XP antivirus 2012 Résolu

Question

Salut à tous!
J'appelle les forces de l'informatique à l'aide!!!

Voila mon pb:XP ANTIVIRUS 2012! Bien sure comme j'ai pu constater sur le forum, je suis loin d'être la seule à avoir été confrontée à ce virus.

J'ai tenté les multiples manoeuvres proposées, sans succés et tant donnée mon pauvre niveau en informatique... 

J'ai tout d'abord installé ROGUEKILLER par tigzy (gd monsieur!), a partir d'une clé USB(car mon ordi infecté est sous l'emprise du VIRUS il ne répond plus à rien, ni restauration, ni internet, ni rien du tout). J'ai suivi la procedure recommandée, j'ai bien eu des rapports RK, par contre je n'ai pas compris ce qu'il fallait en faire.
Ensuite MALWAREBYTES meme delire et rapports idem... 
Et puis ZHPfix!eh beh autant dire que c'est un fiasco total...
Est ce qu'il ya une âme charitable qui veut bien reprendre pour moi?

En vous remerciant d'avance

g3n-h@ckm@n · Answer

salut colle le contenu de tes rapports de roguekiller

djohanne · Answer

Merci beaucoup !
Voila le dernier rapport que j'ai eu:
RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djam khen [Droits restreints]
Mode: Suppression -- Date : 04/12/2011 17:36:17

¤¤¤ Processus malicieux: 32 ¤¤¤
[HJ NAME] smss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] services.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] smss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] services.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]

¤¤¤ Entrees de registre: 64 ¤¤¤
[] HKCR\[...]CLSID : () -> ACCESS DENIED
[] HKCU\[...]\Run : () -> ACCESS DENIED
[] HKLM\[...]\Run : () -> ACCESS DENIED
[] HKCU\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnceEx : () -> ACCESS DENIED
[] HKCU\[...]\Winlogon : () -> ACCESS DENIED
[] HKCU\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\Winlogon : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Image File Execution Options : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\SystemRestore : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKCU\[...]\Desktop : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...].exe : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\ShellServiceObjectDelayLoad : () -> ACCESS DENIED
[] HKLM\[...]\SharedTaskScheduler : () -> ACCESS DENIED
[] HKLM\[...]\Browser Helper Objects : () -> ACCESS DENIED
[] HKCU\[...]\Stats : () -> ACCESS DENIED

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

g3n-h@ckm@n · Answer

bah tu l'as lancé 50 fois....

poste tous les rapports l'un apres l autre

djohanne · Answer

Pas 50! 8 fois!! lol

RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djam khen [Droits restreints]
Mode: Recherche -- Date : 04/12/2011 17:31:41

¤¤¤ Processus malicieux: 32 ¤¤¤
[HJ NAME] smss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] services.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] smss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] services.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]

¤¤¤ Entrees de registre: 64 ¤¤¤
[] HKCR\[...]CLSID : () -> ACCESS DENIED
[] HKCU\[...]\Run : () -> ACCESS DENIED
[] HKLM\[...]\Run : () -> ACCESS DENIED
[] HKCU\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnceEx : () -> ACCESS DENIED
[] HKCU\[...]\Winlogon : () -> ACCESS DENIED
[] HKCU\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\Winlogon : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Image File Execution Options : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\SystemRestore : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKCU\[...]\Desktop : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...].exe : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\ShellServiceObjectDelayLoad : () -> ACCESS DENIED
[] HKLM\[...]\SharedTaskScheduler : () -> ACCESS DENIED
[] HKLM\[...]\Browser Helper Objects : () -> ACCESS DENIED
[] HKCU\[...]\Stats : () -> ACCESS DENIED

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[1].txt >>
RKreport[1].txt

djohanne · Answer

RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djam khen [Droits restreints]
Mode: Recherche -- Date : 04/12/2011 17:34:58

¤¤¤ Processus malicieux: 32 ¤¤¤
[HJ NAME] smss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] services.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] smss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] services.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]

¤¤¤ Entrees de registre: 64 ¤¤¤
[] HKCR\[...]CLSID : () -> ACCESS DENIED
[] HKCU\[...]\Run : () -> ACCESS DENIED
[] HKLM\[...]\Run : () -> ACCESS DENIED
[] HKCU\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnceEx : () -> ACCESS DENIED
[] HKCU\[...]\Winlogon : () -> ACCESS DENIED
[] HKCU\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\Winlogon : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Image File Execution Options : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\SystemRestore : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKCU\[...]\Desktop : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...].exe : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\ShellServiceObjectDelayLoad : () -> ACCESS DENIED
[] HKLM\[...]\SharedTaskScheduler : () -> ACCESS DENIED
[] HKLM\[...]\Browser Helper Objects : () -> ACCESS DENIED
[] HKCU\[...]\Stats : () -> ACCESS DENIED

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

djohanne · Answer

RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djam khen [Droits restreints]
Mode: Recherche -- Date : 04/12/2011 17:34:58

¤¤¤ Processus malicieux: 32 ¤¤¤
[HJ NAME] smss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] services.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] smss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] services.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]

¤¤¤ Entrees de registre: 64 ¤¤¤
[] HKCR\[...]CLSID : () -> ACCESS DENIED
[] HKCU\[...]\Run : () -> ACCESS DENIED
[] HKLM\[...]\Run : () -> ACCESS DENIED
[] HKCU\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnceEx : () -> ACCESS DENIED
[] HKCU\[...]\Winlogon : () -> ACCESS DENIED
[] HKCU\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\Winlogon : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Image File Execution Options : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\SystemRestore : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKCU\[...]\Desktop : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...].exe : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\ShellServiceObjectDelayLoad : () -> ACCESS DENIED
[] HKLM\[...]\SharedTaskScheduler : () -> ACCESS DENIED
[] HKLM\[...]\Browser Helper Objects : () -> ACCESS DENIED
[] HKCU\[...]\Stats : () -> ACCESS DENIED

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

djohanne · Answer

RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djam khen [Droits restreints]
Mode: Raccourcis RAZ -- Date : 04/12/2011 17:34:03

¤¤¤ Processus malicieux: 16 ¤¤¤
[HJ NAME] smss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] services.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

Attributs de fichiers restaures:
Bureau: Success 0 / Fail 0
Lancement rapide: Success 0 / Fail 0
Programmes: Success 0 / Fail 10
Menu demarrer: Success 0 / Fail 0
Dossier utilisateur: Success 0 / Fail 0
Mes documents: Success 0 / Fail 6
Mes favoris: Success 0 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 51 / Fail 815
Sauvegarde: [NOT FOUND]

Lecteurs:
[C:] -- 0x3 --> Restored
[D:] -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Termine : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

djohanne · Answer

RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djam khen [Droits restreints]
Mode: Recherche -- Date : 04/12/2011 17:34:58

¤¤¤ Processus malicieux: 32 ¤¤¤
[HJ NAME] smss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] services.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] smss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] services.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]

¤¤¤ Entrees de registre: 64 ¤¤¤
[] HKCR\[...]CLSID : () -> ACCESS DENIED
[] HKCU\[...]\Run : () -> ACCESS DENIED
[] HKLM\[...]\Run : () -> ACCESS DENIED
[] HKCU\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnceEx : () -> ACCESS DENIED
[] HKCU\[...]\Winlogon : () -> ACCESS DENIED
[] HKCU\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\Winlogon : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Image File Execution Options : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\SystemRestore : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKCU\[...]\Desktop : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...].exe : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\ShellServiceObjectDelayLoad : () -> ACCESS DENIED
[] HKLM\[...]\SharedTaskScheduler : () -> ACCESS DENIED
[] HKLM\[...]\Browser Helper Objects : () -> ACCESS DENIED
[] HKCU\[...]\Stats : () -> ACCESS DENIED

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

djohanne · Answer

RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djam khen [Droits restreints]
Mode: Recherche -- Date : 04/12/2011 17:34:58

¤¤¤ Processus malicieux: 32 ¤¤¤
[HJ NAME] smss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] services.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] smss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] services.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]

¤¤¤ Entrees de registre: 64 ¤¤¤
[] HKCR\[...]CLSID : () -> ACCESS DENIED
[] HKCU\[...]\Run : () -> ACCESS DENIED
[] HKLM\[...]\Run : () -> ACCESS DENIED
[] HKCU\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnceEx : () -> ACCESS DENIED
[] HKCU\[...]\Winlogon : () -> ACCESS DENIED
[] HKCU\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\Winlogon : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Image File Execution Options : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\SystemRestore : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKCU\[...]\Desktop : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...].exe : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\ShellServiceObjectDelayLoad : () -> ACCESS DENIED
[] HKLM\[...]\SharedTaskScheduler : () -> ACCESS DENIED
[] HKLM\[...]\Browser Helper Objects : () -> ACCESS DENIED
[] HKCU\[...]\Stats : () -> ACCESS DENIED

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

djohanne · Answer

RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djam khen [Droits restreints]
Mode: Suppression -- Date : 04/12/2011 17:35:12

¤¤¤ Processus malicieux: 32 ¤¤¤
[HJ NAME] smss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] services.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[HJ NAME] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] smss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] csrss.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] winlogon.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] services.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] lsass.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] spoolsv.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] svchost.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] wscntfy.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] explorer.exe -- LOCKED -> NOT KILLED [0x5]
[RESIDUE] ctfmon.exe -- LOCKED -> NOT KILLED [0x5]

¤¤¤ Entrees de registre: 64 ¤¤¤
[] HKCR\[...]CLSID : () -> ACCESS DENIED
[] HKCU\[...]\Run : () -> ACCESS DENIED
[] HKLM\[...]\Run : () -> ACCESS DENIED
[] HKCU\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnceEx : () -> ACCESS DENIED
[] HKCU\[...]\Winlogon : () -> ACCESS DENIED
[] HKCU\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\Winlogon : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Image File Execution Options : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\SystemRestore : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKLM\[...]\Security Center : () -> ACCESS DENIED
[] HKCU\[...]\Desktop : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...].exe : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\ShellServiceObjectDelayLoad : () -> ACCESS DENIED
[] HKLM\[...]\SharedTaskScheduler : () -> ACCESS DENIED
[] HKLM\[...]\Browser Helper Objects : () -> ACCESS DENIED
[] HKCU\[...]\Stats : () -> ACCESS DENIED

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt

djohanne · Answer

Plus 3 autres fois...
RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur: djam khen [Droits d'admin]
Mode: Suppression -- Date : 04/12/2011 17:49:38

¤¤¤ Processus malicieux: 2 ¤¤¤
[WINDOW : XP Antivirus 2012] ajs.exe -- C:\Documents and Settings\djam khen\Local Settings\Application Data\ajs.exe -> KILLED [TermProc]
[SUSP PATH] ajs.exe -- C:\Documents and Settings\djam khen\Local Settings\Application Data\ajs.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 5 ¤¤¤
[FILE ASSO] HKCU\Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\djam khen\Local Settings\Application Data\ajs.exe" -a "%1" %*) -> REPLACED ("%1" %*)
[FILE ASSO] HKCR\.exe : (ah) -> REPLACED (exefile)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Documents and Settings\djam khen\Local Settings\Application Data\ajs.exe" -a "firefox.exe) -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe")
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Documents and Settings\djam khen\Local Settings\Application Data\ajs.exe" -a "firefox.exe -safe-mode) -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\djam khen\Local Settings\Application Data\ajs.exe" -a "iexplore.exe) -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe")

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[1].txt >>
RKreport[1].txt

djohanne · Answer

RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur: djam khen [Droits d'admin]
Mode: Recherche -- Date : 04/12/2011 17:50:59

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

djohanne · Answer

RogueKiller V6.1.12 [02/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur: djam khen [Droits d'admin]
Mode: Recherche -- Date : 04/12/2011 17:50:59

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

djohanne · Answer

C vrai qu'on s'approche plus des 50 fois comme ça...

g3n-h@ckm@n · Answer

apparement il y a des fois ou tu ne l'as pas lancé avec le clic droit "executer en tant qu'administrateur"....

Malwarebytes a été lancé ou pas ?

djohanne · Answer

Ouaip! Lancé 
Et effectivemment je ne suis pas forcement passée par "executer en tant qu'administrateur"
Et c grave docteur?

g3n-h@ckm@n · Answer

non tu as fait un complet avec mbam ? le scan est fini ou en train ?

djohanne · Answer

Je l'ai fait hier  
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8309

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

04/12/2011 18:39:32
mbam-log-2011-12-04 (18-39-32).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 230175
Temps écoulé: 37 minute(s), 18 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\djam khen\Bureau\rk_quarantine\ajs.exe.vir (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\djam khen\local settings\application data\ajs.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

djohanne · Answer

... SVP aidez moi !!!!!

g3n-h@ckm@n · Answer

ok mais le virus est toujours present ?

djohanne · Answer

oui toujours present malgré les rapports que je t'ai envoyé

g3n-h@ckm@n · Answer

bizarre...

desactive ton antivirus
desactive Windows defender si présent
desactive ton pare-feu

Ferme toutes tes appilications en cours

telecharge et enregistre ceci sur ton bureau :

Pre_Scan

si le lien ne fonctionne pas :

http://www.archive-host.com

Avertissement: Il y aura une extinction du bureau pendant le scan --> pas de panique. 

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau.

si 'outil est bloqué par l'infection utilise cette version : Version .pif

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

si l'outil semble ne pas avoir fonctionné renomme-le winlogon , ou change son extension en .com ou .scr

 Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler 

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM (il est trop long)

heberge le rapport sur http://pjjoint.malekal.com et donne le lien obtenu 

si ton bureau ne reapparait pas => ctrl+alt+supp , gestionnaire des taches => onglet fichier => nouvelle tache puis tape explorer

djohanne · Answer

Je suis en mode sans echec avec prise en charge reseau c bon? Ou il faut que je change de mode?

Milles mercis encore

g3n-h@ckm@n · Answer

non mets toi en mode normal pour le lancer

djohanne · Answer

OK je fais ce que tu m'as dit 
A tt de suite

djohanne · Answer

Mon ordi s'est redemarré tt seul je sais pas ce qui s'est passé

djohanne · Answer

et je n'ai aps de rapport du prog sur mon bureau

djohanne · Answer

je te donne du fil a retordre

djohanne · Answer

bon beh du coup j'ai relancé le pre-scan

djohanne · Answer

OUHOU ça a marché

djohanne · Answer

le lien genere:https://pjjoint.malekal.com/files.php?id=20111205_c7g8c10z8c15

g3n-h@ckm@n · Answer

poulalahh !! tu installes vraiment n'importe quoi !! ^^

desinstalle :

adobe reader 9
imesh
fissa
datamngr
spointer
Fluendo

===========================

fais glisser une icone n'importe quel fichier sur Pre_scan , pre_script va apparaitre

Lance Pre_script , une page vierge va s'ouvrir.

selectionne tout le texte en gras ci-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
processes::
cacaoweb.exe
Datamngr.exe

Kill::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]  
"cacaoweb"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
"LManager"=-
"IMJPMIG8.1"=-
"MSPY2002"=-
"PHIME2002ASync"=-
"PHIME2002A"=-
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"iTunesHelper"=-
"DATAMNGR"=-
"HP Software Update"=-
""=-      
[-HKEY_CLASSES_ROOT\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"10"=-
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fissa] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar]      
[-HKEY_CLASSES_ROOT\CLSID\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{474597C5-AB09-49d6-A4D5-2E8D7341384E}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{474597C5-AB09-49d6-A4D5-2E8D7341384E}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{474597C5-AB09-49d6-A4D5-2E8D7341384E}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{474597C5-AB09-49d6-A4D5-2E8D7341384E}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{474597C5-AB09-49d6-A4D5-2E8D7341384E}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{474597C5-AB09-49d6-A4D5-2E8D7341384E}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{474597C5-AB09-49d6-A4D5-2E8D7341384E}"=-
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLS"=""
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E23A915E-1E95-42EA-B168-4150025522B5}]
[-HKCU\Software\cacaoweb]
[-HKCU\Software\DataMngr] 
[-HKCU\Software\FissaSearch] 
[-HKCU\Software\iMesh]
[-HKCU\Software\Spointer]
[-HKLM\Software\BrowserChoice]  
[-HKLM\Software\DataMngr] 
[-HKLM\Software\iMeshMediabarTb]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] 
"C:\Program Files\cacaoweb\cacaoweb.exe"=-
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"=-
"C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]  
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]  
"1900:UDP"=-
"2869:TCP"=-

txt::
C:\WINDOWS\SYSTEM_RESTORE.VBS      

file::
C:\WINDOWS\HotFix.bat 
C:\WINDOWS\HotFix2.bat
C:\WINDOWS\HotFix3.bat      
C:\WINDOWS\system32\Desktop_.ini      
C:\Documents and Settings\All Users\Application Data
15s4ba010i0ts14852wygc26pan501be8a1      
C:\Documents and Settings\djam khen\Local Settings\Application Data
15s4ba010i0ts14852wygc26pan501be8a1      

folder::
C:\Program Files\cacaoweb   
C:\Documents and Settings\djam khen\Application Data\Mozilla\Firefox\Profiles
awavytu.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}   
C:\Documents and Settings\djam khen\Application Data\Mozilla\Firefox\Profiles
awavytu.default\extensions\cacaoweb@cacaoweb.org 
C:\Documents and Settings\djam khen\Application Data\cacaoweb    
C:\Documents and Settings\djam khen\Application Data\FissaSearch    
C:\Documents and Settings\djam khen\Application Data\imeshbandmltbpi    
C:\Documents and Settings\djam khen\Application Data\moovida-1  
C:\Documents and Settings\djam khen\Application Data\mediabarim      
C:\Documents and Settings\All Users\Application Data\8CB    
C:\Documents and Settings\djam khen\Local Settings\Application Data\moovida Air 
C:\Program Files\cacaoweb    
C:\Program Files\Fluendo    
C:\Program Files\iMesh Applications    

attrib::                      

clean::      

Reboot::        
___________________________________________________

colle-le ensuite (clic droit/coller ou ctrl+V) dans la page vierge.

puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille 

poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail 

si ton bureau ne reapparait pas => ctrl+alt+supp , gestionnaire des taches => onglet fichier => nouvelle tache puis tape explorer

==============================

Télécharge et enregistre ADWcleaner sur ton bureau :

ADWCleaner (Merci à Xplode)

Lance le,

clique sur suppression et poste son rapport.

djohanne · Answer

Je tiens a souligner que la coupable ce n'est pas moi mais mon petit frere si tu savais toutes les merdes que j'ai deja desinstallé!LOL... MERCI et a tt de suite

djohanne · Answer

Voila cher ami! toutes tes instructions ont ete suivies a la lettre et voici donc le lien vers le dernier rapport: https://pjjoint.malekal.com/files.php?id=20111205_c15b15z12k14y13

et encore merccccccccii

g3n-h@ckm@n · Answer

le rapport pre_script ?

djohanne · Answer

https://pjjoint.malekal.com/files.php?id=20111205_o12e10o5z8m14

Voila m'sieur!!

g3n-h@ckm@n · Answer

&#9654 Télécharge ici : Ad-remover sur ton bureau : 


&#9654 Déconnecte toi et ferme toutes applications en cours ! 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

&#9654 sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut . 

&#9654 clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
 
&#9654 Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

&#9654 Laisse travailler l'outil et ne touche à rien ... 

&#9654 Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

djohanne · Answer

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:52:57 le 05/12/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
djam khen@ACER-932E1ED6FF ( ) 
 
============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Clé supprimée: HKCU\Software\iMesh
Clé supprimée: HKCU\Software\Spointer
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.21 (fr)] ****

FIREFOX.EXE\Shell\Open\Command - "C:\Program Files\mozilla firefox\firefox.exe"
Plugins
psibelius.dll (?)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)

-- C:\Documents and Settings\djam khen\Application Data\Mozilla\FireFox\Profiles
awavytu.default --
Extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2} (iGraal)
Prefs.js - browser.search.defaultenginename, Web Search
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, google.com
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.21
Prefs.js - keyword.URL, hxxp://search.imesh.com//web?src=ffb&appid=333&systemid=1&sr=0&q=

========================================

**** Internet Explorer Version [7.0.5730.13] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_Toolbar|{28387537-e3f9-4ed7-860c-11e69af4a8a0} (x)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 12 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 05/12/2011 21:53:10 (2017 Octet(s)) 

Fin à: 21:54:58, 05/12/2011 
 
============== E.O.F ==============

g3n-h@ckm@n · Answer

à gauche ou à droite ?

g3n-h@ckm@n · Answer

est-ce que tu as bien lancé pre_scan de la session infectée en mode normal ?

g3n-h@ckm@n · Answer

relance pre_scan voir ?

djohanne · Answer

LE DERNIER RAPPORT DE PRE_SCAN:
https://pjjoint.malekal.com/files.php?id=20111205_h5g9f8q11n9

g3n-h@ckm@n · Answer

aucune trace du processus....

g3n-h@ckm@n · Answer

non

Télécharge SEAF.exe de C_XX


*Double clique sur SF.exe (Exécuter en tant qu'administrateur pour Vista/7) .

*Une fenêtre va s'ouvrir .

*Tape XP antivirus

 dans cette fenêtre 

confirme la recherche "aussi" dans le registre et [Entrée].

*Patiente pendant la recherche.

*Une fenêtre avec un log.txt va s'afficher.

*Copie/colle ce rapport dans ta prochaine réponse.

djohanne · Answer

Il a rien trouvé:
1. ========================= SEAF 1.0.1.0 - C_XX
2. 
3. Commencé à: 23:29:52 le 05/12/2011
4. 
5. Valeur(s) recherchée(s):
6. XP antivirus
7. 
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9. 
10. (!) --- Recherche registre
11. 
12. ====== Fichier(s) ======
13. 
14. Aucun fichier trouvé
15. 
16. 
17. ====== Entrée(s) du registre ======
18. 
19. Aucun élément dans le registre trouvé
20. 
21. =========================
22. 
23. Fin à: 23:33:36 le 05/12/2011
24. 223990 Éléments analysés
25. 
26. =========================
27. E.O.F

g3n-h@ckm@n · Answer

il n'y est nulle part 

pas de processus , pas de fichiers...

tes fichiers sont synchronisés sur internet ?

djohanne · Answer

salut salut

Je ne sais pas si c le cas j'ai aucune idée de la manip' qu'il faut faire

g3n-h@ckm@n · Answer

hello désolé pour l'attente

desinstalle-reinstalle l'antivirus voir ?

djohanne · Answer

Salut 

Merci mais j'ai deja essaye meme resultat l'icone est toujours la

g3n-h@ckm@n · Answer

ok

regarde ici

https://protuts.net/nettoyer-systray-zone-notification-vista/

djohanne · Answer

OK je regarde merci

djohanne · Answer

Une question: Est ce qu'il est possible que tu prennes les commandes de mon ordi a distance pour faire la manip j'ai un peu peur de faire n'importe quoi

g3n-h@ckm@n · Answer

si tu suis bien exactement il n'y a pas de raisons

Utilisateur anonyme · Answer

Bonsoir, 

G3n est en vacance, qui y'a t'il ?

djohanne · Answer

Bonjour a tous!
 Me voila de retour avec le meme souci sur mon second ordi alors que je n'ai pas installé internet security...
help svp !!!
merci

g3n-h@ckm@n · Answer

salut faut ouvrir un nouveau sujet

XP antivirus 2012

56 réponses

Votre réponse

Discussions similaires

Newsletters