act

Salut Qc001 et Gof, Ne vous inquiétez pas je ne me suis pas senti abandonné du tout. Merci pour les infos. Bonne journée A +

Salut Qc001 et toute l'équipe, Cette courte réponse pour vous dire un grand merci pour votre soutiens et votre aide. Enfin sur Zebulon j'ai trouvé un forum sérieux et efficace. Mille merci Pour ce qui est des firewalls j'ai trouvé un site bien fourni : http://www.firewall-net.com/tools/firewall...knstop&l=fr Et deux firewalls le premier gratuit et à configurer entièrement manuellement http://www.ghostsecurity.com/ghostwall/ le deuxième qui se rapproche vraiment du fonctionnement de ZoneAlarm, mais qui coûte 29euros http://www.looknstop.com/Fr/application_filtering.htm Encore mille merci A bientôt

La réactivation du Centre de Sécurité de Windows est effective. Je vais faire du ménage sur mes disques durs, j'ai une copie de l'intégralité de mes documents maintenant. OTListIt2 est supprimé et pour ce qui est d'antivir aucun problème, je l'ai déjà utilisé sur un vieux PC, je le connais un peu. Une dernière question. Je cherche un firewall style ZoneAlarm Free qui malheureusement ne s'installe pas sous XP64. Si tu as des pistes ? A + Bonne soirée

Salut Qc001, Bon, parfait le mode sans échec fonctionne parfaitement. Le PC aussi tourne comme une horloge. Un petit "freeze" avec Live d'Ableton, mais je charge de gros projets, ça à l'air d'avoir un rapport avec la gestion de la RAM ? Enfin bon, mon problème avec Live, n'est pas un problème de sécurité, je pense. J'ai fait un nettoyage de tous mes périphériques de stockage avec Antivir et tout est "clean" maintenant. Dois je faire d'autres manipulations maintenant ? Merci Ciao

Bonjour Qc001, J'attends de tes nouvelles pour la suite, merci. Bonne journée. Ciao

Alors voici les résultats de le vérification des clés HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00#\Control\SafeBoot Il y a trois clés ControlSet001\Control\SafeBoot ControlSet002\Control\SafeBoot CurrentControlSet\Control\SafeBoot Dans ces clés, il y a bien deux sous clés : Minimal et Network et ces clés sont peuplées, elles contiennent une bonne trentaine de sous clés. Mince, je viens de me rendre compte que je n'ai pas vérifié si c'est bonne trentaine de sous clés contenaient quelque chose. Bon je vais vérifier demain. Ciao et bonne nuit

Salut Qc001 et pl_001 Merci, merci et encore merci !!!!!!!!! Je vais vous paraître un peu nul mais le safe boot permet de démarrer windows sans charger les drivers c'est ça ? Ciao et bonne journée.

Tout d'abord, merci encore une fois pour ton aide et ta patience. Pas de démarrage en "mode sans échec" et passage de Malwarebytes' Anti-Malware avec mise à jour et aucunes détection. Que faire ? Il faut que je test Live maintenant, je vais certainement bosser avec ce week end. A +

Salut Qc001, J'ai installé, mis à jour et fait un scan complet avec antivir (pas de problème avec la version anglaise) Voici le rapport: Avira AntiVir Personal Report file date: Monday, March 23, 2009 20:34 Scanning for 1313876 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP 64 Bit Windows version : (Service Pack 2) [5.2.3790] Boot mode : Normally booted Username : SYSTEM Computer name : USER-751A7B4E9C Version information: BUILD.DAT : 9.0.0.386 17962 Bytes 3/11/2009 15:55:00 AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 11:13:26 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 09:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 10:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 09:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 11:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 19:33:26 ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 3/22/2009 19:33:49 ANTIVIR3.VDF : 7.1.2.205 37376 Bytes 3/23/2009 19:33:49 Engineversion : 8.2.0.120 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 16:36:42 AESCRIPT.DLL : 8.1.1.67 364923 Bytes 3/23/2009 19:33:54 AESCN.DLL : 8.1.1.8 127346 Bytes 3/23/2009 19:33:53 AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 17:24:41 AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 12:06:10 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/26/2009 19:01:56 AEHEUR.DLL : 8.1.0.107 1663352 Bytes 3/23/2009 19:33:53 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/26/2009 19:01:56 AEGEN.DLL : 8.1.1.30 336245 Bytes 3/23/2009 19:33:50 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 13:32:40 AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 13:22:44 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 09:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 09:32:09 AVARKT.DLL : 9.0.0.1 292609 Bytes 2/9/2009 06:52:24 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 09:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 07:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 09:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 10:45:45 RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 14:55:12 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, G:, H:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: on Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Monday, March 23, 2009 20:34 Initiating scan of system files: Signed -> 'C:\WINDOWS\system32\svchost.exe' Signed -> 'C:\WINDOWS\system32\winlogon.exe' Signed -> 'C:\WINDOWS\explorer.exe' Signed -> 'C:\WINDOWS\system32\smss.exe' Signed -> 'C:\WINDOWS\system32\wininet.DLL' Signed -> 'C:\WINDOWS\system32\wsock32.DLL' Signed -> 'C:\WINDOWS\system32\ws2_32.DLL' Signed -> 'C:\WINDOWS\system32\services.exe' Signed -> 'C:\WINDOWS\system32\lsass.exe' Signed -> 'C:\WINDOWS\system32\csrss.exe' Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys' Signed -> 'C:\WINDOWS\system32\spoolsv.exe' Signed -> 'C:\WINDOWS\system32\alg.exe' Signed -> 'C:\WINDOWS\system32\wuauclt.exe' Signed -> 'C:\WINDOWS\system32\advapi32.DLL' Signed -> 'C:\WINDOWS\system32\user32.DLL' Signed -> 'C:\WINDOWS\system32\gdi32.DLL' Signed -> 'C:\WINDOWS\system32\kernel32.DLL' Signed -> 'C:\WINDOWS\system32\ntdll.DLL' Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe' Signed -> 'C:\WINDOWS\system32\ctfmon.exe' The system files were scanned ('21' files) Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'jucheck.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '0' Module(s) have been scanned Scan process 'algd.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\WINDOWS\algd.exe' Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'FireBox.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '0' Module(s) have been scanned Scan process 'rundll32.exe' - '0' Module(s) have been scanned Scan process 'explorer.exe' - '0' Module(s) have been scanned Scan process 'wmiprvse.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'nvsvc64.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'lsass.exe' - '0' Module(s) have been scanned Scan process 'services.exe' - '0' Module(s) have been scanned Scan process 'winlogon.exe' - '0' Module(s) have been scanned Scan process 'csrss.exe' - '0' Module(s) have been scanned Scan process 'smss.exe' - '0' Module(s) have been scanned Process 'algd.exe' has been terminated C:\WINDOWS\algd.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] TR/Dropper.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<Windows Messanger Control Center>=sz:algd.exe [NOTE] The file was deleted! 12 processes with 11 modules were scanned Starting master boot sector scan: Start scanning boot sectors: Starting to scan executable files (registry). The registry was scanned ( '51' files ). Starting the file scan: Begin scan in 'C:\' <OS> C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\Administrator\Application Data\drivers\downld\108546.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\111859.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\121953.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\213328.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\221218.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\230375.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\239515.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\253343.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\254453.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\255562.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\267406.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\334968.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\399781.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\418484.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\478281.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\630703.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\90062.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\91937.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temp\LOOP.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Documents and Settings\Administrator\Local Settings\Temp\tmp42753.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Documents and Settings\Administrator\Local Settings\Temp\AVmixer Pro 1_1\j-offer-15-win.dll [DETECTION] Is the TR/Dropper.Gen Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_2[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\ieps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[2].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[3].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_2[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[3].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[4].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\ieps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_6[2].jpg [DETECTION] Is the TR/Agent.5124 Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_6[2].jpg [DETECTION] Is the TR/Agent.5124 Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\ftpps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\mxd[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036916.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036934.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036944.exe [DETECTION] Is the TR/Dldr.Bagle.aoz Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036991.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038731.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038832.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038843.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038844.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038845.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038862.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038863.exe [DETECTION] Is the TR/PCK.Black.A.2947 Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038878.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038879.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038883.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038884.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038888.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038890.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038895.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038904.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038916.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038943.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038951.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038957.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038965.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038967.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038973.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP139\A0039007.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP42\A0007716.exe [DETECTION] Is the TR/Agent.2020522 Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP42\A0007942.exe [DETECTION] Is the TR/Agent.2020522 Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP55\A0009432.exe [DETECTION] Contains recognition pattern of the DR/BHO.kbm dropper C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009482.exe [DETECTION] Is the TR/Dldr..Bagle.gy Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009483.exe [DETECTION] Is the TR/Dldr..Bagle.gy Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009508.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009543.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009550.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP57\A0009591.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP58\A0009634.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP58\A0009656.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP59\A0009669.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP60\A0009686.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP60\A0009694.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009724.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009739.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009776.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009803.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009817.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009842.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009856.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009885.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009901.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\WINDOWS\LOOP.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DATA> D:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP33\A0006024.exe [0] Archive type: RAR SFX (self extracting) --> file.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.Gen back-door program Begin scan in 'G:\' <TRAVAUX> Begin scan in 'H:\' <STOCKAGE> H:\cle act\NEWER\autorun.inf [DETECTION] Contains recognition pattern of the WORM/Autorun.edc.1 worm H:\cle act\NEWER\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe [DETECTION] Is the TR/Dropper.Gen Trojan H:\cle act\OLD\autorun.inf [DETECTION] Contains recognition pattern of the WORM/Autorun.edc.1 worm H:\cle act\OLD\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe [DETECTION] Is the TR/Dropper.Gen Trojan H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036977.exe [DETECTION] Is the TR/PCK.Black.A.2947 Trojan H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038933.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038934.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038941.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038942.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper Beginning disinfection: C:\Documents and Settings\Administrator\Application Data\drivers\downld\108546.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4a0004b6.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\111859.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f904b7.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\121953.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f904b8.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\213328.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fb04b7.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\221218.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '45f5f411.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\230375.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f804b9.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\239515.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4a0104b9.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\253343.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fb04bb.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\254453.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fc04bc.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\255562.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fd04bc.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\267406.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49ff04bd.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\334968.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fc04ba.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\399781.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4a0104c0.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\418484.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4a0004b8.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\478281.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4a0004be.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\630703.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f804ba.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\90062.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f804b8.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\91937.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '45724c5a.qua'! C:\Documents and Settings\Administrator\Local Settings\Temp\LOOP.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a1704d7.qua'! C:\Documents and Settings\Administrator\Local Settings\Temp\tmp42753.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '4a3804f5.qua'! C:\Documents and Settings\Administrator\Local Settings\Temp\AVmixer Pro 1_1\j-offer-15-win.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '4a3704b5.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fc04be.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '468a6487.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4687839f.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_2[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '46867be7.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan [NOTE] The file was moved to '46808a57.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\ieps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan [NOTE] The file was moved to '4a3804ed.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '49fc04bf.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[2].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '46857350.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[3].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '467caac8.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '467db110.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_2[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '467eb958.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '467fc1a0.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4678c9e8.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[3].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4679d030.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[4].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '467ad878.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\ieps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan [NOTE] The file was moved to '4a3804ef.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fc04c0.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4683a281.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '4675f0d1.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '46700761.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '46710fa9.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan [NOTE] The file was moved to '467217f1.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_6[2].jpg [DETECTION] Is the TR/Agent.5124 Trojan [NOTE] The file was moved to '46731e39.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fc04c1.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '466d2e4a.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '466e3692.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '466f3eda.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan [NOTE] The file was moved to '46684522.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_6[2].jpg [DETECTION] Is the TR/Agent.5124 Trojan [NOTE] The file was moved to '46694d6a.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\ftpps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan [NOTE] The file was moved to '4a3804ff.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\mxd[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan [NOTE] The file was moved to '4a2c0503.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036916.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '49f804c4.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036934.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '591d0e65.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036944.exe [DETECTION] Is the TR/Dldr.Bagle.aoz Trojan [NOTE] The file was moved to '591e16ad.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036991.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '591f1ef5.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038731.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '465aaa15.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038832.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '59112d05.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038843.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '5912354d.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038844.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '59133d95.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038845.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f804c5.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038862.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '59154c26.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038863.exe [DETECTION] Is the TR/PCK.Black.A.2947 Trojan [NOTE] The file was moved to '5916546e.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038878.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '59175cb6.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038879.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '590864fe.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038883.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '59096cc6.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038884.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '590a6b0e.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038888.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '590b7356.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038890.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '590c7b9e.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038895.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '590d83e6.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038904.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '590e8a2e.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038916.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '49f804c6.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038943.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '59009abf.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038951.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '5901a287.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038957.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '5902aacf.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038965.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '5903b117.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038967.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '5904b95f.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038973.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '5905c1a7.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP139\A0039007.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '5906c9ef.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP42\A0007716.exe [DETECTION] Is the TR/Agent.2020522 Trojan [NOTE] The file was moved to '5907d037.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP42\A0007942.exe [DETECTION] Is the TR/Agent.2020522 Trojan [NOTE] The file was moved to '5910253f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP55\A0009432.exe [DETECTION] Contains recognition pattern of the DR/BHO.kbm dropper [NOTE] The file was moved to '58f8d87f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009482.exe [DETECTION] Is the TR/Dldr..Bagle.gy Trojan [NOTE] The file was moved to '58fae88f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009483.exe [DETECTION] Is the TR/Dldr..Bagle.gy Trojan [NOTE] The file was moved to '58fbf1b7.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009508.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58fcf9ff.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009543.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58fe01c7.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009550.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58ff080f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP57\A0009591.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f01057.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP58\A0009634.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f1189f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP58\A0009656.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f220e7.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP59\A0009669.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f32f2f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP60\A0009686.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f43777.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP60\A0009694.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '49f804c7.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009724.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f64788.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009739.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f74fc0.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009776.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58e85618.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009803.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58e95e50.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009817.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58ea66a8.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009842.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58eb6ee0.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009856.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58ec7538.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009885.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58ed7d70.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009901.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58ee8548.qua'! C:\WINDOWS\LOOP.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a1704e6.qua'! D:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP33\A0006024.exe [NOTE] The file was moved to '58e19c10.qua'! H:\cle act\NEWER\autorun.inf [DETECTION] Contains recognition pattern of the WORM/Autorun.edc.1 worm [NOTE] The file was moved to '4a3c0538.qua'! H:\cle act\NEWER\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '5b6370d1.qua'! H:\cle act\OLD\autorun.inf [DETECTION] Contains recognition pattern of the WORM/Autorun.edc.1 worm [NOTE] The file was moved to '58d52cf9.qua'! H:\cle act\OLD\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '58ce6af1.qua'! H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036977.exe [DETECTION] Is the TR/PCK.Black.A.2947 Trojan [NOTE] The file was moved to '5abb2bcf.qua'! H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038933.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper [NOTE] The file was moved to '5abd439f.qua'! H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038934.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper [NOTE] The file was moved to '5af7a29f.qua'! H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038941.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper [NOTE] The file was moved to '5ab91b5f.qua'! H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038942.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper [NOTE] The file was moved to '5aba2387.qua'! End of the scan: Monday, March 23, 2009 22:53 Used time: 2:00:39 Hour(s) The scan has been done completely. 29385 Scanned directories 1034732 Files were scanned 115 Viruses and/or unwanted programs were found 6 Files were classified as suspicious 1 files were deleted 0 Viruses and unwanted programs were repaired 113 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 1034411 Files not concerned 32513 Archives were scanned 3 Warnings

Plus de "winupgro.exe" mais peut être qu'un nettoyage en profondeur s'avère nécessaire ? Je n'ai pas essayé le démarrage "mode sans échec", je vais le faire plus tard. Alors là je suis bluffé pour le "oss_reinstall.exe", apparemment c'était ça. Mille merci Qc001, trop fort ! Voici le rapport de: Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1871 Windows 5.2.3790 Service Pack 2 23/03/2009 09:16:20 mbam-log-2009-03-23 (09-16-20).txt Type de recherche: Examen rapide Eléments examinés: 67353 Temps écoulé: 1 minute(s), 41 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Salut Qc001, Ca y est, j'ai fini les sauvegardes. J'ai été voir le fichier C:\Program Files (x86)\Common Files\Acronis\Partition Suite\oss_reinstall.exe depuis linux et il fait 847Ko. Je l'ai copié sur le bureau de Linux et supprimé de windows. Je vais tester un démarrage de widows ce matin, je vais faire un compte rendu très rapidement. Pour ce qui est du fichier C:\WINDOWS\algd.exe, je ne l'ai pas trouvé. A +

Salut Qc001, Sgulp !!!! Ok j'ai déjà commencé à faire des sauvegardes et je pense finir demain. Comme je le disais précédemment j'ai un système linux installé sur cette machine et il fonctionne à la perfection. J'ai été sur le disque OS windows depuis Linux avec "voir les fichiers cachés" activé et j'ai pu trouver le dossier driver dans lequel se trouve "winupgro.exe" entre autre et un dossier "downld" avec une tonne d'exécutable dedans se qui me parait louche. En tout cas, vu que je ne peux pas démarrer en "mode sans échec" ( j'ai retenté la manip à plusieurs reprises et en fait rien à faire) je me suis dit que je pourrais peut être virer des fichiers depuis Linux sur la partition contenant Win XP64. Qu'en penses tu ? Sinon ok pour le test des deux outils. Tu peux me donner la marche à suivre si il n'y a aucun espoir depuis Linux. Au fait une question qui me taraude depuis quelques temps aussi j'ai Live 7.0.14 qui se bloque et je ne peux plus rien faire avec, je suis obligé de redémarrer la machine pour le réutiliser. Penses tu que le bagle peut en être la cause ? Voici un extrait du log d'erreur déjà posté dans ce fil de discution. ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07/03/2009 09:11:14 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 07/03/2009 09:26:16 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 07/03/2009 10:27:13 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Bonne soirée et merci beaucoup

Troisième et dernier rapport "mbam-log-2009-03-19 (20-17-25)" Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1871 Windows 5.2.3790 Service Pack 2 19/03/2009 20:17:30 mbam-log-2009-03-19 (20-17-25).txt Type de recherche: Examen rapide Eléments examinés: 67373 Temps écoulé: 1 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa (Rootkit.Bagle) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Trojan.Agent) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Administrator\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> No action taken. C:\Documents and Settings\Administrator\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> No action taken.

Alors la suite maintenant. J'ai essayé de démarrer une fois en mode sans échec avec la touche F8 mais rien à faire il démarre en mode normal. Il faudrait que je fasse un autre test j'ai fait le premier dans l'urgence, donc je ne suis pas sûr d'avoir appuyé sur la touche au bon moment. J'ai ensuite passer Malwarebytes' Anti-Malware après l'avoir mis à jour. J'ai plusieurs rapport car il me signalais qu'il pourrait désinstaller certain fichiers (winupgro.exe par exemple) après un redémarrage. Mais après chaque redémarrage winupgro.exe était toujours présent. J'ai donc lancé Malwarebytes' Anti-Malware à plusieurs reprises mais toujours le même résultat au redémarrage. J'ai donc mis manuellement le fichier winupgro.exe et le dossier m à la corbeille que j'ai bien évidemment vidé. J'ai redémarré une dernière fois et au désespoir winupgro.exe était toujours là avec une série de fichiers indésirables (voir le dernier rapport) Premier rapport "mbam-log-2009-03-19 (19-44-14)" Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1871 Windows 5.2.3790 Service Pack 2 19/03/2009 19:44:14 mbam-log-2009-03-19 (19-44-14).txt Type de recherche: Examen rapide Eléments examinés: 67506 Temps écoulé: 1 minute(s), 41 second(s) Processus mémoire infecté(s): 3 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 138 Processus mémoire infecté(s): C:\Documents and Settings\Administrator\Application Data\m\flec006.exe (Trojan.Agent) -> Failed to unload process. C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Trojan.Spammer) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\system32\Drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Application Data\m\shared (Trojan.Agent) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\Drivers\down\410828.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Drivers\down\475296.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Drivers\down\486000.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\007 Proxy Finder 1.61.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\1 Cool Password Tool Build 040721-2331.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\12Ghosts FileDate 8.11.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\3GP PSP iPod Converter 1.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\4Musics CDA to MP3 Converter 4.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\5star freeTunes 1.2.1.927 Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\A-one Video to RM Converter 6.2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Acta Importer for Spotlight 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Add Bookmark Here 0.5.8.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Advanced Biorhythms 2008 2.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Air1 Radio Player 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Alldj DVD Ripper 3.3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\American Dream Font 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\aTunes 1.8.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\AuditISX 2.55.2391.16182.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\aumpel 2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\AutoHide 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\AutoMe 3.00 Build 165.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Avast!.Antivirus.4.6.691.Professional.Edition.+.Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Avast!.PRO.v4.7.ITA.+.skin.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\AVIToolbox 1.6.1.25 (Patch).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Battlezone Upgrade Patch 1.8.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\BoogiePOP Enterprise 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\CD Ripper Deluxe 2.6 Key+Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Celtx 0.9.9.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\CityCode PSC 3.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Constructor 8.01 SP1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Cool All Video to iPod Converter 6.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\DarkBASIC 1.13.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Deng Google Bookmarks 1.0.0.16.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\DGenR8 2.6.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Digi Date 1.0.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Direct MP3 Splitter Joiner 2.5.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Disk Image Viewer 0.5.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Easy Watermark Creator 1.6.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Edit As New 0.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\EM2GM 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Estard Data Miner 1.4 [Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Ewido.Anti-SpywAre.v4.0.0.172a.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\EZMem Optimizer 2.0.26.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Femta 1.21 [Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\FileTypesMan 1.06.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Flash Screen Saver Builder 2.0 (KeyGen).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Folder Comparison 2002.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Great Stella 4.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Implementing and Administering a Microsoft Windows 2000 Directory Services 6.09.05.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\IntelliPoker.NET 1.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Interactive Voice Guide 4.7.25 (KeyGen).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\IPSender 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\IronHero 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Jungle Fever.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Key Extender 3.9 [With Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\LaTeX Macros 1.09.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\LaunchIt NOW! 1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Learn To Speak French 3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\LingvoSoft Talking Dictionary 2008 English Russian 4.1.29.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Madeira Web Cams 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Managed extensions for VCL 2.00.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MechWarrior 4 Vengeance - River Valley map.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Memory Monitor 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Mihov Index Maker 1.50.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MpSoft Internet Cafe Guard 9.01.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MS Access 2007 Ribbon to Old Classic Menu Toolbar Interface Software 7.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MSN Group Downloader 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MSN Winks Magic 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MSSQL-to-MySQL 3.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MVTools 1.11.4.4.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\My Empire 2.0 KeyGen.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\NASA Moon as seen from Earth 1.0.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Ninja Penguin.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Nixie CLock 1.0.1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\NOD32.2.50.16.CZ.-.plná.verze.+.heslo.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\NotJustBrowsing 1.0.10.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\OJOsoft M4A Converter 2.0.0.0430.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Omni Encoder 1.2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\orangeCalc 2005 1.40 [With Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Outlook Loader 1.4.1001.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Password Guard 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\PDF Conversion Series - PDF2TXT 1.1 build 1115.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\PDF Merge-Split 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Picture Viewer 1.0.57.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Ping Terminal 2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Point Cloud 1.0.1 Key+Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\PowerDVD 8.0.2217.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Presentation Manager 2.01 (With Crack).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Resolve for BagleDl-AB 1.07.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Rich Mailer 3.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Royal Business Ebook Package 1.0 With Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\RuleLab.Net Server 1.7 Cracked.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Runprog 1.0.28.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Screen Ruler Opera Widget 1.7.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\SDI FTP 2.5.1e.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Server Nanny Network Monitor 4.0.0 (Key).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Simple Downloader 1.0a.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\SiteScope 8.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Smart Kid - Learning Addition 1.7.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Sound Laundry 2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Spyware Adware Alert SE 2007.5 1.5 Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Subtitles Modifier 2.92.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Super calculator 1.00.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\SuperAntiSpyware Professional 3.2.0.1028.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\SurfSecret PopupElimiantor 4.02 Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Sweetheart Monitor 1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\SwitchInspector 1.3.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Synclosure 0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Tech-Pro World Clock 2.1 (Key+Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Text to Image 1.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\The Kangaroo Jack Outback Bola 1.0 (Mac).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\The NFL Internet Picksheet 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\TIT - The Information Temp 0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\TMPGEnc 2.524.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Toonworks Deluxe 1.0.408.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Total Surveillance 360 1.2.0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Unreal Tournament 2003 - Hurt Conveyor skin.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Unreal Tournament 2003 - Proximity Mine mod 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Virtual Layout Artist 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Virtual SoundFont Manager 3.20.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Web SiteGrabber 1.1 (Patch).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\winButler 1.1.7.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Winnovative RTF to PDF Converter 1.0 (With Crack).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\WinXMedia DVD iPod Video Converter 3.03 Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\WorshipCenter Pro 2.7.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\y.Panda.1960.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\yvReminder 3.2.2477.32951.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully. Deuxième rapport "mbam-log-2009-03-19 (19-55-35)" Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1871 Windows 5.2.3790 Service Pack 2 19/03/2009 19:55:35 mbam-log-2009-03-19 (19-55-35).txt Type de recherche: Examen rapide Eléments examinés: 67472 Temps écoulé: 1 minute(s), 43 second(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Failed to unload process. C:\Documents and Settings\Administrator\Application Data\m\flec006.exe (Trojan.Agent) -> Failed to unload process. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\Administrator\Application Data\m (Trojan.Agent) -> Delete on reboot. Fichier(s) infecté(s): C:\Documents and Settings\Administrator\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

salut, J'ai trouvé un petit moment pour enfin tester "explorer.exe". J'ai sauvé le rapport au format texte et je n'y comprend rien, le voici. Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.19 - AhnLab-V3 5.0.0.2 2009.03.19 - AntiVir 7.9.0.120 2009.03.19 - Authentium 5.1.2.4 2009.03.19 - Avast 4.8.1335.0 2009.03.19 - AVG 8.5.0.283 2009.03.19 - BitDefender 7.2 2009.03.19 - CAT-QuickHeal 10.00 2009.03.19 - ClamAV 0.94.1 2009.03.19 - Comodo 1066 2009.03.18 - DrWeb 4.44.0.09170 2009.03.19 - eSafe 7.0.17.0 2009.03.19 - eTrust-Vet None 2009.03.09 - F-Prot 4.4.4.56 2009.03.19 - F-Secure 8.0.14470.0 2009.03.19 - Fortinet 3.117.0.0 2009.03.19 - GData 19 2009.03.19 - Ikarus T3.1.1.48.0 2009.03.19 - K7AntiVirus 7.10.676 2009.03.19 - Kaspersky 7.0.0.125 2009.03.19 - McAfee 5558 2009.03.19 - McAfee+Artemis 5558 2009.03.19 - McAfee-GW-Edition 6.7.6 2009.03.19 - Microsoft 1.4502 2009.03.19 - NOD32 3948 2009.03.19 - Norman 6.00.06 2009.03.19 - nProtect 2009.1.8.0 2009.03.19 - Panda 10.0.0.10 2009.03.19 - PCTools 4.4.2.0 2009.03.19 - Prevx1 V2 2009.03.19 - Rising 21.21.32.00 2009.03.19 - Sophos 4.39.0 2009.03.19 - Sunbelt 3.2.1858.2 2009.03.19 - Symantec 1.4.4.12 2009.03.19 - TheHacker 6.3.3.0.285 2009.03.19 - TrendMicro 8.700.0.1004 2009.03.19 - VBA32 3.12.10.1 2009.03.18 - ViRobot 2009.3.19.1656 2009.03.19 - VirusBuster 4.6.5.0 2009.03.19 - Information additionnelle File size: 1364480 bytes MD5...: ae7a08c05f72a9242734c03230a5cd7f SHA1..: 529439656b329a08a3570703e97d37fc114c4b35 SHA256: c960594228cd932c7769bcc04b9f74858368081b5941b39f434e1100568204f3 SHA512: e422555dc361706d2faabff32d8e8d8e1b727c5471caa55d206851be3273da78 7789ed03c824f71019de823e75db206308e76162c3abcf966115b24f7e9f5403 ssdeep: 24576:RfpGPXECAyAGl2QzfNjBNiDaakf86+s61/g/J/:JpGPXEC7l2QzlzFakf8 f PEiD..: - TrID..: File type identification Win64 Executable Generic (95.5%) Generic Win/DOS Executable (2.2%) DOS Executable Generic (2.2%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x23030 timedatestamp.....: 0x45d699d7 (Sat Feb 17 05:59:51 2007) machinetype.......: 0x8664 (AMD64) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x850b8 0x85200 6.20 028160c325ba37fb91fe5ed97a5c0246 .data 0x87000 0x2c98 0x2200 1.05 69fe1da9844e01de2906139c8f0db1ba .pdata 0x8a000 0xece8 0xee00 5.97 e6779a8453df4c4711d154bc2dcf3767 .rsrc 0x99000 0xb60c0 0xb6200 6.49 d53111a688f50e1295b86130ff61eb06 .reloc 0x150000 0x80c 0xa00 4.71 2f6ef6dbfa3e04f307f2256f8b29ae74 ( 13 imports ) > msvcrt.dll: realloc, malloc, memmove, _itow, memset, memcmp, __C_specific_handler, memcpy, free, _vsnwprintf > ADVAPI32.dll: RegSetValueExW, RegEnumKeyW, RegQueryValueW, RegEnumKeyExW, GetUserNameW, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyW, RegCloseKey, RegCreateKeyExW, RegSetValueW, RegQueryValueExW, RegQueryInfoKeyW, RegDeleteValueW, RegEnumValueW, RegOpenKeyExW, RegNotifyChangeKeyValue > KERNEL32.dll: DeleteCriticalSection, SetProcessShutdownParameters, ReleaseMutex, CloseHandle, GetWindowsDirectoryW, LocalFree, ResumeThread, CreateThread, ExpandEnvironmentStringsW, LeaveCriticalSection, EnterCriticalSection, ResetEvent, CompareFileTime, GetCurrentThread, GetSystemTimeAsFileTime, GetUserDefaultLangID, Sleep, GetBinaryTypeW, SetThreadPriority, GetThreadPriority, LoadLibraryExA, GetCurrentThreadId, GetEnvironmentVariableW, UnregisterWait, FindFirstFileW, SystemTimeToFileTime, GetModuleHandleExW, SetEvent, GetFileAttributesW, lstrcmpiA, MoveFileW, FindClose, GetLocalTime, RegisterWaitForSingleObject, GlobalGetAtomNameW, FindNextFileW, GetCurrentProcessId, GetDateFormatW, GetTimeFormatW, GetSystemWindowsDirectoryW, lstrcpynW, FlushInstructionCache, OpenEventW, SetLastError, HeapReAlloc, HeapAlloc, HeapFree, GetUserDefaultLCID, GetProcessHeap, OpenProcess, ReadProcessMemory, HeapSize, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, InterlockedPushEntrySList, VirtualFree, VirtualAlloc, InterlockedPopEntrySList, lstrlenW, DelayLoadFailureHook, ExitProcess, GetModuleHandleA, CreateIoCompletionPort, lstrcmpiW, DeviceIoControl, CreateEventW, LocalAlloc, GetProcAddress, ActivateActCtx, GetLastError, GetStartupInfoW, CreateFileW, GetModuleFileNameW, TerminateProcess, HeapDestroy, AssignProcessToJobObject, GetLocaleInfoW, TerminateThread, LoadLibraryW, GetSystemDirectoryW, InitializeCriticalSection, GetPrivateProfileStringW, GetTickCount, GetModuleHandleW, GetSystemDefaultLCID, WaitForSingleObject, CreateJobObjectW, GetCurrentProcess, GetQueuedCompletionStatus, DeactivateActCtx, GetFileAttributesExW, CreateProcessW, FreeLibrary, CreateEventA, SetErrorMode, SetPriorityClass, LoadLibraryExW, MulDiv, SetInformationJobObject, CreateMutexW, GetCommandLineW, GlobalAlloc, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount, RaiseException > ntdll.dll: NtQueryInformationProcess, RtlNtStatusToDosError > GDI32.dll: CreatePatternBrush, GetStockObject, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, GetTextMetricsW, GetClipRgn, GetViewportOrgEx, PatBlt, SetViewportOrgEx, SelectClipRgn, GetBkColor, CreateRectRgn, IntersectClipRect, BitBlt, DeleteDC, SetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, ExtTextOutW, OffsetWindowOrgEx, GetTextExtentPointW, CreateRectRgnIndirect, GetObjectW, GetClipBox, SetTextColor, CreateFontIndirectW, SetBkMode, DeleteObject, SelectObject, TranslateCharsetInfo, GetDeviceCaps, SetStretchBltMode > USER32.dll: GetSubMenu, LoadMenuW, GetSysColorBrush, RemoveMenu, AllowSetForegroundWindow, GetDlgItemInt, SetParent, SetDlgItemInt, CheckDlgButton, EnableWindow, GetMessagePos, CopyIcon, DrawFocusRect, AdjustWindowRectEx, SendNotifyMessageW, SetWindowPlacement, SetCursor, EnumDisplayMonitors, TranslateAcceleratorW, SetWindowRgn, RemovePropW, GetWindowLongPtrA, MonitorFromPoint, PostQuitMessage, ChangeDisplaySettingsW, LoadImageW, SetCapture, MessageBeep, SubtractRect, WindowFromPoint, ExitWindowsEx, DrawEdge, SetPropW, WaitMessage, LoadAcceleratorsW, InflateRect, ChildWindowFromPoint, GetWindowPlacement, OffsetRect, SetRect, IntersectRect, SetCursorPos, AppendMenuW, GetDCEx, GetClassNameW, GetDlgItem, EndDialog, RedrawWindow, SendDlgItemMessageW, SendMessageTimeoutW, LoadBitmapW, GetActiveWindow, RegisterClassW, SetWindowLongPtrW, UnregisterHotKey, SendMessageW, EnumChildWindows, GetWindowLongW, RegisterWindowMessageW, DispatchMessageW, GetShellWindow, DestroyMenu, GetSystemMetrics, MessageBoxW, CreatePopupMenu, LoadStringW, ReleaseDC, GetDlgCtrlID, RegisterHotKey, CallWindowProcW, CheckMenuItem, CopyRect, MonitorFromRect, MoveWindow, EndPaint, ClientToScreen, PeekMessageW, SystemParametersInfoW, TranslateMessage, GetDC, GetDoubleClickTime, FindWindowW, EnumDisplaySettingsExW, GetMenuDefaultItem, GetKeyState, PostMessageW, CharNextW, GetMessageW, EnumDisplayDevicesW, SetMenuItemInfoW, GetMenuItemInfoW, DestroyWindow, InternalGetWindowText, GetSystemMenu, SetTimer, ScreenToClient, GetWindowRect, SetActiveWindow, TrackPopupMenu, ShowWindowAsync, IsIconic, FillRect, GetMenuItemID, DrawTextW, KillTimer, IsZoomed, GetLastActivePopup, SetForegroundWindow, GetFocus, GetParent, IsHungAppWindow, LoadCursorW, GetWindowInfo, IsWindowEnabled, OpenInputDesktop, GetWindowLongPtrW, GetClientRect, SetFocus, CloseDesktop, ModifyMenuW, BeginPaint, EnumWindows, PtInRect, GetClassInfoExW, GetIconInfo, GetForegroundWindow, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, GetWindowLongA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowLongW, PrintWindow, SetClassLongW, GetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongPtrA, DrawCaption, RegisterClassExW, LoadIconW, TrackPopupMenuEx, GetAsyncKeyState, GetScrollInfo, UnionRect, InvalidateRect, CascadeWindows, BringWindowToTop, TileWindows, GetClassLongPtrW, SetScrollPos, EnableMenuItem, MonitorFromWindow, GetMenuState, GetDesktopWindow, GetSysColor, SetWindowPos, GetCursorPos, SendMessageCallbackW, ShowWindow, IsDlgButtonChecked, GetMenuItemCount, IsWindow, SetMenuDefaultItem, InsertMenuW, EqualRect, IsWindowVisible, SwitchToThisWindow, MapWindowPoints, UpdateWindow, SetWindowTextW, DestroyIcon, SetScrollInfo, GetMonitorInfoW, DefWindowProcW, GetWindowThreadProcessId, GetWindow, EndTask, IsRectEmpty, CharUpperBuffW, DeleteMenu > SHLWAPI.dll: StrCpyNW, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, -, -, -, SHGetValueW, -, -, -, PathGetArgsW, PathFindFileNameW, SHRegCloseUSKey, StrStrIW, SHRegWriteUSValueW, PathRemoveBlanksW, -, SHSetThreadRef, PathAppendW, SHRegCreateUSKeyW, StrCmpNIW, -, -, -, -, SHSetValueW, SHCreateThreadRef, PathQuoteSpacesW, SHRegGetBoolUSValueW, -, SHRegGetUSValueW, StrToIntW, PathRemoveArgsW, -, -, PathCombineW, -, -, -, AssocQueryKeyW, -, AssocQueryStringW, PathIsPrefixW, PathParseIconLocationW, StrCmpW, -, SHStrDupW, -, -, -, PathStripToRootW, -, PathIsDirectoryW, PathFindExtensionW, -, PathRemoveFileSpecW, -, SHRegSetUSValueW, StrChrW, PathGetDriveNumberW, -, -, PathFileExistsW, -, -, SHRegQueryUSValueW, -, SHRegOpenUSKeyW, -, -, -, SHOpenRegStream2W, -, StrCatBuffW, StrCmpIW, SHDeleteValueW, SHDeleteKeyW, StrDupW, -, -, wnsprintfW, -, -, StrCatW, StrCpyW, -, -, -, StrCmpNW, -, - > SHELL32.dll: -, -, -, -, SHGetFolderPathW, SHGetSpecialFolderLocation, -, -, ExtractIconExW, -, -, -, -, -, SHUpdateRecycleBinIcon, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, SHAddToRecentDocs, -, SHChangeNotify, SHGetDesktopFolder, -, DuplicateIcon, SHGetFolderLocation, -, -, -, SHGetPathFromIDListW, SHGetPathFromIDListA, -, -, -, -, -, -, -, -, -, -, -, -, -, - > ole32.dll: CoUninitialize, CoRegisterClassObject, CoRevokeClassObject, CoMarshalInterThreadInterfaceInStream, CreateBindCtx, CoCreateInstance, OleInitialize, OleUninitialize, CoTaskMemFree, RegisterDragDrop, CoFreeUnusedLibraries, DoDragDrop, CoInitializeEx, RevokeDragDrop > OLEAUT32.dll: -, - > BROWSEUI.dll: -, -, -, - > SHDOCVW.dll: -, -, - > UxTheme.dll: GetThemeFont, GetThemeMargins, GetThemeColor, GetThemeRect, GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, CloseThemeData, GetThemeTextExtent, DrawThemeParentBackground, DrawThemeBackground, SetWindowTheme, OpenThemeData, DrawThemeText, IsAppThemed, -, GetThemeBackgroundRegion ( 0 exports )

Salut Qc001, Bon hier soir très rapidement j'ai tenté de faire les tests sur le fichier "explorer.exe" Alors tout d'abord à ma surprise le fichier C:\WINDOWS\system32\Explorer.exe n'est pas dans dans le répertoire "system32" mais dans "WINDOWS", j'ai commencé à lancer l'analyse mais je n'ai pas pu attendre la finalisation, je vais essayer de reprendre ça au plus vite. Ensuite en ce qui concerne le fichier "C:\WINDOWS\SysWOW64\Explorer.exe" il est bien présent. J'attaque la suite au plus vite. Merci et bonne journée.

Bonsoir Qc001 Bon, ok pour les manips, mais je bosse dans un studio d'enregistrement et j'ai un emploi du temps un peu particulier, Donc il se peut que je ne puisse rien faire d'ici dimanche prochain, disons que ce jour là j'aurais un peu de temps devant moi. Je vais essayer de voir avant car j'aimerais vraiment régler mon problème. Merci, bonne nuit et à très vite. Ciao

ok et merci pour ton aide précieuse et merci de me donner de ton temps. J'attends la suite ciao

Et le deuxième "Extras" OTListIt Extras logfile created on: 16/03/2009 09:07:24 - Run 1 OTListIt2 by OldTimer - Version 2.0.5.2 Folder = C:\Documents and Settings\Administrator\Desktop Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 86,86% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 33,83 Gb Total Space | 10,01 Gb Free Space | 29,60% Space Free | Partition Type: NTFS Drive D: | 217,88 Gb Total Space | 33,37 Gb Free Space | 15,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 100,01 Gb Total Space | 15,26 Gb Free Space | 15,26% Space Free | Partition Type: NTFS Drive H: | 198,08 Gb Total Space | 52,39 Gb Free Space | 26,45% Space Free | Partition Type: NTFS Drive I: | 4,11 Gb Total Space | 1,19 Gb Free Space | 29,00% Space Free | Partition Type: FAT32 Drive J: | 232,89 Gb Total Space | 38,78 Gb Free Space | 16,65% Space Free | Partition Type: NTFS Computer Name: USER-751A7B4E9C Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hta [@ = htafile] -- C:\WINDOWS\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .reg [@ = regfile] -- C:\WINDOWS\system32\regedit.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] File not found -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 [2006/11/18 06:23:38 | 01,556,480 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe:*:Disabled:MSI starter [2007/12/13 02:31:58 | 00,213,176 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service [2007/12/13 02:32:20 | 01,619,136 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service [2007/07/25 00:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour [2008/02/19 22:10:26 | 19,897,640 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe:*:Disabled:iTunes ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0FC65BD2-FB46-4E89-AEB9-C5CB53E4BC1F}_is1" = JkDefrag 3.26 Fr "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime "{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Partition Suite "{25BADF94-7F64-4820-9CEF-2BBC087C1E98}" = Behringer FCB1010 MIDI PC Editor Utility "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C5C86D6-5C7D-4D5D-A6AB-39FDE5167AC1}" = PHLUMX v0.8 "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{648C1BFD-6A70-46D8-B855-F84D95C2DC34}" = CSR "{64983871-5B22-4F33-9CB3-FB53E26581E8}" = Blue Cat's Remote Control - VST (Demo) "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7148F0A8-6813-11D6-A77B-00B0D0142160}" = Java 2 Runtime Environment, SE v1.4.2_16 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81 "{98FDD1DA-DF13-455F-82C3-5AED34B2F741}" = BC Manager 1.0 "{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX "{AC76BA86-7AD7-1036-7B44-A81000000003}" = Adobe Reader 8.1.0 - Français "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{F0E057C7-3D5D-49C8-AE9E-ACD757B9DC45}" = huskervu "{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}" = Safari "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2DF7839-7B71-4E34-BB8D-552E182082C9}" = Movavi Video Converter 6 "{F87DA817-8D53-42CC-AA45-93A100341036}" = Nero 7 Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Antress Modern Plugins v2.70" = Antress Modern Plugins v2.70 "EffectChainer_is1" = EffectChainer 1.02 "Free Easy Burner_is1" = Free Easy Burner V 2.0 "GSpot 2.21 Fr_is1" = GSpot 2.21 Fr "Live 6.0.10" = Live 6.0.10 "Live 7.0.14" = Live 7.0.14 "LoopBe1" = LoopBe1 - Internal MIDI Port "MediaCoder" = MediaCoder 0.6.0 "MediaInfo" = MediaInfo 0.7.6.3 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "MIDIsport2x2" = Midisport 2x2 1.0.1.0 "Mozilla Firefox (2.0.0.14)" = Mozilla Firefox (2.0.0.14) "Mp3tag" = Mp3tag v2.39 "Nebula2free" = AcusticaAudio Nebula2free "Neuromixer AVmixer Pro_is1" = Neuromixer AVmixer Pro v1.2 "Pluggo 3.5.4" = Pluggo 3.5.4 "PreSonus 1394 Audio Driver v2.46 (FireBox) Setup" = PreSonus 1394 Audio Driver v2.46 (FireBox) "Steinberg LM-4 MarkII v1.1" = Steinberg LM-4 MarkII v1.1 "StormGate3 1.0_is1" = StormGate3 1.0 "SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008) "Tag&Rename_is1" = Tag&Rename 3.3.5 "VLC media player" = VideoLAN VLC media player 0.8.6c ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "QUICKMEDIACONVERTER" = Converter ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1967997339-1459969702-4195594450-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "QUICKMEDIACONVERTER" = Converter ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07/03/2009 09:11:14 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 07/03/2009 09:26:16 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 07/03/2009 10:27:13 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 07/03/2009 13:28:01 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 10/03/2009 11:26:33 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 10/03/2009 13:27:10 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 12/03/2009 04:46:17 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 13/03/2009 04:47:26 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 14/03/2009 11:04:21 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée irsetup.exe, version 5.0.1.4, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 14/03/2009 14:50:58 | Computer Name = USER-751A7B4E9C | Source = EventSystem | ID = 4609 Description = Le système d'événements de COM+ a détecté un code de renvoi erroné lors de son traitement interne. Le HRESULT est 800706F7 à partir de la ligne 62 de d:\nt\com\complus\src\events\tier1\eventsystemobj.cpp. Contactez les services du Support Technique Microsoft pour signaler cette erreu [ System Events ] Error - 14/03/2009 15:16:10 | Computer Name = USER-751A7B4E9C | Source = Application Popup | ID = 1060 Description = Le chargement de \SystemRoot\SysWow64\drivers\pfc.sys a été bloqué en raison d'une incompatibilité avec cet ordinateur. Contactez l'éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 14/03/2009 15:16:10 | Computer Name = USER-751A7B4E9C | Source = Application Popup | ID = 1060 Description = Le chargement de \SystemRoot\SysWow64\drivers\pfc.sys a été bloqué en raison d'une incompatibilité avec cet ordinateur. Contactez l'éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 14/03/2009 15:16:35 | Computer Name = USER-751A7B4E9C | Source = Application Popup | ID = 1060 Description = Le chargement de \??\C:\Documents and Settings\Administrator\Application Data\dr a été bloqué en raison d'une incompatibilité avec cet ordinateur. Contactez l'éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 14/03/2009 15:16:35 | Computer Name = USER-751A7B4E9C | Source = Application Popup | ID = 1060 Description = Le chargement de \??\C:\Documents and Settings\Administrator\Application Data\dr a été bloqué en raison d'une incompatibilité avec cet ordinateur. Contactez l'éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 14/03/2009 15:17:33 | Computer Name = USER-751A7B4E9C | Source = Service Control Manager | ID = 7001 Description = Le service Wireless Configuration dépend du service NDIS Usermode I/O Protocol qui n'a pas pu démarrer en raison de l'erreur : %%1058 Error - 16/03/2009 04:04:57 | Computer Name = USER-751A7B4E9C | Source = Application Popup | ID = 1060 Description = Le chargement de \SystemRoot\SysWow64\drivers\pfc.sys a été bloqué en raison d'une incompatibilité avec cet ordinateur. Contactez l'éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 16/03/2009 04:04:57 | Computer Name = USER-751A7B4E9C | Source = Application Popup | ID = 1060 Description = Le chargement de \SystemRoot\SysWow64\drivers\pfc.sys a été bloqué en raison d'une incompatibilité avec cet ordinateur. Contactez l'éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 16/03/2009 04:04:57 | Computer Name = USER-751A7B4E9C | Source = Application Popup | ID = 1060 Description = Le chargement de \??\C:\Documents and Settings\Administrator\Application Data\dr a été bloqué en raison d'une incompatibilité avec cet ordinateur. Contactez l'éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 16/03/2009 04:04:57 | Computer Name = USER-751A7B4E9C | Source = Application Popup | ID = 1060 Description = Le chargement de \??\C:\Documents and Settings\Administrator\Application Data\dr a été bloqué en raison d'une incompatibilité avec cet ordinateur. Contactez l'éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 16/03/2009 04:06:16 | Computer Name = USER-751A7B4E9C | Source = Service Control Manager | ID = 7001 Description = Le service Wireless Configuration dépend du service NDIS Usermode I/O Protocol qui n'a pas pu démarrer en raison de l'erreur : %%1058 < End of report >

Voici le premier rapport (OTListIt), au fait dans la fenêtre du logiciel toutes les cases "Use SafeList" étaient cochés. OTListIt logfile created on: 16/03/2009 09:07:24 - Run 1 OTListIt2 by OldTimer - Version 2.0.5.2 Folder = C:\Documents and Settings\Administrator\Desktop Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 86,86% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 33,83 Gb Total Space | 10,01 Gb Free Space | 29,60% Space Free | Partition Type: NTFS Drive D: | 217,88 Gb Total Space | 33,37 Gb Free Space | 15,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 100,01 Gb Total Space | 15,26 Gb Free Space | 15,26% Space Free | Partition Type: NTFS Drive H: | 198,08 Gb Total Space | 52,39 Gb Free Space | 26,45% Space Free | Partition Type: NTFS Drive I: | 4,11 Gb Total Space | 1,19 Gb Free Space | 29,00% Space Free | Partition Type: FAT32 Drive J: | 232,89 Gb Total Space | 38,78 Gb Free Space | 16,65% Space Free | Partition Type: NTFS Computer Name: USER-751A7B4E9C Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - [2007/07/25 00:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe PRC - [2005/04/08 02:10:00 | 00,806,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe PRC - [2007/10/11 02:03:28 | 01,077,248 | ---- | M] (PreSonus Audio Electronics) -- C:\Program Files (x86)\PreSonus\1394AudioDriver_FireBox\FireBox.exe PRC - [2007/02/18 13:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe PRC - [2008/07/18 09:14:27 | 00,173,590 | RHS- | M] () -- C:\WINDOWS\algd.exe PRC - [2009/03/16 08:30:44 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe ========== Win32 Services (SafeList) ========== SRV - [2008/07/25 10:13:44 | 00,046,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007/07/25 00:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008/07/25 10:13:48 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) SRV - File not found -- -- (dmadmin [On_Demand | Stopped]) SRV - File not found -- -- (Eventlog [Auto | Running]) SRV - [2008/03/19 17:11:30 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2008/07/29 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2007/02/18 13:00:00 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007/02/18 13:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet [On_Demand | Stopped]) SRV - [2008/07/29 19:28:38 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - File not found -- -- (ImapiService [On_Demand | Stopped]) SRV - [2008/02/19 22:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) SRV - File not found -- -- (MSDTC [On_Demand | Stopped]) SRV - [2006/11/11 04:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2007/02/18 13:00:00 | 00,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped]) SRV - [2008/07/29 19:20:34 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - File not found -- -- (NtLmSsp [On_Demand | Stopped]) SRV - File not found -- -- (NVSvc [Auto | Running]) SRV - File not found -- -- (PlugPlay [Auto | Running]) SRV - File not found -- -- (PolicyAgent [Auto | Running]) SRV - File not found -- -- (ProtectedStorage [Auto | Running]) SRV - File not found -- -- (RDSessMgr [On_Demand | Stopped]) SRV - File not found -- -- (SamSs [Auto | Running]) SRV - [2007/12/13 02:31:58 | 00,213,176 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv [On_Demand | Stopped]) SRV - [2007/12/13 02:32:20 | 01,619,136 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe -- (SandraTheSrv [On_Demand | Stopped]) SRV - File not found -- -- (TlntSvr [Disabled | Stopped]) SRV - [2007/02/18 13:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped]) SRV - File not found -- -- (vds [On_Demand | Stopped]) SRV - File not found -- -- (VSS [On_Demand | Stopped]) SRV - [2007/02/18 13:00:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\mspmsnsv.dll -- (WmdmPmSN [On_Demand | Stopped]) SRV - File not found -- -- (WmiApSrv [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - File not found -- -- (ACPI [boot | Running]) DRV - File not found -- -- (AFD [system | Running]) DRV - File not found -- -- (atapi [boot | Running]) DRV - File not found -- -- (audstub [On_Demand | Running]) DRV - File not found -- -- (Beep [system | Running]) DRV - File not found -- -- (CdaC15BA [Auto | Running]) DRV - File not found -- -- (CdaD10BA [Auto | Running]) DRV - File not found -- -- (Cdfs [Disabled | Running]) DRV - File not found -- -- (Cdrom [system | Running]) DRV - File not found -- -- (crcdisk [boot | Running]) DRV - File not found -- -- (Disk [boot | Running]) DRV - File not found -- -- (dmio [boot | Running]) DRV - File not found -- -- (dmload [boot | Running]) DRV - File not found -- -- (Fastfat [Disabled | Running]) DRV - File not found -- -- (Fips [system | Running]) DRV - File not found -- -- (FltMgr [boot | Running]) DRV - File not found -- -- (Ftdisk [boot | Running]) DRV - [2007/11/02 23:14:34 | 00,022,336 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped]) DRV - File not found -- -- (Gpc [On_Demand | Running]) DRV - File not found -- -- (HDAudBus [On_Demand | Running]) DRV - File not found -- -- (HTTP [On_Demand | Running]) DRV - File not found -- -- (i8042prt [system | Running]) DRV - File not found -- -- (imapi [system | Running]) DRV - File not found -- -- (intelppm [On_Demand | Running]) DRV - File not found -- -- (IPSec [system | Running]) DRV - File not found -- -- (isapnp [boot | Running]) DRV - File not found -- -- (Kbdclass [system | Running]) DRV - File not found -- -- (KSecDD [boot | Running]) DRV - File not found -- -- (ksthunk [On_Demand | Running]) DRV - File not found -- -- (LoopBeMidi1 [On_Demand | Running]) DRV - [2007/02/18 13:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll -- (mnmdd [system | Running]) DRV - File not found -- -- (Mouclass [system | Running]) DRV - File not found -- -- (MountMgr [boot | Running]) DRV - File not found -- -- (MRxDAV [On_Demand | Running]) DRV - File not found -- -- (MRxSmb [system | Running]) DRV - File not found -- -- (Msfs [system | Running]) DRV - File not found -- -- (mssmbios [On_Demand | Running]) DRV - File not found -- -- (Mup [boot | Running]) DRV - File not found -- -- (NDIS [boot | Running]) DRV - File not found -- -- (NdisTapi [On_Demand | Running]) DRV - File not found -- -- (NdisWan [On_Demand | Running]) DRV - File not found -- -- (NDProxy [On_Demand | Running]) DRV - File not found -- -- (NetBIOS [system | Running]) DRV - File not found -- -- (NetBT [system | Running]) DRV - File not found -- -- (Npfs [system | Running]) DRV - File not found -- -- (Ntfs [Disabled | Running]) DRV - File not found -- -- (Null [system | Running]) DRV - File not found -- -- (nv [On_Demand | Running]) DRV - File not found -- -- (ohci1394 [boot | Running]) DRV - File not found -- -- (pae_1394 [On_Demand | Running]) DRV - File not found -- -- (pae_avs [On_Demand | Running]) DRV - File not found -- -- (Parport [On_Demand | Running]) DRV - File not found -- -- (PartMgr [boot | Running]) DRV - File not found -- -- (PCI [boot | Running]) DRV - File not found -- -- (PCIIde [boot | Running]) DRV - [2003/09/08 18:49:44 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Stopped]) DRV - File not found -- -- (PptpMiniport [On_Demand | Running]) DRV - File not found -- -- (PSched [On_Demand | Running]) DRV - File not found -- -- (Ptilink [On_Demand | Running]) DRV - File not found -- -- (RasAcd [system | Running]) DRV - File not found -- -- (Rasl2tp [On_Demand | Running]) DRV - File not found -- -- (RasPppoe [On_Demand | Running]) DRV - File not found -- -- (Raspti [On_Demand | Running]) DRV - File not found -- -- (Rdbss [system | Running]) DRV - File not found -- -- (RDPCDD [system | Running]) DRV - File not found -- -- (rdpdr [On_Demand | Running]) DRV - File not found -- -- (redbook [system | Running]) DRV - File not found -- -- (RTLE8023x64 [On_Demand | Running]) DRV - [2007/11/17 17:41:26 | 00,022,432 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Sandra.sys -- (SANDRA [On_Demand | Stopped]) DRV - File not found -- -- (sbp2port [boot | Running]) DRV - File not found -- -- (Secdrv [Auto | Running]) DRV - File not found -- -- (serenum [On_Demand | Running]) DRV - File not found -- -- (Serial [system | Running]) DRV - File not found -- -- (snapman [boot | Running]) DRV - File not found -- -- (sptd [boot | Running]) DRV - File not found -- -- (sr [boot | Running]) DRV - [2009/03/16 09:04:53 | 00,121,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\drivers\wfsintwq.sys -- (srosa [system | Stopped]) DRV - File not found -- -- (Srv [On_Demand | Running]) DRV - File not found -- -- (swenum [On_Demand | Running]) DRV - File not found -- -- (sysaudio [On_Demand | Running]) DRV - File not found -- -- (Tcpip [system | Running]) DRV - File not found -- -- (TermDD [system | Running]) DRV - File not found -- -- (Update [On_Demand | Running]) DRV - File not found -- -- (usbehci [On_Demand | Running]) DRV - File not found -- -- (usbhub [On_Demand | Running]) DRV - File not found -- -- (usbprint [On_Demand | Running]) DRV - File not found -- -- (USBSTOR [On_Demand | Running]) DRV - File not found -- -- (usbuhci [On_Demand | Running]) DRV - File not found -- -- (VgaSave [system | Running]) DRV - File not found -- -- (vmm [system | Running]) DRV - File not found -- -- (VolSnap [boot | Running]) DRV - File not found -- -- (VPCNetS2 [On_Demand | Running]) DRV - File not found -- -- (Wanarp [On_Demand | Running]) DRV - [2007/02/18 13:00:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv -- (wdmaud [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\S-1-5-21-1967997339-1459969702-4195594450-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1967997339-1459969702-4195594450-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-21-1967997339-1459969702-4195594450-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKU\S-1-5-21-1967997339-1459969702-4195594450-500\S-1-5-21-1967997339-1459969702-4195594450-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1967997339-1459969702-4195594450-500\S-1-5-21-1967997339-1459969702-4195594450-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/14 19:54:07 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2008/04/19 07:41:27 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2008/04/19 10:04:03 | 00,000,000 | ---D | M] [2008/09/11 08:20:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4lc7ieqy.default\extensions [2008/11/14 16:01:43 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2008/04/19 07:41:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/07/18 10:14:44 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008/04/14 11:52:53 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\talkback@mozilla.org [2008/04/19 07:41:24 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\jar50.dll [2008/04/19 07:41:24 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\jsd3250.dll [2008/04/19 07:41:24 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\myspell.dll [2008/04/19 07:41:24 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\spellchk.dll [2008/04/19 07:41:24 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\xpinstal.dll [2006/09/06 19:27:53 | 00,001,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml [2006/06/03 21:11:43 | 00,001,072 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml [2007/01/17 23:05:32 | 00,002,368 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2006/09/06 21:56:53 | 00,000,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MediaDICO-fr.xml [2006/09/13 22:56:35 | 00,001,203 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml [2006/09/11 20:46:49 | 00,000,664 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-1967997339-1459969702-4195594450-500\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1967997339-1459969702-4195594450-500\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1967997339-1459969702-4195594450-500\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\syswow64\SHELL32.dll (Microsoft Corporation) O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files (x86)\Common Files\Acronis\Partition Suite\oss_reinstall.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Messanger Control Center] algd.exe () O4 - HKU\S-1-5-21-1967997339-1459969702-4195594450-500..\Run: [drvsyskit] C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe () O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (Nero AG) O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (Nero AG) O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FireBox Control Panel.lnk = C:\Program Files (x86)\PreSonus\1394AudioDriver_FireBox\FireBox.exe (PreSonus Audio Electronics) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1967997339-1459969702-4195594450-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1237054137156 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_16) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\syswow64\SHELL32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\system32\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\syswow64\SHELL32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\syswow64\SHELL32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/11/02 23:01:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/03/16 09:07:24 | 00,000,288 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{2ad0aed7-f8e6-11dd-a306-001a4d5036a9}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008/07/18 09:14:28 | 00,173,590 | RHS- | M] () O33 - MountPoints2\{2ad0aed7-f8e6-11dd-a306-001a4d5036a9}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008/07/18 09:14:28 | 00,173,590 | RHS- | M] () O33 - MountPoints2\{60ad2b53-b58d-11dc-953a-e70359a9883d}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found O33 - MountPoints2\{60ad2b53-b58d-11dc-953a-e70359a9883d}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [3 C:\WINDOWS\*.tmp files] [2009/03/16 09:05:17 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe [2009/03/16 09:05:15 | 00,000,626 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bagle.rtf [2009/03/14 20:27:11 | 03,888,054 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sans titre.bmp [2009/03/14 19:52:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2009/03/14 19:09:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\m [2009/03/14 19:09:38 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2009/03/14 16:16:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Brainworx Music [2009/03/14 16:08:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Waves Preferences [2009/03/14 16:05:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PSP MixPack 1.8 Demo [2009/03/14 16:04:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PSP VintageWarmer [2009/03/14 14:19:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\drivers [2009/03/12 09:22:44 | 00,000,005 | ---- | C] () -- C:\WINDOWS\cofpeaka.ini [2009/03/10 18:31:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Extreme Sample Converter 3 [2009/03/10 18:30:39 | 00,000,000 | ---D | C] -- D:\USER\DRUMS NKI [2009/03/08 16:38:32 | 00,000,000 | ---D | C] -- D:\USER\Native Instruments [2009/03/08 16:38:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Native Instruments [2009/03/08 16:37:50 | 01,777,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2009/03/08 16:11:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments [2009/03/07 16:35:34 | 00,069,632 | ---- | C] (Native Instruments Software GmbH) -- C:\WINDOWS\System32\NI_DFD_KOMPAKT.dll [2009/03/07 16:35:34 | 00,069,632 | ---- | C] (Native Instruments Software GmbH) -- C:\WINDOWS\System32\NI_DFD_1_2_9.dll [2009/03/07 16:35:34 | 00,069,632 | ---- | C] (Native Instruments Software GmbH) -- C:\WINDOWS\System32\NI_DFD_1_2_7.dll [2009/03/07 16:35:34 | 00,069,632 | ---- | C] (Native Instruments Software GmbH) -- C:\WINDOWS\System32\NI_DFD_1_2_4.dll [2009/03/07 16:35:34 | 00,069,632 | ---- | C] (Native Instruments Software GmbH) -- C:\WINDOWS\System32\NI_DFD.dll [2009/03/07 16:35:14 | 00,065,536 | ---- | C] (Native Instruments Software GmbH) -- C:\WINDOWS\System32\NI_DFD_1_2_8.dll [2009/03/07 16:35:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments [2009/03/07 15:58:40 | 00,000,005 | ---- | C] () -- C:\WINDOWS\cofpeaac.ini [2009/03/06 18:10:23 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2009/03/06 18:10:23 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2009/03/02 09:18:58 | 00,000,865 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FireBox Mixer.lnk [2009/02/28 18:42:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Syncrosoft ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009/03/16 10:04:12 | 00,297,072 | RHS- | M] () -- C:\ntldr [2009/03/16 10:04:12 | 00,047,772 | RHS- | M] () -- C:\ntdetect.com [2009/03/16 10:04:12 | 00,004,952 | RHS- | M] () -- C:\bootfont.bin [2009/03/16 10:04:12 | 00,000,326 | -HS- | M] () -- C:\boot.ini [2009/03/16 09:04:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/03/16 09:04:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/03/16 08:31:34 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bagle.rtf [2009/03/16 08:30:44 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe [2009/03/14 20:27:11 | 03,888,054 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sans titre.bmp [2009/03/14 19:57:46 | 00,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/03/14 19:56:10 | 01,197,274 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/03/14 19:12:17 | 01,084,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\down\486000.exe [2009/03/14 19:12:06 | 00,950,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\down\475296.exe [2009/03/14 19:11:03 | 00,869,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\down\410828.exe [2009/03/14 16:14:36 | 00,000,048 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss [2009/03/14 16:14:36 | 00,000,048 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll [2009/03/14 16:14:36 | 00,000,048 | ---- | M] () -- C:\WINDOWS\msocreg32.dat [2009/03/14 16:05:17 | 00,659,456 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe [2009/03/14 15:40:10 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/03/14 15:22:52 | 00,024,576 | RHS- | M] () -- C:\bootwiz.sys [2009/03/12 09:22:44 | 00,000,005 | ---- | M] () -- C:\WINDOWS\cofpeaka.ini [2009/03/07 15:58:40 | 00,000,005 | ---- | M] () -- C:\WINDOWS\cofpeaac.ini [2009/03/06 18:22:41 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2009/03/02 09:18:58 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FireBox Mixer.lnk [2009/02/23 12:23:24 | 00,117,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini < End of report >

Salut, Merci pour votre soutien. En fait j'utilise windows XP64, enfin bom c'est du 64bits donc je vais faire le test dés ce matin. Je mettrais le rapport dès que je l'aurais. A + Et merci encore

Au fait j'ai "partition suite" installé et au démarrage de l'ordi il scrute tous les systèmes dont les systèmes linux que j'ai installé, en fait mon ordi ne démarre pas directement sur windows. Est-ce un problème ? @ bientôt

Bonjour à tout le monde, He bien oui, un énième pc pollué par "winupgro.exe". Moi qui viens de l'univers du MAC, je n'étais pas habitué à ce genre de problème et bien là j'y suis. Évidemment j'ai installé quelquechose qu'il ne fallait pas installé et oui !!!! J'ai parcouru ce forum en long et en large depuis hier , jour où j'ai découvert ce fameux "winupgro.exe" qui pompait 70% du CPU. J'utilise ce PC exclusivement pour faire de l'audio avec Live d'ableton et je ne le connecte à internet que pour faire les mises à jours de sécurité du système windows XP64, je n'ai aucun antivirus installé et j'utilise seulement le firewall de windows. (je sais c'est de la pure folie mais voilà ma situation) Donc j'ai vu différentes procédures avec HiJackThis, FindyKill, ComboFix et les rapports interminables qui me font suer de panique vu leur longueur et la difficulté que j'ai à les comprendre. Donc voilà par où je pourrais commencer, j'ai un disque dur externe qui n'a jamais était connecté à cet ordinateur. Puis je faire une sauvegarde de mes données sans risquer de l'infecter. Pouvez vous me donner la procédure à suivre et m'aider ? Merci