Virus Windows repair aide Svp
krumpy
Messages postés
25
Statut
Membre
-
krumpy Messages postés 25 Statut Membre -
krumpy Messages postés 25 Statut Membre -
Bonjour, j'ai un probleme de virus et en cherchant je suis arriver sur ce forum
j'ai vu d'autre personne ayant le meme probleme "windows repair" ici
donc qui peu m'aider svp ?
j'ai telecharger roguekiller et essayer l'étape 1, 2 et 6 , la 6 ma remis mes donnée (musique, image ...) mais c'est tout s'que j'ai reussi a faire :s
j'ai vu d'autre personne ayant le meme probleme "windows repair" ici
donc qui peu m'aider svp ?
j'ai telecharger roguekiller et essayer l'étape 1, 2 et 6 , la 6 ma remis mes donnée (musique, image ...) mais c'est tout s'que j'ai reussi a faire :s
A voir également:
- Virus Windows repair aide Svp
- Windows repair - Télécharger - Utilitaires
- Clé windows 8 - Guide
- Montage video gratuit windows - Guide
- Windows ne démarre pas - Guide
- Windows movie maker - Télécharger - Montage & Édition
22 réponses
hello
poste tous les rapports roguekiller stp (copier coller ici)
puis
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour Vista ou Seven)
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur http://pjjoint.malekal.com/
Clique sur "Parcourir "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
poste tous les rapports roguekiller stp (copier coller ici)
puis
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour Vista ou Seven)
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur http://pjjoint.malekal.com/
Clique sur "Parcourir "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
J'ai anti-virus firewall, merçi pour ton aide
Ps: l'étape 6 ne ma pas remis toute mes donnée en fait
Ps: l'étape 6 ne ma pas remis toute mes donnée en fait
j'ai déja reussi a enlever les images (fenetre) ouverte de windows repair qui bloquer sur mon ecran , et je peux a present remettre un arriere plan de bureau grace a Malwerebytes =) , j'avais 126 element infectés a peu pres
Puis sa ma dit de redemarer et que certains element n'ont pas pu etre supprimer
Puis sa ma dit de redemarer et que certains element n'ont pas pu etre supprimer
redemarre le pc
poste le rapport
et regarde là https://forums.commentcamarche.net/forum/affich-21454770-virus-windows-repair-aide-svp#4
poste le rapport
et regarde là https://forums.commentcamarche.net/forum/affich-21454770-virus-windows-repair-aide-svp#4
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut je viens de voir ton message, jte remercie déja pour ton aide =)
j'vais faire une recherche sur roguekiller et je poste les rapport
ensuite je passe a la suite, merci
j'vais faire une recherche sur roguekiller et je poste les rapport
ensuite je passe a la suite, merci
Voila j'crois avoir bien fait :
RogueKiller V4.3.6 par Tigzy
contact sur https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur: Math [Droits d'admin]
Mode: Recherche -- Date : 02/04/2011 08:21:50
Processus malicieux: 1
[APPDT/TMP/DESKTOP] DAT43C5.tmp.exe -- c:\users\mathieu\appdata\local\temp\dat43c5.tmp.exe -> KILLED
Entrees de registre: 0
Fichier HOSTS:
127.0.0.1 localhost
::1 localhost
Termine : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
RogueKiller V4.3.6 par Tigzy
contact sur https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur: Math [Droits d'admin]
Mode: Recherche -- Date : 02/04/2011 08:21:50
Processus malicieux: 1
[APPDT/TMP/DESKTOP] DAT43C5.tmp.exe -- c:\users\mathieu\appdata\local\temp\dat43c5.tmp.exe -> KILLED
Entrees de registre: 0
Fichier HOSTS:
127.0.0.1 localhost
::1 localhost
Termine : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
(les rapports sont à côté de l'outil sur kle bureau
poste également le rapport MBAM )
c'est a dire ? sur le bureau j'en est pas trouvé
ou est-il le rapport MBAM ?
poste également le rapport MBAM )
c'est a dire ? sur le bureau j'en est pas trouvé
ou est-il le rapport MBAM ?
Voila le rapport MBAM du scan quant j'avait les 126 element infectes ^^
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6243
Windows 6.0.6000
Internet Explorer 8.0.6001.18904
02/04/2011 07:57:42
mbam-log-2011-04-02 (07-57-42).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 156456
Temps écoulé: 7 minute(s), 36 seconde(s)
Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 10
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 75
Processus mémoire infecté(s):
c:\Windows\System32\oobe\svchost.exe (Spyware.Passwords.XGen) -> 2804 -> Unloaded process successfully.
c:\programdata\aiakiwgpwk.exe (Trojan.FakeAlert) -> 5604 -> Unloaded process successfully.
c:\programdata\35315488.exe (Rogue.FakeHDD) -> 488 -> Unloaded process successfully.
c:\Users\Mathieu\wuaucldt.exe (Trojan.Agent) -> 1248 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svchost32 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{A007FA7F-BFAB-4CD3-8717-7DF9C294D025} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7EB42F29-BD4F-42AB-9806-95F22C1359EB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.bvto (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MessengerSkinner (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF65EEF6-EF1A-4AE7-9F31-D793EC488AAB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{EF65EEF6-EF1A-4AE7-9F31-D793EC488AAB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF65EEF6-EF1A-4AE7-9F31-D793EC488AAB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF65EEF6-EF1A-4AE7-9F31-D793EC488AAB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AIAkiwgpWK (Trojan.FakeAlert) -> Value: AIAkiwgpWK -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\(default) (Hijack.SearchPage) -> Bad: (http://www.cherche.us/keyword/%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
c:\program files\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\download (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\spyware-secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\resources (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\antispywareexpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware-secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\Windows\System32\778670 (Trojan.BHO) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\Windows\System32\oobe\svchost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\programdata\aiakiwgpwk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\35315488.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Windows\System32\cryptnet32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\spool.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\tmp144B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\tmp3F6F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\tmp705E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\tmpAFEE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\tmpC9E3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\E1r4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\service.0xe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NS4C99.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NS7AF9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NSA116.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NSC320.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NSE723.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NSE9E1.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\_15A4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\_15C4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\jar_cache509.tmp (Redir.ChercheUs) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\wtf.0xe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\local settings\application data\9853487.0xe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\Mathieu\local settings\temporary internet files\Content.IE5\E28V03UJ\calc[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Mathieu\local settings\temporary internet files\Content.IE5\E28V03UJ\update[1].0xe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\DirectX\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\Windows\System32\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\attenteoff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\attenteon.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\messengerskinnerdll.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\download\defaultpack.cab (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\appconfig.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnBnr.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnIn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btninnormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btninover.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnnormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnnormal.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnnormalbnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnnormalbnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnOver.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnoverbnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnoverbnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\0.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\1.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\2.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\3.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\sc.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\sex1.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\sex2.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\config.s3db (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\Gfx_fr.bin (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\language (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\skin (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\spyware-secure.url (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\sqlite3.dll (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\sws_translations.xml (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\uninst.exe (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\unrar.dll (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\resources\malwaresdb_1-12 (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware-secure\spyware-secure trial.lnk (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware-secure\Website.lnk (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6243
Windows 6.0.6000
Internet Explorer 8.0.6001.18904
02/04/2011 07:57:42
mbam-log-2011-04-02 (07-57-42).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 156456
Temps écoulé: 7 minute(s), 36 seconde(s)
Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 10
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 75
Processus mémoire infecté(s):
c:\Windows\System32\oobe\svchost.exe (Spyware.Passwords.XGen) -> 2804 -> Unloaded process successfully.
c:\programdata\aiakiwgpwk.exe (Trojan.FakeAlert) -> 5604 -> Unloaded process successfully.
c:\programdata\35315488.exe (Rogue.FakeHDD) -> 488 -> Unloaded process successfully.
c:\Users\Mathieu\wuaucldt.exe (Trojan.Agent) -> 1248 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svchost32 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{A007FA7F-BFAB-4CD3-8717-7DF9C294D025} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7EB42F29-BD4F-42AB-9806-95F22C1359EB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.bvto (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MessengerSkinner (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF65EEF6-EF1A-4AE7-9F31-D793EC488AAB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{EF65EEF6-EF1A-4AE7-9F31-D793EC488AAB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF65EEF6-EF1A-4AE7-9F31-D793EC488AAB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF65EEF6-EF1A-4AE7-9F31-D793EC488AAB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AIAkiwgpWK (Trojan.FakeAlert) -> Value: AIAkiwgpWK -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\(default) (Hijack.SearchPage) -> Bad: (http://www.cherche.us/keyword/%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
c:\program files\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\download (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\spyware-secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\resources (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\antispywareexpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware-secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\Windows\System32\778670 (Trojan.BHO) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\Windows\System32\oobe\svchost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\programdata\aiakiwgpwk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\35315488.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Windows\System32\cryptnet32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\spool.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\tmp144B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\tmp3F6F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\tmp705E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\tmpAFEE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\tmpC9E3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\E1r4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\service.0xe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NS4C99.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NS7AF9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NSA116.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NSC320.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NSE723.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\NSE9E1.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\_15A4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\_15C4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\jar_cache509.tmp (Redir.ChercheUs) -> Quarantined and deleted successfully.
c:\Users\Mathieu\AppData\Local\Temp\wtf.0xe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\local settings\application data\9853487.0xe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\Mathieu\local settings\temporary internet files\Content.IE5\E28V03UJ\calc[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Mathieu\local settings\temporary internet files\Content.IE5\E28V03UJ\update[1].0xe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\DirectX\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\Windows\System32\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mathieu\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\attenteoff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\attenteon.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internetgamebox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\messengerskinnerdll.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\download\defaultpack.cab (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\appconfig.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnBnr.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnIn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btninnormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btninover.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnnormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnnormal.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnnormalbnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnnormalbnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnOver.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnoverbnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\btnoverbnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\messengerskinner\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\0.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\1.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\2.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\3.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\sc.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\sex1.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\sex2.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\config.s3db (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\Gfx_fr.bin (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\language (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\skin (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\spyware-secure.url (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\sqlite3.dll (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\sws_translations.xml (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\uninst.exe (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\unrar.dll (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\program files\spyware-secure\resources\malwaresdb_1-12 (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware-secure\spyware-secure trial.lnk (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware-secure\Website.lnk (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
ok
1)
* Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
http://www.teamxscript.org/adremoverTelechargement.html
/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\
Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « NETTOYER »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
__________
2)
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour Vista ou Seven)
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur http://pjjoint.malekal.com/
Clique sur "Parcourir "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
1)
* Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
http://www.teamxscript.org/adremoverTelechargement.html
/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\
Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « NETTOYER »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
__________
2)
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour Vista ou Seven)
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur http://pjjoint.malekal.com/
Clique sur "Parcourir "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
Ok juste 2 chose, (Déconnecte-toi d'internet et ferme toutes applications en cours) c'est a dire fermez le navigateur internet ( fenetre) ?
(Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares,)
Comment ? car je n'arrive pas a ouvrir mon anti-virus firewall ?!
Merçi encore pour ton aide c'est trés gentil
(Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares,)
Comment ? car je n'arrive pas a ouvrir mon anti-virus firewall ?!
Merçi encore pour ton aide c'est trés gentil
1) AD remove ma demander de redemarer a la fin
voila le rapport , je fait l'étape 2) ?
======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 08:59:52 le 02/04/2011, Mode normal
Microsoft® Windows Vista(TM) Édition Familiale Premium (X86)
Mathieu@PC-DE-FAMILLE (HP-Pavilion KP220AA-ABF a6419.fr)
============== ACTION(S) ==============
Fichier supprimé: C:\Windows\Temp\msksetup.log
Fichier supprimé: C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\qfyablxd.default\searchplugins\cherche.xml
Fichier supprimé: C:\Users\Mathieu\binternet.exe
Fichier supprimé: C:\Users\Mathieu\scriptjava.html
Fichier supprimé: C:\Users\Mathieu\temp1.6
Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\qfyablxd.default\Prefs.js --
Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://www.cherche.us/");
Ligne supprimée: user_pref("keyword.URL", "hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpj...
-- Fichier Fermé --
Clé supprimée: HKLM\Software\Trymedia Systems
Clé supprimée: HKCU\Software\Grand Virtual
Clé supprimée: HKCU\Software\Lanconfig
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InternetGameBox
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [3.6.16 (fr)] ****
Extensions\searchtheweb@iminent (SearchTheWeb)
HKCU_Extensions|{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a} - C:\Users\Mathieu\Program Files\DNA
-- C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\qfyablxd.default --
Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} (Winamp Toolbar)
Searchplugins\SearchTheWeb.xml ( hxxp://search.iminent.com)
Searchplugins\winamp-search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Mathieu\\Downloads
Prefs.js - browser.search.defaultenginename, Winamp Search
Prefs.js - browser.search.defaulturl, hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinamp...
Prefs.js - browser.search.selectedEngine, Winamp Search
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16
========================================
**** Internet Explorer Version [8.0.6001.18904] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll)
HKCU_SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9} - "IESearch" (hxxp://www.iesearch.com/s/?&q={searchTerms})
HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "cherche.us" (hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3...)
HKCU_SearchScopes\{95594021-BCC7-4E56-BE8A-67D2D2DE504D} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9} - "IESearch" (hxxp://www.iesearch.com/s/?&q={searchTerms})
HKLM_SearchScopes\{95594021-BCC7-4E56-BE8A-67D2D2DE504D} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{0BE5A488-6C2A-45F3-A464-DEC2E7575253} (x)
HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?)
HKLM_Extensions\{58ECB495-38F0-49cb-A538-10282ABF65E7} - "Livre de reliures HP" (C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll,207)
HKLM_Extensions\{700259D7-1666-479a-93B1-3250410481E8} - "Sélection intelligente HP" (C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll,209)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{053F9267-DC04-4294-A72C-58F732D338C0} - "HP Print Clips" (C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll)
BHO\{0E896FCA-D07E-45FE-901F-6A26FCF59C02} - "Iminent.SearchTheWeb.HelperObject" (mscoree.dll) (x)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll)
BHO\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - "LinkToContent Class" (C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll) (x)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 12 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 02/04/2011 09:00:01 (7298 Octet(s))
Fin à: 09:01:34, 02/04/2011
============== E.O.F ==============
,
voila le rapport , je fait l'étape 2) ?
======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 08:59:52 le 02/04/2011, Mode normal
Microsoft® Windows Vista(TM) Édition Familiale Premium (X86)
Mathieu@PC-DE-FAMILLE (HP-Pavilion KP220AA-ABF a6419.fr)
============== ACTION(S) ==============
Fichier supprimé: C:\Windows\Temp\msksetup.log
Fichier supprimé: C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\qfyablxd.default\searchplugins\cherche.xml
Fichier supprimé: C:\Users\Mathieu\binternet.exe
Fichier supprimé: C:\Users\Mathieu\scriptjava.html
Fichier supprimé: C:\Users\Mathieu\temp1.6
Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\qfyablxd.default\Prefs.js --
Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://www.cherche.us/");
Ligne supprimée: user_pref("keyword.URL", "hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpj...
-- Fichier Fermé --
Clé supprimée: HKLM\Software\Trymedia Systems
Clé supprimée: HKCU\Software\Grand Virtual
Clé supprimée: HKCU\Software\Lanconfig
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InternetGameBox
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [3.6.16 (fr)] ****
Extensions\searchtheweb@iminent (SearchTheWeb)
HKCU_Extensions|{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a} - C:\Users\Mathieu\Program Files\DNA
-- C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\qfyablxd.default --
Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} (Winamp Toolbar)
Searchplugins\SearchTheWeb.xml ( hxxp://search.iminent.com)
Searchplugins\winamp-search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Mathieu\\Downloads
Prefs.js - browser.search.defaultenginename, Winamp Search
Prefs.js - browser.search.defaulturl, hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinamp...
Prefs.js - browser.search.selectedEngine, Winamp Search
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16
========================================
**** Internet Explorer Version [8.0.6001.18904] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll)
HKCU_SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9} - "IESearch" (hxxp://www.iesearch.com/s/?&q={searchTerms})
HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "cherche.us" (hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3...)
HKCU_SearchScopes\{95594021-BCC7-4E56-BE8A-67D2D2DE504D} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9} - "IESearch" (hxxp://www.iesearch.com/s/?&q={searchTerms})
HKLM_SearchScopes\{95594021-BCC7-4E56-BE8A-67D2D2DE504D} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{0BE5A488-6C2A-45F3-A464-DEC2E7575253} (x)
HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?)
HKLM_Extensions\{58ECB495-38F0-49cb-A538-10282ABF65E7} - "Livre de reliures HP" (C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll,207)
HKLM_Extensions\{700259D7-1666-479a-93B1-3250410481E8} - "Sélection intelligente HP" (C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll,209)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{053F9267-DC04-4294-A72C-58F732D338C0} - "HP Print Clips" (C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll)
BHO\{0E896FCA-D07E-45FE-901F-6A26FCF59C02} - "Iminent.SearchTheWeb.HelperObject" (mscoree.dll) (x)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll)
BHO\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - "LinkToContent Class" (C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll) (x)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 12 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 02/04/2011 09:00:01 (7298 Octet(s))
Fin à: 09:01:34, 02/04/2011
============== E.O.F ==============
,
ok
1)
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
[MD5.191BA4AADD84854B9F48891E3F21BD49] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928]
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} . (...) -- C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll (.not file.)
O3 - Toolbar: (no name) - {0BE5A488-6C2A-45F3-A464-DEC2E7575253} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - Global Startup: C:\Users\Mathieu\Desktop\Inpaint.lnk . (...) -- C:\Users\Mathieu\AppData\Roaming\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_31FAD3247F4B0F6385E90B.exe
O20 - Winlogon Notify: cryptnet32 . (.Pas de propriétaire - Pas de description.) -- cryptnet32.dll
[HKCU\Software\Iminent]
[HKCU\Software\MessengerSkinner]
[HKCU\Software\mc]
O43 - CFD: 29/06/2009 - 18:17:02 - [0] ----D- C:\Program Files\Circle Develoement
O43 - CFD: 16/06/2009 - 20:23:16 - [3868] ----D- C:\Program Files\Iminent
O44 - LFC:[MD5.88C6EC065BA1BDC9713ECCF6BB7DF464] - 02/04/2011 - 07:00:55 ---A- . (...) -- C:\Windows\System32\drivers\str.sys [327743]
O44 - LFC:[MD5.344B11F6512EB0F633E8C1F9F60451B4] - 18/03/2011 - 19:34:20 --H-- . (...) -- C:\Windows\System32\shimg.dll [295053]
O58 - SDL:[MD5.88C6EC065BA1BDC9713ECCF6BB7DF464] - 02/04/2011 - 07:00:55 ---A- . (...) -- C:\Windows\system32\drivers\str.sys [327743]
O69 - SBI: SearchScopes [HKCU] {557C21FE-7274-410D-853E-9ED4471BF193} - (cherche.us) - http://www.cherche.usSO-8859-1&q={searchTerms}+&meta=
[HKCU\Software\Microsoft\Internet Explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Microsoft\Internet Explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}]
C:\Program Files\Iminent
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O8 - Extra context menu item: Add to Windows &Live Favorites - (.not file.) - http:\\favorites.live.com\quickadd.aspx
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 3.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {59971D79-8111-42C2-9E40-883A0C277E78}
O42 - Logiciel: SweetIM for Messenger 2.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {C3576005-01B0-4C25-AA5F-40134CC78C42}
[HKCU\Software\SweetIM]
[HKLM\Software\SweetIM]
O43 - CFD: 19/06/2008 - 00:08:42 - [5844102] ----D- C:\Program Files\SweetIM
O43 - CFD: 19/06/2008 - 00:08:24 - [5203858] --H-D- C:\ProgramData\SweetIM
[HKCR\sweetie.ietoolbar]
[HKCR\sweetie.ietoolbar.1]
[HKCR\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKCR\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[HKCR\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\sweetie.ietoolbar]
[HKLM\Software\Classes\sweetie.ietoolbar.1]
[HKLM\Software\Classes\sweetie.sweetie]
[HKLM\Software\Classes\sweetie.sweetie.3]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKLM\Software\Classes\Toolbar3.sweetie]
[HKLM\Software\Classes\Toolbar3.sweetie.1]
[HKLM\Software\Classes\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\app paths\sweetim.exe]
MBRFix
Puis Lance ZHPFix depuis le raccourci du bureau .
* Une fois l'outil ZHPFix ouvert ,
- Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
- Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes
- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse
le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
_________
2)
redemarre le pc et dis moi si tu as encore des soucis
1)
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
[MD5.191BA4AADD84854B9F48891E3F21BD49] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928]
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} . (...) -- C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll (.not file.)
O3 - Toolbar: (no name) - {0BE5A488-6C2A-45F3-A464-DEC2E7575253} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - Global Startup: C:\Users\Mathieu\Desktop\Inpaint.lnk . (...) -- C:\Users\Mathieu\AppData\Roaming\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_31FAD3247F4B0F6385E90B.exe
O20 - Winlogon Notify: cryptnet32 . (.Pas de propriétaire - Pas de description.) -- cryptnet32.dll
[HKCU\Software\Iminent]
[HKCU\Software\MessengerSkinner]
[HKCU\Software\mc]
O43 - CFD: 29/06/2009 - 18:17:02 - [0] ----D- C:\Program Files\Circle Develoement
O43 - CFD: 16/06/2009 - 20:23:16 - [3868] ----D- C:\Program Files\Iminent
O44 - LFC:[MD5.88C6EC065BA1BDC9713ECCF6BB7DF464] - 02/04/2011 - 07:00:55 ---A- . (...) -- C:\Windows\System32\drivers\str.sys [327743]
O44 - LFC:[MD5.344B11F6512EB0F633E8C1F9F60451B4] - 18/03/2011 - 19:34:20 --H-- . (...) -- C:\Windows\System32\shimg.dll [295053]
O58 - SDL:[MD5.88C6EC065BA1BDC9713ECCF6BB7DF464] - 02/04/2011 - 07:00:55 ---A- . (...) -- C:\Windows\system32\drivers\str.sys [327743]
O69 - SBI: SearchScopes [HKCU] {557C21FE-7274-410D-853E-9ED4471BF193} - (cherche.us) - http://www.cherche.usSO-8859-1&q={searchTerms}+&meta=
[HKCU\Software\Microsoft\Internet Explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Microsoft\Internet Explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}]
C:\Program Files\Iminent
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O8 - Extra context menu item: Add to Windows &Live Favorites - (.not file.) - http:\\favorites.live.com\quickadd.aspx
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 3.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {59971D79-8111-42C2-9E40-883A0C277E78}
O42 - Logiciel: SweetIM for Messenger 2.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {C3576005-01B0-4C25-AA5F-40134CC78C42}
[HKCU\Software\SweetIM]
[HKLM\Software\SweetIM]
O43 - CFD: 19/06/2008 - 00:08:42 - [5844102] ----D- C:\Program Files\SweetIM
O43 - CFD: 19/06/2008 - 00:08:24 - [5203858] --H-D- C:\ProgramData\SweetIM
[HKCR\sweetie.ietoolbar]
[HKCR\sweetie.ietoolbar.1]
[HKCR\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKCR\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[HKCR\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\sweetie.ietoolbar]
[HKLM\Software\Classes\sweetie.ietoolbar.1]
[HKLM\Software\Classes\sweetie.sweetie]
[HKLM\Software\Classes\sweetie.sweetie.3]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKLM\Software\Classes\Toolbar3.sweetie]
[HKLM\Software\Classes\Toolbar3.sweetie.1]
[HKLM\Software\Classes\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\app paths\sweetim.exe]
MBRFix
Puis Lance ZHPFix depuis le raccourci du bureau .
* Une fois l'outil ZHPFix ouvert ,
- Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
- Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes
- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse
le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
_________
2)
redemarre le pc et dis moi si tu as encore des soucis
Il faut que je colle le texte en gras dans (coller les lignes helper) ??
ou simplement ouvrir la lettre H et cliquer sur GO ?
ou simplement ouvrir la lettre H et cliquer sur GO ?
Oui exact =) (je vais redemarrer , aurais-je retrouver mes dossier musique , image ... ? )
Rapport de ZHPFix 1.12.3269 par Nicolas Coolman, Update du 30/03/2011
Fichier d'export Registre :
Run by Mathieu at 02/04/2011 09:57:04
Windows Vista Home Premium Edition, 32-bit (Build 6000)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Clé(s) du Registre ==========
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 3.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {59971D79-8111-42C2-9E40-883A0C277E78} => Clé supprimée avec succès
O42 - Logiciel: SweetIM for Messenger 2.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {C3576005-01B0-4C25-AA5F-40134CC78C42} => Clé supprimée avec succès
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} . (...) -- C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll (.not file.) => Clé supprimée avec succès
O20 - Winlogon Notify: cryptnet32 . (.Pas de propriétaire - Pas de description.) -- cryptnet32.dll => Clé supprimée avec succès
HKCU\Software\Iminent => Clé supprimée avec succès
HKCU\Software\MessengerSkinner => Clé supprimée avec succès
HKCU\Software\mc => Clé supprimée avec succès
O69 - SBI: SearchScopes [HKCU] {557C21FE-7274-410D-853E-9ED4471BF193} - (cherche.us) - http://www.cherche.usSO-8859-1&q={searchTerms}+&meta= => Clé supprimée avec succès
HKCU\Software\Microsoft\Internet Explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847} => Clé supprimée avec succès
HKLM\Software\Microsoft\Internet Explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847} => Clé supprimée avec succès
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Clé supprimée avec succès
O8 - Extra context menu item: Add to Windows &Live Favorites - (.not file.) - http:\\favorites.live.com\quickadd.aspx => Clé supprimée avec succès
HKCU\Software\SweetIM => Clé supprimée avec succès
HKLM\Software\SweetIM => Clé supprimée avec succès
HKCR\sweetie.ietoolbar => Clé supprimée avec succès
HKCR\sweetie.ietoolbar.1 => Clé supprimée avec succès
HKCR\sweetim_urlsearchhook.toolbarurlsearchhook => Clé supprimée avec succès
HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1 => Clé supprimée avec succès
HKCR\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847} => Clé supprimée avec succès
HKCR\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847} => Clé supprimée avec succès
HKLM\Software\Classes\sweetie.ietoolbar => Clé absente
HKLM\Software\Classes\sweetie.ietoolbar.1 => Clé absente
HKLM\Software\Classes\sweetie.sweetie => Clé supprimée avec succès
HKLM\Software\Classes\sweetie.sweetie.3 => Clé supprimée avec succès
HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook => Clé absente
HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 => Clé absente
HKLM\Software\Classes\Toolbar3.sweetie => Clé supprimée avec succès
HKLM\Software\Classes\Toolbar3.sweetie.1 => Clé supprimée avec succès
HKLM\Software\Classes\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847} => Clé absente
HKLM\Software\Classes\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847} => Clé absente
HKLM\Software\Microsoft\Windows\CurrentVersion\app paths\sweetim.exe => Clé supprimée avec succès
========== Valeur(s) du Registre ==========
O3 - Toolbar: (no name) - {0BE5A488-6C2A-45F3-A464-DEC2E7575253} . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur supprimée avec succès
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe => Valeur supprimée avec succès
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Valeur supprimée avec succès
========== Dossier(s) ==========
C:\Program Files\Circle Develoement => Supprimé et mis en quarantaine
C:\Program Files\Iminent => Supprimé et mis en quarantaine
C:\Program Files\SweetIM => Fichier supprimé au reboot
C:\ProgramData\SweetIM => Supprimé et mis en quarantaine
========== Fichier(s) ==========
c:\program files\sweetim\messenger\sweetim.exe => Fichier absent
c:\program files\iminent\imbooster\iminent.linktocontent.dll => Fichier absent
c:\users\mathieu\desktop\inpaint.lnk => Supprimé et mis en quarantaine
c:\users\mathieu\appdata\roaming\microsoft\installer\{b6bccb80-b3fc-4e97-8513-a7bee73a5c5a}\_31fad3247f4b0f6385e90b.exe => Supprimé et mis en quarantaine
cryptnet32.dll => Fichier absent
c:\windows\system32\drivers\str.sys => Supprimé et mis en quarantaine
c:\windows\system32\shimg.dll => Supprimé et mis en quarantaine
c:\program files\iminent => Fichier absent
c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll => Supprimé et mis en quarantaine
p:\\favorites.live.com => Supprimé et mis en quarantaine
========== Master Boot Record ==========
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: SAMSUNG_ rev.CR10 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86CFE1ED]<<
1 ntkrnlpa!IofCallDriver[0x82827F8E] -> \Device\Harddisk0\DR0[0x85739610]
3 ntkrnlpa[0x828B0D35] -> ntkrnlpa!IofCallDriver[0x82827F8E] -> \Device\Ide\IAAStorageDevice-1[0x85703030]
kernel: MBR read successfully
detected hooks:
\Driver\iaStor -> 0x86cfe1ed
user & kernel MBR OK
Warning: possible MBR rootkit infection !
Resultat après le fix :
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: SAMSUNG_ rev.CR10 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86CFE1ED]<<
1 ntkrnlpa!IofCallDriver[0x82827F8E] -> \Device\Harddisk0\DR0[0x85739610]
3 ntkrnlpa[0x828B0D35] -> ntkrnlpa!IofCallDriver[0x82827F8E] -> \Device\Ide\IAAStorageDevice-1[0x85703030]
kernel: MBR read successfully
detected hooks:
\Driver\iaStor -> 0x86cfe1ed
user & kernel MBR OK
Warning: possible MBR rootkit infection !
========== Récapitulatif ==========
31 : Clé(s) du Registre
3 : Valeur(s) du Registre
4 : Dossier(s)
10 : Fichier(s)
1 : Master Boot Record
End of the scan
Rapport de ZHPFix 1.12.3269 par Nicolas Coolman, Update du 30/03/2011
Fichier d'export Registre :
Run by Mathieu at 02/04/2011 09:57:04
Windows Vista Home Premium Edition, 32-bit (Build 6000)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Clé(s) du Registre ==========
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 3.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {59971D79-8111-42C2-9E40-883A0C277E78} => Clé supprimée avec succès
O42 - Logiciel: SweetIM for Messenger 2.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {C3576005-01B0-4C25-AA5F-40134CC78C42} => Clé supprimée avec succès
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} . (...) -- C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll (.not file.) => Clé supprimée avec succès
O20 - Winlogon Notify: cryptnet32 . (.Pas de propriétaire - Pas de description.) -- cryptnet32.dll => Clé supprimée avec succès
HKCU\Software\Iminent => Clé supprimée avec succès
HKCU\Software\MessengerSkinner => Clé supprimée avec succès
HKCU\Software\mc => Clé supprimée avec succès
O69 - SBI: SearchScopes [HKCU] {557C21FE-7274-410D-853E-9ED4471BF193} - (cherche.us) - http://www.cherche.usSO-8859-1&q={searchTerms}+&meta= => Clé supprimée avec succès
HKCU\Software\Microsoft\Internet Explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847} => Clé supprimée avec succès
HKLM\Software\Microsoft\Internet Explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847} => Clé supprimée avec succès
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Clé supprimée avec succès
O8 - Extra context menu item: Add to Windows &Live Favorites - (.not file.) - http:\\favorites.live.com\quickadd.aspx => Clé supprimée avec succès
HKCU\Software\SweetIM => Clé supprimée avec succès
HKLM\Software\SweetIM => Clé supprimée avec succès
HKCR\sweetie.ietoolbar => Clé supprimée avec succès
HKCR\sweetie.ietoolbar.1 => Clé supprimée avec succès
HKCR\sweetim_urlsearchhook.toolbarurlsearchhook => Clé supprimée avec succès
HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1 => Clé supprimée avec succès
HKCR\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847} => Clé supprimée avec succès
HKCR\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847} => Clé supprimée avec succès
HKLM\Software\Classes\sweetie.ietoolbar => Clé absente
HKLM\Software\Classes\sweetie.ietoolbar.1 => Clé absente
HKLM\Software\Classes\sweetie.sweetie => Clé supprimée avec succès
HKLM\Software\Classes\sweetie.sweetie.3 => Clé supprimée avec succès
HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook => Clé absente
HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 => Clé absente
HKLM\Software\Classes\Toolbar3.sweetie => Clé supprimée avec succès
HKLM\Software\Classes\Toolbar3.sweetie.1 => Clé supprimée avec succès
HKLM\Software\Classes\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847} => Clé absente
HKLM\Software\Classes\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847} => Clé absente
HKLM\Software\Microsoft\Windows\CurrentVersion\app paths\sweetim.exe => Clé supprimée avec succès
========== Valeur(s) du Registre ==========
O3 - Toolbar: (no name) - {0BE5A488-6C2A-45F3-A464-DEC2E7575253} . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur supprimée avec succès
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe => Valeur supprimée avec succès
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Valeur supprimée avec succès
========== Dossier(s) ==========
C:\Program Files\Circle Develoement => Supprimé et mis en quarantaine
C:\Program Files\Iminent => Supprimé et mis en quarantaine
C:\Program Files\SweetIM => Fichier supprimé au reboot
C:\ProgramData\SweetIM => Supprimé et mis en quarantaine
========== Fichier(s) ==========
c:\program files\sweetim\messenger\sweetim.exe => Fichier absent
c:\program files\iminent\imbooster\iminent.linktocontent.dll => Fichier absent
c:\users\mathieu\desktop\inpaint.lnk => Supprimé et mis en quarantaine
c:\users\mathieu\appdata\roaming\microsoft\installer\{b6bccb80-b3fc-4e97-8513-a7bee73a5c5a}\_31fad3247f4b0f6385e90b.exe => Supprimé et mis en quarantaine
cryptnet32.dll => Fichier absent
c:\windows\system32\drivers\str.sys => Supprimé et mis en quarantaine
c:\windows\system32\shimg.dll => Supprimé et mis en quarantaine
c:\program files\iminent => Fichier absent
c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll => Supprimé et mis en quarantaine
p:\\favorites.live.com => Supprimé et mis en quarantaine
========== Master Boot Record ==========
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: SAMSUNG_ rev.CR10 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86CFE1ED]<<
1 ntkrnlpa!IofCallDriver[0x82827F8E] -> \Device\Harddisk0\DR0[0x85739610]
3 ntkrnlpa[0x828B0D35] -> ntkrnlpa!IofCallDriver[0x82827F8E] -> \Device\Ide\IAAStorageDevice-1[0x85703030]
kernel: MBR read successfully
detected hooks:
\Driver\iaStor -> 0x86cfe1ed
user & kernel MBR OK
Warning: possible MBR rootkit infection !
Resultat après le fix :
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: SAMSUNG_ rev.CR10 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86CFE1ED]<<
1 ntkrnlpa!IofCallDriver[0x82827F8E] -> \Device\Harddisk0\DR0[0x85739610]
3 ntkrnlpa[0x828B0D35] -> ntkrnlpa!IofCallDriver[0x82827F8E] -> \Device\Ide\IAAStorageDevice-1[0x85703030]
kernel: MBR read successfully
detected hooks:
\Driver\iaStor -> 0x86cfe1ed
user & kernel MBR OK
Warning: possible MBR rootkit infection !
========== Récapitulatif ==========
31 : Clé(s) du Registre
3 : Valeur(s) du Registre
4 : Dossier(s)
10 : Fichier(s)
1 : Master Boot Record
End of the scan
/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\
* Télécharge mbr.exe de Gmer ici : http://www2.gmer.net/mbr/mbr.exe et enregistre le fichier sur le Bureau.
* Merci à Malekal pour le tutoriel
* Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
* Double clique sur mbr.exe
* Un rapport sera généré : mbr.log
* En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.
* Pour supprimer le rootkit aller dans le menu Démarrer=> Exécuter et tapez la commande en gras:
=> Sous XP : "%userprofile%\Bureau\mbr" -f
=> Sous Vista/Seven : "%userprofile%\Desktop\mbr" -f
* (veuillez à bien respecter les guillemets)
* Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"
* Réactive tes protections .Poste ce rapport et supprime le ensuite.
o Pour vérifier désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
o Relance mbr.exe
o Réactive tes protections.
o Le nouveau mbr.log devrait être celui-ci :
o Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
o device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
* Télécharge mbr.exe de Gmer ici : http://www2.gmer.net/mbr/mbr.exe et enregistre le fichier sur le Bureau.
* Merci à Malekal pour le tutoriel
* Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
* Double clique sur mbr.exe
* Un rapport sera généré : mbr.log
* En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.
* Pour supprimer le rootkit aller dans le menu Démarrer=> Exécuter et tapez la commande en gras:
=> Sous XP : "%userprofile%\Bureau\mbr" -f
=> Sous Vista/Seven : "%userprofile%\Desktop\mbr" -f
* (veuillez à bien respecter les guillemets)
* Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"
* Réactive tes protections .Poste ce rapport et supprime le ensuite.
o Pour vérifier désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
o Relance mbr.exe
o Réactive tes protections.
o Le nouveau mbr.log devrait être celui-ci :
o Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
o device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
