j'aimais bien ce navigateur. Le virus Bagle, l'ordinateur a été infecté en utilisant la messagerie MSN (en mars 2008 il me semble), ma fille a cliqué sur le en réception du fameux message qui apparait en pleine conversation MSN, du style "Clique sur cette photo..." Pour la désinfection, je m'étais inspiré de réponse de désinfection sur des forums (je ne sais plus lesquels car j'en avais consulté pas mal pour vérifier que les réponses étaient plus ou moins similaires). Ensuite, j'avais téléchargé des utilitaires et lancé des procédures d"analyse, de désinfection ... et au final, il me semblait bien en être débarrassée. Ce n'est pas le cas ?

Voici le résultat du dernier HIJACKTHIS : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:54:21, on 19/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\FT_Migration\MigrationAnalyzer\MigrationAnalyzer.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\V0610Mon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Antipub\antipub.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: My-Tool Toolbar - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - C:\Program Files\My-Tool\tbMy-T.dll O2 - BHO: My-Tool Toolbar - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - C:\Program Files\My-Tool\tbMy-T.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: My-Tool Toolbar - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - C:\Program Files\My-Tool\tbMy-T.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\mss\LOCALS~1\Temp\services.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MigrationAnalyzer] "C:\Program Files\FT_Migration\MigrationAnalyzer\MigrationAnalyzer.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [V0610Mon.exe] C:\WINDOWS\V0610Mon.exe O4 - HKLM\..\Run: [Live! Central 2] "C:\Program Files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" /mode2 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-1816353710-3669559888-3047474470-1006\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O4 - HKUS\S-1-5-21-1816353710-3669559888-3047474470-1006\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User '?') O4 - HKUS\S-1-5-21-1816353710-3669559888-3047474470-1006\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-1816353710-3669559888-3047474470-1006 Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User '?') O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: www.ebay.fr O15 - Trusted Zone: www.wanadoo.fr O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_E...l_v1-0-3-30.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Service Google Update (gupdate1c996a123102e) (gupdate1c996a123102e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component 1: PC-Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2 -- End of file - 13876 bytes L'ordinateur semble encore "ramer" au démarrage, c'est peut être normal !? Merci

Après le scan, voici le résultat et les fichiers mis en quarantaine : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3759 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 19/02/2010 01:41:44 mbam-log-2010-02-19 (01-41-44).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 188813 Temps écoulé: 46 minute(s), 59 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 8 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\bisoft (Worm.Bagle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr (Adware.édité) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f5jmwnzthi (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\mss\LOCALS~1\Temp\services.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Documents and Settings\mss\Application Data\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLYJG5QF\gibsvc[1].exe (Adware.édité) -> Quarantined and deleted successfully. C:\Documents and Settings\mss\Mes documents\Téléchargements\FunkyEmoticons_setup.exe (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\Documents and Settings\mss\Mes documents\clone\CloneDVD2Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Voici le rapport de LOP S&D - Option 4 avec le script : --------------------\\ Lop S&D 4.2.5-0 XP/Vista ( : ) USER : mss ( Administrator ) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [4] ( 19/02/2010| 0:23 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script C:\Program Files\AskTBar C:\DOCUME~1\mss\Favoris\isoHunt - IRC and Bit Torrent search engine.url \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ... C:\DOCUME~1\mss\Favoris\isoHunt - IRC and Bit Torrent search engine.url -> n'existe pas ! Supprime! - C:\Program Files\AskTBar \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [11/05/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ableton [18/11/2009|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [03/11/2007|15:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems [28/04/2009|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AMV Converter Studio [20/12/2005|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [17/03/2008|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [17/03/2008|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [28/04/2009|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU [09/02/2009|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon [12/02/2006|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY [06/01/2007|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ [01/01/2010|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative [03/09/2007|16:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [08/02/2009|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes [23/11/2009|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [18/02/2010|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater [06/12/2009|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations [07/11/2007|13:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [08/07/2008|15:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Knowledge Adventure [30/01/2009|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe [25/11/2009|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [04/02/2009|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero [20/10/2009|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia [02/09/2006|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [23/05/2009|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite [20/11/2005|23:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [16/08/2004|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [23/11/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [05/03/2008|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [27/06/2007|06:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [05/01/2009|00:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vivendi Universal Games [25/07/2006|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [16/08/2004|17:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [08/02/2008|17:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [16/08/2004|16:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [26/10/2005|12:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real [26/10/2005|12:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun [26/10/2005|12:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec [26/10/2005|12:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver [29/10/2009|23:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities [05/10/2007|18:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [29/10/2009|23:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Real [01/01/2005|01:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec [11/05/2008|17:12] C:\DOCUME~1\mss\APPLIC~1\Ableton [25/05/2008|13:15] C:\DOCUME~1\mss\APPLIC~1\Adobe [17/07/2007|18:46] C:\DOCUME~1\mss\APPLIC~1\AdobeUM [17/03/2008|22:22] C:\DOCUME~1\mss\APPLIC~1\Apple Computer [28/04/2009|12:00] C:\DOCUME~1\mss\APPLIC~1\AVS4YOU [13/02/2010|14:57] C:\DOCUME~1\mss\APPLIC~1\AVSMedia [09/02/2009|22:55] C:\DOCUME~1\mss\APPLIC~1\Babylon [29/11/2007|19:14] C:\DOCUME~1\mss\APPLIC~1\Canon [01/01/2010|18:07] C:\DOCUME~1\mss\APPLIC~1\Creative [26/10/2005|13:14] C:\DOCUME~1\mss\APPLIC~1\CyberLink [15/08/2009|13:53] C:\DOCUME~1\mss\APPLIC~1\DeepBurner [07/07/2008|13:36] C:\DOCUME~1\mss\APPLIC~1\DivX [13/05/2009|12:29] C:\DOCUME~1\mss\APPLIC~1\drivers [01/11/2006|15:37] C:\DOCUME~1\mss\APPLIC~1\Google [20/11/2005|12:35] C:\DOCUME~1\mss\APPLIC~1\Help [29/10/2009|23:47] C:\DOCUME~1\mss\APPLIC~1\Icones [16/08/2004|17:19] C:\DOCUME~1\mss\APPLIC~1\Identities [11/11/2009|11:33] C:\DOCUME~1\mss\APPLIC~1\InstallShield [08/08/2006|10:46] C:\DOCUME~1\mss\APPLIC~1\iShell [04/01/2006|21:50] C:\DOCUME~1\mss\APPLIC~1\Leadertech [24/05/2009|17:52] C:\DOCUME~1\mss\APPLIC~1\LG Electronics [24/11/2007|21:46] C:\DOCUME~1\mss\APPLIC~1\Macromedia [25/06/2008|19:18] C:\DOCUME~1\mss\APPLIC~1\Microsoft [28/08/2008|21:14] C:\DOCUME~1\mss\APPLIC~1\Mozilla [25/06/2008|19:18] C:\DOCUME~1\mss\APPLIC~1\MP-Manager [20/10/2009|21:04] C:\DOCUME~1\mss\APPLIC~1\Nokia [23/05/2009|12:36] C:\DOCUME~1\mss\APPLIC~1\PC Suite [26/10/2005|12:39] C:\DOCUME~1\mss\APPLIC~1\Real [01/01/2010|18:17] C:\DOCUME~1\mss\APPLIC~1\Reallusion [31/10/2007|12:50] C:\DOCUME~1\mss\APPLIC~1\Samsung [23/11/2008|19:00] C:\DOCUME~1\mss\APPLIC~1\Skype [04/01/2006|21:53] C:\DOCUME~1\mss\APPLIC~1\Sonic [26/10/2005|12:27] C:\DOCUME~1\mss\APPLIC~1\Sun [05/03/2008|11:44] C:\DOCUME~1\mss\APPLIC~1\SUPERAntiSpyware.com [20/11/2005|12:26] C:\DOCUME~1\mss\APPLIC~1\Symantec [02/11/2007|15:53] C:\DOCUME~1\mss\APPLIC~1\Teleca [01/05/2008|18:46] C:\DOCUME~1\mss\APPLIC~1\Template [04/08/2008|23:17] C:\DOCUME~1\mss\APPLIC~1\uTorrent [26/10/2005|12:33] C:\DOCUME~1\mss\APPLIC~1\You've Got Pictures Screensaver [16/08/2004|16:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [20/11/2005|12:42] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec [20/11/2005|23:35] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [12/02/2010 08:08][--ah-----] C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [03/11/2009 13:50][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ca5c843ed3862e.job [18/02/2010 23:17][--a------] C:\WINDOWS\tasks\Google Software Updater.job [26/10/2005 12:59][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job [26/10/2005 12:59][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job [18/02/2010 23:16][--ah-----] C:\WINDOWS\tasks\SA.DAT [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [18/11/2009|17:14] C:\Program Files\Adobe [06/03/2006|21:26] C:\Program Files\Alcohol Soft [27/06/2007|07:18] C:\Program Files\Alwil Software [18/02/2010|21:35] C:\Program Files\Antipub [01/01/2010|16:19] C:\Program Files\AOL 9.0 [26/10/2005|12:33] C:\Program Files\AOL Compagnon [28/04/2009|12:05] C:\Program Files\Apowersoft [17/03/2008|22:16] C:\Program Files\Apple Software Update [15/08/2009|13:21] C:\Program Files\Astonsoft [12/04/2007|22:43] C:\Program Files\Attansic [14/06/2006|21:14] C:\Program Files\Audacity [17/02/2010|22:04] C:\Program Files\AVS4YOU [18/02/2010|21:36] C:\Program Files\Barbie [14/07/2007|23:26] C:\Program Files\BitSpirit [17/03/2008|22:17] C:\Program Files\Bonjour [01/01/2010|16:19] C:\Program Files\BoontyGames [05/01/2007|22:33] C:\Program Files\C&E [27/06/2007|07:10] C:\Program Files\CCleaner [13/02/2010|14:56] C:\Program Files\Conduit [01/01/2010|16:47] C:\Program Files\Creative [26/10/2005|12:38] C:\Program Files\CyberLink [03/03/2007|16:03] C:\Program Files\denouvel [12/07/2009|20:56] C:\Program Files\DIFX [20/05/2007|16:15] C:\Program Files\Disc2Phone [05/01/2009|00:19] C:\Program Files\Disney Interactive [01/01/2010|16:19] C:\Program Files\DivX [08/02/2009|17:39] C:\Program Files\Elaborate Bytes [13/02/2010|14:43] C:\Program Files\eMule [15/06/2008|20:31] C:\Program Files\eToro [13/01/2010|23:05] C:\Program Files\Fichiers communs [25/03/2007|14:09] C:\Program Files\FitKids [23/09/2007|17:44] C:\Program Files\Formosoft [05/01/2009|00:16] C:\Program Files\Frankie [08/02/2009|17:10] C:\Program Files\Free Easy Burner [06/11/2009|15:56] C:\Program Files\FT_Migration [05/09/2007|22:50] C:\Program Files\Gartriage [05/02/2010|20:46] C:\Program Files\Google [29/11/2006|21:12] C:\Program Files\Happyneuron [17/02/2010|22:07] C:\Program Files\InstallShield Installation Information [12/04/2007|22:06] C:\Program Files\Intel [01/01/2010|16:19] C:\Program Files\Internet Explorer [17/03/2008|22:17] C:\Program Files\iPod [17/03/2008|22:17] C:\Program Files\iTunes [10/06/2009|08:38] C:\Program Files\Java [24/01/2010|15:14] C:\Program Files\Jeune Styliste 2 [15/05/2007|22:55] C:\Program Files\Lavalys [26/10/2005|12:33] C:\Program Files\Learn2.com [24/05/2009|17:53] C:\Program Files\LG Electronics [01/01/2010|16:19] C:\Program Files\LG PC Suite II [18/02/2010|21:41] C:\Program Files\Magic Karaoke Maker [18/02/2010|21:35] C:\Program Files\Mattel Interactive [13/09/2008|13:53] C:\Program Files\Messenger [07/02/2009|16:31] C:\Program Files\Micro Application [25/11/2009|17:44] C:\Program Files\Microsoft [19/03/2009|00:10] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [16/08/2004|17:11] C:\Program Files\microsoft frontpage [26/10/2005|12:41] C:\Program Files\microsoft office [25/11/2009|17:44] C:\Program Files\Microsoft Office Outlook Connector [21/01/2010|18:04] C:\Program Files\Microsoft Silverlight [25/11/2009|17:41] C:\Program Files\Microsoft SQL Server Compact Edition [25/11/2009|17:43] C:\Program Files\Microsoft Sync Framework [26/10/2005|12:40] C:\Program Files\Microsoft Works [26/10/2005|12:41] C:\Program Files\Microsoft.NET [05/01/2009|00:20] C:\Program Files\Mindscape [20/01/2010|17:51] C:\Program Files\Movie Maker [18/02/2010|23:50] C:\Program Files\Mozilla Firefox [28/12/2005|11:28] C:\Program Files\MP3 Player Utilities 1.47 [25/06/2008|19:17] C:\Program Files\MPMAN [20/10/2009|20:56] C:\Program Files\MSBuild [14/01/2006|18:24] C:\Program Files\MSN [16/08/2004|17:03] C:\Program Files\MSN Gaming Zone [17/03/2009|23:00] C:\Program Files\MSN Messenger [13/02/2010|14:56] C:\Program Files\My-Tool [21/10/2007|13:37] C:\Program Files\Nathan [18/02/2010|23:18] C:\Program Files\Navilog1 [13/09/2008|13:48] C:\Program Files\NetMeeting [06/12/2009|08:04] C:\Program Files\Nokia [16/08/2004|17:03] C:\Program Files\Online Services [12/08/2009|12:12] C:\Program Files\Outlook Express [06/12/2009|08:01] C:\Program Files\PC Connectivity Solution [24/01/2010|21:00] C:\Program Files\PeerTV [07/02/2009|16:38] C:\Program Files\Photo To Sketch [01/01/2010|16:19] C:\Program Files\QuickTime [26/10/2005|12:32] C:\Program Files\Real [12/04/2007|22:30] C:\Program Files\Realtek [20/10/2009|20:56] C:\Program Files\Reference Assemblies [04/01/2008|23:03] C:\Program Files\SC [03/03/2007|15:52] C:\Program Files\SDLL [16/08/2004|17:07] C:\Program Files\Services en ligne [26/10/2005|12:42] C:\Program Files\Sonic [18/01/2010|19:06] C:\Program Files\Styliste2 [28/04/2009|19:33] C:\Program Files\SUPERAntiSpyware [20/08/2008|18:00] C:\Program Files\SystemRequirementsLab [02/12/2006|10:14] C:\Program Files\TLC [25/04/2009|14:41] C:\Program Files\U.B. Funkeys [16/08/2004|17:19] C:\Program Files\Uninstall Information [04/08/2008|22:28] C:\Program Files\uTorrent [26/09/2007|12:51] C:\Program Files\ValuSoft [05/01/2008|19:54] C:\Program Files\VTech [18/02/2010|23:50] C:\Program Files\Wanadoo [21/03/2008|22:54] C:\Program Files\WinAVI Video Converter [25/11/2009|17:43] C:\Program Files\Windows Live [17/03/2009|22:59] C:\Program Files\Windows Live SkyDrive [16/08/2007|18:44] C:\Program Files\Windows Media Components [01/10/2007|20:18] C:\Program Files\Windows Media Connect 2 [01/01/2010|16:19] C:\Program Files\Windows Media Player [13/09/2008|13:48] C:\Program Files\Windows NT [02/01/2009|13:11] C:\Program Files\Windows Sidebar [06/11/2007|10:54] C:\Program Files\WinRAR [16/08/2004|17:11] C:\Program Files\xerox [07/02/2009|16:29] C:\Program Files\Yahoo! [04/01/2006|10:29] C:\Program Files\Zone Labs --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [18/11/2009|17:15] C:\Program Files\Fichiers communs\Adobe [03/11/2007|15:15] C:\Program Files\Fichiers communs\Adobe Systems Shared [26/10/2005|12:33] C:\Program Files\Fichiers communs\AOL [26/10/2005|12:33] C:\Program Files\Fichiers communs\aolshare [18/02/2010|20:51] C:\Program Files\Fichiers communs\AVSMedia [02/09/2007|18:12] C:\Program Files\Fichiers communs\Barbie [12/02/2006|22:49] C:\Program Files\Fichiers communs\BOONTY Shared [26/10/2005|12:41] C:\Program Files\Fichiers communs\DESIGNER [07/11/2007|13:22] C:\Program Files\Fichiers communs\InstallShield [29/06/2008|12:59] C:\Program Files\Fichiers communs\Knowledge Adventure [20/10/2009|20:44] C:\Program Files\Fichiers communs\Microsoft Shared [16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap [06/12/2009|08:04] C:\Program Files\Fichiers communs\Nokia [26/10/2005|12:33] C:\Program Files\Fichiers communs\Nullsoft [13/01/2010|23:05] C:\Program Files\Fichiers communs\ODBC [06/12/2009|08:04] C:\Program Files\Fichiers communs\PCSuite [26/10/2005|12:39] C:\Program Files\Fichiers communs\Real [03/05/2007|20:39] C:\Program Files\Fichiers communs\Services [26/10/2005|12:42] C:\Program Files\Fichiers communs\Sonic Shared [16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines [05/01/2007|22:01] C:\Program Files\Fichiers communs\SureThing Shared [27/06/2007|06:58] C:\Program Files\Fichiers communs\Symantec Shared [25/11/2009|17:44] C:\Program Files\Fichiers communs\System [20/09/2006|18:09] C:\Program Files\Fichiers communs\Vivendi Universal Games [17/03/2009|22:55] C:\Program Files\Fichiers communs\Windows Live [28/04/2009|19:33] C:\Program Files\Fichiers communs\Wise Installation Wizard [26/10/2005|12:39] C:\Program Files\Fichiers communs\xing shared --------------------\\ Process ( 62 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-19 00:27:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\mss\Mes documents\clone\CloneDVD2Keygen.exe C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen\!!! A LIRE AVANT TOUT !!!.txt C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen\Crack Activation Photoshop CS2 Fr.exe C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen\Keygen Photoshop CS2 Fr.exe [F:16][D:4]-> C:\DOCUME~1\mss\LOCALS~1\Temp [F:29][D:0]-> C:\DOCUME~1\mss\Cookies [F:9][D:4]-> C:\DOCUME~1\mss\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 18/02/2010|22:45 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 18/02/2010|22:59 - Option : [2] 3 - "C:\Lop SD\LopR_3.txt" - 19/02/2010| 0:29 - Option : [4] --------------------\\ Fin du rapport a 0:29:28 et voici le nouveau log de HIJACKTHIS : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:33:29, on 19/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\FTRTSVC.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\V0610Mon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Antipub\antipub.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: My-Tool Toolbar - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - C:\Program Files\My-Tool\tbMy-T.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\mss\LOCALS~1\Temp\services.exe O2 - BHO: My-Tool Toolbar - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - C:\Program Files\My-Tool\tbMy-T.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: My-Tool Toolbar - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - C:\Program Files\My-Tool\tbMy-T.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\mss\LOCALS~1\Temp\services.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MigrationAnalyzer] "C:\Program Files\FT_Migration\MigrationAnalyzer\MigrationAnalyzer.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [V0610Mon.exe] C:\WINDOWS\V0610Mon.exe O4 - HKLM\..\Run: [Live! Central 2] "C:\Program Files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" /mode2 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [F5JMWNZTHI] C:\DOCUME~1\mss\LOCALS~1\Temp\Jch.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-1816353710-3669559888-3047474470-1006\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O4 - HKUS\S-1-5-21-1816353710-3669559888-3047474470-1006\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User '?') O4 - HKUS\S-1-5-21-1816353710-3669559888-3047474470-1006\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe (User '?') O4 - HKUS\S-1-5-21-1816353710-3669559888-3047474470-1006\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User '?') O4 - HKUS\S-1-5-21-1816353710-3669559888-3047474470-1006\..\Run: [F5JMWNZTHI] C:\DOCUME~1\mss\LOCALS~1\Temp\Jch.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-1816353710-3669559888-3047474470-1006 Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User '?') O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: www.ebay.fr O15 - Trusted Zone: www.wanadoo.fr O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_E...l_v1-0-3-30.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Service Google Update (gupdate1c996a123102e) (gupdate1c996a123102e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component 1: PC-Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2 -- End of file - 14242 bytes Merci !

OUPS ... J'ai retrouvé le premier rapport (suite au choix 1) -----------\\ ToolBar S&D 1.2.9 XP/Vista ( : ) USER : mss ( Administrator ) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 18/02/2010|23:40 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskTBar C:\Program Files\AskTBar\bar C:\Program Files\AskTBar\PopSwatr C:\Program Files\AskTBar\bar\1.bin C:\Program Files\AskTBar\bar\Cache C:\Program Files\AskTBar\bar\History C:\Program Files\AskTBar\bar\Settings C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL C:\Program Files\AskTBar\bar\Cache\012D0AB6 C:\Program Files\AskTBar\bar\Cache\016120D1 C:\Program Files\AskTBar\bar\Cache\02D4585F.bin C:\Program Files\AskTBar\bar\Cache\02D45AA1.bin C:\Program Files\AskTBar\bar\Cache\02D45CB4.bin C:\Program Files\AskTBar\bar\Cache\02D45E99.bin C:\Program Files\AskTBar\bar\Cache\files.ini C:\Program Files\AskTBar\bar\History\search2 C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm C:\Program Files\AskTBar\PopSwatr\History C:\Program Files\AskTBar\PopSwatr\History\allowed C:\Program Files\AskTBar\PopSwatr\History\notallow C:\Program Files\dynamic toolbar C:\Program Files\dynamic toolbar\batch.bat C:\Program Files\dynamic toolbar\Cache C:\Program Files\dynamic toolbar\unins000.dat C:\Program Files\dynamic toolbar\unins000.exe C:\Program Files\dynamic toolbar\Cache\go.bmp C:\Program Files\dynamic toolbar\Cache\home.bmp C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp C:\Program Files\dynamic toolbar\Cache\parent_off.bmp C:\Program Files\dynamic toolbar\Cache\parent_on.bmp C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg C:\Program Files\dynamic toolbar\Cache\popup_off.bmp C:\Program Files\dynamic toolbar\Cache\popup_on.bmp C:\Program Files\dynamic toolbar\Cache\search.bmp C:\Program Files\dynamic toolbar\Cache\services.bmp C:\Program Files\dynamic toolbar\Cache\skin.bmp C:\Program Files\dynamic toolbar\Cache\skin1.bmp C:\Program Files\dynamic toolbar\Cache\skin2.bmp C:\Program Files\dynamic toolbar\Cache\skin3.bmp C:\Program Files\dynamic toolbar\Cache\skin4.bmp C:\Program Files\dynamic toolbar\Cache\skin5.bmp C:\Program Files\dynamic toolbar\Cache\store.bmp C:\Program Files\dynamic toolbar\Cache\style.css C:\Program Files\dynamic toolbar\Cache\support.bmp C:\Program Files\dynamic toolbar\Cache\Thumbs.db C:\Program Files\dynamic toolbar\Cache\ticker.xml C:\Program Files\HbTools_Icons C:\Program Files\HbTools_Icons\Registryrepair.ico C:\DOCUME~1\mss\Favoris\isoHunt - IRC and Bit Torrent search engine.url -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (mss) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (mss) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (mss) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Start Page"="http://www.orange.fr" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\mss\Mes documents\clone\CloneDVD2Keygen.exe C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen\!!! A LIRE AVANT TOUT !!!.txt C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen\Crack Activation Photoshop CS2 Fr.exe C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen\Keygen Photoshop CS2 Fr.exe 1 - "C:\ToolBar SD\TB_1.txt" - 18/02/2010|23:42 - Option : [1] -----------\\ Fin du rapport a 23:42:19,62

Je suis désolée mais je n'ai que le second rapport J'avais commencé ma réponse en copiant le premier mais Firefox a été fermé lorsque j'ai relancé ToolBar S&D la seconde fois ... J'espère que ce n'est pas trop génant ... Alors voici le SECOND RAPPORT (suite au choix 2) -----------\\ ToolBar S&D 1.2.9 XP/Vista ( : ) USER : mss ( Administrator ) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 18/02/2010|23:47 ) -----------\\ SUPPRESSION Echec ! - C:\Program Files\AskTBar\bar Supprime! - C:\Program Files\AskTBar\PopSwatr Echec ! - C:\Program Files\AskTBar\bar\1.bin Echec ! - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Supprime! - C:\Program Files\dynamic toolbar\batch.bat Supprime! - C:\Program Files\dynamic toolbar\Cache Supprime! - C:\Program Files\dynamic toolbar\unins000.dat Supprime! - C:\Program Files\dynamic toolbar\unins000.exe Supprime! - C:\Program Files\HbTools_Icons\Registryrepair.ico Echec ! - C:\Program Files\AskTBar Supprime! - C:\Program Files\dynamic toolbar Supprime! - C:\Program Files\HbTools_Icons -----------\\ DEUXIEME PASSAGE Echec ! - C:\Program Files\AskTBar\bar Echec ! - C:\Program Files\AskTBar\bar\1.bin Echec ! - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Echec ! - C:\Program Files\AskTBar -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskTBar C:\Program Files\AskTBar\bar C:\Program Files\AskTBar\bar\1.bin C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL C:\DOCUME~1\mss\Favoris\isoHunt - IRC and Bit Torrent search engine.url -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (mss) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (mss) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (mss) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Start Page"="http://www.orange.fr" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\mss\Mes documents\clone\CloneDVD2Keygen.exe C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen\!!! A LIRE AVANT TOUT !!!.txt C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen\Crack Activation Photoshop CS2 Fr.exe C:\DOCUME~1\mss\Mes documents\Mes fichiers re‡us\photoshop\Crack et Keygen\Keygen Photoshop CS2 Fr.exe 1 - "C:\ToolBar SD\TB_1.txt" - 18/02/2010|23:42 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 18/02/2010|23:49 - Option : [2] -----------\\ Fin du rapport a 23:49:23,96