Tous les programmes de scan sont bloqués!!!!

petkova84 -  
 Utilisateur anonyme -
Bonjour,
depuis hier soir mon pc a un problème,je lance ccleaner et antivir pour effacer et voir ce que le scan donne,cependant il s'arrête au bout de qqe minutes.le pc plante et impossible d'ouvrir quoique ce soit. Je tire le câble car aucun autre moyen de l'éteindre. En le rallumant je lance a-squared qui au bout de 15 min s'arrête également,re-plantage et re-tirage du câble. Après quelques scans essayés et aucun résultat je ne sais pas ce qui se passe mais c'est très énérvant car j'éteins le pc chaque 5 min.
Si qqn sait d'où vien ce pb et peut m'aider,je le remercie d'avance :s
A voir également:

61 réponses

Précédent
Réponse 21 / 61
petkova84
 
Qd j'essaie de télécharger list&kill le win defender me signale la présence d'un Troyan et je ne peux pas ouvrir le dossier téléchargé,il est dans mes téléchargements avec un triangle jaune avec point d'exclamation ....
0
Réponse 22 / 61
petkova84
 
t'es sur que ça craint pas?
0
Réponse 23 / 61
Utilisateur anonyme
 
il est ecrit de desactiver l antivirus exprès
0
Réponse 24 / 61
petkova84
 
List'em by g3n-h@ckm@n 1.2.5.1

User : Plam (Administrateurs)
Update on 15/02/2010 by g3n-h@ckm@n ::::: 20.00
Start at: 14:53:16 | 16/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 221,01 Go (113,28 Go free) | NTFS
D:\ -> Disque fixe local | 11,87 Go (2,1 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM | 288,47 Mo (0 Mo free) [My Disc] | CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 7,44 Go (4,91 Go free) [PLAM] | FAT32
H:\ -> Disque CD-ROM | 0,86 Mo (0 Mo free) [HP Launcher] | CDFS
I:\ -> Disque fixe local | 465,11 Go (430,15 Go free) [HP SimpleSave] | NTFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Program Files\BboxUpdate\eSRunService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Plam\AppData\Local\Temp\91D5.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
hpWirelessAssistant REG_SZ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
WAWifiMessage REG_SZ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
WinampAgent REG_SZ "C:\Program Files\Winamp\winampa.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
CANAL+ CANALSAT A LA DEMANDE REG_SZ "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
SynTPStart REG_SZ C:\Program Files\Synaptics\SynTP\SynTPStart.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD -2147483609 (0x80000027)

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5C051655-FCD5-4969-9182-770EA5AA5565}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{8AA6CB35-67D7-45A2-B1F4-C87EC19E4522}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\Plam\AppData\Local\Temp\91D5.tmp
## C:\> hashdeep C:\Windows\System32\Drivers\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\Drivers\atapi.sys


Sources
=======

C:\WINDOWS\System32\drivers\atapi.sys
C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C


H:\Autorun.inf :
----------------
[autorun]
open=HPLauncher.exe

I:\Autorun.inf :
----------------
[autorun]
ICON=HPSimpleSaveLOGO.ico

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C:

Taille du volume = 221 Go
Espace libre = 113 Go
tendue d'espace libre la plus grande = 71.98 Go
Pourcentage de fragmentation des fichiers = 0 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\DAEMON Tools Toolbar
Present !! : C:\Users\Plam\LOCAL Settings\Temp\hpsimplesave_1.0.2.0_1.0.2.15_all.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 15:05:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:50,f7,e5,fd,82,6b,bf,f8,cd,4e,19,32,96,34,cc,59,bb,27,38,3c,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,15,01,ae,76,a3,73,a5,d8,d5,2c,9c,22,b3,7b,b2,c9,eb,..
"khjeh"=hex:1e,b9,d0,81,b3,cd,f1,c4,c8,3e,9c,9d,21,da,6e,03,7f,87,74,71,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5b,93,6a,a0,ec,8a,d4,85,19,71,f4,56,2e,1d,18,17,43,38,5b,13,a1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:50,f7,e5,fd,82,6b,bf,f8,cd,4e,19,32,96,34,cc,59,bb,27,38,3c,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,15,01,ae,76,a3,73,a5,d8,d5,2c,9c,22,b3,7b,b2,c9,eb,..
"khjeh"=hex:1e,b9,d0,81,b3,cd,f1,c4,c8,3e,9c,9d,21,da,6e,03,7f,87,74,71,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5b,93,6a,a0,ec,8a,d4,85,19,71,f4,56,2e,1d,18,17,43,38,5b,13,a1,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spqu.sys >>UNKNOWN [0x849D0938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x84a191f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

==========
Programs
==========

a-squared Free
Activation Assistant for the 2007 Microsoft Office suites
Activision
Adobe
AIM6
AOL
Avira
BboxUpdate
BitComet
BitSpirit
Canal+
CapAlpha
CCleaner
Common Files
Conjugaison
CyberLink
DAEMON Tools Lite
DAEMON Tools Toolbar
desktop.ini
Dictionnaire
Diettes et tics
DivX
eGrabber
Electronic Arts
eMule
Fichiers communs
Gaberoff Koral
GlobalSpellChecker
Google
Hewlett-Packard
Hp
HP Games
HPQ
InstallShield Installation Information
Intel
Internet Explorer
Java
Lingea
List_Kill'em
Litec
Malwarebytes' Anti-Malware
Microsoft
Microsoft Games
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
Motorola
Movie Maker
Mozilla Firefox
MSBuild
MSXML 4.0
muvee Technologies
Nero
NOS
OpenOffice.org 2.4
Opera
Oxford
QS
QuickTime
Realtek
Reference Assemblies
SA Dictionary T4
Services en ligne
Skype
Synaptics
Techcity
TEXTware
Uninstall Information
VideoLAN
VS Revo Group
Webteh
Winamp
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows Sidebar
WinRAR
WinTV
Yahoo!
Zylom Games

============
Drive C:
============

$RECYCLE.BIN
Ad-Remover
Ad-Report-CLEAN[1].log
autoexec.bat
boot
bootmgr
config.sys
CVS
Documents and Settings
Downloads
hiberfil.sys
HP
IO.SYS
IPH.PH
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
orange.bmp
OrbPVR.db
pagefile.sys
PerfLogs
Program Files
ProgramData
sqmdata00.sqm
sqmnoopt00.sqm
SWSETUP
System Volume Information
System.sav
Users
WINDOWS

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Program Files\Microsoft Works\Install.exe
C:\SWSETUP\MSWorks\FR\Install.exe
C:\SWSETUP\MSWorks\FR\PFiles\MSWorks\Install.exe




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 15:22:43,35
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 61
Utilisateur anonyme
 
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 6 = Restore MBR

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

ensuite :

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse
0
Réponse 26 / 61
petkova84
 
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
cest tt ce qui sort en fin des deux manipulations.
0
Réponse 27 / 61
Utilisateur anonyme
 
non a la fin de l'option 2 il sort autre chose ^^
0
Réponse 28 / 61
petkova84
 
Kill'em by g3n-h@ckm@n 1.2.5.1

User : Plam (Administrateurs)
Update on 15/02/2010 by g3n-h@ckm@n ::::: 20.00
Start at: 17:53:53 | 16/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 221,01 Go (112,04 Go free) | NTFS
D:\ -> Disque fixe local | 11,87 Go (2,1 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM | 288,47 Mo (0 Mo free) [My Disc] | CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 7,44 Go (4,91 Go free) [PLAM] | FAT32
H:\ -> Disque CD-ROM | 0,86 Mo (0 Mo free) [HP Launcher] | CDFS
I:\ -> Disque fixe local | 465,11 Go (430,15 Go free) [HP SimpleSave] | NTFS


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Program Files\BboxUpdate\eSRunService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Plam\AppData\Local\Temp\3CD.tmp\ERUNT.EXE
C:\Users\Plam\AppData\Local\Temp\3CD.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :



==============
host file OK !
==============

========
Registry
========

Deleted : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 29 / 61
Utilisateur anonyme
 
ok refais ceci avec OTL stp :

https://forums.commentcamarche.net/forum/affich-16508788-tous-les-programmes-de-scan-sont-bloques?entiere#9
0
Réponse 30 / 61
petkova84
 
je poste les réponses sur cijoint.fr et copie le lien comme la 1ere fois ?
0
Réponse 31 / 61
Utilisateur anonyme
 
oui stp
0
Réponse 32 / 61
petkova84
 
http://www.cijoint.fr/cjlink.php?file=cj201002/cijMDC2YeN.txt
par contre,le fichier extras n'est pas apparu cette fois-ci..
0
Réponse 33 / 61
Utilisateur anonyme
 
▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3851509538-270724872-3517449330-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} https://www.oracle.com/java/technologies/ (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:files
C:\Program Files\DAEMON Tools Toolbar

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.

ensuite :

▶ Telecharge UsbFix

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
0
Réponse 34 / 61
petkova84
 
voici le 1er rapport
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3851509538-270724872-3517449330-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\CONFLICT.1\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
File\Folder C:\Program Files\DAEMON Tools Toolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: 1
->Temp folder emptied: 86079 bytes
->Temporary Internet Files folder emptied: 8132522 bytes
->Java cache emptied: 25493466 bytes
->FireFox cache emptied: 2925758 bytes
->Opera cache emptied: 586186 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LASD_PERMISSIONS

User: Plam
->Temp folder emptied: 17987433 bytes
->Temporary Internet Files folder emptied: 31137977 bytes
->Java cache emptied: 75280632 bytes
->FireFox cache emptied: 71846710 bytes
->Google Chrome cache emptied: 6334576 bytes
->Opera cache emptied: 18218054 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6307674 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 252,00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02172010_143609

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




et voici le 2eme


############################## | UsbFix V6.095 |

User : Plam (Administrateurs) # PC-DE-PLAM
Update on 15/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 14:55:18 | 17/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 221,01 Go (111,77 Go free) # NTFS
D:\ -> Disque fixe local # 11,87 Go (2,1 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM # 288,47 Mo (0 Mo free) [My Disc] # CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 7,44 Go (4,91 Go free) [PLAM] # FAT32
H:\ -> Disque CD-ROM # 0,86 Mo (0 Mo free) [HP Launcher] # CDFS
I:\ -> Disque fixe local # 465,11 Go (430,15 Go free) [HP SimpleSave] # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Program Files\BboxUpdate\eSRunService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Elements infectieux |

H:\autorun.inf
I:\autorun.inf

################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{00b2a06b-18b1-11df-857e-001e6800caff}
shell\AutoRun\command =H:\HPLauncher.exe

HKCU\..\..\Explorer\MountPoints2\{320fc171-a3cf-11de-ad64-001e6800caff}
shell\Auto\command =AdobeR.exe e
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{b39be4ba-73a9-11dd-832f-001e6800caff}
shell\AutoRun\command =F:\SETUP.EXE
shell\configure\command =F:\SETUP.EXE
shell\install\command =F:\SETUP.EXE

HKCU\..\..\Explorer\MountPoints2\{c21534a8-3f91-11dd-a95d-001e6800caff}
shell\Auto\command =F:\AdobeR.exe e
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\AdobeR.exe e

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.095 ! |
0
Réponse 35 / 61
Utilisateur anonyme
 
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir


▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .

▶ choisi l option 2 ( Suppression )

▶ Ton bureau disparaitra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

######### | Désinstallation | #########


▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .

▶ Choisi l option Désinstaller ....
0
Réponse 36 / 61
petkova84
 
############################## | UsbFix V6.095 |

User : Plam (Administrateurs) # PC-DE-PLAM
Update on 15/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:25:45 | 17/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 221,01 Go (113,41 Go free) # NTFS
D:\ -> Disque fixe local # 11,87 Go (2,1 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM # 288,47 Mo (0 Mo free) [My Disc] # CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 7,44 Go (4,91 Go free) [PLAM] # FAT32
H:\ -> Disque CD-ROM # 0,86 Mo (0 Mo free) [HP Launcher] # CDFS
I:\ -> Disque fixe local # 465,11 Go (430,15 Go free) [HP SimpleSave] # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Program Files\BboxUpdate\eSRunService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\PresentationSettings.exe

################## | Elements infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-20
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1623765812-1753939175-1515361805-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3851509538-270724872-3517449330-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3851509538-270724872-3517449330-1001
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3851509538-270724872-3517449330-500
Supprimé ! D:\$Recycle.Bin\S-1-5-21-3851509538-270724872-3517449330-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-3851509538-270724872-3517449330-1001
Supprimé ! D:\$Recycle.Bin\S-1-5-21-3851509538-270724872-3517449330-500
Supprimé ! D:\$Recycle.Bin\S-1-5-21-3851509538-270724872-3517449330-501
(!) Non supprimé ! H:\autorun.inf
Supprimé ! I:\autorun.inf
Supprimé ! I:\$Recycle.Bin\S-1-5-21-3851509538-270724872-3517449330-1000

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{00b2a06b-18b1-11df-857e-001e6800caff}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{320fc171-a3cf-11de-ad64-001e6800caff}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b39be4ba-73a9-11dd-832f-001e6800caff}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c21534a8-3f91-11dd-a95d-001e6800caff}\Shell\Auto\Command

################## | Listing des fichiers présent |

[14/02/2010 23:02|--a------|3891] C:\Ad-Report-CLEAN[1].log
[16/02/2010 18:09|--a------|4] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[18/09/2006 22:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[20/04/2009 20:23|-rahs----|0] C:\IO.SYS
[27/11/2007 00:24|--ah-----|360] C:\IPH.PH
[16/02/2010 18:09|--a------|4524] C:\Kill'em.txt
[16/02/2010 15:22|--a------|23039] C:\List'em.txt
[20/04/2009 20:23|-rahs----|0] C:\MSDOS.SYS
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[08/06/2008 23:48|--a------|0] C:\OrbPVR.db
[?|?|?] C:\pagefile.sys
[17/02/2010 16:28|--a------|5057] C:\UsbFix.txt
[11/09/2005 16:18|---hs----|340] D:\AUTOMODE
[17/05/2008 20:40|---hs----|13] D:\BLOCK.RIN
[04/10/2006 00:02|---hs----|438328] D:\bootmgr
[06/09/2008 12:19|---hs----|891] D:\Desktop.ini
[10/09/2002 17:14|---hs----|8134] D:\Folder.htt
[05/04/2008 22:15|---hs----|22] D:\HPCD.sys
[17/05/2008 20:53|--ahs----|926] D:\MASTER.LOG
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese hong kong
[16/09/2002 15:37|---hs----|181916] D:\protect.chinese simplified
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese traditional
[27/04/2006 17:19|---hs----|181865] D:\protect.czech
[03/11/2005 16:21|---hs----|181726] D:\protect.danish
[10/09/2002 14:56|---hs----|181605] D:\protect.dutch
[10/09/2002 14:50|---hs----|181651] D:\protect.ed
[22/11/2004 16:28|---hs----|181648] D:\protect.english
[03/11/2005 16:20|---hs----|181673] D:\protect.finnish
[03/11/2005 16:19|---hs----|181736] D:\protect.french
[03/11/2005 16:18|---hs----|181669] D:\protect.german
[23/11/2005 16:56|---hs----|182689] D:\protect.greek
[23/01/2006 10:18|---hs----|182605] D:\protect.hebrew
[28/08/2007 15:58|---hs----|181696] D:\protect.hungarian
[03/11/2005 16:17|---hs----|181554] D:\protect.italian
[10/04/2006 10:46|---hs----|182566] D:\protect.japanese
[24/11/2005 12:24|---hs----|218295] D:\protect.korean
[03/11/2005 16:15|---hs----|181578] D:\protect.norwegian
[25/04/2006 15:44|---hs----|181789] D:\protect.polish
[03/11/2005 16:13|---hs----|181624] D:\protect.portuguese
[27/10/2005 20:24|---hs----|181882] D:\protect.portuguese brazilian
[28/06/2004 09:52|---hs----|211936] D:\protect.russian
[03/11/2005 16:11|---hs----|181586] D:\protect.spanish
[10/09/2002 15:15|---hs----|181602] D:\protect.swedish
[12/08/2003 11:37|---hs----|181783] D:\protect.turkish
[05/04/2008 20:39|---hs----|26] D:\RCBoot.sys
[01/04/2008 20:35|---hs----|14] D:\USER
[22/04/2008 09:45|-r-------|1527046] E:\P4150039.JPG
[22/04/2008 09:45|-r-------|1512380] E:\P4150040.JPG
[22/04/2008 09:45|-r-------|1626148] E:\P4150041.JPG
[22/04/2008 07:26|-r-------|1592992] E:\P4150042.JPG
[22/04/2008 07:27|-r-------|1600020] E:\P4150043.JPG
[22/04/2008 07:27|-r-------|1651814] E:\P4150044.JPG
[22/04/2008 07:28|-r-------|1755598] E:\P4150045.JPG
[22/04/2008 07:27|-r-------|1681713] E:\P4150046.JPG
[22/04/2008 07:27|-r-------|1697733] E:\P4150047.JPG
[22/04/2008 07:27|-r-------|1657013] E:\P4150048.JPG
[22/04/2008 07:27|-r-------|1634729] E:\P4150049.JPG
[22/04/2008 07:22|-r-------|1567260] E:\P4150050.JPG
[22/04/2008 07:27|-r-------|1684915] E:\P4150051.JPG
[22/04/2008 07:27|-r-------|1617884] E:\P4150052.JPG
[22/04/2008 07:25|-r-------|1544065] E:\P4150053.JPG
[22/04/2008 07:25|-r-------|1628639] E:\P4150054.JPG
[22/04/2008 07:25|-r-------|1673502] E:\P4150055.JPG
[22/04/2008 07:22|-r-------|1544703] E:\P4150056.JPG
[22/04/2008 07:27|-r-------|1551361] E:\P4150057.JPG
[22/04/2008 07:23|-r-------|1613960] E:\P4150058.JPG
[22/04/2008 07:22|-r-------|1403398] E:\P4150059.JPG
[22/04/2008 07:25|-r-------|1444174] E:\P4150060.JPG
[22/04/2008 07:58|-r-------|15418032] E:\P4150061.AVI
[22/04/2008 07:25|-r-------|1740452] E:\P4150062.JPG
[22/04/2008 07:24|-r-------|1671663] E:\P4150063.JPG
[22/04/2008 07:26|-r-------|1596861] E:\P4150064.JPG
[22/04/2008 07:25|-r-------|1555635] E:\P4150065.JPG
[22/04/2008 07:27|-r-------|1659211] E:\P4150066.JPG
[22/04/2008 07:27|-r-------|1743599] E:\P4150067.JPG
[22/04/2008 07:23|-r-------|1506807] E:\P4150068.JPG
[22/04/2008 07:26|-r-------|1556417] E:\P4150069.JPG
[22/04/2008 06:28|-r-------|1534266] E:\P4150070.JPG
[22/04/2008 07:26|-r-------|1690254] E:\P4150071.JPG
[22/04/2008 07:26|-r-------|1753987] E:\P4150072.JPG
[22/04/2008 07:26|-r-------|1711286] E:\P4150073.JPG
[22/04/2008 07:26|-r-------|1564182] E:\P4150074.JPG
[22/04/2008 07:26|-r-------|1504065] E:\P4150075.JPG
[22/04/2008 07:26|-r-------|1658114] E:\P4150076.JPG
[22/04/2008 07:26|-r-------|1507030] E:\P4150077.JPG
[22/04/2008 07:27|-r-------|1817254] E:\P4150078.JPG
[22/04/2008 07:26|-r-------|1654932] E:\P4150080.JPG
[22/04/2008 07:25|-r-------|1445592] E:\P4150081.JPG
[22/04/2008 06:49|-r-------|1637515] E:\P4150082.JPG
[22/04/2008 06:49|-r-------|1627204] E:\P4150083.JPG
[22/04/2008 06:49|-r-------|1563667] E:\P4150084.JPG
[22/04/2008 06:49|-r-------|1550897] E:\P4150085.JPG
[22/04/2008 06:49|-r-------|1598956] E:\P4150086.JPG
[22/04/2008 06:48|-r-------|1603142] E:\P4150087.JPG
[22/04/2008 06:30|-r-------|1563657] E:\P4150088.JPG
[22/04/2008 06:49|-r-------|1640575] E:\P4150089.JPG
[22/04/2008 06:48|-r-------|1674900] E:\P4150090.JPG
[22/04/2008 06:50|-r-------|1806981] E:\P4150091.JPG
[22/04/2008 06:49|-r-------|1714032] E:\P4150092.JPG
[22/04/2008 06:49|-r-------|1702919] E:\P4150093.JPG
[22/04/2008 06:29|-r-------|1507273] E:\P4150096.JPG
[22/04/2008 06:29|-r-------|1585850] E:\P4150097.JPG
[22/04/2008 06:29|-r-------|1568046] E:\P4150098.JPG
[22/04/2008 06:30|-r-------|1855636] E:\P4150099.JPG
[22/04/2008 06:31|-r-------|1692188] E:\P4150100.JPG
[22/04/2008 06:29|-r-------|1814367] E:\P4150101.JPG
[22/04/2008 06:29|-r-------|1497016] E:\P4150102.JPG
[22/04/2008 06:30|-r-------|1609338] E:\P4150103.JPG
[22/04/2008 06:29|-r-------|1496500] E:\P4150104.JPG
[22/04/2008 06:31|-r-------|1567685] E:\P4150105.JPG
[22/04/2008 06:30|-r-------|1567522] E:\P4150106.JPG
[22/04/2008 06:26|-r-------|1281899] E:\P4150107.JPG
[22/04/2008 06:25|-r-------|1451125] E:\P4150108.JPG
[22/04/2008 06:26|-r-------|1469168] E:\P4150109.JPG
[22/04/2008 06:26|-r-------|1485652] E:\P4150110.JPG
[22/04/2008 06:30|-r-------|1557216] E:\P4150111.JPG
[22/04/2008 06:29|-r-------|1587072] E:\P4150112.JPG
[22/04/2008 06:29|-r-------|1561115] E:\P4150114.JPG
[22/04/2008 06:29|-r-------|1799659] E:\P4150115.JPG
[22/04/2008 06:30|-r-------|1794840] E:\P4150116.JPG
[22/04/2008 06:27|-r-------|1634418] E:\P4160117.JPG
[22/04/2008 06:26|-r-------|1556565] E:\P4160118.JPG
[22/04/2008 06:28|-r-------|1763466] E:\P4160119.JPG
[22/04/2008 06:30|-r-------|1926175] E:\P4160120.JPG
[22/04/2008 06:27|-r-------|1639435] E:\P4160121.JPG
[22/04/2008 06:26|-r-------|1577528] E:\P4160122.JPG
[22/04/2008 06:29|-r-------|1657433] E:\P4160123.JPG
[22/04/2008 06:48|-r-------|1489462] E:\P4160124.JPG
[22/04/2008 07:25|-r-------|1592026] E:\P4160125.JPG
[22/04/2008 07:23|-r-------|1350497] E:\P4160126.JPG
[22/04/2008 05:41|-r-------|1372138] E:\P4160127.JPG
[22/04/2008 07:27|-r-------|1864007] E:\P4160128.JPG
[22/04/2008 07:26|-r-------|1516672] E:\P4160129.JPG
[22/04/2008 06:49|-r-------|1706947] E:\P4160130.JPG
[22/04/2008 09:45|-r-------|1503034] E:\P4160131.JPG
[22/04/2008 07:27|-r-------|1640007] E:\P4160132.JPG
[22/04/2008 07:26|-r-------|1422479] E:\P4160133.JPG
[22/04/2008 07:10|-r-------|1765449] E:\P4160134.JPG
[22/04/2008 07:12|-r-------|1701501] E:\P4160135.JPG
[22/04/2008 06:53|-r-------|1173281] E:\P4160136.JPG
[22/04/2008 07:27|-r-------|1445400] E:\P4160137.JPG
[22/04/2008 05:45|-r-------|1449178] E:\P4160138.JPG
[22/04/2008 05:45|-r-------|1600934] E:\P4160139.JPG
[22/04/2008 05:44|-r-------|1383189] E:\P4160140.JPG
[22/04/2008 05:45|-r-------|1422258] E:\P4160141.JPG
[22/04/2008 05:45|-r-------|1657966] E:\P4160142.JPG
[22/04/2008 05:44|-r-------|1484404] E:\P4160143.JPG
[22/04/2008 05:45|-r-------|1522039] E:\P4160144.JPG
[22/04/2008 05:45|-r-------|1531500] E:\P4170145.JPG
[22/04/2008 05:45|-r-------|1699888] E:\P4170146.JPG
[22/04/2008 07:26|-r-------|1576919] E:\P4170147.JPG
[22/04/2008 07:27|-r-------|1738035] E:\P4170148.JPG
[22/04/2008 05:40|-r-------|1628741] E:\P4170149.JPG
[22/04/2008 05:39|-r-------|1573354] E:\P4170150.JPG
[22/04/2008 05:40|-r-------|1665085] E:\P4170151.JPG
[22/04/2008 05:30|-r-------|1597455] E:\P4170152.JPG
[22/04/2008 05:40|-r-------|1618464] E:\P4170153.JPG
[22/04/2008 05:25|-r-------|1684108] E:\P4170154.JPG
[22/04/2008 05:25|-r-------|1788821] E:\P4170155.JPG
[22/04/2008 05:25|-r-------|1534499] E:\P4170156.JPG
[22/04/2008 05:25|-r-------|1758725] E:\P4170157.JPG
[22/04/2008 05:25|-r-------|1653947] E:\P4170158.JPG
[22/04/2008 05:26|-r-------|1714571] E:\P4170159.JPG
[22/04/2008 05:25|-r-------|1690445] E:\P4170160.JPG
[22/04/2008 05:25|-r-------|1539117] E:\P4170161.JPG
[22/04/2008 05:25|-r-------|1723341] E:\P4170164.JPG
[22/04/2008 05:30|-r-------|1830923] E:\P4170165.JPG
[22/04/2008 05:31|-r-------|1690626] E:\P4170166.JPG
[22/04/2008 05:37|-r-------|1692154] E:\P4170167.JPG
[22/04/2008 05:30|-r-------|1661994] E:\P4170168.JPG
[22/04/2008 05:37|-r-------|1599384] E:\P4170169.JPG
[22/04/2008 05:25|-r-------|1698658] E:\P4170170.JPG
[22/04/2008 05:31|-r-------|1734265] E:\P4170171.JPG
[22/04/2008 05:39|-r-------|1587428] E:\P4170172.JPG
[22/04/2008 05:36|-r-------|1471203] E:\P4170173.JPG
[22/04/2008 05:39|-r-------|1473168] E:\P4170174.JPG
[22/04/2008 05:41|-r-------|1660897] E:\P4180175.JPG
[22/04/2008 05:40|-r-------|1652303] E:\P4180176.JPG
[22/04/2008 05:41|-r-------|1744876] E:\P4180177.JPG
[22/04/2008 05:40|-r-------|1591373] E:\P4180178.JPG
[22/04/2008 05:41|-r-------|1563387] E:\P4180179.JPG
[22/04/2008 05:41|-r-------|1681670] E:\P4180180.JPG
[22/04/2008 07:27|-r-------|1680130] E:\P4180181.JPG
[22/04/2008 07:27|-r-------|1726467] E:\P4180182.JPG
[22/04/2008 07:27|-r-------|1647644] E:\P4180183.JPG
[22/04/2008 05:26|-r-------|1809203] E:\P4180184.JPG
[22/04/2008 09:20|-r-------|58644640] E:\P4190186.AVI
[22/04/2008 07:26|-r-------|1487318] E:\P4190187.JPG
[22/04/2008 05:35|-r-------|1479360] E:\P4190188.JPG
[19/08/2009 20:44|-r-h-----|71168] E:\Thumbs.db
[19/06/2008 10:58|-r-h-----|563712] E:\Thumbs1.db
[07/10/2009 09:41|--a------|44032] G:\CM ECONOMIE INDUSTRIELLE.doc
[07/10/2009 09:45|--a------|2823680] G:\CM ANALYSE FINANCIERE Chapitre1.ppt
[07/10/2009 09:47|--a------|763904] G:\CM ANALYSE FINANCIERE Chapitre2.ppt
[14/10/2009 14:13|--a------|868] G:\CM MANAGEMENT DES ORGANISATIONS.lnk
[17/11/2009 15:33|--ah-----|4096] G:\._.Trashes
[12/12/2009 19:23|--a------|1493228] G:\100_1551.jpg
[31/10/2009 12:46|--a------|116736] G:\Droit social1.doc
[03/11/2009 01:18|--a------|101888] G:\cm ali droit social.doc
[03/11/2009 11:49|--a------|126464] G:\droit social 21.10.2009.doc
[04/11/2009 19:33|--a------|21520] G:\droit social 28.10.2009.docx
[12/12/2009 19:23|--a------|1397988] G:\100_1552.jpg
[04/11/2009 17:03|--a------|88652] G:\CanutChapitre_2.pdf
[25/09/2009 13:13|--a------|185172] G:\CM1 STATISTIQUES.pdf
[25/10/2009 14:05|--a------|247675] G:\CM2 STATISTIQUES.pdf
[12/12/2009 19:23|--a------|1320419] G:\100_1553.jpg
[12/12/2009 19:23|--a------|1360266] G:\100_1554.jpg
[12/12/2009 19:23|--a------|1321026] G:\100_1555.jpg
[12/12/2009 19:23|--a------|1825896] G:\100_1556.jpg
[06/11/2009 20:05|--a------|52224] G:\PETKOVA PLAMENA.doc
[07/11/2009 00:17|--a------|171520] G:\DROIT SOCIAL.doc
[12/12/2009 19:23|--a------|1901091] G:\100_1557.jpg
[12/12/2009 19:23|--a------|2039618] G:\100_1558.jpg
[12/12/2009 19:23|--a------|1993343] G:\100_1559.jpg
[04/11/2009 17:07|--a------|622816] G:\CM ANALYSE FINANCIERE 2008-2009.pdf
[30/08/2009 17:27|--a------|153399] G:\examW23AEGMsept2009.rtf
[17/11/2009 15:33|--ah-----|4096] G:\._examW23AEGMsept2009.rtf
[17/11/2009 09:33|--a------|25152] G:\TXT.rtf
[12/12/2009 19:18|--a------|1928218] G:\100_1459.jpg
[12/12/2009 19:18|--a------|2008931] G:\100_1458.jpg
[12/12/2009 19:23|--a------|1533547] G:\100_1563.jpg
[12/12/2009 19:23|--a------|1516746] G:\100_1564.jpg
[12/12/2009 19:23|--a------|2178223] G:\100_1565.jpg
[12/12/2009 19:23|--a------|1685164] G:\100_1566.jpg
[12/12/2009 19:18|--a------|1362480] G:\100_1491.jpg
[12/12/2009 19:18|--a------|1457281] G:\100_1492.jpg
[12/12/2009 19:18|--a------|1140109] G:\100_1493.jpg
[12/12/2009 19:18|--a------|1139220] G:\100_1495.jpg
[12/12/2009 19:18|--a------|1166277] G:\100_1496.jpg
[12/12/2009 19:18|--a------|1841249] G:\100_1497.jpg
[12/12/2009 19:18|--a------|1565254] G:\100_1498.jpg
[14/12/2009 12:30|--a------|2029731] G:\100_1499.jpg
[14/12/2009 12:30|--a------|1892404] G:\100_1500.jpg
[12/12/2009 19:18|--a------|1551307] G:\100_1501.jpg
[14/12/2009 12:30|--a------|1329401] G:\100_1502.jpg
[12/12/2009 19:19|-ra------|1533857] G:\100_1503.jpg
[12/12/2009 19:19|--a------|1813124] G:\100_1504.jpg
[12/12/2009 19:19|--a------|1695611] G:\100_1505.jpg
[12/12/2009 19:19|--a------|1399690] G:\100_1506.jpg
[12/12/2009 19:19|--a------|1583275] G:\100_1507.jpg
[12/12/2009 19:19|--a------|1352251] G:\100_1508.jpg
[14/12/2009 12:31|--a------|1718035] G:\100_1509.jpg
[14/12/2009 12:31|--a------|1681338] G:\100_1510.jpg
[12/12/2009 19:19|--a------|1838733] G:\100_1511.jpg
[12/12/2009 19:19|--a------|1739665] G:\100_1512.jpg
[12/12/2009 19:19|--a------|2189581] G:\100_1513.jpg
[13/12/2009 13:21|--a------|1936397] G:\100_1514.jpg
[12/12/2009 19:19|--a------|2042204] G:\100_1515.jpg
[12/12/2009 19:19|--a------|2678090] G:\100_1516.jpg
[12/12/2009 19:19|--a------|1189936] G:\100_1517.jpg
[12/12/2009 19:19|--a------|1244389] G:\100_1519.jpg
[13/12/2009 13:21|--a------|1978032] G:\100_1521.jpg
[12/12/2009 19:23|--a------|483008] G:\100_1560.jpg
[12/12/2009 19:23|--a------|1693574] G:\100_1542.jpg
[12/12/2009 19:23|--a------|2729994] G:\100_1562.jpg
[25/01/2010 11:06|--a------|65266] G:\M1_IOD_planning_2e_sem_09_10.pdf
[25/01/2010 11:06|--a------|82] G:\._M1_IOD_planning_2e_sem_09_10.pdf
[15/02/2010 12:59|--a------|21508] G:\.DS_Store
[02/02/2010 14:03|--a------|2334667] G:\CV Plamena business plan.odt
[18/05/2009 18:46|-r-------|565248] H:\HPLauncher.exe
[12/06/2009 22:56|-r-h-----|30] H:\autorun.inf
[13/02/2010 17:55|--ahs----|0] I:\ArcBackupedFlag
[14/09/2009 10:23|--a------|1052672] I:\HPSimpleSave.exe
[14/05/2009 00:21|--a------|410598] I:\HPSimpleSaveLOGO.ico

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# I:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-de-Plam.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.095 ! |
0
Réponse 37 / 61
Utilisateur anonyme
 
si ce n'est fait :

relance List_Kill'em , option desinstaller
relance USBFix , option desinstaller
desinstalle AD-Remover

ensuite :


Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
Réponse 38 / 61
petkova84
 
j'arrive pas à désinstaller Ad-remover,il y a plusieurs dossiers et rien pour désinstaller...
0
Réponse 39 / 61
Utilisateur anonyme
 
pas grave on s'en chargera a la fin
0
Réponse 40 / 61
petkova84
 
j'écris du 2eme pc de la maison.le scan avec malwarebytes s'est arrêté tt comme avant de poster mon 1er message sur le forum. Là,il est a C:/Program Files/Microsoft Office/Office12/GrooveTextTools.dll
0

Discussions similaires

télécharger router scan v2.6 ou v3.6
naf_2019 -
brucine -

2 réponses
comment lire des bd gratuitement en ligne sur internet ?
theodu13480 -
Ereka -

2 réponses
Problème lecture Scan manga
léa -
nagisa_hl -

14 réponses
les images du site scan-manga ne s'affichent plus
mini_naru -
pistouri -

2 réponses
Lire des bd en ligne
miss-titi -
Ananas1 -

3 réponses