nath09

# DelFix v8.8 - Rapport créé le 07/07/2012 à 15:08:13 # Mis à jour le 12/02/12 par Xplode # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits) # Nom d'utilisateur : Nathalie - NATHALIE-VAIO (Administrateur) # Exécuté depuis : C:\Users\Nathalie\Desktop\delfix.exe # Option [suppression] ~~~~~~ Dossiers(s) ~~~~~~ Supprimé : C:\Qoobox Supprimé : C:\_OTL Supprimé : C:\_OTM Supprimé : C:\ZHP Supprimé : C:\Users\Nathalie\DoctorWeb Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP Supprimé : C:\Users\Nathalie\Desktop\RK_Quarantine Supprimé : C:\Program Files (x86)\ZHPDiag Supprimé : C:\Program Files (x86)\SEAF ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\ComboFix.txt Supprimé : C:\PhysicalMBR.bin Supprimé : C:\TDSSKiller.2.7.36.0_07.06.2012_18.55.52_log.txt Supprimé : C:\Users\Nathalie\Desktop\avenger.exe Supprimé : C:\Users\Nathalie\Desktop\avenger.zip Supprimé : C:\Users\Nathalie\Desktop\ComboFix.exe Supprimé : C:\Users\Nathalie\Desktop\RogueKiller.exe Supprimé : C:\Users\Nathalie\Desktop\SEAF.exe Supprimé : C:\Users\Nathalie\Desktop\TDSSKiller.exe Supprimé : C:\Users\Nathalie\Desktop\tdsskiller.zip Supprimé : C:\Users\Nathalie\Desktop\TFC.exe Supprimé : C:\Users\Nathalie\Desktop\ZHPDiag.txt Supprimé : C:\Users\Nathalie\Desktop\ZHPDiag2.exe Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk Supprimé : C:\Windows\grep.exe Supprimé : C:\Windows\PEV.exe Supprimé : C:\Windows\NIRCMD.exe Supprimé : C:\Windows\MBR.exe Supprimé : C:\Windows\SED.exe Supprimé : C:\Windows\SWREG.exe Supprimé : C:\Windows\SWSC.exe Supprimé : C:\Windows\SWXCACLS.exe Supprimé : C:\Windows\Zip.exe ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools Clé Supprimée : HKLM\SOFTWARE\Swearware Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEAF Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DWPROT ~~~~~~ Autres ~~~~~~ -> Prefetch Vidé ************************* DelFix[R1].txt - [2338 octets] - [07/07/2012 15:08:00] DelFix[s1].txt - [2333 octets] - [07/07/2012 15:08:13] ########## EOF - C:\DelFix[s1].txt - [2457 octets] ##########

ComboFix 12-07-06.02 - Nathalie 07/07/2012 12:44:19.4.2 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4063.2606 [GMT 2:00] Lancé depuis: c:\users\Nathalie\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Nathalie\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\4sugmv29.default\searchplugins\funmoods.xml" "c:\users\Nathalie\AppData\Roaming\pdfforge" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\4sugmv29.default\searchplugins\funmoods.xml . Une copie infectée de c:\windows\SysWow64\userinit.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ERDNT\cache86\userinit.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-07 au 2012-07-07 )))))))))))))))))))))))))))))))))))) . . 2012-07-07 10:53 . 2012-07-07 10:53 -------- d-----w- c:\users\Thibaud\AppData\Local\temp 2012-07-07 10:53 . 2012-07-07 10:53 -------- d-----w- c:\users\Thibaud.Nathalie-VAIO\AppData\Local\temp 2012-07-07 10:53 . 2012-07-07 10:53 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-07 10:53 . 2012-07-07 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-22 16:29 . 2012-07-06 17:32 -------- d-----w- c:\users\Nathalie\AppData\Local\Windows Live 2012-06-21 06:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 06:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 06:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 06:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 06:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 06:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 06:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 06:38 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 06:38 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 05:34 . 2012-07-06 15:31 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Biqizy 2012-06-20 19:40 . 2012-07-06 15:31 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Loig 2012-06-20 19:40 . 2012-07-06 15:18 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Abgyqy 2012-06-20 19:40 . 2012-06-20 19:40 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Nalyhi 2012-06-20 17:04 . 2012-06-20 17:04 -------- d-----w- c:\users\Nathalie\AppData\Local\libimobiledevice 2012-06-20 16:24 . 2012-06-20 16:24 -------- d-----w- c:\program files\iPod 2012-06-20 16:24 . 2012-06-20 16:24 -------- d-----w- c:\program files\iTunes 2012-06-20 16:24 . 2012-06-20 16:24 -------- d-----w- c:\program files (x86)\iTunes 2012-06-13 15:35 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 10:33 . 2012-06-12 10:35 -------- d-----w- c:\users\Nathalie\AppData\Roaming\pdfforge 2012-06-12 10:33 . 2012-05-14 07:21 94208 ----a-w- c:\windows\system32\pdfcmon.dll 2012-06-12 10:33 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2012-06-12 10:33 . 2012-06-12 10:33 -------- d-----w- c:\program files (x86)\PDFCreator 2012-06-12 10:33 . 1998-07-13 00:08 59904 ----a-w- c:\windows\SysWow64\MSCC2FR.DLL 2012-06-12 10:33 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2012-06-12 10:33 . 2012-06-12 10:33 -------- d-----w- c:\programdata\Premium 2012-06-12 10:33 . 2012-06-12 10:33 -------- d-----w- c:\programdata\InstallMate 2012-06-10 16:19 . 2012-06-10 16:19 -------- d-----w- c:\users\Thibaud.Nathalie-VAIO\AppData\Roaming\Avira 2012-06-10 13:03 . 2012-06-10 13:03 -------- d-----w- C:\_OTL 2012-06-10 11:26 . 2012-06-10 11:26 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Avira 2012-06-10 11:25 . 2012-06-10 11:25 -------- d-----w- c:\programdata\Avira 2012-06-10 11:25 . 2012-06-10 11:25 -------- d-----w- c:\program files (x86)\Avira 2012-06-10 11:25 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-06-10 11:25 . 2012-02-15 13:04 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-06-10 11:25 . 2012-02-15 13:04 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-06-10 11:01 . 2012-06-10 11:01 512 ----a-w- C:\PhysicalMBR.bin 2012-06-10 10:49 . 2012-06-10 10:49 -------- d-sh--w- C:\DrWeb Quarantine 2012-06-09 17:53 . 2012-06-10 10:24 -------- d-----w- c:\users\Nathalie\Doctor Web 2012-06-09 17:48 . 2012-06-09 17:48 -------- d-----w- c:\program files\Common Files\Doctor Web 2012-06-09 17:48 . 2012-06-10 10:50 -------- d-----w- c:\program files (x86)\DrWeb 2012-06-09 17:48 . 2012-06-10 10:49 -------- d-----w- c:\programdata\Doctor Web 2012-06-09 17:10 . 2012-06-09 17:10 -------- d-----w- c:\users\Nathalie\DoctorWeb 2012-06-09 07:15 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12E90495-4183-465F-80C3-2E533C8CFA0F}\mpengine.dll 2012-06-08 16:16 . 2012-06-08 16:16 61440 ----a-w- c:\windows\SysWow64\drivers\znwquzs.sys 2012-06-08 16:12 . 2012-06-08 16:12 61440 ----a-w- c:\windows\SysWow64\drivers\lhro.sys 2012-06-08 16:07 . 2012-06-08 16:07 61440 ----a-w- c:\windows\SysWow64\drivers\rymcnvli.sys 2012-06-08 16:02 . 2012-06-08 16:02 61440 ----a-w- c:\windows\SysWow64\drivers\oebz.sys 2012-06-08 15:27 . 2012-06-08 15:27 61440 ----a-w- c:\windows\SysWow64\drivers\insaj.sys 2012-06-08 15:13 . 2012-06-08 15:13 61440 ----a-w- c:\windows\SysWow64\drivers\mobk.sys 2012-06-08 10:23 . 2012-06-08 10:23 61440 ----a-w- c:\windows\SysWow64\drivers\rnah.sys 2012-06-08 10:19 . 2012-06-08 10:19 61440 ----a-w- c:\windows\SysWow64\drivers\iecfbhpe.sys 2012-06-07 17:48 . 2012-06-07 17:48 -------- d-----w- C:\_OTM 2012-06-07 17:26 . 2012-06-07 17:26 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Malwarebytes 2012-06-07 17:26 . 2012-06-07 17:26 -------- d-----w- c:\programdata\Malwarebytes 2012-06-07 17:26 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-07 17:26 . 2012-06-07 17:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-07 15:36 . 2012-06-07 15:36 -------- d-----w- c:\program files (x86)\SEAF 2012-06-07 15:32 . 2012-07-06 15:50 -------- d-----w- C:\ZHP 2012-06-07 15:32 . 2012-06-07 15:33 -------- d-----w- c:\program files (x86)\ZHPDiag . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-22 16:31 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-05-06 12:45 . 2012-05-06 12:44 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-07_07.33.22 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-07-07 10:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-06 20:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-06 20:50 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-07 10:54 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-06 20:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-07 10:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-08-17 10:28 . 2012-07-07 10:56 55898 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-07 10:56 41694 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-07-06 20:52 41694 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-11 10:24 . 2012-07-07 10:56 15352 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2540117076-1113756704-1663949447-1000_UserData.bin + 2011-10-10 18:52 . 2012-07-07 10:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-10-10 18:52 . 2012-07-06 20:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-10-10 18:52 . 2012-07-07 10:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-10-10 18:52 . 2012-07-06 20:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-10-10 18:52 . 2012-07-06 20:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-10-10 18:52 . 2012-07-07 10:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-10-11 05:19 . 2012-07-07 07:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-10-11 05:19 . 2012-07-07 10:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-10-11 05:19 . 2012-07-07 10:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-10-11 05:19 . 2012-07-07 07:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-07-06 20:49 . 2012-07-06 20:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-07 10:54 . 2012-07-07 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-07 10:54 . 2012-07-07 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-06 20:49 . 2012-07-06 20:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 15:24 . 2012-06-29 10:30 704714 c:\windows\system32\perfh00C.dat + 2009-07-14 15:24 . 2012-07-07 07:59 704714 c:\windows\system32\perfh00C.dat + 2009-07-14 02:36 . 2012-07-07 07:59 616242 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-29 10:30 616242 c:\windows\system32\perfh009.dat - 2009-07-14 15:24 . 2012-06-29 10:30 130988 c:\windows\system32\perfc00C.dat + 2009-07-14 15:24 . 2012-07-07 07:59 130988 c:\windows\system32\perfc00C.dat - 2009-07-14 02:36 . 2012-06-29 10:30 106622 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-07-07 07:59 106622 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-07-06 20:49 411844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-07 10:53 411844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-10-11 10:15 . 2012-07-07 10:53 3316646 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2540117076-1113756704-1663949447-1000-8192.dat - 2011-10-11 10:15 . 2012-07-06 20:49 3316646 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2540117076-1113756704-1663949447-1000-8192.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-15 258512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-01 09:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R0 akngo;akngo;c:\windows\system32\drivers\iecfbhpe.sys [x] R0 eambjmhd;eambjmhd;c:\windows\system32\drivers\oebz.sys [x] R0 fgjt;fgjt;c:\windows\system32\drivers\rymcnvli.sys [x] R0 hhsv;hhsv;c:\windows\system32\drivers\insaj.sys [x] R0 hvdu;hvdu;c:\windows\system32\drivers\znwquzs.sys [x] R0 midfak;midfak;c:\windows\system32\drivers\lhro.sys [x] R0 slvka;slvka;c:\windows\system32\drivers\mobk.sys [x] R0 yfurogyx;yfurogyx;c:\windows\system32\drivers\rnah.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-30 35104] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120] R3 netw5v64;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 64 bits;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104] R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048] R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-17 110888] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 1223024] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-11 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-06 283200] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264] S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-15 86224] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-07-16 411496] S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-08-12 522240] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216] . . . --------- X64 Entries ----------- . . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.funmoods.com/?f=1&a=fmtgl mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll FF - ProfilePath - c:\users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\4sugmv29.default\ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\LocalService\Software\Microsoft\Windows NT\CurrentVersion\Windows] @DACL=(02 0000) "UserSelectedDefault"=dword:00000000 "Device"="Envoyer à OneNote 2010,winspool,nul:" . [HKEY_USERS\LocalService\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] @DACL=(02 0000) "ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin" . [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows] @DACL=(02 0000) "UserSelectedDefault"=dword:00000000 "Device"="Envoyer à OneNote 2010,winspool,nul:" . [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] @DACL=(02 0000) "ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe . ************************************************************************** . Heure de fin: 2012-07-07 13:00:52 - La machine a redémarré ComboFix-quarantined-files.txt 2012-07-07 11:00 ComboFix2.txt 2012-07-07 07:36 . Avant-CF: 130 923 298 816 octets libres Après-CF: 130 841 206 784 octets libres . - - End Of File - - D92C1DCC1F84AC0BC96D2370D44C3833

Rapport SEAF 1. ========================= SEAF 1.0.1.0 - C_XX 2. 3. Commencé à: 11:32:33 le 07/07/2012 4. 5. Valeur(s) recherchée(s): 6. funmoods 7. 8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès 9. 10. (!) --- Calcul du Hash "MD5" 11. (!) --- Informations supplémentaires 12. (!) --- Recherche registre 13. 14. ====== Fichier(s) ====== 15. 16. 17. "C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\4sugmv29.default\searchplugins\funmoods.xml" [ NOT_CONTENT_INDEXED|ARCHIVE | 2 Ko ] 18. TC: 26/11/2011,02:07:18 | TM: 18/04/2012,18:16:27 | DA: 18/04/2012,18:16:27 19. 20. Hash MD5: B91CEAB8A4198AD8464EACFE751959BC 21. 22. 23. ========================= 24. 25. 26. 27. ====== Entrée(s) du registre ====== 28. 29. 30. [HKU\S-1-5-21-2540117076-1113756704-1663949447-1000\Software\Funmoods] 31. DA: 06/07/2012 22:51:19 32. 33. [HKU\S-1-5-21-2540117076-1113756704-1663949447-1000\Software\Microsoft\Internet Explorer\Main] 34. "Start Page"="http://start.funmoods.com/?f=1&a=fmtgl" (REG_SZ) 35. 36. ========================= 37. 38. Fin à: 11:36:37 le 07/07/2012 39. 545155 Éléments analysés 40. 41. ========================= 42. E.O.F

SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae File name: rymcnvli.sys Detection ratio: 5 / 42 Analysis date: 2012-07-07 09:26:25 UTC ( 1 minute ago ) 0 0 More details Antivirus Result Update AhnLab-V3 - 20120707 AntiVir - 20120707 Antiy-AVL - 20120707 Avast - 20120707 AVG - 20120707 BitDefender - 20120707 ByteHero - 20120704 CAT-QuickHeal - 20120707 ClamAV - 20120707 Commtouch - 20120707 Comodo - 20120707 DrWeb - 20120707 Emsisoft - 20120707 eSafe Win32.Banker 20120705 F-Prot - 20120706 F-Secure - 20120707 Fortinet - 20120707 GData - 20120707 Ikarus - 20120707 Jiangmin Hoax.Agent.f 20120707 K7AntiVirus Trojan 20120706 Kaspersky - 20120707 McAfee - 20120707 McAfee-GW-Edition - 20120707 Microsoft - 20120707 NOD32 - 20120706 Norman - 20120706 nProtect Trojan/W32.Agent.61440.JQ 20120707 Panda - 20120707 PCTools - 20120707 Rising - 20120706 Sophos - 20120707 SUPERAntiSpyware - 20120707 Symantec - 20120707 TheHacker - 20120706 TotalDefense - 20120707 TrendMicro - 20120707 TrendMicro-HouseCall - 20120706 VBA32 - 20120706 VIPRE - 20120707 ViRobot Hoax..Agent.61440 20120707 VirusBuster - 20120706 SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae File name: insaj.sys Detection ratio: 5 / 42 Analysis date: 2012-07-07 09:30:02 UTC ( 0 minute ago ) 0 0 More details Antivirus Result Update AhnLab-V3 - 20120707 AntiVir - 20120707 Antiy-AVL - 20120707 Avast - 20120707 AVG - 20120707 BitDefender - 20120707 ByteHero - 20120613 CAT-QuickHeal - 20120707 ClamAV - 20120707 Commtouch - 20120707 Comodo - 20120707 DrWeb - 20120707 Emsisoft - 20120707 eSafe Win32.Banker 20120705 F-Prot - 20120706 F-Secure - 20120707 Fortinet - 20120707 GData - 20120707 Ikarus - 20120707 Jiangmin Hoax.Agent.f 20120707 K7AntiVirus Trojan 20120706 Kaspersky - 20120707 McAfee - 20120707 McAfee-GW-Edition - 20120707 Microsoft - 20120707 NOD32 - 20120706 Norman - 20120706 nProtect Trojan/W32.Agent.61440.JQ 20120707 Panda - 20120707 PCTools - 20120707 Rising - 20120706 Sophos - 20120707 SUPERAntiSpyware - 20120707 Symantec - 20120707 TheHacker - 20120706 TotalDefense - 20120707 TrendMicro - 20120707 TrendMicro-HouseCall - 20120706 VBA32 - 20120706 VIPRE - 20120707 ViRobot Hoax..Agent.61440 20120707 VirusBuster - 20120706

HA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae File name: iecfbhpe.sys Detection ratio: 5 / 42 Analysis date: 2012-07-07 09:22:54 UTC ( 0 minute ago ) 0 0 More details Antivirus Result Update AhnLab-V3 - 20120707 AntiVir - 20120707 Antiy-AVL - 20120707 Avast - 20120707 AVG - 20120707 BitDefender - 20120707 ByteHero - 20120613 CAT-QuickHeal - 20120707 ClamAV - 20120707 Commtouch - 20120707 Comodo - 20120707 DrWeb - 20120707 Emsisoft - 20120707 eSafe Win32.Banker 20120705 F-Prot - 20120706 F-Secure - 20120707 Fortinet - 20120707 GData - 20120707 Ikarus - 20120707 Jiangmin Hoax.Agent.f 20120707 K7AntiVirus Trojan 20120706 Kaspersky - 20120707 McAfee - 20120707 McAfee-GW-Edition - 20120707 Microsoft - 20120707 NOD32 - 20120706 Norman - 20120706 nProtect Trojan/W32.Agent.61440.JQ 20120707 Panda - 20120707 PCTools - 20120707 Rising - 20120706 Sophos - 20120707 SUPERAntiSpyware - 20120707 Symantec - 20120707 TheHacker - 20120706 TotalDefense - 20120707 TrendMicro - 20120707 TrendMicro-HouseCall - 20120706 VBA32 - 20120706 VIPRE - 20120707 ViRobot Hoax..Agent.61440 20120707 VirusBuster SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae File name: oebz.sys Detection ratio: 5 / 42 Analysis date: 2012-07-07 09:24:45 UTC ( 0 minute ago ) 0 0 More details Antivirus Result Update AhnLab-V3 - 20120705 AntiVir - 20120705 Antiy-AVL - 20120705 Avast - 20120705 AVG - 20120705 BitDefender - 20120705 ByteHero - 20120704 CAT-QuickHeal - 20120705 ClamAV - 20120705 Commtouch - 20120705 Comodo - 20120705 DrWeb - 20120706 Emsisoft - 20120705 eSafe Win32.Banker 20120705 F-Prot - 20120705 F-Secure - 20120706 Fortinet - 20120705 GData - 20120705 Ikarus - 20120705 Jiangmin Hoax.Agent.f 20120705 K7AntiVirus Trojan 20120705 Kaspersky - 20120705 McAfee - 20120706 McAfee-GW-Edition - 20120705 Microsoft - 20120705 NOD32 - 20120705 Norman - 20120705 nProtect Trojan/W32.Agent.61440.JQ 20120706 Panda - 20120705 PCTools - 20120705 Rising - 20120705 Sophos - 20120705 SUPERAntiSpyware - 20120705 Symantec - 20120706 TheHacker - 20120704 TotalDefense - 20120705 TrendMicro - 20120706 TrendMicro-HouseCall - 20120705 VBA32 - 20120705 VIPRE - 20120705 ViRobot Hoax..Agent.61440 20120705 VirusBuster - 20120705

PArdon je l'ai refait ComboFix 12-07-06.02 - Nathalie 07/07/2012 9:24.2.2 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4063.2553 [GMT 2:00] Lancé depuis: c:\users\Nathalie\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Exécution préalable ------- . c:\users\Nathalie\AppData\Roaming\Apipli\ibuzp.uzb c:\users\Nathalie\AppData\Roaming\Foysi\ybuv.omd . -- Exécution préalable -- . Une copie infectée de c:\windows\system32\Services.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . -------- . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-07 au 2012-07-07 )))))))))))))))))))))))))))))))))))) . . 2012-07-07 07:33 . 2012-07-07 07:33 -------- d-----w- c:\users\Thibaud\AppData\Local\temp 2012-07-07 07:33 . 2012-07-07 07:33 -------- d-----w- c:\users\Thibaud.Nathalie-VAIO\AppData\Local\temp 2012-07-07 07:33 . 2012-07-07 07:33 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-07 07:33 . 2012-07-07 07:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-22 16:29 . 2012-07-06 17:32 -------- d-----w- c:\users\Nathalie\AppData\Local\Windows Live 2012-06-21 06:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 06:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 06:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 06:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 06:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 06:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 06:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 06:38 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 06:38 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 05:34 . 2012-07-06 15:31 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Biqizy 2012-06-20 19:40 . 2012-07-06 15:31 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Loig 2012-06-20 19:40 . 2012-07-06 15:18 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Abgyqy 2012-06-20 19:40 . 2012-06-20 19:40 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Nalyhi 2012-06-20 17:04 . 2012-06-20 17:04 -------- d-----w- c:\users\Nathalie\AppData\Local\libimobiledevice 2012-06-20 16:24 . 2012-06-20 16:24 -------- d-----w- c:\program files\iPod 2012-06-20 16:24 . 2012-06-20 16:24 -------- d-----w- c:\program files\iTunes 2012-06-20 16:24 . 2012-06-20 16:24 -------- d-----w- c:\program files (x86)\iTunes 2012-06-13 15:35 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 10:33 . 2012-06-12 10:35 -------- d-----w- c:\users\Nathalie\AppData\Roaming\pdfforge 2012-06-12 10:33 . 2012-05-14 07:21 94208 ----a-w- c:\windows\system32\pdfcmon.dll 2012-06-12 10:33 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2012-06-12 10:33 . 2012-06-12 10:33 -------- d-----w- c:\program files (x86)\PDFCreator 2012-06-12 10:33 . 1998-07-13 00:08 59904 ----a-w- c:\windows\SysWow64\MSCC2FR.DLL 2012-06-12 10:33 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2012-06-12 10:33 . 2012-06-12 10:33 -------- d-----w- c:\programdata\Premium 2012-06-12 10:33 . 2012-06-12 10:33 -------- d-----w- c:\programdata\InstallMate 2012-06-10 16:19 . 2012-06-10 16:19 -------- d-----w- c:\users\Thibaud.Nathalie-VAIO\AppData\Roaming\Avira 2012-06-10 13:03 . 2012-06-10 13:03 -------- d-----w- C:\_OTL 2012-06-10 11:26 . 2012-06-10 11:26 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Avira 2012-06-10 11:25 . 2012-06-10 11:25 -------- d-----w- c:\programdata\Avira 2012-06-10 11:25 . 2012-06-10 11:25 -------- d-----w- c:\program files (x86)\Avira 2012-06-10 11:25 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-06-10 11:25 . 2012-02-15 13:04 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-06-10 11:25 . 2012-02-15 13:04 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-06-10 11:01 . 2012-06-10 11:01 512 ----a-w- C:\PhysicalMBR.bin 2012-06-10 10:49 . 2012-06-10 10:49 -------- d-sh--w- C:\DrWeb Quarantine 2012-06-09 17:53 . 2012-06-10 10:24 -------- d-----w- c:\users\Nathalie\Doctor Web 2012-06-09 17:48 . 2012-06-09 17:48 -------- d-----w- c:\program files\Common Files\Doctor Web 2012-06-09 17:48 . 2012-06-10 10:50 -------- d-----w- c:\program files (x86)\DrWeb 2012-06-09 17:48 . 2012-06-10 10:49 -------- d-----w- c:\programdata\Doctor Web 2012-06-09 17:10 . 2012-06-09 17:10 -------- d-----w- c:\users\Nathalie\DoctorWeb 2012-06-09 07:15 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12E90495-4183-465F-80C3-2E533C8CFA0F}\mpengine.dll 2012-06-08 16:16 . 2012-06-08 16:16 61440 ----a-w- c:\windows\SysWow64\drivers\znwquzs.sys 2012-06-08 16:12 . 2012-06-08 16:12 61440 ----a-w- c:\windows\SysWow64\drivers\lhro.sys 2012-06-08 16:07 . 2012-06-08 16:07 61440 ----a-w- c:\windows\SysWow64\drivers\rymcnvli.sys 2012-06-08 16:02 . 2012-06-08 16:02 61440 ----a-w- c:\windows\SysWow64\drivers\oebz.sys 2012-06-08 15:27 . 2012-06-08 15:27 61440 ----a-w- c:\windows\SysWow64\drivers\insaj.sys 2012-06-08 15:13 . 2012-06-08 15:13 61440 ----a-w- c:\windows\SysWow64\drivers\mobk.sys 2012-06-08 10:23 . 2012-06-08 10:23 61440 ----a-w- c:\windows\SysWow64\drivers\rnah.sys 2012-06-08 10:19 . 2012-06-08 10:19 61440 ----a-w- c:\windows\SysWow64\drivers\iecfbhpe.sys 2012-06-07 17:48 . 2012-06-07 17:48 -------- d-----w- C:\_OTM 2012-06-07 17:26 . 2012-06-07 17:26 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Malwarebytes 2012-06-07 17:26 . 2012-06-07 17:26 -------- d-----w- c:\programdata\Malwarebytes 2012-06-07 17:26 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-07 17:26 . 2012-06-07 17:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-07 15:36 . 2012-06-07 15:36 -------- d-----w- c:\program files (x86)\SEAF 2012-06-07 15:32 . 2012-07-06 15:50 -------- d-----w- C:\ZHP 2012-06-07 15:32 . 2012-06-07 15:33 -------- d-----w- c:\program files (x86)\ZHPDiag . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-22 16:31 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-05-06 12:45 . 2012-05-06 12:44 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-15 258512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-01 09:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R0 akngo;akngo;c:\windows\system32\drivers\iecfbhpe.sys [x] R0 eambjmhd;eambjmhd;c:\windows\system32\drivers\oebz.sys [x] R0 fgjt;fgjt;c:\windows\system32\drivers\rymcnvli.sys [x] R0 hhsv;hhsv;c:\windows\system32\drivers\insaj.sys [x] R0 hvdu;hvdu;c:\windows\system32\drivers\znwquzs.sys [x] R0 midfak;midfak;c:\windows\system32\drivers\lhro.sys [x] R0 slvka;slvka;c:\windows\system32\drivers\mobk.sys [x] R0 yfurogyx;yfurogyx;c:\windows\system32\drivers\rnah.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-30 35104] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120] R3 netw5v64;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 64 bits;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104] R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048] R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-17 110888] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 1223024] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-11 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-06 283200] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264] S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-15 86224] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-07-16 411496] S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-08-12 522240] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216] . . --------- X64 Entries ----------- . . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.funmoods.com/?f=1&a=fmtgl mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll FF - ProfilePath - c:\users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\4sugmv29.default\ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHELINS SUPPRIMES - - - - . AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\LocalService\Software\Microsoft\Windows NT\CurrentVersion\Windows] @DACL=(02 0000) "UserSelectedDefault"=dword:00000000 "Device"="Envoyer à OneNote 2010,winspool,nul:" . [HKEY_USERS\LocalService\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] @DACL=(02 0000) "ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin" . [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows] @DACL=(02 0000) "UserSelectedDefault"=dword:00000000 "Device"="Envoyer à OneNote 2010,winspool,nul:" . [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] @DACL=(02 0000) "ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2012-07-07 09:36:48 ComboFix-quarantined-files.txt 2012-07-07 07:36 . Avant-CF: 133 949 673 472 octets libres Après-CF: 133 273 849 856 octets libres . - - End Of File - - DB50D456DCF493D7C84487B15BFE8F53

Merci de votre réponse voici le rapport combofix ComboFix 12-07-06.02 - Nathalie 06/07/2012 22:32:53.1.2 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4063.2543 [GMT 2:00] Lancé depuis: C:\Users\Nathalie\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Nathalie\AppData\Roaming\Apipli C:\Users\Nathalie\AppData\Roaming\Apipli\ibuzp.uzb C:\Users\Nathalie\AppData\Roaming\Foysi C:\Users\Nathalie\AppData\Roaming\Foysi\ybuv.omd Une copie infectée de C:\Windows\system32\Services.exe a été trouvée et désinfectée Copie restaurée à partir de - C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-06 au 2012-07-06 )))))))))))))))))))))))))))))))))))) 2012-07-06 20:42:11 . 2012-07-06 20:42:11 -------- d-----w- C:\Users\Thibaud.Nathalie-VAIO\AppData\Local\temp 2012-07-06 20:42:10 . 2012-07-06 20:42:10 -------- d-----w- C:\Users\Thibaud\AppData\Local\temp 2012-07-06 20:42:10 . 2012-07-06 20:42:10 -------- d-----w- C:\Users\Public\AppData\Local\temp 2012-07-06 20:42:10 . 2012-07-06 20:42:10 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-06-22 16:29:37 . 2012-07-06 17:32:27 -------- d-----w- C:\Users\Nathalie\AppData\Local\Windows Live 2012-06-21 06:38:41 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll 2012-06-21 06:38:41 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe 2012-06-21 06:38:41 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll 2012-06-21 06:38:41 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll 2012-06-21 06:38:25 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll 2012-06-21 06:38:25 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll 2012-06-21 06:38:25 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll 2012-06-21 06:38:10 . 2012-06-02 13:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll 2012-06-21 06:38:10 . 2012-06-02 13:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe 2012-06-21 05:34:30 . 2012-07-06 15:31:41 -------- d-----w- C:\Users\Nathalie\AppData\Roaming\Biqizy 2012-06-20 19:40:35 . 2012-07-06 15:31:03 -------- d-----w- C:\Users\Nathalie\AppData\Roaming\Loig 2012-06-20 19:40:35 . 2012-07-06 15:18:35 -------- d-----w- C:\Users\Nathalie\AppData\Roaming\Abgyqy 2012-06-20 19:40:35 . 2012-06-20 19:40:35 -------- d-----w- C:\Users\Nathalie\AppData\Roaming\Nalyhi 2012-06-20 17:04:02 . 2012-06-20 17:04:05 -------- d-----w- C:\Users\Nathalie\AppData\Local\libimobiledevice 2012-06-20 16:24:02 . 2012-06-20 16:24:02 -------- d-----w- C:\Program Files\iPod 2012-06-20 16:24:01 . 2012-06-20 16:24:34 -------- d-----w- C:\Program Files\iTunes 2012-06-20 16:24:01 . 2012-06-20 16:24:33 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-13 15:35:51 . 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\system32\win32k.sys 2012-06-12 10:33:20 . 2012-06-12 10:35:47 -------- d-----w- C:\Users\Nathalie\AppData\Roaming\pdfforge 2012-06-12 10:33:17 . 2012-05-14 07:21:24 94208 ----a-w- C:\Windows\system32\pdfcmon.dll 2012-06-12 10:33:17 . 1998-06-23 23:00:00 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX 2012-06-12 10:33:15 . 2012-06-12 10:33:33 -------- d-----w- C:\Program Files (x86)\PDFCreator 2012-06-12 10:33:15 . 1998-07-13 00:08:36 59904 ----a-w- C:\Windows\SysWow64\MSCC2FR.DLL 2012-06-12 10:33:15 . 1998-07-05 23:00:00 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL 2012-06-12 10:33:14 . 2012-06-12 10:33:14 -------- d-----w- C:\ProgramData\Premium 2012-06-12 10:33:05 . 2012-06-12 10:33:15 -------- d-----w- C:\ProgramData\InstallMate 2012-06-10 16:19:08 . 2012-06-10 16:19:08 -------- d-----w- C:\Users\Thibaud.Nathalie-VAIO\AppData\Roaming\Avira 2012-06-10 13:03:45 . 2012-06-10 13:03:45 -------- d-----w- C:\_OTL 2012-06-10 11:26:50 . 2012-06-10 11:26:50 -------- d-----w- C:\Users\Nathalie\AppData\Roaming\Avira 2012-06-10 11:25:04 . 2012-06-10 11:25:04 -------- d-----w- C:\ProgramData\Avira 2012-06-10 11:25:04 . 2012-06-10 11:25:04 -------- d-----w- C:\Program Files (x86)\Avira 2012-06-10 11:25:04 . 2012-05-02 13:24:12 27760 ----a-w- C:\Windows\system32\drivers\avkmgr.sys 2012-06-10 11:25:04 . 2012-02-15 13:04:25 97312 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2012-06-10 11:25:04 . 2012-02-15 13:04:25 132320 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2012-06-10 11:01:21 . 2012-06-10 11:01:22 512 ----a-w- C:\PhysicalMBR.bin 2012-06-10 10:49:41 . 2012-06-10 10:49:41 -------- d-sh--w- C:\DrWeb Quarantine 2012-06-09 17:53:04 . 2012-06-10 10:24:15 -------- d-----w- C:\Users\Nathalie\Doctor Web 2012-06-09 17:48:42 . 2012-06-09 17:48:42 -------- d-----w- C:\Program Files\Common Files\Doctor Web 2012-06-09 17:48:21 . 2012-06-10 10:50:19 -------- d-----w- C:\Program Files (x86)\DrWeb 2012-06-09 17:48:21 . 2012-06-10 10:49:32 -------- d-----w- C:\ProgramData\Doctor Web 2012-06-09 17:10:05 . 2012-06-09 17:10:05 -------- d-----w- C:\Users\Nathalie\DoctorWeb 2012-06-09 07:15:11 . 2012-05-08 17:02:23 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12E90495-4183-465F-80C3-2E533C8CFA0F}\mpengine.dll 2012-06-08 16:16:27 . 2012-06-08 16:16:27 61440 ----a-w- C:\Windows\SysWow64\drivers\znwquzs.sys 2012-06-08 16:12:27 . 2012-06-08 16:12:27 61440 ----a-w- C:\Windows\SysWow64\drivers\lhro.sys 2012-06-08 16:07:33 . 2012-06-08 16:07:33 61440 ----a-w- C:\Windows\SysWow64\drivers\rymcnvli.sys 2012-06-08 16:02:08 . 2012-06-08 16:02:08 61440 ----a-w- C:\Windows\SysWow64\drivers\oebz.sys 2012-06-08 15:27:32 . 2012-06-08 15:27:32 61440 ----a-w- C:\Windows\SysWow64\drivers\insaj.sys 2012-06-08 15:13:50 . 2012-06-08 15:13:50 61440 ----a-w- C:\Windows\SysWow64\drivers\mobk.sys 2012-06-08 10:23:41 . 2012-06-08 10:23:41 61440 ----a-w- C:\Windows\SysWow64\drivers\rnah.sys 2012-06-08 10:19:20 . 2012-06-08 10:19:20 61440 ----a-w- C:\Windows\SysWow64\drivers\iecfbhpe.sys 2012-06-07 17:48:20 . 2012-06-07 17:48:20 -------- d-----w- C:\_OTM 2012-06-07 17:26:52 . 2012-06-07 17:26:52 -------- d-----w- C:\Users\Nathalie\AppData\Roaming\Malwarebytes 2012-06-07 17:26:39 . 2012-06-07 17:26:39 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-07 17:26:39 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-06-07 17:26:38 . 2012-06-07 17:26:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-07 15:36:40 . 2012-06-07 15:36:40 -------- d-----w- C:\Program Files (x86)\SEAF 2012-06-07 15:32:33 . 2012-07-06 15:50:00 -------- d-----w- C:\ZHP 2012-06-07 15:32:13 . 2012-06-07 15:33:12 -------- d-----w- C:\Program Files (x86)\ZHPDiag . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) 2012-06-22 16:31:47 . 2011-03-28 16:36:46 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-05-06 12:45:23 . 2012-05-06 12:44:29 283200 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys

Bonjour J'ai été à nouveau infecté par ce virus, est ce que je peux faire la même manip que la dernière fois ci joint mon rapport avira MErci Nath Avira Free Antivirus Date de création du fichier de rapport : vendredi 6 juillet 2012 07:35 La recherche porte sur 3837370 souches de virus. Le programme fonctionne en version intégrale illimitée. Les services en ligne sont disponibles. Détenteur de la licence : Avira AntiVir Personal - Free Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows 7 x64 Version de Windows : (Service Pack 1) [6.1.7601] Mode Boot : Démarré normalement Identifiant : Nathalie Nom de l'ordinateur : NATHALIE-VAIO Informations de version : BUILD.DAT : 12.0.0.207 Bytes 20/02/2012 15:58:00 AVSCAN.EXE : 12.1.0.20 492496 Bytes 15/02/2012 13:03:39 AVSCAN.DLL : 12.1.0.19 64976 Bytes 20/02/2012 13:10:04 LUKE.DLL : 12.1.0.19 68304 Bytes 15/02/2012 13:03:46 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 11:40:10 AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 11:40:09 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 23:23:21 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 23:32:24 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 11:39:47 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 11:39:52 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 10:21:56 VBASE006.VDF : 7.11.34.117 2048 Bytes 29/06/2012 10:21:56 VBASE007.VDF : 7.11.34.118 2048 Bytes 29/06/2012 10:21:57 VBASE008.VDF : 7.11.34.119 2048 Bytes 29/06/2012 10:21:57 VBASE009.VDF : 7.11.34.120 2048 Bytes 29/06/2012 10:21:57 VBASE010.VDF : 7.11.34.121 2048 Bytes 29/06/2012 10:21:57 VBASE011.VDF : 7.11.34.122 2048 Bytes 29/06/2012 10:21:57 VBASE012.VDF : 7.11.34.123 2048 Bytes 29/06/2012 10:21:57 VBASE013.VDF : 7.11.34.124 2048 Bytes 29/06/2012 10:21:57 VBASE014.VDF : 7.11.34.201 169472 Bytes 02/07/2012 10:21:33 VBASE015.VDF : 7.11.35.19 122368 Bytes 04/07/2012 10:21:33 VBASE016.VDF : 7.11.35.20 2048 Bytes 04/07/2012 10:21:33 VBASE017.VDF : 7.11.35.21 2048 Bytes 04/07/2012 10:21:33 VBASE018.VDF : 7.11.35.22 2048 Bytes 04/07/2012 10:21:33 VBASE019.VDF : 7.11.35.23 2048 Bytes 04/07/2012 10:21:33 VBASE020.VDF : 7.11.35.24 2048 Bytes 04/07/2012 10:21:33 VBASE021.VDF : 7.11.35.25 2048 Bytes 04/07/2012 10:21:33 VBASE022.VDF : 7.11.35.26 2048 Bytes 04/07/2012 10:21:34 VBASE023.VDF : 7.11.35.27 2048 Bytes 04/07/2012 10:21:34 VBASE024.VDF : 7.11.35.28 2048 Bytes 04/07/2012 10:21:34 VBASE025.VDF : 7.11.35.29 2048 Bytes 04/07/2012 10:21:34 VBASE026.VDF : 7.11.35.30 2048 Bytes 04/07/2012 10:21:34 VBASE027.VDF : 7.11.35.31 2048 Bytes 04/07/2012 10:21:34 VBASE028.VDF : 7.11.35.32 2048 Bytes 04/07/2012 10:21:34 VBASE029.VDF : 7.11.35.33 2048 Bytes 04/07/2012 10:21:34 VBASE030.VDF : 7.11.35.34 2048 Bytes 04/07/2012 10:21:34 VBASE031.VDF : 7.11.35.52 34304 Bytes 05/07/2012 10:21:34 Version du moteur : 8.2.10.102 AEVDF.DLL : 8.1.2.8 106867 Bytes 10/06/2012 11:40:08 AESCRIPT.DLL : 8.1.4.28 455035 Bytes 21/06/2012 16:10:21 AESCN.DLL : 8.1.8.2 131444 Bytes 10/06/2012 11:40:07 AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 15:40:30 AERDL.DLL : 8.1.9.15 639348 Bytes 20/01/2012 23:22:40 AEPACK.DLL : 8.2.16.22 807288 Bytes 21/06/2012 16:10:21 AEOFFICE.DLL : 8.1.2.40 201082 Bytes 28/06/2012 16:45:56 AEHEUR.DLL : 8.1.4.58 4993399 Bytes 28/06/2012 16:45:10 AEHELP.DLL : 8.1.23.2 258422 Bytes 28/06/2012 16:44:13 AEGEN.DLL : 8.1.5.30 422261 Bytes 14/06/2012 15:36:48 AEEXP.DLL : 8.1.0.58 82292 Bytes 28/06/2012 16:45:57 AEEMU.DLL : 8.1.3.0 393589 Bytes 20/01/2012 23:22:36 AECORE.DLL : 8.1.25.10 201080 Bytes 10/06/2012 11:40:02 AEBB.DLL : 8.1.1.0 53618 Bytes 20/01/2012 23:22:35 AVWINLL.DLL : 12.1.0.17 27344 Bytes 15/02/2012 13:03:40 AVPREF.DLL : 12.1.0.17 51920 Bytes 15/02/2012 13:03:38 AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 11:40:10 AVARKT.DLL : 12.1.0.23 209360 Bytes 15/02/2012 13:03:34 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 15/02/2012 13:03:35 SQLITE3.DLL : 3.7.0.0 398288 Bytes 15/02/2012 13:03:52 AVSMTP.DLL : 12.1.0.17 63440 Bytes 15/02/2012 13:03:39 NETNT.DLL : 12.1.0.17 17104 Bytes 15/02/2012 13:03:47 RCIMAGE.DLL : 12.1.0.13 4449488 Bytes 15/02/2012 13:04:25 RCTEXT.DLL : 12.1.0.16 99792 Bytes 15/02/2012 13:04:25 Configuration pour la recherche actuelle : Nom de la tâche...............................: Disques durs locaux Fichier de configuration......................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp Documentation.................................: par défaut Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: arrêt Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Sélection de fichiers intelligente Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: avancé Début de la recherche : vendredi 6 juillet 2012 07:35 La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! [iNFO] Veuillez relancer la recherche avec les droits d'administrateur Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD2 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! [iNFO] Veuillez relancer la recherche avec les droits d'administrateur La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'OUTLOOK.EXE' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'vekoi.exe' - '1' module(s) sont contrôlés Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '2676' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\Users\Nathalie\AppData\Local\Temp\msg3445.exe [0] Type d'archive: Portable Executable Resource --> P22687807 [1] Type d'archive: CAB (Microsoft) --> LanguageSelector64.7z [2] Type d'archive: 7-Zip --> LanguageSelector64.cab [3] Type d'archive: CAB (Microsoft) --> LanguageSelector64.msi [AVERTISSEMENT] Impossible de lire le fichier ! C:\Users\Nathalie\AppData\Roaming\Biqizy\zazu.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen5 C:\Windows\System32\services.exe [RESULTAT] Contient le modèle de détection du virus Windows W32/Patched.UA C:\_OTL\MovedFiles\06102012_150345\C_Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U\00000001.@ [RESULTAT] Contient le cheval de Troie TR/Small.FI C:\_OTL\MovedFiles\06102012_150345\C_Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U\80000000.@ [RESULTAT] Contient le cheval de Troie TR/ATRAPS.Gen C:\_OTL\MovedFiles\06102012_150345\C_Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U\800000cb.@ [RESULTAT] Contient le cheval de Troie TR/ATRAPS.Gen2 Début de la désinfection : C:\_OTL\MovedFiles\06102012_150345\C_Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U\800000cb.@ [RESULTAT] Contient le cheval de Troie TR/ATRAPS.Gen2 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '55a7a446.qua' ! C:\_OTL\MovedFiles\06102012_150345\C_Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U\80000000.@ [RESULTAT] Contient le cheval de Troie TR/ATRAPS.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4d308be1.qua' ! C:\_OTL\MovedFiles\06102012_150345\C_Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U\00000001.@ [RESULTAT] Contient le cheval de Troie TR/Small.FI [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '1f6fd109.qua' ! C:\Windows\System32\services.exe [RESULTAT] Contient le modèle de détection du virus Windows W32/Patched.UA [REMARQUE] Une copie de sécurité a été créée sous le nom 79169e6c.qua ( QUARANTAINE ) C:\Users\Nathalie\AppData\Roaming\Biqizy\zazu.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen5 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '3c8ab3c6.qua' ! Fin de la recherche : vendredi 6 juillet 2012 17:31 Temps nécessaire: 9:56:09 Heure(s) La recherche a été effectuée intégralement 42180 Les répertoires ont été contrôlés 1068744 Des fichiers ont été contrôlés 5 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 5 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 0 Impossible de scanner des fichiers 1068739 Fichiers non infectés 10795 Les archives ont été contrôlées 1 Avertissements 5 Consignes

Oui apparemment je ne suis pas la seule à avoir le souci je n'ai plus le message toutes les 2 minutes donc j'espère que c'est bon Je referai une analyse anti virus plus tard MErci encore Nath

Ca a l'air d'aller Merci pour tout le temps que vous avez passé à me dépatouiller Nath

All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. C:\Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U\00000001.@ moved successfully. C:\Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U\80000000.@ moved successfully. C:\Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U\800000cb.@ moved successfully. C:\Users\Nathalie\AppData\Local\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\@ moved successfully. C:\Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\@ moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Configuration IP de Windows Cache de r‚solution DNS vid‚. C:\Users\Nathalie\Desktop\cmd.bat deleted successfully. C:\Users\Nathalie\Desktop\cmd.txt deleted successfully. C:\Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U folder moved successfully. C:\Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137} scheduled to be moved on reboot. C:\Users\Nathalie\AppData\Local\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U folder moved successfully. C:\Users\Nathalie\AppData\Local\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\L folder moved successfully. C:\Users\Nathalie\AppData\Local\{df85ce06-d140-1bc6-5fb3-3829fd5db137} folder moved successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully! OTL by OldTimer - Version 3.2.48.0 log created on 06102012_150345 Files\Folders moved on Reboot... C:\Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137}\U folder moved successfully. C:\Windows\Installer\{df85ce06-d140-1bc6-5fb3-3829fd5db137} folder moved successfully. Registry entries deleted on Reboot...

Voici les 2 liens Lien CJoint.com 0Fkns6EvjeQ "]Mon lien[/url] Mon lien le deuxième Mon lien

docteur web m'interdis de télécharger OTL et je n'arrive pas à désactiver l'antivirus PAr contre il me trouve le fameux virus il l'appelle "backdoor siggen 46134

J'ai trouvé celui là ============================================================================= Dr.Web Scanner SE for Windows v7.0.1.04100 © Doctor Web, Ltd., 1992-2012 Scan session started 2012:06:09 19:53:04 Module location : C:\Program Files (x86)\DrWeb\ ============================================================================= Using language : French (Fran�ais) Available instances: 6 Instances used: 5 Platform: Windows 7 Premium x64/WOW (Build 7601), Service Pack 1 API Version: 2.2 Scanning Engine version: 7.0.1.5020 Virus Finding Engine version: 7.0.2.4281 Total 49 virus bases are loaded from C:\ProgramData\Doctor Web\Bases drwtoday.vdb 7.0 d085b4c22c60d80b4bdd293f3edcc3f4 2012/06/09 18:20:19 4907 records - OK dwf70000.vdb 7.0 b9d94c688c2f992a5fb753a95493b786 2011/07/25 16:20:03 1 record - OK drwdaily.vdb 7.0 72629db380666f3496ca0c727c0deb4f 2012/06/08 21:02:01 15198 records - OK drw70033.vdb 7.0 c612d8a0424c03f90ec558c059300a37 2012/06/04 05:04:41 12423 records - OK drw70032.vdb 7.0 3536d9ae353011c5a2ae9c49b8df482f 2012/05/28 05:04:26 15493 records - OK drw70031.vdb 7.0 92392c2b8b88d6fb1da9eafa4dd71e08 2012/05/21 05:03:29 13065 records - OK drw70030.vdb 7.0 aacf0516bb16a10879bbe0bfc4103df0 2012/05/14 05:04:24 16238 records - OK drw70029.vdb 7.0 44d29e2ccb066f15bdd74b68e6f678f2 2012/05/07 05:04:33 11570 records - OK drw70028.vdb 7.0 223fca8835e0f743a8253c2f3926635e 2012/04/30 05:03:28 15478 records - OK drw70027.vdb 7.0 79aeb3a6e5a8ef62bfdd2a5f18c1216b 2012/04/23 05:05:05 11881 records - OK drw70026.vdb 7.0 d736d5af62365a48d6df0c576e142049 2012/04/16 05:03:29 13578 records - OK drw70025.vdb 7.0 514bf65528a21da1ff63b6cbcfed392a 2012/04/09 05:05:02 14292 records - OK drw70024.vdb 7.0 aa333f70731106e42fe621620f11be77 2012/04/02 05:03:24 14084 records - OK drw70023.vdb 7.0 6116ca417266c84af723605412cf866b 2012/03/26 05:04:43 19126 records - OK drw70022.vdb 7.0 9c72fdd2be21a72a62518eec40681cee 2012/03/19 04:03:23 14920 records - OK drw70021.vdb 7.0 eb4aaab85447f2426ff171d55c8e7e61 2012/03/12 04:03:25 19017 records - OK drw70020.vdb 7.0 2495da734e05b8097320a4473b1eea28 2012/03/05 04:04:32 19691 records - OK drw70019.vdb 7.0 71e19e94d1c1bf5d585c2135763c1c7b 2012/02/27 04:03:21 23605 records - OK drw70018.vdb 7.0 1e1d4493cad242dc7c69e29c5957e2c7 2012/02/20 04:03:45 19067 records - OK drw70017.vdb 7.0 9a3c6dad8079517daa9984b7244bcc31 2012/02/13 04:04:49 19019 records - OK drw70016.vdb 7.0 daacbf3c71802809a1d03cf2eaa130e7 2012/02/06 04:05:25 28028 records - OK drw70015.vdb 7.0 1a070b574148c5d2f33d1ac7521f4585 2012/01/30 04:08:41 29444 records - OK drw70014.vdb 7.0 2be52ecb2647685f3199958e23467673 2012/01/23 09:22:13 19353 records - OK drw70013.vdb 7.0 ad3910b450b231bb0c6d1beca85e9009 2012/01/16 04:12:31 20747 records - OK drw70012.vdb 7.0 13a2b180c0cac36b6a538ca07da6584e 2012/01/09 04:04:30 28052 records - OK drw70011.vdb 7.0 b30385e4765848e07e201792adbbcaa0 2012/01/02 04:04:40 12183 records - OK drw70010.vdb 7.0 dd53038bb0520641a64574ab56267cf4 2011/12/26 04:03:33 19984 records - OK drw70009.vdb 7.0 35ffbffd359457dc1ff11eb006ae2d70 2011/12/19 04:08:45 22627 records - OK drw70008.vdb 7.0 043b3fcfbd0cf7d6d1d9743b6c74d835 2011/12/12 21:20:22 49580 records - OK drw70007.vdb 7.0 ab632362ebcf39cb6f1826f38b255c12 2011/12/04 09:00:00 45195 records - OK drw70006.vdb 7.0 e630d8d6907e8bad57c451d3232d6ea0 2011/12/04 08:00:00 175536 records - OK drw70005.vdb 7.0 f6d020c7e08df3aeb99631829756d4c5 2011/12/04 07:00:00 170820 records - OK drw70004.vdb 7.0 2e12236d21f7f66132625f83921f3235 2011/12/04 06:00:00 171279 records - OK drw70003.vdb 7.0 eaee6c83ba62620a5118df44b3e0a3a6 2011/12/04 05:00:00 170253 records - OK drw70002.vdb 7.0 e31126ff36b01981b64f81570db34a8c 2011/12/04 04:00:00 170291 records - OK drw70001.vdb 7.0 16cd2b4085458728c92bef8a07fd3608 2011/12/04 03:00:00 170501 records - OK drw70000.vdb 7.0 cb9f40076e3b8bae0eb7c5345bfbd738 2011/12/04 02:00:00 353582 records - OK drwebase.vdb 7.0 1f24c5ce5f84c30ee604199036388dac 2011/12/04 01:00:00 852776 records - OK dwrtoday.vdb 7.0 22feb6354310b644b9c274b86afd154e 2012/06/09 18:20:41 1146 records - OK dwr70001.vdb 7.0 7a40beb8607237a6d144a6674d07a481 2012/03/26 05:12:30 1385 records - OK dwr70000.vdb 7.0 245417419cfbec24aa48eb6b0589b384 2012/01/23 05:56:09 1653 records - OK dwntoday.vdb 7.0 57ea4df2aa560f371a7922600e1829f4 2012/06/09 18:00:41 1588 records - OK dwn70003.vdb 7.0 0db4ebf90d0ba1577684c368703ae359 2012/04/30 05:22:34 1670 records - OK dwn70002.vdb 7.0 3cc40ae70ae9666330f29e20a3e03bed 2012/03/12 04:22:28 1729 records - OK dwn70001.vdb 7.0 d41a5aa17a9868ee4197a1528f6a9e73 2012/01/30 04:23:00 1523 records - OK dwn70000.vdb 7.0 669119c2434b21040b1737e32d4ea783 2011/12/19 04:22:29 1805 records - OK drwrisky.vdb 7.0 a7130cdf4fa35f1b4157dafaeee2e35f 2011/12/04 00:00:00 26456 records - OK drwnasty.vdb 7.0 a571e30153b575cc4da79dae6be21932 2011/12/03 23:00:00 74279 records - OK dwp70000.vdb 7.0 9d46fd43346b5342c57fa7ae72e9c334 2011/12/03 22:00:00 1 record - OK Total records count: 2916119 Anti-rootkit module version (API 4.02 / 4.02) Using C:\Program Files (x86)\DrWeb\20120609195107.key as Dr.Web ® Key file This Dr.Web ® Key is for 1 computer (Doctor Web trial user: nath) ----------------------------------------------------------------------------- Start scanning ----------------------------------------------------------------------------- Command line used:/lite /noreboot Limit the use of the processor to 50% Object(s) to scan: - Scan processes in memory - Scan startup directory - Scanning for rootkits Error during scan rootkits (0) Total 2097152 bytes in 1 file scanned Total 1 file are clean There are no infected objects detected Scan time is 00:00:29.390 ============================================================================= Dr.Web Scanner SE for Windows v7.0.1.04100 © Doctor Web, Ltd., 1992-2012 Scan session started 2012:06:09 19:56:59 Module location : C:\Program Files (x86)\DrWeb\ ============================================================================= Using language : French (Fran�ais) Available instances: 6 Instances used: 5 Platform: Windows 7 Premium x64/WOW (Build 7601), Service Pack 1 API Version: 2.2 Scanning Engine version: 7.0.1.5020 Virus Finding Engine version: 7.0.2.4281 Total 49 virus bases are loaded from C:\ProgramData\Doctor Web\Bases drwtoday.vdb 7.0 d085b4c22c60d80b4bdd293f3edcc3f4 2012/06/09 18:20:19 4907 records - OK dwf70000.vdb 7.0 b9d94c688c2f992a5fb753a95493b786 2011/07/25 16:20:03 1 record - OK drwdaily.vdb 7.0 72629db380666f3496ca0c727c0deb4f 2012/06/08 21:02:01 15198 records - OK drw70033.vdb 7.0 c612d8a0424c03f90ec558c059300a37 2012/06/04 05:04:41 12423 records - OK drw70032.vdb 7.0 3536d9ae353011c5a2ae9c49b8df482f 2012/05/28 05:04:26 15493 records - OK drw70031.vdb 7.0 92392c2b8b88d6fb1da9eafa4dd71e08 2012/05/21 05:03:29 13065 records - OK drw70030.vdb 7.0 aacf0516bb16a10879bbe0bfc4103df0 2012/05/14 05:04:24 16238 records - OK drw70029.vdb 7.0 44d29e2ccb066f15bdd74b68e6f678f2 2012/05/07 05:04:33 11570 records - OK drw70028.vdb 7.0 223fca8835e0f743a8253c2f3926635e 2012/04/30 05:03:28 15478 records - OK drw70027.vdb 7.0 79aeb3a6e5a8ef62bfdd2a5f18c1216b 2012/04/23 05:05:05 11881 records - OK drw70026.vdb 7.0 d736d5af62365a48d6df0c576e142049 2012/04/16 05:03:29 13578 records - OK drw70025.vdb 7.0 514bf65528a21da1ff63b6cbcfed392a 2012/04/09 05:05:02 14292 records - OK drw70024.vdb 7.0 aa333f70731106e42fe621620f11be77 2012/04/02 05:03:24 14084 records - OK drw70023.vdb 7.0 6116ca417266c84af723605412cf866b 2012/03/26 05:04:43 19126 records - OK drw70022.vdb 7.0 9c72fdd2be21a72a62518eec40681cee 2012/03/19 04:03:23 14920 records - OK drw70021.vdb 7.0 eb4aaab85447f2426ff171d55c8e7e61 2012/03/12 04:03:25 19017 records - OK drw70020.vdb 7.0 2495da734e05b8097320a4473b1eea28 2012/03/05 04:04:32 19691 records - OK drw70019.vdb 7.0 71e19e94d1c1bf5d585c2135763c1c7b 2012/02/27 04:03:21 23605 records - OK drw70018.vdb 7.0 1e1d4493cad242dc7c69e29c5957e2c7 2012/02/20 04:03:45 19067 records - OK drw70017.vdb 7.0 9a3c6dad8079517daa9984b7244bcc31 2012/02/13 04:04:49 19019 records - OK drw70016.vdb 7.0 daacbf3c71802809a1d03cf2eaa130e7 2012/02/06 04:05:25 28028 records - OK drw70015.vdb 7.0 1a070b574148c5d2f33d1ac7521f4585 2012/01/30 04:08:41 29444 records - OK drw70014.vdb 7.0 2be52ecb2647685f3199958e23467673 2012/01/23 09:22:13 19353 records - OK drw70013.vdb 7.0 ad3910b450b231bb0c6d1beca85e9009 2012/01/16 04:12:31 20747 records - OK drw70012.vdb 7.0 13a2b180c0cac36b6a538ca07da6584e 2012/01/09 04:04:30 28052 records - OK drw70011.vdb 7.0 b30385e4765848e07e201792adbbcaa0 2012/01/02 04:04:40 12183 records - OK drw70010.vdb 7.0 dd53038bb0520641a64574ab56267cf4 2011/12/26 04:03:33 19984 records - OK drw70009.vdb 7.0 35ffbffd359457dc1ff11eb006ae2d70 2011/12/19 04:08:45 22627 records - OK drw70008.vdb 7.0 043b3fcfbd0cf7d6d1d9743b6c74d835 2011/12/12 21:20:22 49580 records - OK drw70007.vdb 7.0 ab632362ebcf39cb6f1826f38b255c12 2011/12/04 09:00:00 45195 records - OK drw70006.vdb 7.0 e630d8d6907e8bad57c451d3232d6ea0 2011/12/04 08:00:00 175536 records - OK drw70005.vdb 7.0 f6d020c7e08df3aeb99631829756d4c5 2011/12/04 07:00:00 170820 records - OK drw70004.vdb 7.0 2e12236d21f7f66132625f83921f3235 2011/12/04 06:00:00 171279 records - OK drw70003.vdb 7.0 eaee6c83ba62620a5118df44b3e0a3a6 2011/12/04 05:00:00 170253 records - OK drw70002.vdb 7.0 e31126ff36b01981b64f81570db34a8c 2011/12/04 04:00:00 170291 records - OK drw70001.vdb 7.0 16cd2b4085458728c92bef8a07fd3608 2011/12/04 03:00:00 170501 records - OK drw70000.vdb 7.0 cb9f40076e3b8bae0eb7c5345bfbd738 2011/12/04 02:00:00 353582 records - OK drwebase.vdb 7.0 1f24c5ce5f84c30ee604199036388dac 2011/12/04 01:00:00 852776 records - OK dwrtoday.vdb 7.0 22feb6354310b644b9c274b86afd154e 2012/06/09 18:20:41 1146 records - OK dwr70001.vdb 7.0 7a40beb8607237a6d144a6674d07a481 2012/03/26 05:12:30 1385 records - OK dwr70000.vdb 7.0 245417419cfbec24aa48eb6b0589b384 2012/01/23 05:56:09 1653 records - OK dwntoday.vdb 7.0 57ea4df2aa560f371a7922600e1829f4 2012/06/09 18:00:41 1588 records - OK dwn70003.vdb 7.0 0db4ebf90d0ba1577684c368703ae359 2012/04/30 05:22:34 1670 records - OK dwn70002.vdb 7.0 3cc40ae70ae9666330f29e20a3e03bed 2012/03/12 04:22:28 1729 records - OK dwn70001.vdb 7.0 d41a5aa17a9868ee4197a1528f6a9e73 2012/01/30 04:23:00 1523 records - OK dwn70000.vdb 7.0 669119c2434b21040b1737e32d4ea783 2011/12/19 04:22:29 1805 records - OK drwrisky.vdb 7.0 a7130cdf4fa35f1b4157dafaeee2e35f 2011/12/04 00:00:00 26456 records - OK drwnasty.vdb 7.0 a571e30153b575cc4da79dae6be21932 2011/12/03 23:00:00 74279 records - OK dwp70000.vdb 7.0 9d46fd43346b5342c57fa7ae72e9c334 2011/12/03 22:00:00 1 record - OK Total records count: 2916119 Anti-rootkit module version (API 4.02 / 4.02) Using C:\Program Files (x86)\DrWeb\20120609195107.key as Dr.Web ® Key file This Dr.Web ® Key is for 1 computer (Doctor Web trial user: nath) ----------------------------------------------------------------------------- Start scanning ----------------------------------------------------------------------------- Limit the use of the processor to 50% Object(s) to scan: - Scan processes in memory - Scan boot sectors - Scanning for rootkits - C:\ - D:\ - E:\ Process :0 - read error Process System:4 - read error Process audiodg.exe:856 - read error Error during scan boot sector 0x81 Error during scan boot sector 0x82 C:\hiberfil.sys - read error C:\pagefile.sys - read error C:\Documents and Settings - directory C:\Program Files (x86)\BrowserCompanion\uninstall.exe - infected with Trojan.AVKill.12311 C:\Program Files (x86)\BrowserCompanion\uninstall.exe - infected C:\Program Files\Fichiers communs - directory C:\Program Files\Windows NT\Accessoires - directory C:\ProgramData\Application Data - directory C:\ProgramData\Bureau - directory C:\ProgramData\Desktop - directory C:\ProgramData\Documents - directory C:\ProgramData\Favoris - directory C:\ProgramData\Favorites - directory C:\ProgramData\Menu Démarrer - directory C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - read error C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - read error C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - read error C:\ProgramData\Microsoft\Windows\Start Menu\Programmes - directory C:\ProgramData\Modèles - directory C:\ProgramData\Start Menu - directory C:\ProgramData\Templates - directory C:\System Volume Information\{11bd1325-b202-11e1-9344-0024be42b7c5}{3808876b-c176-4e48-b7ae-04046e6cc752} - read error C:\System Volume Information\{11bd1381-b202-11e1-9344-0024be42b7c5}{3808876b-c176-4e48-b7ae-04046e6cc752} - read error C:\System Volume Information\{11bd1382-b202-11e1-9344-0024be42b7c5}{3808876b-c176-4e48-b7ae-04046e6cc752} - read error C:\System Volume Information\{11bd1383-b202-11e1-9344-0024be42b7c5}{3808876b-c176-4e48-b7ae-04046e6cc752} - read error C:\System Volume Information\{11bd1387-b202-11e1-9344-0024be42b7c5}{3808876b-c176-4e48-b7ae-04046e6cc752} - read error C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - read error C:\System Volume Information\{b8303fcb-b25a-11e1-ab7f-0024be42b7c5}{3808876b-c176-4e48-b7ae-04046e6cc752} - read error C:\System Volume Information\WindowsImageBackup - directory C:\Users\All Users\Application Data - directory C:\Users\All Users\Bureau - directory C:\Users\All Users\Desktop - directory C:\Users\All Users\Documents - directory C:\Users\All Users\Favoris - directory C:\Users\All Users\Favorites - directory C:\Users\All Users\Menu Démarrer - directory C:\Users\All Users\Modèles - directory C:\Users\All Users\Start Menu - directory C:\Users\All Users\Templates - directory C:\Users\Default User - directory C:\Users\Default\AppData\Local\Application Data - directory C:\Users\Default\AppData\Local\Historique - directory C:\Users\Default\AppData\Local\History - directory C:\Users\Default\AppData\Local\Temporary Internet Files - directory C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes - directory C:\Users\Default\Application Data - directory C:\Users\Default\Documents\Ma musique - directory C:\Users\Default\Documents\Mes images - directory C:\Users\Default\Documents\Mes vidéos - directory C:\Users\Default\Documents\My Music - directory C:\Users\Default\Documents\My Pictures - directory C:\Users\Default\Documents\My Videos - directory C:\Users\Default\Local Settings - directory C:\Users\Default\Menu Démarrer - directory C:\Users\Default\Mes documents - directory C:\Users\Default\Modèles - directory C:\Users\Default\My Documents - directory C:\Users\Default\NetHood - directory C:\Users\Default\PrintHood - directory C:\Users\Default\Recent - directory C:\Users\Default\SendTo - directory C:\Users\Default\Start Menu - directory C:\Users\Default\Templates - directory C:\Users\Default\Voisinage d'impression - directory C:\Users\Default\Voisinage réseau - directory C:\Users\Nathalie\NTUSER.DAT - read error C:\Users\Nathalie\ntuser.dat.LOG2 - read error C:\Users\Nathalie\ntuser.dat.LOG1 - read error C:\Users\Nathalie\AppData\Local\Application Data - directory C:\Users\Nathalie\AppData\Local\Historique - directory C:\Users\Nathalie\AppData\Local\Microsoft\Windows\UsrClass.dat - read error C:\Users\Nathalie\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - read error C:\Users\Nathalie\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - read error C:\Users\Nathalie\AppData\Local\Mozilla\Firefox\Profiles\4sugmv29.default\Cache\_CACHE_001_ - mail, read error C:\Users\Nathalie\AppData\Local\Temporary Internet Files - directory C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes - directory C:\Users\Nathalie\Application Data - directory C:\Users\Nathalie\Cookies - directory C:\Users\Nathalie\Desktop\OTM.exe - infected with Trojan.Siggen3.56428 C:\Users\Nathalie\Desktop\OTM.exe - infected C:\Users\Nathalie\Documents\Papier.doc - password protected C:\Users\Nathalie\Documents\Documents\Doc1.doc - password protected C:\Users\Nathalie\Documents\Ma musique - directory C:\Users\Nathalie\Documents\Mes images - directory C:\Users\Nathalie\Documents\Mes vidéos - directory C:\Users\Nathalie\Documents\Fichiers Outlook\[email protected] - mail, password protected C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r00 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r01 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r02 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r03 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r04 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r05 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r06 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r07 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r08 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r09 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r10 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r11 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.r12 - archive, incomplete C:\Users\Nathalie\Favorites\Fat Princess Fistful Of Cake [MULTI8][PSP][EUR]\0-fpfoc.rar - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r00 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r01 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r02 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r03 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r04 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r05 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r06 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r07 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r08 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r09 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r10 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r11 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r12 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r13 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r14 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r15 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r16 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r17 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r18 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r19 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r20 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r21 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r22 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r23 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r24 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r25 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r26 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r27 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r28 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r29 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r30 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r31 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r32 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r33 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r34 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r35 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r36 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r37 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r38 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r39 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r40 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r41 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r42 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r43 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r44 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r45 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r46 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r47 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r48 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r49 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r50 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r51 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r52 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r53 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r54 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r55 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r56 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r57 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r58 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r59 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r60 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r61 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r62 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r63 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r64 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.r65 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc1\cvn-ff0d1.rar - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r00 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r01 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r02 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r03 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r04 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r05 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r06 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r07 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r08 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r09 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r10 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r11 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r12 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r13 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r14 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r15 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r16 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r17 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r18 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r19 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r20 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r21 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r22 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r23 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r24 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r25 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r26 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r27 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r28 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r29 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r30 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r32 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r31 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r33 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r34 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r35 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r37 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r36 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r39 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r38 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r40 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r41 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r43 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r42 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r44 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r46 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r45 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r47 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r48 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r49 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r50 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r51 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.r52 - archive, incomplete C:\Users\Nathalie\Favorites\Final_Fantasy_Reishiki_JPN_PSP-Caravan\Disc2\cvn-ff0d2.rar - archive, incomplete C:\Users\Nathalie\Local Settings - directory C:\Users\Nathalie\Mes documents - directory C:\Users\Nathalie\Menu Démarrer - directory C:\Users\Nathalie\Modèles - directory C:\Users\Nathalie\Recent - directory C:\Users\Nathalie\SendTo - directory C:\Users\Nathalie\Voisinage d'impression - directory C:\Users\Nathalie\Voisinage réseau - directory C:\Users\Public\Documents\Ma musique - directory C:\Users\Public\Documents\Mes images - directory C:\Users\Public\Documents\Mes vidéos - directory C:\Users\Public\Documents\My Music - directory C:\Users\Public\Documents\My Pictures - directory C:\Users\Public\Documents\My Videos - directory C:\Users\Thibaud.Nathalie-VAIO\AppData\Local\Application Data - directory C:\Users\Thibaud.Nathalie-VAIO\AppData\Local\Historique - directory C:\Users\Thibaud.Nathalie-VAIO\AppData\Local\Temporary Internet Files - directory C:\Users\Thibaud.Nathalie-VAIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes - directory C:\Users\Thibaud.Nathalie-VAIO\Application Data - directory C:\Users\Thibaud.Nathalie-VAIO\Cookies - directory C:\Users\Thibaud.Nathalie-VAIO\Documents\Ma musique - directory C:\Users\Thibaud.Nathalie-VAIO\Documents\Mes images - directory C:\Users\Thibaud.Nathalie-VAIO\Documents\Mes vidéos - directory C:\Users\Thibaud.Nathalie-VAIO\Local Settings - directory C:\Users\Thibaud.Nathalie-VAIO\Menu Démarrer - directory C:\Users\Thibaud.Nathalie-VAIO\Mes documents - directory C:\Users\Thibaud.Nathalie-VAIO\Modèles - directory C:\Users\Thibaud.Nathalie-VAIO\Recent - directory C:\Users\Thibaud.Nathalie-VAIO\SendTo - directory C:\Users\Thibaud.Nathalie-VAIO\Voisinage d'impression - directory C:\Users\Thibaud.Nathalie-VAIO\Voisinage réseau - directory C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - read error C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - read error C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - read error C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - read error C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - read error C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\74a06878c4b174b507b65f5c690d49c63fdea227.HomeGroupClassifier\ca935d55800781eb2a0d0be1b258d694\grouping\db.mdb - read error C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\74a06878c4b174b507b65f5c690d49c63fdea227.HomeGroupClassifier\ca935d55800781eb2a0d0be1b258d694\grouping\edb.log - read error C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\74a06878c4b174b507b65f5c690d49c63fdea227.HomeGroupClassifier\ca935d55800781eb2a0d0be1b258d694\grouping\tmp.edb - read error C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - read error C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - read error C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - read error C:\Windows\System32\LogFiles\WMI\RtBackup - directory C:\Windows\System32\catroot2\edb.log - read error C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - read error C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - read error C:\Windows\System32\config\DEFAULT - read error C:\Windows\System32\config\DEFAULT.LOG1 - read error C:\Windows\System32\config\DEFAULT.LOG2 - read error C:\Windows\System32\config\SAM - read error C:\Windows\System32\config\SAM.LOG1 - read error C:\Windows\System32\config\SAM.LOG2 - read error C:\Windows\System32\config\SECURITY - read error C:\Windows\System32\config\SECURITY.LOG1 - read error C:\Windows\System32\config\SECURITY.LOG2 - read error C:\Windows\System32\config\SOFTWARE - read error C:\Windows\System32\config\SOFTWARE.LOG1 - read error C:\Windows\System32\config\SOFTWARE.LOG2 - read error C:\Windows\System32\config\SYSTEM - read error C:\Windows\System32\config\SYSTEM.LOG1 - read error C:\Windows\System32\config\SYSTEM.LOG2 - read error C:\Windows\System32\config\RegBack\DEFAULT - read error C:\Windows\System32\config\RegBack\SAM - read error C:\Windows\System32\config\RegBack\SECURITY - read error C:\Windows\System32\config\RegBack\SOFTWARE - read error C:\Windows\System32\config\RegBack\SYSTEM - read error D: - read error E: - read error Total 169803734656 bytes in 169117 files scanned (1009444 objects) Total 168830 files (1009140 objects) are clean Total 2 files are infected Total 196 files (198 objects) are raised error condition Scan time is 04:19:03.564 ----------------------------------------------------------------------------- Start curing ----------------------------------------------------------------------------- C:\Program Files (x86)\BrowserCompanion\uninstall.exe - incurable, quarantined C:\Users\Nathalie\Desktop\OTM.exe - incurable, quarantined Total 169803734656 bytes in 169117 files scanned (1009444 objects) Total 168830 files (1009140 objects) are clean Total 2 files are infected Total 2 files are neutralized Total 196 files (198 objects) are raised error condition Scan time is 04:19:03.564

Bonjour Il a trouvé Trojan AVKill Trojan Siggen 3 Un deux est dans le logiciel OTM.exe du bureau mais il n'a pas trouvé tr appsgen