Vie Russe

Alors...personne pour m'aider ?

ça le fait aussi depuis un autre pc :/

Bonjour, Ce matin en voulant accéder à mon blog et à son administration sur WP, j'obtiens une page rouge qui m'avertis que mon blog est piraté :/ J'ai lu les recommandations de Google, mais je ne comprends pas la marche à suivre :/ Pouvez-vous m'aider et me dire ce qu'il faut faire... Merci d'avance

Voici le rapport : Analyse automatique: terminée : il y a 16 minutes(évênements : 10, objets : 363778, durée : 05:14:11) 15/10/2010 11:31:19 Lancement de la tâche 15/10/2010 13:05:26 Détectés: Viruslist.com - Adobe Reader / Acrobat SING "uniqueName" Buffer Overflow Vulnerability C:\Program Files\Adobe\Reader 9.0\Reader\RdLang32.FRA 15/10/2010 13:21:35 Détectés: Viruslist.com - Sun Java JDK / JRE / SDK Multiple Vulnerabilities C:\Program Files\Java\jre1.6.0_07\bin\java.exe 15/10/2010 13:22:21 Détectés: Viruslist.com - Sun Java JDK / JRE / SDK Multiple Vulnerabilities C:\Program Files\Java\jre6\bin\java.exe 15/10/2010 13:29:21 Détectés: Viruslist.com - Mozilla Firefox Multiple Vulnerabilities C:\Program Files\Mozilla Firefox\firefox.exe 15/10/2010 13:43:02 Détectés: Viruslist.com - HTTrack Long URLs Buffer Overflow Vulnerability C:\Program Files\WinHTTrack\WinHTTrack.exe 15/10/2010 13:43:08 Détectés: Viruslist.com - XnView MBM Processing Buffer Overflow Vulnerability C:\Program Files\XnView\xnview.exe 15/10/2010 16:39:20 Détectés: Viruslist.com - Mozilla Firefox Multiple Vulnerabilities C:\Program Files\Mozilla Firefox\firefox.exe 15/10/2010 16:39:29 Détectés: Viruslist.com - Apple QuickTime QTPlugin.ocx Input Validation Vulnerability C:\Program Files\QuickTime\QuickTimePlayer.exe 15/10/2010 16:45:30 Fin de la tâche Recherche de virus: terminée : il y a 4 heures (évênements : 2, objets : 5, durée : 00:00:01) 15/10/2010 12:22:17 Lancement de la tâche 15/10/2010 12:22:18 Fin de la tâche

Ok, je suis en train de transférer mes comptes mails sur gmail...comme ça plus d'emails sur mon pc, ils resteront sur le serveur. Je vais désinstaller Thunderbird et supprimer tous les dossiers qui apparaissent dans le scan ensuite je vais refaire un scan Kapersky...j'espère que cette fois ça sera moins long et que j'arriverai à récupérer le rapport Merci a+

Bonjour Pear, En fait à la fin du scan kapersky j'ai pas trop compris ce que je devais faire...je suis pas sure d'avoir supprimer les lignes :/ Si je désinstalle thunderbird, je vais pas perdre tous mes mails classés dans la messagerie ?

Bonjour, Bon ben voilà...comme écrit dans mon dernier message, j'ai pas réussi à copier le rapport :/ Je ne sais pas quoi faire avec les dossiers Thunderbird infectés... J'ai fais une capture, voila à quoi ça ressemble : Merci de m'aider

Pfff je viens de me taper plus de 12 h de scan et pas moyen d'enregistrer le rapport ! J'suis verte :/

Bonsoir Cette fenêtre vient de s'ouvrir...je fais quoi ? Merci...

Bonsoir, 9h de scan...je suis à seulement 60% du scan...il doit y avoir pas loin de 100 lignes ! elles contiennent toutes "thunderburd" ! c'est dingue :/ D'ailleurs, plus dans mes messages j'avais un scan qui était resté bloqué sur le répertoire thunderbird :/

hello, je suis en train de faire le scan...c'est super long, j'ai du l'arrêter hier soir... Je l'ai remis il y a 3h et je suis toujours à 9%... Ce qui m'inquiète, c'est que j'ai déjà plus de 30 lignes rouges :/ Toutes les lignes commencent pareil : C:\Users\Famille\AppData\Roaming\Thunderbird\Profiles\7m4wm47n.default\pop.neuf.fr\...ect Vous avez déjà eu ce genre d'infection ? ça vient d'où ? Merci d'avance Je poste le rapport dès que ça se termine...

Ok, je fais ça ce soir, car je bosse sur mon pc la journée Merci !

Voila le rapport : SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** No Hidden Processes found ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: \SystemRoot\system32\drivers\lklztg.sys Service Name: --- Module Base: 881B6000 Module End: 881C5000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys Service Name: --- Module Base: 8DEFA000 Module End: 8DF05000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: 8DF05000 Module End: 8DF0D000 Hidden: Yes ****************************************************************************************** ****************************************************************************************** SSDT: Function Name: ZwAlpcConnectPort Address: 8DD98570 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwAlpcCreatePort Address: 8DD98E46 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwConnectPort Address: 8DD97FC6 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwCreateFile Address: AB3C636A Driver Base: AB3C2000 Driver End: AB3C9000 Driver Name: \??\C:\Windows\system32\windrvNT.sys Function Name: ZwCreateKey Address: 8DDB2FA8 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwCreatePort Address: 8DD98AD0 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwCreateProcess Address: 8DDACE42 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwCreateProcessEx Address: 8DDAD26A Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwCreateSection Address: 8DDB76FE Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwCreateThread Address: AC6950F4 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateWaitablePort Address: 8DD98C2E Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwDeleteFile Address: 8DD925B4 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwDeleteKey Address: 8DDB4A50 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwDeleteValueKey Address: 8DDB4346 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwDuplicateObject Address: 8DDABC26 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwLoadKey Address: 8DDB541A Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwLoadKey2 Address: 8DDB5658 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwLoadKeyEx Address: 8DDB5B0A Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwOpenFile Address: AB3C6CD8 Driver Base: AB3C2000 Driver End: AB3C9000 Driver Name: \??\C:\Windows\system32\windrvNT.sys Function Name: ZwOpenProcess Address: AC6950E0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwOpenThread Address: AC6950E5 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwQueryDirectoryFile Address: AB3C6842 Driver Base: AB3C2000 Driver End: AB3C9000 Driver Name: \??\C:\Windows\system32\windrvNT.sys Function Name: ZwQueryInformationProcess Address: AB3C31E0 Driver Base: AB3C2000 Driver End: AB3C9000 Driver Name: \??\C:\Windows\system32\windrvNT.sys Function Name: ZwRenameKey Address: 8DDB64E0 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwReplaceKey Address: 8DDB5DD4 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwRequestWaitReplyPort Address: 8DD97B5E Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwRestoreKey Address: 8DDB6F40 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwSecureConnectPort Address: 8DD98292 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwSetInformationFile Address: AB3C7142 Driver Base: AB3C2000 Driver End: AB3C9000 Driver Name: \??\C:\Windows\system32\windrvNT.sys Function Name: ZwSetSecurityObject Address: 8DDB6A68 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwSetValueKey Address: 8DDB3A6A Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwSystemDebugControl Address: 8DDADF66 Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys Function Name: ZwTerminateProcess Address: AC6950EF Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateUserProcess Address: 8DDAD6DE Driver Base: 8DD6C000 Driver End: 8DDF7000 Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys ****************************************************************************************** ****************************************************************************************** No Kernel Hooks found ****************************************************************************************** ****************************************************************************************** No IRP Hooks found ****************************************************************************************** ****************************************************************************************** Ports: Local Address: PC-MAISON:64784 Remote Address: 208.43.202.42-STATIC.REVERSE.SOFTLAYER.COM:HTTP Type: TCP Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe State: ESTABLISHED Local Address: PC-MAISON:56333 Remote Address: EC2-184-73-211-238.COMPUTE-1.AMAZONAWS.COM:HTTPS Type: TCP Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe State: CLOSE_WAIT Local Address: PC-MAISON:56323 Remote Address: 174.36.30.65-STATIC.REVERSE.SOFTLAYER.COM:HTTPS Type: TCP Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe State: CLOSE_WAIT Local Address: PC-MAISON:50170 Remote Address: 8.128.17-93.REV.GAOLAND.NET:POP3 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: PC-MAISON:50169 Remote Address: POP.ORANGE.FR:POP3 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: PC-MAISON:50166 Remote Address: 188-165-55-133.OVH.NET:HTTP Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: PC-MAISON:50165 Remote Address: POP.ORANGE.FR:POP3 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: PC-MAISON:50163 Remote Address: POP.ORANGE.FR:POP3 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: PC-MAISON:50162 Remote Address: 8.128.17-93.REV.GAOLAND.NET:POP3 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: PC-MAISON:50154 Remote Address: POP.ORANGE.FR:POP3 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: PC-MAISON:50144 Remote Address: POP.ORANGE.FR:POP3 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: PC-MAISON:50143 Remote Address: POP.ORANGE.FR:POP3 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: PC-MAISON:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: PC-MAISON:49685 Remote Address: LOCALHOST:49684 Type: TCP Process: C:\Program Files\Mozilla Thunderbird\thunderbird.exe State: ESTABLISHED Local Address: PC-MAISON:49684 Remote Address: LOCALHOST:49685 Type: TCP Process: C:\Program Files\Mozilla Thunderbird\thunderbird.exe State: ESTABLISHED Local Address: PC-MAISON:49682 Remote Address: LOCALHOST:49681 Type: TCP Process: C:\Program Files\Mozilla Thunderbird\thunderbird.exe State: ESTABLISHED Local Address: PC-MAISON:49681 Remote Address: LOCALHOST:49682 Type: TCP Process: C:\Program Files\Mozilla Thunderbird\thunderbird.exe State: ESTABLISHED Local Address: PC-MAISON:49184 Remote Address: LOCALHOST:19872 Type: TCP Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe State: ESTABLISHED Local Address: PC-MAISON:27015 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe State: LISTENING Local Address: PC-MAISON:19872 Remote Address: LOCALHOST:49184 Type: TCP Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe State: ESTABLISHED Local Address: PC-MAISON:49157 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\services.exe State: LISTENING Local Address: PC-MAISON:49156 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\svchost.exe State: LISTENING Local Address: PC-MAISON:49155 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\svchost.exe State: LISTENING Local Address: PC-MAISON:49154 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\lsass.exe State: LISTENING Local Address: PC-MAISON:49153 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\svchost.exe State: LISTENING Local Address: PC-MAISON:49152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\wininit.exe State: LISTENING Local Address: PC-MAISON:17500 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe State: LISTENING Local Address: PC-MAISON:5357 Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: PC-MAISON:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: PC-MAISON:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\svchost.exe State: LISTENING Local Address: PC-MAISON:57433 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:SSDP Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: PC-MAISON:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: PC-MAISON:61434 Remote Address: NA Type: UDP Process: C:\Program Files\Windows Sidebar\sidebar.exe State: NA Local Address: PC-MAISON:57434 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:51072 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:SSDP Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:57430 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:17500 Remote Address: NA Type: UDP Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe State: NA Local Address: PC-MAISON:LLMNR Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:IPSEC-MSFT Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:UPNP-DISCOVERY Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:UPNP-DISCOVERY Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:500 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: PC-MAISON:123 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\sccfg.sys Status: Hidden Object: C:\System Volume Information\DFSR Status: Access denied Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\SPP Status: Access denied Object: C:\System Volume Information\SystemRestore Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\System Volume Information\Windows Backup Status: Access denied Object: C:\System Volume Information\{0c48e1a1-d244-11df-b4ea-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{2eb75517-d4f9-11df-b71b-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{6b5a438c-d375-11df-bb3f-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{a256b778-d456-11df-b399-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{a256b785-d456-11df-b399-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{a256b790-d456-11df-b399-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{a51dd07a-d487-11df-b81b-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{c4a3738d-d29e-11df-8507-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{c4a373b1-d29e-11df-8507-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\Users\Famille\AppData\Local\FLVService\YouTube - LEXUS IS-F full attack!_(2).bin Status: Hidden Object: C:\Users\Famille\AppData\Local\FLVService\YouTube - LEXUS IS-F full attack!_.bin Status: Hidden Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\nounou@hotmail.fr\DFSR\Staging\CS{2A3F26EF-70E7-6B46-221F-4C027EBED9B9}\01\10-{2A3F26EF-70E7-6B46-221F-4C027EBED9B9}-v1-{F9E9B0D0-8250-41E2-986E-1C72AF87C282} Status: Hidden Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\01\11-{E419866A-53EA-CB7E-1B18-F46B63A96356}-v1-{F9E9B0D0-8250-41E2-986E-1C72AF87C Status: Hidden Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\12\12-{F9E9B0D0-8250-41E2-986E-1C72AF87C282}-v12-{F9E9B0D0-8250-41E2-986E-1C72AF87 Status: Hidden Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\16\16-{F9E9B0D0-8250-41E2-986E-1C72AF87C282}-v16-{F9E9B0D0-8250-41E2-986E-1C72AF87 Status: Hidden Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\55\1755-{6532417D-4975-446F-A3F7-80DBC8F483F0}-v1755-{6532417D-4975-446F-A3F7-80DB Status: Hidden Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\62\1862-{6532417D-4975-446F-A3F7-80DBC8F483F0}-v1862-{6532417D-4975-446F-A3F7-80DB Status: Hidden Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\74\1774-{6532417D-4975-446F-A3F7-80DBC8F483F0}-v1774-{6532417D-4975-446F-A3F7-80DB Status: Hidden Object: C:\Users\Famille\Favorites\Links\Ciné\Restaurants Status: Hidden Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Status: Access denied

Le scan n'a rien donné...c'est bizarre non ?

Voilà : Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Completed script processing. ******************* Finished! Terminate.