lataupe123

La navigation marche nikel sous ie, sous ff j'ai eu un redirect mais j'ai ouvert tellement de fenêtre pour testé que je pense que ce n'était rien de grave car ensuite plus rien. voici le rapport malwarebytes Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3565 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 14/01/2010 23:36:06 mbam-log-2010-01-14 (23-36-06).txt Type de recherche: Examen rapide Eléments examinés: 101646 Temps écoulé: 5 minute(s), 54 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) J'ai aussi réinstallé antivir v9 avec ce tuto http://www.vista-xp.fr/forum/topic4162.html et cette vidéo http://www.malekal.com/fichiers/antivir/Co...onAntivirV9.avi demain je virerais norton qui n'a servi strictement à rien... En tout cas UN GRAND GRAND MERCI A TOI /clap Vraiment super sympa Si tu veux que je fasse d'autres tests je serais dispo demain. Là je vais me coucher. Bonne nuit et merci encore Léo

Chui trop heureux je vois enfin une lueur d'espoir !!!!! il m'a demandé de rebooter car il avait trouvé un truc, donc j'ai fais yes et apres le reboot, voici le log : 22:56:06:626 1608 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25 22:56:06:626 1608 ================================================================================ 22:56:06:626 1608 SystemInfo: 22:56:06:626 1608 OS Version: 6.0.6001 ServicePack: 1.0 22:56:06:626 1608 Product type: Workstation 22:56:06:626 1608 ComputerName: PC-DE-TAUPI 22:56:06:626 1608 UserName: Taupi 22:56:06:626 1608 Windows directory: C:\Windows 22:56:06:626 1608 Processor architecture: Intel x86 22:56:06:626 1608 Number of processors: 2 22:56:06:626 1608 Page size: 0x1000 22:56:06:626 1608 Boot type: Normal boot 22:56:06:626 1608 ================================================================================ 22:56:06:626 1608 UnloadDriverW: NtUnloadDriver error 2 22:56:06:626 1608 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 22:56:06:641 1608 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000 22:56:06:891 1608 UtilityInit: KLMD drop and load success 22:56:06:891 1608 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000) 22:56:06:891 1608 UtilityInit: KLMD open success 22:56:06:891 1608 UtilityInit: Initialize success 22:56:06:891 1608 22:56:06:891 1608 Scanning Services ... 22:56:06:891 1608 CreateRegParser: Registry parser init started 22:56:06:891 1608 CreateRegParser: DisableWow64Redirection error 22:56:06:891 1608 wfopen_ex: Trying to open file C:\Windows\system32\config\system 22:56:06:891 1608 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043 22:56:06:891 1608 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 22:56:06:891 1608 wfopen_ex: Trying to KLMD file open 22:56:06:891 1608 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system 22:56:06:891 1608 wfopen_ex: File opened ok (Flags 2) 22:56:06:891 1608 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 1651290 22:56:06:891 1608 wfopen_ex: Trying to open file C:\Windows\system32\config\software 22:56:06:891 1608 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043 22:56:06:891 1608 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 22:56:06:891 1608 wfopen_ex: Trying to KLMD file open 22:56:06:891 1608 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software 22:56:06:891 1608 wfopen_ex: File opened ok (Flags 2) 22:56:06:891 1608 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 16512B8 22:56:06:891 1608 CreateRegParser: EnableWow64Redirection error 22:56:06:891 1608 CreateRegParser: RegParser init completed 22:56:08:467 1608 GetAdvancedServicesInfo: Raw services enum returned 461 services 22:56:08:467 1608 fclose_ex: Trying to close file C:\Windows\system32\config\system 22:56:08:467 1608 fclose_ex: Trying to close file C:\Windows\system32\config\software 22:56:08:467 1608 22:56:08:467 1608 Scanning Kernel memory ... 22:56:08:467 1608 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 22:56:08:467 1608 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 861FA528 22:56:08:467 1608 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects 22:56:08:467 1608 22:56:08:467 1608 DetectCureTDL3: DEVICE_OBJECT: 86400AC8 22:56:08:467 1608 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86400AC8 22:56:08:467 1608 DetectCureTDL3: DEVICE_OBJECT: 85B47A78 22:56:08:467 1608 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85B47A78 22:56:08:467 1608 DetectCureTDL3: DEVICE_OBJECT: 85B47BA0 22:56:08:467 1608 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85B47BA0 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85B47BA0[0x38] 22:56:08:467 1608 DetectCureTDL3: DRIVER_OBJECT: 85AF9558 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85AF9558[0xA8] 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85AF9508[0x1A] 22:56:08:467 1608 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 22:56:08:467 1608 DetectCureTDL3: IrpHandler (0) addr: 805BF0FC 22:56:08:467 1608 DetectCureTDL3: IrpHandler (1) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (2) addr: 805BF0FC 22:56:08:467 1608 DetectCureTDL3: IrpHandler (3) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (4) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (5) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (6) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (7) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler ( addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (9) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (10) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (11) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (12) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (13) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (14) addr: 805AD9D6 22:56:08:467 1608 DetectCureTDL3: IrpHandler (15) addr: 805AD9A8 22:56:08:467 1608 DetectCureTDL3: IrpHandler (16) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (17) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (18) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (19) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (20) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (21) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (22) addr: 805ADA04 22:56:08:467 1608 DetectCureTDL3: IrpHandler (23) addr: 805BAB70 22:56:08:467 1608 DetectCureTDL3: IrpHandler (24) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (25) addr: 82062FEF 22:56:08:467 1608 DetectCureTDL3: IrpHandler (26) addr: 82062FEF 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85B1F4BF[0x400] 22:56:08:467 1608 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1 22:56:08:467 1608 Driver "atapi" StartIo handler infected by TDSS rootkit ... 22:56:08:467 1608 TDL3_StartIoHookCure: Number of patches 1 22:56:08:467 1608 KLMD_WriteMem: Trying to WriteMemory 0x85B1F5B6[0x6] 22:56:08:467 1608 cured 22:56:08:467 1608 TDL3_FileDetect: Processing driver: atapi 22:56:08:467 1608 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys 22:56:08:467 1608 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys 22:56:08:467 1608 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Clean 22:56:08:467 1608 22:56:08:467 1608 DetectCureTDL3: DEVICE_OBJECT: 862FD968 22:56:08:467 1608 KLMD_GetLowerDeviceObject: Trying to get lower device object for 862FD968 22:56:08:467 1608 DetectCureTDL3: DEVICE_OBJECT: 85AB48A8 22:56:08:467 1608 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85AB48A8 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85AB48A8[0x38] 22:56:08:467 1608 DetectCureTDL3: DRIVER_OBJECT: 84D59D58 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x84D59D58[0xA8] 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85158028[0x38] 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85AF9558[0xA8] 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85AF9508[0x1A] 22:56:08:467 1608 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 22:56:08:467 1608 DetectCureTDL3: IrpHandler (0) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (1) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (2) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (3) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (4) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (5) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (6) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (7) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler ( addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (9) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (10) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (11) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (12) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (13) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (14) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (15) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (16) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (17) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (18) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (19) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (20) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (21) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (22) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (23) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (24) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (25) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: IrpHandler (26) addr: 85B1F618 22:56:08:467 1608 DetectCureTDL3: All IRP handlers pointed to one addr: 85B1F618 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85B1F618[0x400] 22:56:08:467 1608 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89 22:56:08:467 1608 Driver "atapi" Irp handler infected by TDSS rootkit ... 22:56:08:467 1608 KLMD_WriteMem: Trying to WriteMemory 0x85B1F67D[0xD] 22:56:08:467 1608 cured 22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85B1F4BF[0x400] 22:56:08:467 1608 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 0 22:56:08:467 1608 TDL3_FileDetect: Processing driver: atapi 22:56:08:467 1608 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys 22:56:08:467 1608 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys 22:56:08:482 1608 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Infected 22:56:08:482 1608 File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 22:56:08:498 1608 TDL3_FileCure: Processing driver file: C:\Windows\system32\drivers\atapi.sys 22:56:09:855 1608 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys:21560, checking.. 22:56:10:198 1608 ValidateDriverFile: Stage 1 passed 22:56:10:198 1608 ValidateDriverFile: Stage 2 passed 22:56:10:307 1608 DigitalSignVerifyByHandle: Embedded DS result: 00000000 22:56:10:307 1608 ValidateDriverFile: Stage 3 passed 22:56:10:307 1608 FileCallback: File validated successfully, restore information prepared 22:56:11:493 1608 FindDriverFileBackup: Backup copy found in DriverStore 22:56:11:493 1608 TDL3_FileCure: Backup copy found, using it.. 22:56:11:493 1608 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tsk623B.tmp 22:56:11:540 1608 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk623B.tmp, system32\drivers\atapi.sys) 22:56:11:649 1608 TDL3_FileCure: KLMD jobs schedule success 22:56:11:649 1608 will be cured on next reboot 22:56:11:649 1608 UtilityBootReinit: Reboot required for cure complete.. 22:56:11:649 1608 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000 22:56:11:774 1608 UtilityBootReinit: KLMD drop success 22:56:11:774 1608 KLMD_ApplyPendList: Pending buffer(39E0_504A, 616) dropped successfully 22:56:11:774 1608 UtilityBootReinit: Cure on reboot scheduled successfully 22:56:11:774 1608 22:56:11:774 1608 Completed 22:56:11:774 1608 22:56:11:774 1608 Results: 22:56:11:774 1608 Memory objects infected / cured / cured on reboot: 2 / 2 / 0 22:56:11:774 1608 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 22:56:11:774 1608 File objects infected / cured / cured on reboot: 1 / 0 / 1 22:56:11:774 1608 22:56:11:774 1608 UnloadDriverW: NtUnloadDriver error 1 22:56:11:774 1608 KLMD_Unload: UnloadDriverW(klmd21) error 1 22:56:11:867 1608 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000 22:56:11:867 1608 UtilityDeinit: KLMD(ARK) unloaded successfully Voilou, alors docteur ?

Re, ça a refreezé en mode "normal" et voilà le rapport en mode sans echec : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-14 22:32:58 Windows 6.0.6001 Service Pack 1 Running: gmer.exe; Driver: C:\Users\Taupi\AppData\Local\Temp\ugrdqkob.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device -> \Driver\atapi \Device\Harddisk0\DR0 85B28618 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0x51 0x7F 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0xE3 0x5B 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0xFE 0xB2 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x00 0xD4 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x03 0xC5 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0xE5 0x1F 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0x51 0x7F 0x3F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0xE3 0x5B 0xCB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0xFE 0xB2 0x58 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x00 0xD4 0x6A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x03 0xC5 0xE0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0xE5 0x1F 0xB5 ... ---- Files - GMER 1.0.15 ---- File C:\Users\Taupi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\27TMBMX2\localhost.\amfphp-1.9.beta.20080120 0 bytes File C:\Users\Taupi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\27TMBMX2\localhost.\amfphp-1.9.beta.20080120\amfphp 0 bytes File C:\Users\Taupi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\27TMBMX2\localhost.\amfphp-1.9.beta.20080120\amfphp\browser 0 bytes File C:\Users\Taupi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\27TMBMX2\localhost.\amfphp-1.9.beta.20080120\amfphp\browser\servicebrowser.swf 0 bytes File C:\Users\Taupi\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#localhost.\settings.sol 80 bytes File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ---- et depuis hier soir, le pc rame dur de dur, process windows à 50% et bien sur la somme des process visible est < 10% Voilou

le soucis c'est que le pc semble freezer sans que j'ai eu le temps de lancer un scan. Faut-il que : 1) je le laisse tourner jusqu'à ce que la situation se rétablisse ? 2) je tente en mode sans echec ? et est-ce que je dois le lancer en tant qu'admin, ce n'était pas précisé ? Merci.

re, j'ai installé pour la plupart des liens les maj et la je tente un scan avec rootkit revealer, je ne sais pas si tu as d'autres idées... Voilou

re ayé le scan est fini Aucune popup d'infection à la fin du scan... Voici les 2 rapports : Rapport avec filtre : important Rapport avec filtre : all event Et qq infos supplémentaires extraites par kaspersky : System info Voilou, je vais me coucher. Bonne nuit et merci.

re, je n'arrive pas à produire de rapport, gmer me freeze le pc et pour redemarrer c'est galère galère. De quoi cela peut-il provenir ?

Bonsoir, en lancant ie pour lire tes instructions un nouveau ie s'est ouvert avec un lien commencant par "directdr" ou qq chose comme ça puis une page de pub l'a remplacé. Aucun élément infécté détécté via malwarebytes, voici le rapport : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3546 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 12/01/2010 18:14:44 mbam-log-2010-01-12 (18-14-44).txt Type de recherche: Examen complet (C:\|D:\|E:\|) Eléments examinés: 405095 Temps écoulé: 2 hour(s), 15 minute(s), 9 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Voici le rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:19:09, on 12/01/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Taupi\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\IPSBHO.DLL O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - D:\DEVELO~1\ZENDST~1.1\toolbars\ZENDIE~1.DLL O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF30130.cfxxe" /c "C:\ComboFix\C.bat" O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Zend Studio - Debug current page - res://D:\Developpement\Zend studio for eclipse - 6.1.1\toolbars\ZendIEToolbar.dll/DebugCurrent.html O8 - Extra context menu item: Zend Studio - Debug next page - res://D:\Developpement\Zend studio for eclipse - 6.1.1\toolbars\ZendIEToolbar.dll/DebugNext.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - E:\Jeux\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 4874 bytes voilou

Pour IE ou FF dans chaque parametre reseau je n'avais rien de coché indiquant un proxy, donc je n'ai rien changé. et voici le résultat des commandes que tu m'as demandé de tapper : netsh winhttp show proxy Paramètre de proxy WinHTTP actuels : Accès direct (sans serveur proxy) netsh winhttp reset proxy Paramètre de proxy WinHTTP actuels : Accès direct (sans serveur proxy) et sinon dans le rapport hijackthis il y a le process conime.exe apres qq recherche je suis arrivé ici il propose : 1. Kill the following processes in the Task Manager: bfghost.exe, editmm.exe, conime.exe 2. Unregister service.dll in Windows\system\ How? Start - Run - copy and paste: REGSVR32 /u C:\Windows\System\service.dll Press Enter and REBOOT. 3. Remove the following files bfghost.exe, editmm.exe, read it.txt. conime.exe in Windows\ regsys.vxd, service.dll in Windows\system\ qu'en pense tu ? edit : je vais me coucher, bonne nuit et merci

Pour mon pb initial je viens de tester sur firefox et en ouvrant divers liens je me suis fait rediriger sur http://searchenginekeyword.net et norton me balance toujours des alertes sur un trojan horse. Voici le log HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:07:20, on 11/01/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Taupi\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\IPSBHO.DLL O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - D:\DEVELO~1\ZENDST~1.1\toolbars\ZENDIE~1.DLL O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF30130.cfxxe" /c "C:\ComboFix\C.bat" O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Zend Studio - Debug current page - res://D:\Developpement\Zend studio for eclipse - 6.1.1\toolbars\ZendIEToolbar.dll/DebugCurrent.html O8 - Extra context menu item: Zend Studio - Debug next page - res://D:\Developpement\Zend studio for eclipse - 6.1.1\toolbars\ZendIEToolbar.dll/DebugNext.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - E:\Jeux\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 4734 bytes Voilou /prier

dsl pour les fichiers précédent, je vais editer mon post et les copier/coller dedans Voici le rapport d'ad remover : . ======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 ======= . Mit à jour par C_XX le 26.12.2009 à 20:47 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 22:17:28, 11/01/2010 | Mode Normal | Option: CLEAN Exécuté de: C:\Program Files\Ad-Remover\ Système d'exploitation: Microsoft® Windows Vista™ Ultimate Service Pack 1 v6.0.6001 Nom du PC: PC-DE-TAUPI | Utilisateur actuel: Taupi Bonnes fêtes de fin d'année à vous tous . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . (!) -- Fichiers temporaires supprimés. . . ============== Scan additionnel ============== . . * Mozilla FireFox Version 3.0.17 [fr] * . Nom du profil: 4agxo3np.default (Taupi) . (Taupi, prefs.js) Browser.download.dir, C:\Users\Taupi\Desktop (Taupi, prefs.js) Browser.download.lastDir, D:\iphone (Taupi, prefs.js) Browser.startup.homepage, www.google.fr (Taupi, prefs.js) Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1,firebug@software.joehewitt.com:1.4.5,{22832dda-1de6-4443-9ab5-d34214b03347}:2.3.1,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{8a12921a-9829-abb4-6c61-035ec2d1a91e}:4.6.6.2,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0,{3c9761ad-a43d-4447-b924-f5d83cb48063}:2.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.17 . . . * Internet Explorer Version 7.0.6001.18000 * . [HKEY_CURRENT_USER\..\Internet Explorer\Main] . Do404Search: 01000000 Local Page: C:\Windows\system32\blank.htm Show_ToolBar: yes Enable Browser Extensions: yes Start Page: hxxp://fr.msn.com/ Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 . [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main] . Start Page: hxxp://fr.msn.com/ Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: %SystemRoot%\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm . [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm . ============== Suspect (Cracks, Serials, ...) ============== . C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-patch.exe C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-patch.exe C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0-frFR-patch.exe C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-patch.exe C:\Users\Taupi\AppData\Roaming\Azureus\torrents\Anno.1701.Crack.NoCD.Patch_(www.softzone.org)_[mininova].torrent C:\Users\Taupi\AppData\Roaming\Azureus\torrents\Flash_CS4_Professional_Keygen_AMPBC.4872134.TPB[1].torrent C:\Users\Taupi\AppData\Roaming\Azureus\torrents\SPORE [PCFullGame][CrackIncl]_KaYz 2008 [mininova].torrent . =================================== . 576 Octet(s) - C:\Ad-Report-CLEAN[1].log 576 Octet(s) - C:\Ad-Report-CLEAN[2].log 3431 Octet(s) - C:\Ad-Report-CLEAN[3].log . 0 Fichier(s) - C:\Users\Taupi\AppData\Local\Temp 0 Fichier(s) - C:\Windows\Temp 6 Fichier(s) - C:\Windows\Prefetch . 23 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP 0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE . Fin à: 22:40:36 | 11/01/2010 - CLEAN[3] . ============== E.O.F ============== . est-il vraiment nécessaire de réactiver l'uac (c'est assez génant) ? Merci du temps que tu passe. Léo

Merci bcp d'avoir répondu ! Dsl pour comboFix mais j'étais un peu désespéré... je viens de lancer les 2 Lop S&D option 1 et 2. Recherche (option 1) : --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E6750 @ 2.66GHz ) BIOS : BIOS Date: 10/12/07 11:08:29 Ver: 08.00.12 USER : Taupi ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:74 Go (Free:20 Go) D:\ (Local Disk) - NTFS - Total:200 Go (Free:49 Go) E:\ (Local Disk) - NTFS - Total:97 Go (Free:40 Go) F:\ (CD or DVD) H:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 11/01/2010|20:26 ) [ UAC => 0 ] --------------------\\ Listing des dossiers dans Local [21/05/2009|13:13] C:\Users\Taupi\AppData\Local\Adobe [24/01/2009|12:59] C:\Users\Taupi\AppData\Local\Ahead [30/01/2009|23:43] C:\Users\Taupi\AppData\Local\Apple [23/12/2009|23:55] C:\Users\Taupi\AppData\Local\Apple Computer [01/01/2002|15:21] C:\Users\Taupi\AppData\Local\Application Data [12/04/2008|00:12] C:\Users\Taupi\AppData\Local\ApplicationHistory [17/06/2009|22:58] C:\Users\Taupi\AppData\Local\Apps [13/06/2008|18:37] C:\Users\Taupi\AppData\Local\Aspyr [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\asus.XRM-MS [18/07/2008|22:47] C:\Users\Taupi\AppData\Local\CAPCOM [24/01/2008|01:21] C:\Users\Taupi\AppData\Local\Codemasters [07/01/2010|22:38] C:\Users\Taupi\AppData\Local\CrashDumps [08/12/2009|21:44] C:\Users\Taupi\AppData\Local\CutePDF Writer [22/01/2008|16:11] C:\Users\Taupi\AppData\Local\d3d8caps.dat [11/10/2009|20:53] C:\Users\Taupi\AppData\Local\d3d9caps.dat [08/01/2010|13:03] C:\Users\Taupi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [18/06/2009|13:06] C:\Users\Taupi\AppData\Local\Deployment [22/01/2008|23:24] C:\Users\Taupi\AppData\Local\fusioncache.dat [22/01/2008|23:26] C:\Users\Taupi\AppData\Local\GameSpy [03/08/2009|17:43] C:\Users\Taupi\AppData\Local\GDIPFONTCACHEV1.DAT [01/01/2002|15:21] C:\Users\Taupi\AppData\Local\Historique [11/01/2010|00:30] C:\Users\Taupi\AppData\Local\IconCache.db [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\mbr_inst.exe [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\mbr_rest.exe [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\menu.lst [07/09/2009|00:10] C:\Users\Taupi\AppData\Local\Microsoft [15/12/2008|20:52] C:\Users\Taupi\AppData\Local\Microsoft Games [06/02/2008|00:24] C:\Users\Taupi\AppData\Local\Microsoft Help [07/02/2008|17:04] C:\Users\Taupi\AppData\Local\Mozilla [01/01/2010|21:17] C:\Users\Taupi\AppData\Local\myPod_Apps [02/01/2010|23:21] C:\Users\Taupi\AppData\Local\Nero [31/12/2009|12:01] C:\Users\Taupi\AppData\Local\Paint.NET [03/01/2010|22:12] C:\Users\Taupi\AppData\Local\PUTTY.RND [15/12/2009|22:27] C:\Users\Taupi\AppData\Local\QuickPar [11/01/2010|20:23] C:\Users\Taupi\AppData\Local\temp [01/01/2002|15:21] C:\Users\Taupi\AppData\Local\Temporary Internet Files [03/01/2010|20:48] C:\Users\Taupi\AppData\Local\Threat Expert [22/01/2008|23:26] C:\Users\Taupi\AppData\Local\VirtualStore [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\vstaldr [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\vstaldr.img --------------------\\ Tâches planifiées dans C:\Windows\tasks [10/01/2010 18:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{55DD494C-4445-40E1-A402-F3F6C652095F}.job [11/01/2010 20:02][--ah-----] C:\Windows\tasks\SA.DAT [11/01/2010 00:30][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Listing des dossiers dans C:\ProgramData [29/11/2009|18:36] C:\ProgramData\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222} [21/12/2009|20:07] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} [29/11/2009|18:38] C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573} [29/11/2009|18:35] C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} [24/10/2009|19:06] C:\ProgramData\2DBoy [30/07/2009|19:03] C:\ProgramData\Adobe [14/08/2008|07:14] C:\ProgramData\adobetmp00048867 [14/08/2008|07:14] C:\ProgramData\adobetmp00058867 [21/12/2009|20:11] C:\ProgramData\Apple [21/12/2009|20:05] C:\ProgramData\Apple Computer [02/11/2006|14:00] C:\ProgramData\Application Data [16/03/2008|10:30] C:\ProgramData\Azureus [15/11/2009|14:04] C:\ProgramData\BioWare [28/08/2009|12:45] C:\ProgramData\Blizzard [31/08/2009|18:46] C:\ProgramData\Blizzard Entertainment [01/01/2002|15:19] C:\ProgramData\Bureau [16/01/2009|21:50] C:\ProgramData\CyberLink [05/04/2009|12:42] C:\ProgramData\DAEMON Tools Lite [11/05/2009|17:49] C:\ProgramData\DAEMON Tools Pro [02/11/2006|14:00] C:\ProgramData\Desktop [02/11/2006|14:00] C:\ProgramData\Documents [08/11/2009|11:05] C:\ProgramData\DVD Shrink [15/02/2008|23:59] C:\ProgramData\eMule [01/01/2002|15:19] C:\ProgramData\Favoris [02/11/2006|14:00] C:\ProgramData\Favorites [25/04/2009|12:21] C:\ProgramData\FLEXnet [02/08/2009|22:44] C:\ProgramData\LauncherAccess.dt [13/05/2008|19:19] C:\ProgramData\Logishrd [08/02/2008|02:08] C:\ProgramData\Logitech [07/01/2010|20:06] C:\ProgramData\Malwarebytes [15/11/2009|13:41] C:\ProgramData\Media Center Programs [01/01/2002|15:19] C:\ProgramData\Menu D‚marrer [18/06/2009|13:10] C:\ProgramData\Microsoft [18/06/2009|13:10] C:\ProgramData\Microsoft Help [01/01/2002|15:19] C:\ProgramData\ModŠles [29/11/2009|18:36] C:\ProgramData\Native Instruments [24/01/2009|12:44] C:\ProgramData\Nero [04/01/2010|21:30] C:\ProgramData\Norton [04/01/2010|21:29] C:\ProgramData\NortonInstaller [11/01/2010|20:03] C:\ProgramData\NVIDIA [11/01/2010|20:03] C:\ProgramData\nvModes.001 [11/01/2010|20:03] C:\ProgramData\nvModes.dat [26/05/2008|18:15] C:\ProgramData\Office Genuine Advantage [16/01/2009|21:37] C:\ProgramData\SlySoft [02/11/2006|14:00] C:\ProgramData\Start Menu [22/03/2009|10:08] C:\ProgramData\Studio-Scrap2 [02/07/2009|12:01] C:\ProgramData\Tages [03/01/2010|22:44] C:\ProgramData\TEMP [02/11/2006|14:00] C:\ProgramData\Templates [29/02/2008|19:01] C:\ProgramData\Ubisoft [23/01/2008|04:49] C:\ProgramData\WLInstaller --------------------\\ Listing des dossiers dans C:\Program Files [24/06/2008|19:16] C:\Program Files\Acro Software [21/05/2009|13:19] C:\Program Files\Adobe [08/07/2009|20:12] C:\Program Files\adslTV [18/12/2009|15:31] C:\Program Files\AGEIA Technologies [01/01/2010|23:57] C:\Program Files\Alwil Software [24/01/2009|12:39] C:\Program Files\Apache Software Foundation [12/06/2009|18:40] C:\Program Files\Apple Software Update [24/05/2009|10:11] C:\Program Files\ArcSoft [29/11/2009|18:58] C:\Program Files\ASIO4ALL v2 [22/01/2008|16:08] C:\Program Files\ASUS [09/03/2008|13:32] C:\Program Files\Audio Phonics, Inc [06/12/2009|23:11] C:\Program Files\Azureus [21/12/2009|20:05] C:\Program Files\Bonjour [30/03/2009|21:46] C:\Program Files\CCleaner [10/01/2010|22:18] C:\Program Files\Common Files [28/08/2008|20:33] C:\Program Files\Core Services [16/01/2009|22:10] C:\Program Files\CyberLink [11/05/2009|17:50] C:\Program Files\DAEMON Tools Pro [07/12/2009|20:54] C:\Program Files\DivX [27/09/2009|10:28] C:\Program Files\DVD Shrink [10/09/2009|12:26] C:\Program Files\EasyPHP3.1 [16/02/2008|00:01] C:\Program Files\eMule [01/01/2002|15:19] C:\Program Files\Fichiers communs [C:\Program Files\Common Files] [28/01/2008|10:38] C:\Program Files\FileZilla FTP Client [08/11/2009|11:10] C:\Program Files\Freeplayer [20/02/2008|20:37] C:\Program Files\Gabest [22/01/2008|20:53] C:\Program Files\GameSpy [24/06/2008|19:17] C:\Program Files\GPLGS [09/12/2008|22:45] C:\Program Files\GrabIt [04/02/2008|18:14] C:\Program Files\Guitar Pro 5 [24/06/2009|19:11] C:\Program Files\Hamachi [17/11/2009|20:37] C:\Program Files\Inkscape [21/12/2009|23:42] C:\Program Files\InstallShield Installation Information [22/01/2008|15:49] C:\Program Files\Intel [07/05/2008|18:35] C:\Program Files\Internet Explorer [03/01/2010|22:22] C:\Program Files\iPhone Explorer [03/01/2010|22:34] C:\Program Files\iPhoneBrowser [21/12/2009|20:05] C:\Program Files\iPod [21/12/2009|20:07] C:\Program Files\iTunes [27/07/2009|18:40] C:\Program Files\IZArc [15/12/2008|20:46] C:\Program Files\Java [13/05/2008|19:14] C:\Program Files\Logitech [10/01/2010|22:05] C:\Program Files\Malwarebytes' Anti-Malware [22/01/2008|16:04] C:\Program Files\Marvell [06/11/2009|18:58] C:\Program Files\Microsoft [12/04/2008|00:22] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [02/11/2006|13:35] C:\Program Files\Microsoft Games [28/01/2008|10:30] C:\Program Files\Microsoft Office [06/11/2009|18:59] C:\Program Files\Microsoft Office Outlook Connector [10/03/2008|21:30] C:\Program Files\Microsoft Reader [16/06/2009|17:51] C:\Program Files\Microsoft SDKs [07/11/2009|01:22] C:\Program Files\Microsoft Silverlight [16/06/2009|18:01] C:\Program Files\Microsoft SQL Server [16/06/2009|17:54] C:\Program Files\Microsoft SQL Server Compact Edition [16/06/2009|17:54] C:\Program Files\Microsoft Synchronization Services [28/01/2008|10:30] C:\Program Files\Microsoft Visual Studio [28/01/2008|10:26] C:\Program Files\Microsoft Visual Studio 8 [18/06/2009|13:08] C:\Program Files\Microsoft Web Designer Tools [28/01/2008|10:31] C:\Program Files\Microsoft Works [16/06/2009|17:59] C:\Program Files\Microsoft.NET [21/04/2008|18:56] C:\Program Files\Movie Maker [11/01/2010|20:16] C:\Program Files\Mozilla Firefox [28/01/2008|10:30] C:\Program Files\MSBuild [26/05/2008|18:24] C:\Program Files\MSECache [06/11/2009|19:13] C:\Program Files\MSR MapCruncher for Virtual Earth [12/04/2008|00:09] C:\Program Files\MSXML 4.0 [29/11/2009|18:36] C:\Program Files\Native Instruments [24/01/2009|12:44] C:\Program Files\Nero [04/01/2010|21:29] C:\Program Files\Norton AntiVirus [04/01/2010|21:29] C:\Program Files\NortonInstaller [06/08/2009|18:44] C:\Program Files\Notepad++ [18/12/2009|15:32] C:\Program Files\NVIDIA Corporation [18/02/2008|15:34] C:\Program Files\OpenAL [03/07/2008|20:36] C:\Program Files\Paint.NET [14/04/2009|18:40] C:\Program Files\PiFreePC [30/01/2008|03:46] C:\Program Files\QuickPar [21/12/2009|20:04] C:\Program Files\QuickTime [07/05/2008|18:35] C:\Program Files\Real [22/01/2008|15:57] C:\Program Files\Realtek [02/11/2006|13:35] C:\Program Files\Reference Assemblies [21/12/2009|19:46] C:\Program Files\Samsung [31/12/2009|20:22] C:\Program Files\Sim AQUARIUM 2 [04/01/2010|21:30] C:\Program Files\Symantec [01/09/2009|21:59] C:\Program Files\Teamspeak2_RC2 [02/08/2009|23:06] C:\Program Files\Total Video Converter [10/01/2010|21:53] C:\Program Files\trend micro [02/11/2006|14:00] C:\Program Files\Uninstall Information [31/08/2009|18:36] C:\Program Files\Vector Magic [22/01/2008|19:27] C:\Program Files\VideoLAN [02/01/2010|20:27] C:\Program Files\VirtualDJ [22/01/2008|21:44] C:\Program Files\VistaCodecPack [21/04/2008|18:56] C:\Program Files\Windows Calendar [21/04/2008|18:56] C:\Program Files\Windows Collaboration [21/04/2008|18:56] C:\Program Files\Windows Defender [21/04/2008|18:56] C:\Program Files\Windows Journal [06/11/2009|18:57] C:\Program Files\Windows Live [06/11/2009|18:57] C:\Program Files\Windows Live SkyDrive [21/04/2008|18:56] C:\Program Files\Windows Mail [21/04/2008|18:56] C:\Program Files\Windows Media Player [01/01/2002|15:19] C:\Program Files\Windows NT [21/04/2008|18:56] C:\Program Files\Windows Photo Gallery [21/04/2008|18:56] C:\Program Files\Windows Sidebar [25/01/2009|09:48] C:\Program Files\WinRAR [03/01/2010|21:32] C:\Program Files\WinSCP [02/09/2009|00:19] C:\Program Files\WowCartographe [02/08/2009|22:24] C:\Program Files\Xi [24/01/2009|18:45] C:\Program Files\Zero G Registry --------------------\\ Listing des dossiers dans C:\Program Files\Common Files [21/05/2009|13:19] C:\Program Files\Common Files\Adobe [29/10/2008|18:06] C:\Program Files\Common Files\Adobe AIR [21/12/2009|20:05] C:\Program Files\Common Files\Apple [15/11/2009|13:41] C:\Program Files\Common Files\BioWare [22/01/2008|23:22] C:\Program Files\Common Files\Blizzard Entertainment [28/01/2008|10:30] C:\Program Files\Common Files\DESIGNER [29/11/2009|18:36] C:\Program Files\Common Files\Digidesign [07/12/2009|20:54] C:\Program Files\Common Files\DivX Shared [22/01/2008|16:07] C:\Program Files\Common Files\InstallShield [05/03/2008|18:39] C:\Program Files\Common Files\Java [10/03/2008|21:32] C:\Program Files\Common Files\L&H [13/05/2008|19:15] C:\Program Files\Common Files\LogiShrd [21/05/2009|13:13] C:\Program Files\Common Files\Macrovision Shared [06/11/2009|18:58] C:\Program Files\Common Files\microsoft shared [29/11/2009|18:36] C:\Program Files\Common Files\Native Instruments [24/01/2009|12:57] C:\Program Files\Common Files\Nero [07/05/2008|18:36] C:\Program Files\Common Files\Real [02/11/2006|12:18] C:\Program Files\Common Files\Services [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines [04/01/2010|21:34] C:\Program Files\Common Files\Symantec Shared [26/05/2008|18:25] C:\Program Files\Common Files\System [17/03/2009|18:56] C:\Program Files\Common Files\Windows Live [23/01/2008|04:53] C:\Program Files\Common Files\WindowsLiveInstaller [18/12/2009|15:31] C:\Program Files\Common Files\Wise Installation Wizard [07/05/2008|18:36] C:\Program Files\Common Files\xing shared --------------------\\ Process ( 54 Processes ) iexplore.exe ~ [PID:3216] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\Users\Taupi\AppData\Roaming\MICROS~1\Windows\Cookies\taupi@advertising[1].txt C:\Users\Taupi\AppData\Roaming\MICROS~1\Windows\Cookies\taupi@advertising[2].txt --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-11 20:26:47 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\Users\Taupi\AppData\Roaming\Azureus\torrents\Anno.1701.Crack.NoCD.Patch_(www.softzone.org)_[mininova].torrent C:\Users\Taupi\AppData\Roaming\Azureus\torrents\Flash_CS4_Professional_Keygen_AMPBC.4872134.TPB[1].torrent C:\Users\Taupi\AppData\Roaming\Azureus\torrents\SPORE [PCFullGame][CrackIncl]_KaYz 2008 [mininova].torrent [F:6][D:3]-> C:\Users\Taupi\AppData\Local\Temp [F:139][D:1]-> C:\Users\Taupi\AppData\Roaming\MICROS~1\Windows\Cookies [F:3138][D:4]-> C:\Users\Taupi\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:1][D:1]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 11/01/2010|20:28 - Option : [1] --------------------\\ Fin du rapport a 20:28:51 [ UAC => 1 ] Suppression (option 2) : --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E6750 @ 2.66GHz ) BIOS : BIOS Date: 10/12/07 11:08:29 Ver: 08.00.12 USER : Taupi ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:74 Go (Free:20 Go) D:\ (Local Disk) - NTFS - Total:200 Go (Free:49 Go) E:\ (Local Disk) - NTFS - Total:97 Go (Free:40 Go) F:\ (CD or DVD) H:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 11/01/2010|20:45 ) [ UAC => 1 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\Users\Taupi\AppData\Roaming\MICROS~1\Windows\Cookies\taupi@advertising[1].txt Supprime! - C:\Users\Taupi\AppData\Roaming\MICROS~1\Windows\Cookies\taupi@advertising[2].txt - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans Local [21/05/2009|13:13] C:\Users\Taupi\AppData\Local\Adobe [24/01/2009|12:59] C:\Users\Taupi\AppData\Local\Ahead [30/01/2009|23:43] C:\Users\Taupi\AppData\Local\Apple [23/12/2009|23:55] C:\Users\Taupi\AppData\Local\Apple Computer [01/01/2002|15:21] C:\Users\Taupi\AppData\Local\Application Data [12/04/2008|00:12] C:\Users\Taupi\AppData\Local\ApplicationHistory [17/06/2009|22:58] C:\Users\Taupi\AppData\Local\Apps [13/06/2008|18:37] C:\Users\Taupi\AppData\Local\Aspyr [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\asus.XRM-MS [18/07/2008|22:47] C:\Users\Taupi\AppData\Local\CAPCOM [24/01/2008|01:21] C:\Users\Taupi\AppData\Local\Codemasters [07/01/2010|22:38] C:\Users\Taupi\AppData\Local\CrashDumps [08/12/2009|21:44] C:\Users\Taupi\AppData\Local\CutePDF Writer [22/01/2008|16:11] C:\Users\Taupi\AppData\Local\d3d8caps.dat [11/10/2009|20:53] C:\Users\Taupi\AppData\Local\d3d9caps.dat [08/01/2010|13:03] C:\Users\Taupi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [18/06/2009|13:06] C:\Users\Taupi\AppData\Local\Deployment [22/01/2008|23:24] C:\Users\Taupi\AppData\Local\fusioncache.dat [22/01/2008|23:26] C:\Users\Taupi\AppData\Local\GameSpy [03/08/2009|17:43] C:\Users\Taupi\AppData\Local\GDIPFONTCACHEV1.DAT [01/01/2002|15:21] C:\Users\Taupi\AppData\Local\Historique [11/01/2010|00:30] C:\Users\Taupi\AppData\Local\IconCache.db [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\mbr_inst.exe [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\mbr_rest.exe [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\menu.lst [07/09/2009|00:10] C:\Users\Taupi\AppData\Local\Microsoft [15/12/2008|20:52] C:\Users\Taupi\AppData\Local\Microsoft Games [06/02/2008|00:24] C:\Users\Taupi\AppData\Local\Microsoft Help [07/02/2008|17:04] C:\Users\Taupi\AppData\Local\Mozilla [01/01/2010|21:17] C:\Users\Taupi\AppData\Local\myPod_Apps [02/01/2010|23:21] C:\Users\Taupi\AppData\Local\Nero [31/12/2009|12:01] C:\Users\Taupi\AppData\Local\Paint.NET [03/01/2010|22:12] C:\Users\Taupi\AppData\Local\PUTTY.RND [15/12/2009|22:27] C:\Users\Taupi\AppData\Local\QuickPar [11/01/2010|20:45] C:\Users\Taupi\AppData\Local\temp [01/01/2002|15:21] C:\Users\Taupi\AppData\Local\Temporary Internet Files [03/01/2010|20:48] C:\Users\Taupi\AppData\Local\Threat Expert [22/01/2008|23:26] C:\Users\Taupi\AppData\Local\VirtualStore [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\vstaldr [07/05/2008|19:16] C:\Users\Taupi\AppData\Local\vstaldr.img --------------------\\ Tâches planifiées dans C:\Windows\tasks [10/01/2010 18:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{55DD494C-4445-40E1-A402-F3F6C652095F}.job [11/01/2010 20:02][--ah-----] C:\Windows\tasks\SA.DAT [11/01/2010 00:30][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Listing des dossiers dans C:\ProgramData [29/11/2009|18:36] C:\ProgramData\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222} [21/12/2009|20:07] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} [29/11/2009|18:38] C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573} [29/11/2009|18:35] C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} [24/10/2009|19:06] C:\ProgramData\2DBoy [30/07/2009|19:03] C:\ProgramData\Adobe [14/08/2008|07:14] C:\ProgramData\adobetmp00048867 [14/08/2008|07:14] C:\ProgramData\adobetmp00058867 [21/12/2009|20:11] C:\ProgramData\Apple [21/12/2009|20:05] C:\ProgramData\Apple Computer [02/11/2006|14:00] C:\ProgramData\Application Data [16/03/2008|10:30] C:\ProgramData\Azureus [15/11/2009|14:04] C:\ProgramData\BioWare [28/08/2009|12:45] C:\ProgramData\Blizzard [31/08/2009|18:46] C:\ProgramData\Blizzard Entertainment [01/01/2002|15:19] C:\ProgramData\Bureau [16/01/2009|21:50] C:\ProgramData\CyberLink [05/04/2009|12:42] C:\ProgramData\DAEMON Tools Lite [11/05/2009|17:49] C:\ProgramData\DAEMON Tools Pro [02/11/2006|14:00] C:\ProgramData\Desktop [02/11/2006|14:00] C:\ProgramData\Documents [08/11/2009|11:05] C:\ProgramData\DVD Shrink [15/02/2008|23:59] C:\ProgramData\eMule [01/01/2002|15:19] C:\ProgramData\Favoris [02/11/2006|14:00] C:\ProgramData\Favorites [25/04/2009|12:21] C:\ProgramData\FLEXnet [02/08/2009|22:44] C:\ProgramData\LauncherAccess.dt [13/05/2008|19:19] C:\ProgramData\Logishrd [08/02/2008|02:08] C:\ProgramData\Logitech [07/01/2010|20:06] C:\ProgramData\Malwarebytes [15/11/2009|13:41] C:\ProgramData\Media Center Programs [01/01/2002|15:19] C:\ProgramData\Menu D‚marrer [18/06/2009|13:10] C:\ProgramData\Microsoft [18/06/2009|13:10] C:\ProgramData\Microsoft Help [01/01/2002|15:19] C:\ProgramData\ModŠles [29/11/2009|18:36] C:\ProgramData\Native Instruments [24/01/2009|12:44] C:\ProgramData\Nero [04/01/2010|21:30] C:\ProgramData\Norton [04/01/2010|21:29] C:\ProgramData\NortonInstaller [11/01/2010|20:03] C:\ProgramData\NVIDIA [11/01/2010|20:03] C:\ProgramData\nvModes.001 [11/01/2010|20:03] C:\ProgramData\nvModes.dat [26/05/2008|18:15] C:\ProgramData\Office Genuine Advantage [16/01/2009|21:37] C:\ProgramData\SlySoft [02/11/2006|14:00] C:\ProgramData\Start Menu [22/03/2009|10:08] C:\ProgramData\Studio-Scrap2 [02/07/2009|12:01] C:\ProgramData\Tages [03/01/2010|22:44] C:\ProgramData\TEMP [02/11/2006|14:00] C:\ProgramData\Templates [29/02/2008|19:01] C:\ProgramData\Ubisoft [23/01/2008|04:49] C:\ProgramData\WLInstaller --------------------\\ Listing des dossiers dans C:\Program Files [24/06/2008|19:16] C:\Program Files\Acro Software [21/05/2009|13:19] C:\Program Files\Adobe [08/07/2009|20:12] C:\Program Files\adslTV [18/12/2009|15:31] C:\Program Files\AGEIA Technologies [01/01/2010|23:57] C:\Program Files\Alwil Software [24/01/2009|12:39] C:\Program Files\Apache Software Foundation [12/06/2009|18:40] C:\Program Files\Apple Software Update [24/05/2009|10:11] C:\Program Files\ArcSoft [29/11/2009|18:58] C:\Program Files\ASIO4ALL v2 [22/01/2008|16:08] C:\Program Files\ASUS [09/03/2008|13:32] C:\Program Files\Audio Phonics, Inc [06/12/2009|23:11] C:\Program Files\Azureus [21/12/2009|20:05] C:\Program Files\Bonjour [30/03/2009|21:46] C:\Program Files\CCleaner [10/01/2010|22:18] C:\Program Files\Common Files [28/08/2008|20:33] C:\Program Files\Core Services [16/01/2009|22:10] C:\Program Files\CyberLink [11/05/2009|17:50] C:\Program Files\DAEMON Tools Pro [07/12/2009|20:54] C:\Program Files\DivX [27/09/2009|10:28] C:\Program Files\DVD Shrink [10/09/2009|12:26] C:\Program Files\EasyPHP3.1 [16/02/2008|00:01] C:\Program Files\eMule [01/01/2002|15:19] C:\Program Files\Fichiers communs [C:\Program Files\Common Files] [28/01/2008|10:38] C:\Program Files\FileZilla FTP Client [08/11/2009|11:10] C:\Program Files\Freeplayer [20/02/2008|20:37] C:\Program Files\Gabest [22/01/2008|20:53] C:\Program Files\GameSpy [24/06/2008|19:17] C:\Program Files\GPLGS [09/12/2008|22:45] C:\Program Files\GrabIt [04/02/2008|18:14] C:\Program Files\Guitar Pro 5 [24/06/2009|19:11] C:\Program Files\Hamachi [17/11/2009|20:37] C:\Program Files\Inkscape [21/12/2009|23:42] C:\Program Files\InstallShield Installation Information [22/01/2008|15:49] C:\Program Files\Intel [07/05/2008|18:35] C:\Program Files\Internet Explorer [03/01/2010|22:22] C:\Program Files\iPhone Explorer [03/01/2010|22:34] C:\Program Files\iPhoneBrowser [21/12/2009|20:05] C:\Program Files\iPod [21/12/2009|20:07] C:\Program Files\iTunes [27/07/2009|18:40] C:\Program Files\IZArc [15/12/2008|20:46] C:\Program Files\Java [13/05/2008|19:14] C:\Program Files\Logitech [10/01/2010|22:05] C:\Program Files\Malwarebytes' Anti-Malware [22/01/2008|16:04] C:\Program Files\Marvell [06/11/2009|18:58] C:\Program Files\Microsoft [12/04/2008|00:22] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [02/11/2006|13:35] C:\Program Files\Microsoft Games [28/01/2008|10:30] C:\Program Files\Microsoft Office [06/11/2009|18:59] C:\Program Files\Microsoft Office Outlook Connector [10/03/2008|21:30] C:\Program Files\Microsoft Reader [16/06/2009|17:51] C:\Program Files\Microsoft SDKs [07/11/2009|01:22] C:\Program Files\Microsoft Silverlight [16/06/2009|18:01] C:\Program Files\Microsoft SQL Server [16/06/2009|17:54] C:\Program Files\Microsoft SQL Server Compact Edition [16/06/2009|17:54] C:\Program Files\Microsoft Synchronization Services [28/01/2008|10:30] C:\Program Files\Microsoft Visual Studio [28/01/2008|10:26] C:\Program Files\Microsoft Visual Studio 8 [18/06/2009|13:08] C:\Program Files\Microsoft Web Designer Tools [28/01/2008|10:31] C:\Program Files\Microsoft Works [16/06/2009|17:59] C:\Program Files\Microsoft.NET [21/04/2008|18:56] C:\Program Files\Movie Maker [11/01/2010|20:16] C:\Program Files\Mozilla Firefox [28/01/2008|10:30] C:\Program Files\MSBuild [26/05/2008|18:24] C:\Program Files\MSECache [06/11/2009|19:13] C:\Program Files\MSR MapCruncher for Virtual Earth [12/04/2008|00:09] C:\Program Files\MSXML 4.0 [29/11/2009|18:36] C:\Program Files\Native Instruments [24/01/2009|12:44] C:\Program Files\Nero [04/01/2010|21:29] C:\Program Files\Norton AntiVirus [04/01/2010|21:29] C:\Program Files\NortonInstaller [06/08/2009|18:44] C:\Program Files\Notepad++ [18/12/2009|15:32] C:\Program Files\NVIDIA Corporation [18/02/2008|15:34] C:\Program Files\OpenAL [03/07/2008|20:36] C:\Program Files\Paint.NET [14/04/2009|18:40] C:\Program Files\PiFreePC [30/01/2008|03:46] C:\Program Files\QuickPar [21/12/2009|20:04] C:\Program Files\QuickTime [07/05/2008|18:35] C:\Program Files\Real [22/01/2008|15:57] C:\Program Files\Realtek [02/11/2006|13:35] C:\Program Files\Reference Assemblies [21/12/2009|19:46] C:\Program Files\Samsung [31/12/2009|20:22] C:\Program Files\Sim AQUARIUM 2 [04/01/2010|21:30] C:\Program Files\Symantec [01/09/2009|21:59] C:\Program Files\Teamspeak2_RC2 [02/08/2009|23:06] C:\Program Files\Total Video Converter [10/01/2010|21:53] C:\Program Files\trend micro [02/11/2006|14:00] C:\Program Files\Uninstall Information [31/08/2009|18:36] C:\Program Files\Vector Magic [22/01/2008|19:27] C:\Program Files\VideoLAN [02/01/2010|20:27] C:\Program Files\VirtualDJ [22/01/2008|21:44] C:\Program Files\VistaCodecPack [21/04/2008|18:56] C:\Program Files\Windows Calendar [21/04/2008|18:56] C:\Program Files\Windows Collaboration [21/04/2008|18:56] C:\Program Files\Windows Defender [21/04/2008|18:56] C:\Program Files\Windows Journal [06/11/2009|18:57] C:\Program Files\Windows Live [06/11/2009|18:57] C:\Program Files\Windows Live SkyDrive [21/04/2008|18:56] C:\Program Files\Windows Mail [21/04/2008|18:56] C:\Program Files\Windows Media Player [01/01/2002|15:19] C:\Program Files\Windows NT [21/04/2008|18:56] C:\Program Files\Windows Photo Gallery [21/04/2008|18:56] C:\Program Files\Windows Sidebar [25/01/2009|09:48] C:\Program Files\WinRAR [03/01/2010|21:32] C:\Program Files\WinSCP [02/09/2009|00:19] C:\Program Files\WowCartographe [02/08/2009|22:24] C:\Program Files\Xi [24/01/2009|18:45] C:\Program Files\Zero G Registry --------------------\\ Listing des dossiers dans C:\Program Files\Common Files [21/05/2009|13:19] C:\Program Files\Common Files\Adobe [29/10/2008|18:06] C:\Program Files\Common Files\Adobe AIR [21/12/2009|20:05] C:\Program Files\Common Files\Apple [15/11/2009|13:41] C:\Program Files\Common Files\BioWare [22/01/2008|23:22] C:\Program Files\Common Files\Blizzard Entertainment [28/01/2008|10:30] C:\Program Files\Common Files\DESIGNER [29/11/2009|18:36] C:\Program Files\Common Files\Digidesign [07/12/2009|20:54] C:\Program Files\Common Files\DivX Shared [22/01/2008|16:07] C:\Program Files\Common Files\InstallShield [05/03/2008|18:39] C:\Program Files\Common Files\Java [10/03/2008|21:32] C:\Program Files\Common Files\L&H [13/05/2008|19:15] C:\Program Files\Common Files\LogiShrd [21/05/2009|13:13] C:\Program Files\Common Files\Macrovision Shared [06/11/2009|18:58] C:\Program Files\Common Files\microsoft shared [29/11/2009|18:36] C:\Program Files\Common Files\Native Instruments [24/01/2009|12:57] C:\Program Files\Common Files\Nero [07/05/2008|18:36] C:\Program Files\Common Files\Real [02/11/2006|12:18] C:\Program Files\Common Files\Services [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines [04/01/2010|21:34] C:\Program Files\Common Files\Symantec Shared [26/05/2008|18:25] C:\Program Files\Common Files\System [17/03/2009|18:56] C:\Program Files\Common Files\Windows Live [23/01/2008|04:53] C:\Program Files\Common Files\WindowsLiveInstaller [18/12/2009|15:31] C:\Program Files\Common Files\Wise Installation Wizard [07/05/2008|18:36] C:\Program Files\Common Files\xing shared --------------------\\ Process ( 53 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-11 20:46:07 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\Users\Taupi\AppData\Roaming\Azureus\torrents\Anno.1701.Crack.NoCD.Patch_(www.softzone.org)_[mininova].torrent C:\Users\Taupi\AppData\Roaming\Azureus\torrents\Flash_CS4_Professional_Keygen_AMPBC.4872134.TPB[1].torrent C:\Users\Taupi\AppData\Roaming\Azureus\torrents\SPORE [PCFullGame][CrackIncl]_KaYz 2008 [mininova].torrent [F:6][D:3]-> C:\Users\Taupi\AppData\Local\Temp [F:137][D:1]-> C:\Users\Taupi\AppData\Roaming\MICROS~1\Windows\Cookies [F:3138][D:4]-> C:\Users\Taupi\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:1][D:1]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 11/01/2010|20:28 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 11/01/2010|20:47 - Option : [2] --------------------\\ Fin du rapport a 20:47:52 [ UAC => 1 ] sinon Norton m'a lancé 1 avertissement sur "c:\windows\temp\sebt.tmp\svchost.exe" (Trojan horse) je ne sais pas si ça peut t'aider... En tout cas, merci pour ton aide Léo

Quelqu'un peu t'il jeter un oeil ? Vous avez besoin de plus d'infos ? /Help plz

Bonjour, depuis un mois je galère avec mes navigateurs web :/ Aleatoirement j'ai des onglets qui se rajoute sur ie ou ff avec des redirections diverses et variées. Le plus énervant c'est l'option ouvrir dans une nouvelle fenetre apres une recherche google qui aboutit sur un autre moteur de recherche. Bref, en faisant précédent sur ces onglets je me suis aperçu qu'il était écrit main.exoclick, apres une recherche sur google j'ai essayé plusieurs logiciels pour supprimer cette infection : tout dabord des antivirus (antivir + norton) et ensuite Malwarebytes, ToolsCleaner2.exe, CCleaner, RSIT.exe et en dernier ComboFix.exe en suivant ce guide http://www.bleepingcomputer.com/combofix/f...iliser-combofix En dernier point il est conseillé de faire analyser le rapport combofix par des personnes compétente. Je viens donc vous demandez de l'aide Voici le rapport : ComboFix 10-01-04.01 - Taupi 10/01/2010 22:10:38.1.2 - x86 Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.33.1036.18.3325.2481 [GMT 1:00] Lancé depuis: c:\users\Taupi\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500 c:\recycler\S-1-5-21-1992295654-7770382617-030604722-3346 c:\recycler\S-1-5-21-9856226773-3089382700-393753375-9063 c:\recycler\S-1-5-21-9965875395-8967474835-209042649-5249 c:\users\Taupi\AppData\Roaming\SystemProc . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-10 au 2010-01-10 )))))))))))))))))))))))))))))))))))) . 2010-01-10 20:53 . 2010-01-10 20:53 -------- d-----w- c:\program files\trend micro 2010-01-10 20:53 . 2010-01-10 20:53 -------- d-----w- C:\rsit 2010-01-10 17:36 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSXpx86.sys 2010-01-10 17:36 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\Scxpx86.dll 2010-01-10 17:36 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSvix86.sys 2010-01-10 17:36 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSxpx86.dll 2010-01-10 17:36 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSviA64.sys 2010-01-10 17:35 . 2009-08-29 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100109.006\NAVEX32A.DLL 2010-01-10 17:35 . 2009-08-29 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100109.006\NAVENG.SYS 2010-01-10 17:35 . 2009-08-29 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100109.006\NAVENG32.DLL 2010-01-10 17:35 . 2009-08-29 09:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100109.006\NAVEX15.SYS 2010-01-10 17:35 . 2009-08-29 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100109.006\ERASER.SYS 2010-01-10 17:35 . 2010-01-04 20:32 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100109.006\CCERASER.DLL 2010-01-10 17:35 . 2010-01-04 20:32 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100109.006\ECMSVR32.DLL 2010-01-10 17:35 . 2009-08-29 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100109.006\EECTRL.SYS 2010-01-07 21:38 . 2010-01-07 21:38 -------- d-----w- c:\users\Taupi\AppData\Local\CrashDumps 2010-01-07 19:06 . 2010-01-07 19:06 -------- d-----w- c:\users\Taupi\AppData\Roaming\Malwarebytes 2010-01-07 19:06 . 2010-01-10 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-07 19:06 . 2010-01-07 19:06 -------- d-----w- c:\programdata\Malwarebytes 2010-01-07 18:48 . 2009-08-29 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100107.006\NAVEX32A.DLL 2010-01-07 18:48 . 2009-08-29 09:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100107.006\NAVEX15.SYS 2010-01-07 18:48 . 2010-01-04 20:32 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100107.006\CCERASER.DLL 2010-01-07 18:48 . 2010-01-04 20:32 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100107.006\ECMSVR32.DLL 2010-01-07 18:48 . 2009-08-29 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100107.006\NAVENG.SYS 2010-01-07 18:48 . 2009-08-29 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100107.006\EECTRL.SYS 2010-01-07 18:48 . 2009-08-29 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100107.006\NAVENG32.DLL 2010-01-07 18:48 . 2009-08-29 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100107.006\ERASER.SYS 2010-01-05 11:27 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091230.004\IDSvix86.sys 2010-01-05 11:27 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091230.004\IDSXpx86.sys 2010-01-05 11:27 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091230.004\Scxpx86.dll 2010-01-05 11:27 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091230.004\IDSxpx86.dll 2010-01-05 11:27 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091230.004\IDSviA64.sys 2010-01-04 20:30 . 2010-01-04 20:34 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-01-04 20:30 . 2010-01-04 20:30 -------- d-----w- c:\program files\Symantec 2010-01-04 20:30 . 2010-01-04 20:30 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-01-04 20:30 . 2009-08-30 00:16 164216 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll 2010-01-04 20:30 . 2009-08-26 22:13 900464 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\OCS\hsplayer.dll 2010-01-04 20:30 . 2009-09-01 09:02 893296 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\CLT\cltLMSx.dll 2010-01-04 20:29 . 2010-01-05 18:10 -------- d-----w- c:\windows\system32\drivers\NAV 2010-01-04 20:29 . 2010-01-04 20:29 -------- d-----w- c:\program files\Norton AntiVirus 2010-01-04 20:29 . 2010-01-04 20:30 -------- d-----w- c:\programdata\Norton 2010-01-04 20:29 . 2010-01-04 20:29 -------- d-----w- c:\programdata\NortonInstaller 2010-01-04 20:29 . 2010-01-04 20:29 -------- d-----w- c:\program files\NortonInstaller 2010-01-03 22:15 . 2010-01-03 22:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-03 21:34 . 2010-01-03 21:34 -------- d-----w- c:\program files\iPhoneBrowser 2010-01-03 20:32 . 2010-01-03 20:32 -------- d-----w- c:\program files\WinSCP 2010-01-03 19:48 . 2010-01-03 19:48 -------- d-----w- c:\users\Taupi\AppData\Local\Threat Expert 2010-01-02 22:21 . 2010-01-02 22:21 -------- d-----w- c:\users\Taupi\AppData\Local\Nero 2010-01-02 20:04 . 2010-01-02 22:21 -------- d-----w- C:\MSNCleaner 2010-01-02 19:29 . 2010-01-03 21:22 -------- d-----w- c:\program files\iPhone Explorer 2010-01-02 19:20 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2010-01-01 22:57 . 2010-01-01 22:57 -------- d-----w- c:\program files\Alwil Software 2010-01-01 22:41 . 2010-01-07 19:10 -------- d-sh--w- c:\users\Taupi\.COMMgr 2010-01-01 20:39 . 2010-01-01 20:47 -------- d-----w- c:\users\Taupi\AppData\Roaming\DiskAid 2009-12-26 03:58 . 2009-12-26 03:58 1196032 ----a-w- c:\windows\system32\-a9U6mu-brxEW0t.dll 2009-12-23 23:16 . 2010-01-01 20:17 -------- d-----w- c:\users\Taupi\AppData\Local\myPod_Apps 2009-12-21 19:08 . 2009-12-21 19:24 -------- d-----w- c:\users\Taupi\AppData\Roaming\Apple Computer 2009-12-21 19:07 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-12-21 19:07 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-12-21 19:05 . 2009-12-21 19:05 -------- d-----w- c:\program files\iPod 2009-12-21 19:05 . 2009-12-21 19:07 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-21 19:05 . 2009-12-21 19:07 -------- d-----w- c:\program files\iTunes 2009-12-21 19:05 . 2009-12-21 19:05 -------- d-----w- c:\program files\Bonjour 2009-12-21 19:04 . 2009-12-21 19:04 -------- d-----w- c:\program files\QuickTime 2009-12-21 19:04 . 2009-12-21 19:05 -------- d-----w- c:\programdata\Apple Computer 2009-12-21 19:00 . 2009-12-21 19:05 -------- d-----w- c:\program files\Common Files\Apple 2009-12-21 17:25 . 2009-12-21 17:25 -------- d-----w- c:\users\Taupi\AppData\Roaming\VitySoft 2009-12-18 14:30 . 2009-12-18 14:32 -------- d-----w- c:\program files\NVIDIA Corporation 2009-12-18 14:20 . 2009-11-21 02:34 76392 ----a-w- c:\windows\system32\OpenCL.dll 2009-12-18 14:20 . 2009-11-21 02:34 4241000 ----a-w- c:\windows\system32\nvwgf2um.dll 2009-12-18 14:20 . 2009-11-21 02:34 11515752 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2009-12-18 14:20 . 2009-11-21 02:34 14064232 ----a-w- c:\windows\system32\nvoglv32.dll 2009-12-18 14:20 . 2009-11-21 02:34 4001384 ----a-w- c:\windows\system32\nvcuda.dll 2009-12-18 14:20 . 2009-11-21 02:34 2243176 ----a-w- c:\windows\system32\nvcuvid.dll 2009-12-18 14:20 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-12-18 14:20 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod178.dll 2009-12-18 14:20 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod.dll 2009-12-18 14:20 . 2009-11-21 02:34 11381352 ----a-w- c:\windows\system32\nvcompiler.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-10 21:06 . 2008-01-22 15:23 -------- d-----w- c:\programdata\NVIDIA 2010-01-10 18:42 . 2008-03-16 09:29 -------- d-----w- c:\users\Taupi\AppData\Roaming\Azureus 2010-01-10 17:24 . 2009-12-18 14:35 34895 ----a-w- c:\programdata\nvModes.dat 2010-01-04 20:30 . 2010-01-04 20:30 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-01-04 20:30 . 2010-01-04 20:30 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-01-03 21:20 . 2008-03-22 11:40 -------- d-----w- c:\users\Taupi\AppData\Roaming\FileZilla 2010-01-02 20:23 . 2008-01-23 03:24 -------- d-----w- c:\users\Taupi\AppData\Roaming\GrabIt 2010-01-02 19:27 . 2008-04-27 13:15 -------- d-----w- c:\program files\VirtualDJ 2009-12-31 19:22 . 2009-10-25 17:22 -------- d-----w- c:\program files\Sim AQUARIUM 2 2009-12-22 17:28 . 2009-12-22 17:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-12-21 22:42 . 2008-01-22 14:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-21 19:11 . 2009-06-12 17:40 -------- d-----w- c:\programdata\Apple 2009-12-21 18:46 . 2009-07-27 16:59 -------- d-----w- c:\users\Taupi\AppData\Roaming\Samsung 2009-12-21 18:46 . 2009-07-27 16:37 -------- d-----w- c:\program files\Samsung 2009-12-18 14:31 . 2008-05-21 18:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-18 14:31 . 2008-05-21 18:25 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-07 19:54 . 2008-01-25 02:42 -------- d-----w- c:\program files\DivX 2009-12-07 19:54 . 2009-12-07 19:54 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-12-06 22:11 . 2008-03-16 09:26 -------- d-----w- c:\program files\Azureus 2009-12-05 13:42 . 2006-11-02 16:03 735972 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-05 13:42 . 2006-11-02 16:03 151638 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-05 04:54 . 2009-12-05 04:54 529456 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys 2009-12-05 04:54 . 2009-12-05 04:54 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHRules.dll 2009-12-05 04:54 . 2009-12-05 04:54 1405840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHEngine.dll 2009-12-05 04:54 . 2009-12-05 04:54 668720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys 2009-12-05 04:54 . 2009-12-05 04:54 610704 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\bbRGen.dll 2009-11-29 17:58 . 2009-11-29 17:58 -------- d-----w- c:\program files\ASIO4ALL v2 2009-11-29 17:38 . 2009-11-29 17:37 -------- dc-h--w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573} 2009-11-29 17:36 . 2009-11-29 17:35 -------- d-----w- c:\program files\Common Files\Native Instruments 2009-11-29 17:36 . 2009-11-29 17:36 -------- d-----w- c:\program files\Common Files\Digidesign 2009-11-29 17:36 . 2009-11-29 17:35 -------- d-----w- c:\program files\Native Instruments 2009-11-29 17:36 . 2009-11-29 17:36 -------- d-----w- c:\programdata\Native Instruments 2009-11-29 17:36 . 2009-11-29 17:36 -------- dc-h--w- c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222} 2009-11-29 17:35 . 2009-11-29 17:35 -------- dc-h--w- c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} 2009-11-21 02:34 . 2009-12-18 14:20 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2009-11-21 02:34 . 2008-05-03 03:46 592488 ----a-w- c:\windows\system32\nvudisp.exe 2009-11-21 02:34 . 2007-12-11 16:06 9333352 ----a-w- c:\windows\system32\nvd3dum.dll 2009-11-21 02:34 . 2007-12-11 16:06 1249896 ----a-w- c:\windows\system32\nvapi.dll 2009-11-20 19:33 . 2009-11-20 19:33 812648 ----a-w- c:\windows\system32\nvsvc.dll 2009-11-20 19:33 . 2009-11-20 19:33 66664 ----a-w- c:\windows\system32\nvshext.dll 2009-11-20 19:33 . 2009-11-20 19:33 1323624 ----a-w- c:\windows\system32\nvsvcr.dll 2009-11-20 19:33 . 2009-11-20 19:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll 2009-11-20 19:33 . 2009-11-20 19:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe 2009-11-20 19:33 . 2009-11-20 19:33 110184 ----a-w- c:\windows\system32\nvmctray.dll 2009-11-19 20:42 . 2008-01-22 15:20 592488 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-11-17 19:38 . 2009-11-17 19:38 -------- d-----w- c:\users\Taupi\AppData\Roaming\Inkscape 2009-11-17 19:37 . 2009-11-17 19:33 -------- d-----w- c:\program files\Inkscape 2009-11-15 13:04 . 2009-11-15 13:04 -------- d-----w- c:\programdata\BioWare 2009-11-15 12:41 . 2008-06-15 10:13 -------- d-----w- c:\programdata\Media Center Programs 2009-11-15 12:41 . 2009-11-15 12:24 -------- d-----w- c:\program files\Common Files\BioWare 2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSXpx86.sys 2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\Scxpx86.dll 2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSxpx86.dll 2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSviA64.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap] 2007-09-06 10:19 1426432 ----a-w- c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help] 2007-09-11 09:32 880640 ----a-w- c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPU Power Monitor] 2007-09-06 18:57 626688 ----a-w- c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-11-20 19:33 12685928 ----a-w- c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NAV\1101000.013\SymDS.sys [05/01/2010 12:27 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1101000.013\SymEFA.sys [05/01/2010 12:27 171056] R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [05/12/2009 05:54 529456] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1101000.013\cchpx86.sys [05/01/2010 12:27 501888] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSvix86.sys [10/01/2010 18:36 343088] R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NAV\1101000.013\Ironx86.sys [05/01/2010 12:27 114736] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NAV\1101000.013\symtdiv.sys [05/01/2010 12:27 339504] R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe [05/01/2010 12:27 126392] R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [17/07/2009 14:32 3576320] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20/11/2009 19:17 240232] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [04/01/2010 21:32 102448] S0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\System32\drivers\royal.sys [01/01/2002 15:25 240128] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [22/01/2008 16:42 717296] S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;e:\jeux\Dragon Age\bin_ship\daupdatersvc.service.exe [15/11/2009 13:34 25832] S4 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [10/12/2008 00:10 24636] S4 Tomcat5;Apache Tomcat;d:\developpement\Tomcat 5.0\bin\tomcat5.exe [05/10/2004 18:30 102400] . Contenu du dossier 'Tâches planifiées' 2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{55DD494C-4445-40E1-A402-F3F6C652095F}.job - c:\windows\system32\msfeedssync.exe [2008-04-15 07:33] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = local;*.local IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html IE: Zend Studio - Debug current page - d:\developpement\Zend studio for eclipse - 6.1.1\toolbars\ZendIEToolbar.dll/DebugCurrent.html IE: Zend Studio - Debug next page - d:\developpement\Zend studio for eclipse - 6.1.1\toolbars\ZendIEToolbar.dll/DebugNext.html FF - ProfilePath - c:\users\Taupi\AppData\Roaming\Mozilla\Firefox\Profiles\4agxo3np.default\ FF - prefs.js: browser.startup.homepage - www.google.fr FF - component: c:\program files\Mozilla Firefox\extensions\{8a12921a-9829-abb4-6c61-035ec2d1a91e}\components\i9pVUSy-9tsL.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Microsoft Silverlight\3.0.40624.0\npctrl.1.0.20926.0.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll ---- PARAMETRES FIREFOX ---- FF - user.js: zend.ZDE_Path - d:\developpement\Zend studio for eclipse - 6.1.1\ZendStudio.exe . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-AP Guitar Tuner - c:\program files\Audio Phonics AddRemove-zn1-yU3 - c:\windows\system32\zn1-yU3.exe ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.1.0.19\diMaster.dll\" /prefetch:1" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-537943452-2590180590-3155171038-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:3b,42,c3,b5,5c,92,dc,f6,f3,fa,9d,60,4f,6b,44,2c,e9,08,98,3d,1a, e3,13,d2,57,2b,93,94,13,59,31,65,e3,ec,49,75,66,2d,e5,59,0b,01,5f,07,50,d6,\ "rkeysecu"=hex:2b,76,63,e3,79,a5,cc,06,3a,27,34,3f,78,ee,98,29 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-01-10 22:27:23 ComboFix-quarantined-files.txt 2010-01-10 21:27 Avant-CF: 22 494 175 232 octets libres Après-CF: 22 451 810 304 octets libres - - End Of File - - AE2BD963C54900CE6DE38273E61BDBA3 Merci d'avance Léo