Résultats Hijackthis
Résolu
nguigno
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Je ne sais pas comment analyser le log de Hijackthis, qui a trouvé apparemment des erreurs sur mon système...
Quelqu'un pourrait m'aider à savoir comment faire ?
D'avance merci
Je ne sais pas comment analyser le log de Hijackthis, qui a trouvé apparemment des erreurs sur mon système...
Quelqu'un pourrait m'aider à savoir comment faire ?
D'avance merci
A voir également:
- Résultats Hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Resultats foot - Télécharger - Vie quotidienne
- Lexer resultats - Télécharger - Sport
- Résultats loto 5/90 d'aujourd'hui - Forum Excel
- Les résultats concernant les personnes sont limités - Accueil - Confidentialité
27 réponses
desinstalle spybot
=============================
lis ceci :
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/Intro.txt
===========================
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans les 6 onglets de la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
=============================
lis ceci :
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/Intro.txt
===========================
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans les 6 onglets de la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:06, on 07/02/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\Philips\SPC230NC\Monitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DesktopEarth\DesktopEarth.exe
C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: Copyright (c) 1993-1999 Microsoft Corp.
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: TrayMin230.lnk = ?
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_5_1_0_4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Scan saved at 12:17:06, on 07/02/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\Philips\SPC230NC\Monitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DesktopEarth\DesktopEarth.exe
C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: Copyright (c) 1993-1999 Microsoft Corp.
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: TrayMin230.lnk = ?
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_5_1_0_4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Désolé, je viens de m'apercevoir que je n'avais pas supprimé Spybot...
Voici les bons liens :
http://www.cijoint.fr/cjlink.php?file=cj201102/cijtdrURXL.txt
et
http://www.cijoint.fr/cjlink.php?file=cj201102/cijuENY8of.txt
Voici les bons liens :
http://www.cijoint.fr/cjlink.php?file=cj201102/cijtdrURXL.txt
et
http://www.cijoint.fr/cjlink.php?file=cj201102/cijuENY8of.txt
Voici le 1er lien :
http://www.cijoint.fr/cjlink.php?file=cj201102/cijFvVuVj3.txt
et le 2ème :
http://www.cijoint.fr/cjlink.php?file=cj201102/cijTymSsmz.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijFvVuVj3.txt
et le 2ème :
http://www.cijoint.fr/cjlink.php?file=cj201102/cijTymSsmz.txt
▶ Télécharge ici : USBFIX sur ton bureau
branche tous tes periphériques sans les ouvrir
/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :
▶ choisi l option Suppression
▶ UsbFix scannera ton pc , laisse travailler l outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
branche tous tes periphériques sans les ouvrir
/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :
▶ choisi l option Suppression
▶ UsbFix scannera ton pc , laisse travailler l outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Voici le rapport USBFix :
############################## | UsbFix 7.038 | [Suppression]
Utilisateur: Niko (Administrateur) # NIKO-PC [Alienware Aurora]
Mis à jour le 14/01/2011 par El Desaparecido / C_XX
Lancé à 20:16:05 | 07/02/2011
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org
CPU: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
CPU 2: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Désactivé /!\
RAM -> 3063 Mo
C:\ (%systemdrive%) -> Disque fixe # 302 Go (199 Go libre(s) - 66%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Disque fixe # 155 Go (107 Go libre(s) - 69%) [Sauvegarde] # NTFS
G:\ -> Disque fixe # 466 Go (89 Go libre(s) - 19%) [NIKO] # FAT32
################## | Éléments infectieux |
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3696411593-134277201-504979194-1001
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3696411593-134277201-504979194-500
Supprimé! C:\Recycler\S-1-5-18
Supprimé! F:\$RECYCLE.BIN\S-1-5-21-3696411593-134277201-504979194-1001
Supprimé! C:\autorun.inf
Non supprimé ! E:\autorun.inf
Non supprimé ! E:\Updates
################## | Registre |
Supprimé! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
################## | Mountpoints2 |
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{8c817374-2a32-11e0-b985-a4badb01a518}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{efe366f2-249a-11e0-8bc9-806e6f6e6963}
################## | Listing |
[07/02/2011 - 20:21:43 | SHD ] C:\$Recycle.Bin
[28/01/2010 - 09:15:48 | N | 1362] C:\AF_BENCHMARKS.XML
[13/07/2010 - 17:19:02 | D ] C:\Application
[03/06/2009 - 15:47:16 | N | 4009] C:\AppPin.ini
[28/01/2010 - 16:59:21 | D ] C:\backup
[07/02/2011 - 18:29:38 | D ] C:\Config.Msi
[20/01/2011 - 15:36:17 | D ] C:\dell
[28/01/2010 - 16:56:02 | N | 22] C:\dell.sdr
[10/11/2006 - 08:25:46 | N | 319456] C:\difxapi.dll
[28/01/2011 - 18:17:32 | D ] C:\Disque dur externe
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[11/04/2008 - 10:07:18 | N | 3820] C:\eula.1028.txt
[11/04/2008 - 10:07:18 | N | 15428] C:\eula.1031.txt
[11/04/2008 - 10:07:18 | N | 10058] C:\eula.1033.txt
[11/04/2008 - 10:07:18 | N | 12246] C:\eula.1036.txt
[11/04/2008 - 10:07:18 | N | 13912] C:\eula.1040.txt
[11/04/2008 - 10:07:18 | N | 5868] C:\eula.1041.txt
[11/04/2008 - 10:07:18 | N | 5970] C:\eula.1042.txt
[11/04/2008 - 10:07:18 | N | 10134] C:\eula.1049.txt
[11/04/2008 - 10:07:18 | N | 3814] C:\eula.2052.txt
[11/04/2008 - 10:07:18 | N | 12936] C:\eula.3082.txt
[20/01/2011 - 02:17:49 | N | 14618] C:\Extras.Txt
[11/04/2008 - 10:07:18 | N | 1110] C:\globdata.ini
[07/02/2011 - 18:29:38 | ASH | 2408828928] C:\hiberfil.sys
[28/01/2010 - 16:55:52 | D ] C:\hotfix
[04/06/2009 - 09:03:54 | N | 26007] C:\IIF2.ini
[11/04/2008 - 10:32:30 | N | 855552] C:\install.exe
[11/04/2008 - 10:07:18 | N | 843] C:\install.ini
[11/04/2008 - 10:32:30 | N | 75280] C:\install.res.1028.dll
[11/04/2008 - 10:32:30 | N | 95248] C:\install.res.1031.dll
[11/04/2008 - 10:32:30 | N | 90128] C:\install.res.1033.dll
[11/04/2008 - 10:32:30 | N | 96272] C:\install.res.1036.dll
[11/04/2008 - 10:32:30 | N | 94224] C:\install.res.1040.dll
[11/04/2008 - 10:32:30 | N | 80400] C:\install.res.1041.dll
[11/04/2008 - 10:32:30 | N | 78864] C:\install.res.1042.dll
[11/04/2008 - 10:32:30 | N | 92176] C:\install.res.1049.dll
[11/04/2008 - 10:32:30 | N | 74768] C:\install.res.2052.dll
[11/04/2008 - 10:32:30 | N | 95248] C:\install.res.3082.dll
[28/01/2010 - 08:37:16 | D ] C:\Intel
[13/07/2010 - 17:19:03 | D ] C:\Lang
[20/01/2011 - 13:48:07 | D ] C:\MFG
[28/01/2010 - 16:59:21 | N | 4322] C:\mfg.sdr
[01/12/2006 - 23:37:14 | N | 904704] C:\msdia80.dll
[27/01/2011 - 12:28:05 | RHD ] C:\MSOCache
[07/02/2011 - 12:17:25 | D ] C:\NIKO
[20/01/2011 - 18:04:57 | D ] C:\NVIDIA
[20/01/2011 - 02:17:46 | N | 45598] C:\OTL.Txt
[07/02/2011 - 18:29:41 | ASH | 3211776000] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[28/01/2011 - 20:36:48 | D ] C:\Program Files
[07/02/2011 - 18:28:03 | D ] C:\Program Files (x86)
[07/02/2011 - 18:29:38 | HD ] C:\ProgramData
[20/04/2010 - 12:30:02 | N | 39715] C:\readme.txt
[20/04/2010 - 12:32:14 | N | 56922] C:\readmeFRA.txt
[20/04/2010 - 12:30:02 | N | 39715] C:\readmeIMSM.txt
[20/04/2010 - 12:34:10 | N | 49457] C:\readmeJPN.txt
[20/01/2011 - 15:02:04 | SHD ] C:\Recovery
[20/01/2011 - 04:48:08 | SHD ] C:\RECYCLER
[07/02/2011 - 10:01:23 | D ] C:\System Volume Information
[03/02/2011 - 11:43:50 | N | 59686] C:\TDSSKiller.2.4.14.0_03.02.2011_11.43.33_log.txt
[05/02/2011 - 02:35:08 | N | 59920] C:\TDSSKiller.2.4.14.0_05.02.2011_02.34.53_log.txt
[20/01/2011 - 15:54:56 | N | 56582] C:\TDSSKiller.2.4.14.0_20.01.2011_15.54.24_log.txt
[29/01/2011 - 16:03:46 | N | 61116] C:\TDSSKiller.2.4.14.0_29.01.2011_16.02.58_log.txt
[29/01/2011 - 16:05:59 | N | 59686] C:\TDSSKiller.2.4.14.0_29.01.2011_16.05.40_log.txt
[20/01/2011 - 05:29:21 | D ] C:\UndeletePlus
[13/07/2010 - 17:19:03 | D ] C:\uninstall
[07/02/2011 - 20:21:43 | D ] C:\UsbFix
[07/02/2011 - 20:16:06 | A | 5197] C:\UsbFix.txt
[20/01/2011 - 15:08:24 | D ] C:\Users
[11/04/2008 - 10:07:18 | N | 5686] C:\vcredist.bmp
[11/04/2008 - 10:34:50 | N | 4469022] C:\VC_RED.cab
[11/04/2008 - 10:37:54 | N | 242688] C:\VC_RED.MSI
[13/07/2010 - 17:19:03 | D ] C:\Winall
[07/02/2011 - 10:06:05 | D ] C:\Windows
[13/07/2010 - 17:19:03 | D ] C:\x64
[31/03/2010 - 06:44:21 | RD ] E:\Access.WW
[31/03/2010 - 06:44:06 | RD ] E:\Access.en-us
[31/03/2010 - 06:44:23 | RD ] E:\Admin
[31/03/2010 - 06:44:06 | RD ] E:\Catalog
[31/03/2010 - 06:44:21 | RD ] E:\Excel.WW
[31/03/2010 - 06:44:23 | RD ] E:\Excel.en-us
[31/03/2010 - 06:44:21 | RD ] E:\Groove.WW
[31/03/2010 - 06:44:00 | RD ] E:\Groove.en-us
[31/03/2010 - 06:44:21 | RD ] E:\InfoPath.WW
[31/03/2010 - 06:44:21 | RD ] E:\InfoPath.en-us
[31/03/2010 - 06:44:24 | RD ] E:\Office.en-us
[31/03/2010 - 06:44:16 | RD ] E:\Office32.en-us
[31/03/2010 - 06:44:23 | RD ] E:\OneNote.WW
[31/03/2010 - 06:44:06 | RD ] E:\OneNote.en-us
[31/03/2010 - 06:44:23 | RD ] E:\Outlook.WW
[31/03/2010 - 06:44:21 | RD ] E:\Outlook.en-us
[31/03/2010 - 06:44:21 | RD ] E:\PowerPoint.WW
[31/03/2010 - 06:44:06 | RD ] E:\PowerPoint.en-us
[31/03/2010 - 06:44:21 | RD ] E:\PrjPro.WW
[31/03/2010 - 06:44:21 | RD ] E:\PrjStd.WW
[31/03/2010 - 06:44:21 | RD ] E:\ProPlus.WW
[31/03/2010 - 06:44:06 | RD ] E:\Project.en-us
[31/03/2010 - 06:44:07 | RD ] E:\Proofing.en-us
[31/03/2010 - 06:44:21 | RD ] E:\Publisher.WW
[31/03/2010 - 06:44:21 | RD ] E:\Publisher.en-us
[26/03/2010 - 02:51:13 | R | 1941] E:\README.HTM
[31/03/2010 - 06:44:21 | RD ] E:\Standard.WW
[31/03/2010 - 06:44:23 | RD ] E:\Updates
[31/03/2010 - 06:44:21 | RD ] E:\Visio.WW
[31/03/2010 - 06:44:21 | RD ] E:\Visio.en-us
[31/03/2010 - 06:44:21 | RD ] E:\Word.WW
[31/03/2010 - 06:44:23 | RD ] E:\Word.en-us
[12/03/2010 - 13:48:15 | R | 175] E:\autorun.inf
[12/03/2010 - 03:29:10 | R | 1377656] E:\setup.exe
[07/02/2011 - 20:21:43 | SHD ] F:\$RECYCLE.BIN
[28/01/2011 - 21:07:06 | D ] F:\Driver Backup 1-28-2011-21613
[28/01/2011 - 20:11:40 | SHD ] F:\System Volume Information
[28/01/2011 - 19:50:11 | N | 50672903680] F:\System_C_28_01_2011.tib
[01/12/2010 - 18:55:46 | D ] G:\.Trashes
[01/12/2010 - 18:55:46 | N | 4096] G:\._.Trashes
[01/12/2010 - 19:16:44 | N | 15364] G:\.DS_Store
[01/12/2010 - 19:00:32 | N | 82] G:\._PREF75_violence-travail_HD.pdf
[01/12/2010 - 19:00:46 | N | 82] G:\._40x60_Victim.pdf
[01/12/2010 - 19:00:48 | N | 82] G:\._40x60_Famille.pdf
[01/12/2010 - 19:00:48 | N | 82] G:\._40x60_TEMOIN.pdf
[01/12/2010 - 19:01:46 | N | 82] G:\._SDAV Affiches_40x60_jour_Final HD.pdf
[01/12/2010 - 19:01:46 | N | 82] G:\._SDAV_AfficheA3_jour_Final HD.pdf
[01/12/2010 - 19:01:46 | N | 82] G:\._SDAV_AfficheA3_nuit_Final HD.pdf
[01/12/2010 - 19:02:00 | N | 82] G:\._SDAV_12 pages_Final HD.pdf
[01/12/2010 - 19:02:16 | N | 82] G:\._SDAV_Carte nocturne R-V_Final HD.pdf
[01/12/2010 - 19:02:16 | N | 82] G:\._SDAV_carte jour R-V_Final HD.pdf
[01/12/2010 - 19:03:02 | N | 82] G:\._CW_Flyer_Final HD.pdf
[01/12/2010 - 19:03:10 | N | 82] G:\._CW_Flyer janvier09_Final HD.pdf
[01/12/2010 - 19:03:20 | N | 82] G:\._000215 FR Offres_Laboratoires_2009_PRINT.pdf
[01/12/2010 - 19:04:02 | N | 82] G:\._étiquette CD x1.pdf
[01/12/2010 - 19:04:14 | N | 82] G:\._Neotek info 3.pdf
[01/12/2010 - 19:04:26 | N | 82] G:\._Plaquette - HD.pdf
[01/12/2010 - 19:05:06 | N | 82] G:\._Cata 12p. Ponsel.pdf
[01/12/2010 - 19:05:16 | N | 82] G:\._4 pages_HD.pdf
[01/12/2010 - 19:05:38 | N | 82] G:\._Flyer D6_HD_2.pdf
[01/12/2010 - 19:06:04 | N | 82] G:\._Poster tableau.pdf
[01/12/2010 - 19:06:26 | N | 82] G:\._biosonic A4.pdf
[01/12/2010 - 19:06:38 | N | 82] G:\._CW-publirédacINNO-final HD.pdf
[01/12/2010 - 19:07:10 | N | 82] G:\._Restauration A4.pdf
[01/12/2010 - 19:07:40 | N | 82] G:\._4 pp Sogim-Grim2006.pdf
[01/12/2010 - 19:09:54 | N | 82] G:\._FONDIS_Analyse de Plomb_4.pdf
[01/12/2010 - 19:10:10 | N | 82] G:\._CW_Flyer avril_HD.pdf
[01/12/2010 - 19:10:20 | N | 82] G:\._flyer precious.pdf
[01/12/2010 - 19:11:28 | N | 82] G:\._MERCK_Stand pour PDF.pdf
[01/12/2010 - 19:11:38 | N | 82] G:\._Agenda 170x140.pdf
[01/12/2010 - 19:16:22 | N | 82] G:\._Logos
[01/12/2010 - 20:24:14 | SHD ] G:\$RECYCLE.BIN
[21/01/2011 - 00:47:10 | D ] G:\Recup
[22/01/2011 - 15:32:28 | D ] G:\Recup2
[22/01/2011 - 21:45:20 | D ] G:\Disque dur 0
[23/01/2011 - 02:16:26 | D ] G:\Recup3
[28/01/2011 - 18:07:48 | D ] G:\Boulos agisson
################## | Vaccin |
C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Dossier créé par Panda USB Vaccine
F:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_NIKO-PC.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.
################## | E.O.F |
############################## | UsbFix 7.038 | [Suppression]
Utilisateur: Niko (Administrateur) # NIKO-PC [Alienware Aurora]
Mis à jour le 14/01/2011 par El Desaparecido / C_XX
Lancé à 20:16:05 | 07/02/2011
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org
CPU: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
CPU 2: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Désactivé /!\
RAM -> 3063 Mo
C:\ (%systemdrive%) -> Disque fixe # 302 Go (199 Go libre(s) - 66%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Disque fixe # 155 Go (107 Go libre(s) - 69%) [Sauvegarde] # NTFS
G:\ -> Disque fixe # 466 Go (89 Go libre(s) - 19%) [NIKO] # FAT32
################## | Éléments infectieux |
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3696411593-134277201-504979194-1001
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3696411593-134277201-504979194-500
Supprimé! C:\Recycler\S-1-5-18
Supprimé! F:\$RECYCLE.BIN\S-1-5-21-3696411593-134277201-504979194-1001
Supprimé! C:\autorun.inf
Non supprimé ! E:\autorun.inf
Non supprimé ! E:\Updates
################## | Registre |
Supprimé! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
################## | Mountpoints2 |
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{8c817374-2a32-11e0-b985-a4badb01a518}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{efe366f2-249a-11e0-8bc9-806e6f6e6963}
################## | Listing |
[07/02/2011 - 20:21:43 | SHD ] C:\$Recycle.Bin
[28/01/2010 - 09:15:48 | N | 1362] C:\AF_BENCHMARKS.XML
[13/07/2010 - 17:19:02 | D ] C:\Application
[03/06/2009 - 15:47:16 | N | 4009] C:\AppPin.ini
[28/01/2010 - 16:59:21 | D ] C:\backup
[07/02/2011 - 18:29:38 | D ] C:\Config.Msi
[20/01/2011 - 15:36:17 | D ] C:\dell
[28/01/2010 - 16:56:02 | N | 22] C:\dell.sdr
[10/11/2006 - 08:25:46 | N | 319456] C:\difxapi.dll
[28/01/2011 - 18:17:32 | D ] C:\Disque dur externe
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[11/04/2008 - 10:07:18 | N | 3820] C:\eula.1028.txt
[11/04/2008 - 10:07:18 | N | 15428] C:\eula.1031.txt
[11/04/2008 - 10:07:18 | N | 10058] C:\eula.1033.txt
[11/04/2008 - 10:07:18 | N | 12246] C:\eula.1036.txt
[11/04/2008 - 10:07:18 | N | 13912] C:\eula.1040.txt
[11/04/2008 - 10:07:18 | N | 5868] C:\eula.1041.txt
[11/04/2008 - 10:07:18 | N | 5970] C:\eula.1042.txt
[11/04/2008 - 10:07:18 | N | 10134] C:\eula.1049.txt
[11/04/2008 - 10:07:18 | N | 3814] C:\eula.2052.txt
[11/04/2008 - 10:07:18 | N | 12936] C:\eula.3082.txt
[20/01/2011 - 02:17:49 | N | 14618] C:\Extras.Txt
[11/04/2008 - 10:07:18 | N | 1110] C:\globdata.ini
[07/02/2011 - 18:29:38 | ASH | 2408828928] C:\hiberfil.sys
[28/01/2010 - 16:55:52 | D ] C:\hotfix
[04/06/2009 - 09:03:54 | N | 26007] C:\IIF2.ini
[11/04/2008 - 10:32:30 | N | 855552] C:\install.exe
[11/04/2008 - 10:07:18 | N | 843] C:\install.ini
[11/04/2008 - 10:32:30 | N | 75280] C:\install.res.1028.dll
[11/04/2008 - 10:32:30 | N | 95248] C:\install.res.1031.dll
[11/04/2008 - 10:32:30 | N | 90128] C:\install.res.1033.dll
[11/04/2008 - 10:32:30 | N | 96272] C:\install.res.1036.dll
[11/04/2008 - 10:32:30 | N | 94224] C:\install.res.1040.dll
[11/04/2008 - 10:32:30 | N | 80400] C:\install.res.1041.dll
[11/04/2008 - 10:32:30 | N | 78864] C:\install.res.1042.dll
[11/04/2008 - 10:32:30 | N | 92176] C:\install.res.1049.dll
[11/04/2008 - 10:32:30 | N | 74768] C:\install.res.2052.dll
[11/04/2008 - 10:32:30 | N | 95248] C:\install.res.3082.dll
[28/01/2010 - 08:37:16 | D ] C:\Intel
[13/07/2010 - 17:19:03 | D ] C:\Lang
[20/01/2011 - 13:48:07 | D ] C:\MFG
[28/01/2010 - 16:59:21 | N | 4322] C:\mfg.sdr
[01/12/2006 - 23:37:14 | N | 904704] C:\msdia80.dll
[27/01/2011 - 12:28:05 | RHD ] C:\MSOCache
[07/02/2011 - 12:17:25 | D ] C:\NIKO
[20/01/2011 - 18:04:57 | D ] C:\NVIDIA
[20/01/2011 - 02:17:46 | N | 45598] C:\OTL.Txt
[07/02/2011 - 18:29:41 | ASH | 3211776000] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[28/01/2011 - 20:36:48 | D ] C:\Program Files
[07/02/2011 - 18:28:03 | D ] C:\Program Files (x86)
[07/02/2011 - 18:29:38 | HD ] C:\ProgramData
[20/04/2010 - 12:30:02 | N | 39715] C:\readme.txt
[20/04/2010 - 12:32:14 | N | 56922] C:\readmeFRA.txt
[20/04/2010 - 12:30:02 | N | 39715] C:\readmeIMSM.txt
[20/04/2010 - 12:34:10 | N | 49457] C:\readmeJPN.txt
[20/01/2011 - 15:02:04 | SHD ] C:\Recovery
[20/01/2011 - 04:48:08 | SHD ] C:\RECYCLER
[07/02/2011 - 10:01:23 | D ] C:\System Volume Information
[03/02/2011 - 11:43:50 | N | 59686] C:\TDSSKiller.2.4.14.0_03.02.2011_11.43.33_log.txt
[05/02/2011 - 02:35:08 | N | 59920] C:\TDSSKiller.2.4.14.0_05.02.2011_02.34.53_log.txt
[20/01/2011 - 15:54:56 | N | 56582] C:\TDSSKiller.2.4.14.0_20.01.2011_15.54.24_log.txt
[29/01/2011 - 16:03:46 | N | 61116] C:\TDSSKiller.2.4.14.0_29.01.2011_16.02.58_log.txt
[29/01/2011 - 16:05:59 | N | 59686] C:\TDSSKiller.2.4.14.0_29.01.2011_16.05.40_log.txt
[20/01/2011 - 05:29:21 | D ] C:\UndeletePlus
[13/07/2010 - 17:19:03 | D ] C:\uninstall
[07/02/2011 - 20:21:43 | D ] C:\UsbFix
[07/02/2011 - 20:16:06 | A | 5197] C:\UsbFix.txt
[20/01/2011 - 15:08:24 | D ] C:\Users
[11/04/2008 - 10:07:18 | N | 5686] C:\vcredist.bmp
[11/04/2008 - 10:34:50 | N | 4469022] C:\VC_RED.cab
[11/04/2008 - 10:37:54 | N | 242688] C:\VC_RED.MSI
[13/07/2010 - 17:19:03 | D ] C:\Winall
[07/02/2011 - 10:06:05 | D ] C:\Windows
[13/07/2010 - 17:19:03 | D ] C:\x64
[31/03/2010 - 06:44:21 | RD ] E:\Access.WW
[31/03/2010 - 06:44:06 | RD ] E:\Access.en-us
[31/03/2010 - 06:44:23 | RD ] E:\Admin
[31/03/2010 - 06:44:06 | RD ] E:\Catalog
[31/03/2010 - 06:44:21 | RD ] E:\Excel.WW
[31/03/2010 - 06:44:23 | RD ] E:\Excel.en-us
[31/03/2010 - 06:44:21 | RD ] E:\Groove.WW
[31/03/2010 - 06:44:00 | RD ] E:\Groove.en-us
[31/03/2010 - 06:44:21 | RD ] E:\InfoPath.WW
[31/03/2010 - 06:44:21 | RD ] E:\InfoPath.en-us
[31/03/2010 - 06:44:24 | RD ] E:\Office.en-us
[31/03/2010 - 06:44:16 | RD ] E:\Office32.en-us
[31/03/2010 - 06:44:23 | RD ] E:\OneNote.WW
[31/03/2010 - 06:44:06 | RD ] E:\OneNote.en-us
[31/03/2010 - 06:44:23 | RD ] E:\Outlook.WW
[31/03/2010 - 06:44:21 | RD ] E:\Outlook.en-us
[31/03/2010 - 06:44:21 | RD ] E:\PowerPoint.WW
[31/03/2010 - 06:44:06 | RD ] E:\PowerPoint.en-us
[31/03/2010 - 06:44:21 | RD ] E:\PrjPro.WW
[31/03/2010 - 06:44:21 | RD ] E:\PrjStd.WW
[31/03/2010 - 06:44:21 | RD ] E:\ProPlus.WW
[31/03/2010 - 06:44:06 | RD ] E:\Project.en-us
[31/03/2010 - 06:44:07 | RD ] E:\Proofing.en-us
[31/03/2010 - 06:44:21 | RD ] E:\Publisher.WW
[31/03/2010 - 06:44:21 | RD ] E:\Publisher.en-us
[26/03/2010 - 02:51:13 | R | 1941] E:\README.HTM
[31/03/2010 - 06:44:21 | RD ] E:\Standard.WW
[31/03/2010 - 06:44:23 | RD ] E:\Updates
[31/03/2010 - 06:44:21 | RD ] E:\Visio.WW
[31/03/2010 - 06:44:21 | RD ] E:\Visio.en-us
[31/03/2010 - 06:44:21 | RD ] E:\Word.WW
[31/03/2010 - 06:44:23 | RD ] E:\Word.en-us
[12/03/2010 - 13:48:15 | R | 175] E:\autorun.inf
[12/03/2010 - 03:29:10 | R | 1377656] E:\setup.exe
[07/02/2011 - 20:21:43 | SHD ] F:\$RECYCLE.BIN
[28/01/2011 - 21:07:06 | D ] F:\Driver Backup 1-28-2011-21613
[28/01/2011 - 20:11:40 | SHD ] F:\System Volume Information
[28/01/2011 - 19:50:11 | N | 50672903680] F:\System_C_28_01_2011.tib
[01/12/2010 - 18:55:46 | D ] G:\.Trashes
[01/12/2010 - 18:55:46 | N | 4096] G:\._.Trashes
[01/12/2010 - 19:16:44 | N | 15364] G:\.DS_Store
[01/12/2010 - 19:00:32 | N | 82] G:\._PREF75_violence-travail_HD.pdf
[01/12/2010 - 19:00:46 | N | 82] G:\._40x60_Victim.pdf
[01/12/2010 - 19:00:48 | N | 82] G:\._40x60_Famille.pdf
[01/12/2010 - 19:00:48 | N | 82] G:\._40x60_TEMOIN.pdf
[01/12/2010 - 19:01:46 | N | 82] G:\._SDAV Affiches_40x60_jour_Final HD.pdf
[01/12/2010 - 19:01:46 | N | 82] G:\._SDAV_AfficheA3_jour_Final HD.pdf
[01/12/2010 - 19:01:46 | N | 82] G:\._SDAV_AfficheA3_nuit_Final HD.pdf
[01/12/2010 - 19:02:00 | N | 82] G:\._SDAV_12 pages_Final HD.pdf
[01/12/2010 - 19:02:16 | N | 82] G:\._SDAV_Carte nocturne R-V_Final HD.pdf
[01/12/2010 - 19:02:16 | N | 82] G:\._SDAV_carte jour R-V_Final HD.pdf
[01/12/2010 - 19:03:02 | N | 82] G:\._CW_Flyer_Final HD.pdf
[01/12/2010 - 19:03:10 | N | 82] G:\._CW_Flyer janvier09_Final HD.pdf
[01/12/2010 - 19:03:20 | N | 82] G:\._000215 FR Offres_Laboratoires_2009_PRINT.pdf
[01/12/2010 - 19:04:02 | N | 82] G:\._étiquette CD x1.pdf
[01/12/2010 - 19:04:14 | N | 82] G:\._Neotek info 3.pdf
[01/12/2010 - 19:04:26 | N | 82] G:\._Plaquette - HD.pdf
[01/12/2010 - 19:05:06 | N | 82] G:\._Cata 12p. Ponsel.pdf
[01/12/2010 - 19:05:16 | N | 82] G:\._4 pages_HD.pdf
[01/12/2010 - 19:05:38 | N | 82] G:\._Flyer D6_HD_2.pdf
[01/12/2010 - 19:06:04 | N | 82] G:\._Poster tableau.pdf
[01/12/2010 - 19:06:26 | N | 82] G:\._biosonic A4.pdf
[01/12/2010 - 19:06:38 | N | 82] G:\._CW-publirédacINNO-final HD.pdf
[01/12/2010 - 19:07:10 | N | 82] G:\._Restauration A4.pdf
[01/12/2010 - 19:07:40 | N | 82] G:\._4 pp Sogim-Grim2006.pdf
[01/12/2010 - 19:09:54 | N | 82] G:\._FONDIS_Analyse de Plomb_4.pdf
[01/12/2010 - 19:10:10 | N | 82] G:\._CW_Flyer avril_HD.pdf
[01/12/2010 - 19:10:20 | N | 82] G:\._flyer precious.pdf
[01/12/2010 - 19:11:28 | N | 82] G:\._MERCK_Stand pour PDF.pdf
[01/12/2010 - 19:11:38 | N | 82] G:\._Agenda 170x140.pdf
[01/12/2010 - 19:16:22 | N | 82] G:\._Logos
[01/12/2010 - 20:24:14 | SHD ] G:\$RECYCLE.BIN
[21/01/2011 - 00:47:10 | D ] G:\Recup
[22/01/2011 - 15:32:28 | D ] G:\Recup2
[22/01/2011 - 21:45:20 | D ] G:\Disque dur 0
[23/01/2011 - 02:16:26 | D ] G:\Recup3
[28/01/2011 - 18:07:48 | D ] G:\Boulos agisson
################## | Vaccin |
C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Dossier créé par Panda USB Vaccine
F:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_NIKO-PC.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.
################## | E.O.F |
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Bonjour, Voici le rapport Malware :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5709
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
08/02/2011 12:13:40
mbam-log-2011-02-08 (12-13-40).txt
Type d'examen: Examen complet (C:\|E:\|F:\|G:\|)
Elément(s) analysé(s): 588264
Temps écoulé: 1 heure(s), 42 minute(s), 59 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 99
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
g:\Recup\setupact.log (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\windowsupdate.log (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\level1_1[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\level1_6[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\level1_4[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\bg_banniere[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\BCG_4_~1.GIF (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\Cadre10.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\suz015.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\suz017.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\rounded rectangle.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\icoreche[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\p_jogframe47.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\wmsetup.log (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\SA\l\TT\--\happybirdsday-medium\1.0\263001797\happybirdsday-medium.ttf (Trojan.Downloader) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\fr_FR\acrobat pro 3d\9.0\images\word07_createpdf.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\fr_FR\acrobat pro 3d\9.0\images\a_sound_sm_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\de_DE\acrobat pro 3d\9.0\images\a_addserver_lg_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\de_DE\acrobat pro 3d\9.0\images\a_viewrecord_md_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\ssc\websuitepremium-cs5-mac-gm\lmresources\background.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\sample pictures\lighthouse.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Roaming\microsoft\Windows\Themes\transcodedwallpaper.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\3PXTCE8L\sprite-gradients[1].png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\EII0O60E\picto_play[1].png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Desktop\NIKO\graphisme\boulots agisson\agisson\ag_site_travaux\irsn_4-pages_ext_final.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Desktop\NIKO\graphisme\boulots agisson\agisson\ag_site_travaux\irsn_invitescolloque_int.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Desktop\NIKO\graphisme\boulots agisson\NATESIS\packaging\etui pycno\rectifs\Vcaps.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Desktop\NIKO\graphisme\boulots agisson\NATESIS\packaging\bio affine\prep\fotolia_5708632.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Desktop\NIKO\graphisme\boulots agisson\IRSN\RPL\photos maquette rpl\CIMG2116.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\documents\mes historiques de conversation\octobre 2010\Images\msgplus_img1972.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\documents\mes historiques de conversation\septembre 2010\Images\msgplus_img1179.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\LogFiles\edb00644.log (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\French\Content\resources\covers\sf3mac_cvr_userguide_0610_f.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\French\Data\skinextensisskin\browsesequencesaccordionbackground.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\cyberlink\powerdvd8\olrsubmission\Skin\Default\combosliderthumb.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Bonus\Masks\Etoile02.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\FIU4X2L1\y1mre43qrg9sscjwuv9yqlmw56uyavcr9mgpdncyrnpl8y55zdn918pudonahl5hml48b-bdbd8i2b5wfz9ejug7q[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\tutos\chapitre 18 - enregistrer un document\ictcacher\logo_emob.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\pluging\mo_suz\suz046.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\FRIO\CSXS\icons\connectnow.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\csreviewbundle\csxs\icons\csreview_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\clientwindow_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\web_preview_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\web_preview_screen.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\German\Skin\Images\Logo.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\activationtemp64_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\plugin_prefs.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\quickfind_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Data\skinsmallextensisskin\glossaryaccordionbackground_over.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Skin\Images\Logo.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\covers\sf3mac_cvr_userguide_0610_e.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\draginsertlaunchpad.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\preview_text_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\glyphs\symbol_pi.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\webink-win-images\stop.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\rounded rectangle.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\icoreche[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\p_jogframe47.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\SA\l\TT\--\happybirdsday-medium\1.0\263001797\happybirdsday-medium.ttf (Trojan.Downloader) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\sample pictures\lighthouse.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\documents\mes historiques de conversation\septembre 2010\Images\msgplus_img1179.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\documents\mes historiques de conversation\octobre 2010\Images\msgplus_img1972.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Roaming\microsoft\Windows\Themes\transcodedwallpaper.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\3PXTCE8L\sprite-gradients[1].png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\EII0O60E\picto_play[1].png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\FIU4X2L1\y1mre43qrg9sscjwuv9yqlmw56uyavcr9mgpdncyrnpl8y55zdn918pudonahl5hml48b-bdbd8i2b5wfz9ejug7q[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\fr_FR\acrobat pro 3d\9.0\images\word07_createpdf.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\fr_FR\acrobat pro 3d\9.0\images\a_sound_sm_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\de_DE\acrobat pro 3d\9.0\images\a_addserver_lg_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\de_DE\acrobat pro 3d\9.0\images\a_viewrecord_md_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\ssc\websuitepremium-cs5-mac-gm\lmresources\background.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\tutos\chapitre 18 - enregistrer un document\ictcacher\logo_emob.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Bonus\Masks\Etoile02.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\pluging\mo_suz\suz046.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\FRIO\CSXS\icons\connectnow.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\csreviewbundle\csxs\icons\csreview_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Nero\Nero 9\nero startsmart\NPRE\neropreview\default\play hot.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\covers\sf3mac_cvr_userguide_0610_e.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\draginsertlaunchpad.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\preview_text_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\glyphs\symbol_pi.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\webink-win-images\stop.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\cyberlink\powerdvd8\olrsubmission\Skin\Default\combosliderthumb.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\French\Content\resources\covers\sf3mac_cvr_userguide_0610_f.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\French\Data\skinextensisskin\browsesequencesaccordionbackground.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\clientwindow_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\web_preview_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\web_preview_screen.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\German\Skin\Images\Logo.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\activationtemp64_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\plugin_prefs.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\quickfind_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Data\skinsmallextensisskin\glossaryaccordionbackground_over.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Skin\Images\Logo.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\photofiltre studio+crack+ 33pluging\Bonus\Masks\Cadre10.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\photofiltre studio+crack+ 33pluging\pluging\mo_suz\suz015.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\photofiltre studio+crack+ 33pluging\pluging\mo_suz\suz017.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup3\disque dur 0\identifié [partition virtuelle ntfs @ 18237440]\lostfile_exe_39250720.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
g:\Recup3\disque dur 0\identifié [partition virtuelle ntfs @ 18237440]\lostfile_exe_106541416.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5709
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
08/02/2011 12:13:40
mbam-log-2011-02-08 (12-13-40).txt
Type d'examen: Examen complet (C:\|E:\|F:\|G:\|)
Elément(s) analysé(s): 588264
Temps écoulé: 1 heure(s), 42 minute(s), 59 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 99
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
g:\Recup\setupact.log (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\windowsupdate.log (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\level1_1[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\level1_6[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\level1_4[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\bg_banniere[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup\BCG_4_~1.GIF (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\Cadre10.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\suz015.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\suz017.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\rounded rectangle.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\icoreche[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\p_jogframe47.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\wmsetup.log (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\SA\l\TT\--\happybirdsday-medium\1.0\263001797\happybirdsday-medium.ttf (Trojan.Downloader) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\fr_FR\acrobat pro 3d\9.0\images\word07_createpdf.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\fr_FR\acrobat pro 3d\9.0\images\a_sound_sm_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\de_DE\acrobat pro 3d\9.0\images\a_addserver_lg_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\de_DE\acrobat pro 3d\9.0\images\a_viewrecord_md_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\ssc\websuitepremium-cs5-mac-gm\lmresources\background.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\sample pictures\lighthouse.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Roaming\microsoft\Windows\Themes\transcodedwallpaper.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\3PXTCE8L\sprite-gradients[1].png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\EII0O60E\picto_play[1].png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Desktop\NIKO\graphisme\boulots agisson\agisson\ag_site_travaux\irsn_4-pages_ext_final.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Desktop\NIKO\graphisme\boulots agisson\agisson\ag_site_travaux\irsn_invitescolloque_int.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Desktop\NIKO\graphisme\boulots agisson\NATESIS\packaging\etui pycno\rectifs\Vcaps.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Desktop\NIKO\graphisme\boulots agisson\NATESIS\packaging\bio affine\prep\fotolia_5708632.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Desktop\NIKO\graphisme\boulots agisson\IRSN\RPL\photos maquette rpl\CIMG2116.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\documents\mes historiques de conversation\octobre 2010\Images\msgplus_img1972.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\documents\mes historiques de conversation\septembre 2010\Images\msgplus_img1179.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\LogFiles\edb00644.log (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\French\Content\resources\covers\sf3mac_cvr_userguide_0610_f.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\French\Data\skinextensisskin\browsesequencesaccordionbackground.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\cyberlink\powerdvd8\olrsubmission\Skin\Default\combosliderthumb.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Bonus\Masks\Etoile02.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\FIU4X2L1\y1mre43qrg9sscjwuv9yqlmw56uyavcr9mgpdncyrnpl8y55zdn918pudonahl5hml48b-bdbd8i2b5wfz9ejug7q[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\tutos\chapitre 18 - enregistrer un document\ictcacher\logo_emob.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\pluging\mo_suz\suz046.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\FRIO\CSXS\icons\connectnow.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\csreviewbundle\csxs\icons\csreview_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\clientwindow_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\web_preview_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\web_preview_screen.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\German\Skin\Images\Logo.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\activationtemp64_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\plugin_prefs.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\quickfind_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Data\skinsmallextensisskin\glossaryaccordionbackground_over.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Skin\Images\Logo.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\covers\sf3mac_cvr_userguide_0610_e.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\draginsertlaunchpad.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\preview_text_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\glyphs\symbol_pi.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup2\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\webink-win-images\stop.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\rounded rectangle.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\icoreche[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\p_jogframe47.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\SA\l\TT\--\happybirdsday-medium\1.0\263001797\happybirdsday-medium.ttf (Trojan.Downloader) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\sample pictures\lighthouse.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\documents\mes historiques de conversation\septembre 2010\Images\msgplus_img1179.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\documents\mes historiques de conversation\octobre 2010\Images\msgplus_img1972.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Roaming\microsoft\Windows\Themes\transcodedwallpaper.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\3PXTCE8L\sprite-gradients[1].png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\EII0O60E\picto_play[1].png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\FIU4X2L1\y1mre43qrg9sscjwuv9yqlmw56uyavcr9mgpdncyrnpl8y55zdn918pudonahl5hml48b-bdbd8i2b5wfz9ejug7q[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\fr_FR\acrobat pro 3d\9.0\images\word07_createpdf.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\fr_FR\acrobat pro 3d\9.0\images\a_sound_sm_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\de_DE\acrobat pro 3d\9.0\images\a_addserver_lg_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\Help\de_DE\acrobat pro 3d\9.0\images\a_viewrecord_md_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Adobe\ssc\websuitepremium-cs5-mac-gm\lmresources\background.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\tutos\chapitre 18 - enregistrer un document\ictcacher\logo_emob.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Bonus\Masks\Etoile02.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\pluging\mo_suz\suz046.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\FRIO\CSXS\icons\connectnow.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\csreviewbundle\csxs\icons\csreview_n.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Nero\Nero 9\nero startsmart\NPRE\neropreview\default\play hot.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\covers\sf3mac_cvr_userguide_0610_e.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\draginsertlaunchpad.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\preview_text_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\glyphs\symbol_pi.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\English\Content\resources\images\webink-win-images\stop.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\cyberlink\powerdvd8\olrsubmission\Skin\Default\combosliderthumb.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\French\Content\resources\covers\sf3mac_cvr_userguide_0610_f.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\French\Data\skinextensisskin\browsesequencesaccordionbackground.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\clientwindow_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\web_preview_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\German\Content\resources\images\web_preview_screen.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\German\Skin\Images\Logo.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\activationtemp64_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\plugin_prefs.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Content\resources\images\quickfind_win_print.png (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Data\skinsmallextensisskin\glossaryaccordionbackground_over.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\Japanese\Skin\Images\Logo.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\photofiltre studio+crack+ 33pluging\Bonus\Masks\Cadre10.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\photofiltre studio+crack+ 33pluging\pluging\mo_suz\suz015.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\disque dur 0\disque dur 0\partition virtuelle ntfs @ 18237440\photofiltre studio+crack+ 33pluging\pluging\mo_suz\suz017.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
g:\Recup3\disque dur 0\identifié [partition virtuelle ntfs @ 18237440]\lostfile_exe_39250720.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
g:\Recup3\disque dur 0\identifié [partition virtuelle ntfs @ 18237440]\lostfile_exe_106541416.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
Oui le PC a redémarré, voici les liens OTL :
http://www.cijoint.fr/cjlink.php?file=cj201102/cijmCwyfHW.txt
et
http://www.cijoint.fr/cjlink.php?file=cj201102/cijYP43CMr.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijmCwyfHW.txt
et
http://www.cijoint.fr/cjlink.php?file=cj201102/cijYP43CMr.txt
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer"
choisis l'option Search
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95% à l'affichage "2nd Check", relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan
▶ Poste les rapports qui apparaitront sur ton bureau
▶▶▶ NE LES POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer"
choisis l'option Search
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95% à l'affichage "2nd Check", relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan
▶ Poste les rapports qui apparaitront sur ton bureau
▶▶▶ NE LES POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
J'ai éxécuté List_Kill'em.
Dans la fenêtre bleue qui s'est ouverte, la même phrase se répète sans cesse depuis un bon moment
On dirait qu'il reste bloqué à 10%. Est-ce normal ?
Dans la fenêtre bleue qui s'est ouverte, la même phrase se répète sans cesse depuis un bon moment
On dirait qu'il reste bloqué à 10%. Est-ce normal ?
C'est bon en fait, Voici les liens :
http://www.cijoint.fr/cjlink.php?file=cj201102/cijhzMO2GS.txt
et
http://www.cijoint.fr/cjlink.php?file=cj201102/cijdF37WJn.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijhzMO2GS.txt
et
http://www.cijoint.fr/cjlink.php?file=cj201102/cijdF37WJn.txt
ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}"
KLOOK:"HKEY_CURRENT_USER\software\Disk Doctor Labs Inc."
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
▶ poste le resultat
▶ Ferme List_Kill'em
Note : le rapport est sur ton bureau : Script_(4 chiffres).txt
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}"
KLOOK:"HKEY_CURRENT_USER\software\Disk Doctor Labs Inc."
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
▶ poste le resultat
▶ Ferme List_Kill'em
Note : le rapport est sur ton bureau : Script_(4 chiffres).txt
Voici le résultat :
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Niko (Administrateurs)
Update on 08/02/2011 by g3n-h@ckm@n ::::: 05.00
Start at: 15:34:37 | 08/02/2011
Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 302,42 Go (193,91 Go free) [OS] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM | 3,74 Go (0 Mo free) [OFFICE14] | UDF
F:\ -> Disque fixe local | 154,64 Go (107,12 Go free) [Sauvegarde] | NTFS
G:\ -> Disque fixe local | 465,65 Go (88,67 Go free) [NIKO] | FAT32
¤¤¤¤¤¤¤¤¤¤ Processes :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f5b09cfd-f0b2-36af-8df4-1df6b63fc7b4}
Locale REG_SZ
Version REG_SZ 4,0,30319,0
ComponentID REG_SZ .NETFramework
<NO NAME> REG_SZ .NET Framework
HKEY_CURRENT_USER\software\disk doctor labs inc.
HKEY_CURRENT_USER\software\disk doctor labs inc.\Disk Doctors NTFS Data Recovery
End at 15:35:04
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Niko (Administrateurs)
Update on 08/02/2011 by g3n-h@ckm@n ::::: 05.00
Start at: 15:34:37 | 08/02/2011
Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 302,42 Go (193,91 Go free) [OS] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM | 3,74 Go (0 Mo free) [OFFICE14] | UDF
F:\ -> Disque fixe local | 154,64 Go (107,12 Go free) [Sauvegarde] | NTFS
G:\ -> Disque fixe local | 465,65 Go (88,67 Go free) [NIKO] | FAT32
¤¤¤¤¤¤¤¤¤¤ Processes :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f5b09cfd-f0b2-36af-8df4-1df6b63fc7b4}
Locale REG_SZ
Version REG_SZ 4,0,30319,0
ComponentID REG_SZ .NETFramework
<NO NAME> REG_SZ .NET Framework
HKEY_CURRENT_USER\software\disk doctor labs inc.
HKEY_CURRENT_USER\software\disk doctor labs inc.\Disk Doctors NTFS Data Recovery
End at 15:35:04
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
Je ne sais pas si c'est normal, mais à la fin du scan, je n'ai plus accès au bureau, ni à la barre des tâches, tout a disparu...
Le résultat :
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤
User : Niko (Administrateurs)
Update on 08/02/2011 by g3n-h@ckm@n ::::: 05.00
Start at: 16:27:37 | 08/02/2011
Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 302,42 Go (193,65 Go free) [OS] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM | 3,74 Go (0 Mo free) [OFFICE14] | UDF
F:\ -> Disque fixe local | 154,64 Go (107,12 Go free) [Sauvegarde] | NTFS
G:\ -> Disque fixe local | 465,65 Go (88,67 Go free) [NIKO] | FAT32
Killed : PID 3160 'Msnmsgr.exe'
Killed : PID 2284 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Users\Niko\AppData\Local\GDIPFONTCACHEV1.DAT
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
InternetSettingsDisableNotify = 0 (0x0)
AutoUpdateDisableNotify = 0 (0x0)
UacDisableNotify = 0 (0x0)
AntispywareOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\SysWow64\userinit.exe,
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600
device: opened successfully
user: error reading MBR
Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
End of Scan : 16:28:27
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Le résultat :
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤
User : Niko (Administrateurs)
Update on 08/02/2011 by g3n-h@ckm@n ::::: 05.00
Start at: 16:27:37 | 08/02/2011
Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 302,42 Go (193,65 Go free) [OS] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM | 3,74 Go (0 Mo free) [OFFICE14] | UDF
F:\ -> Disque fixe local | 154,64 Go (107,12 Go free) [Sauvegarde] | NTFS
G:\ -> Disque fixe local | 465,65 Go (88,67 Go free) [NIKO] | FAT32
Killed : PID 3160 'Msnmsgr.exe'
Killed : PID 2284 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Users\Niko\AppData\Local\GDIPFONTCACHEV1.DAT
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
InternetSettingsDisableNotify = 0 (0x0)
AutoUpdateDisableNotify = 0 (0x0)
UacDisableNotify = 0 (0x0)
AntispywareOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\SysWow64\userinit.exe,
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600
device: opened successfully
user: error reading MBR
Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
End of Scan : 16:28:27
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
