Virus gendarmerie

Résolu
tophelillo Messages postés 41 Date d'inscription   Statut Membre Dernière intervention   -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour, comme beaucoup je me suis fait vérolé par le "virus gendarmerie"

[url=http://www.google.fr/...] Celui la [/url] >>>( raté :)!
Bref cliquez sur le liens google pour visualiser le virus.

j'ai trouvé plusieurs solutions et sites internet pour suivre des tuto. afin de le supprimer avec antimalware et rogue killer en démarrant le PC en mode sans échec et prise en charge du réseau.
Cependant j'ai un problème de plus! Le pc que j'essaie de désinfecter me fais un bluescreen si j'essai de le démarrer avec les modes suivants: mode Sans échec, mode sans échec avec prise en charge du réseau, sans echec par invites de commande et mode VGA =(. Le bluescreen apparais au moment ou charge un fichier *.sys (je peux vous retrouver le nom si nécessaire).
Il met donc complètement impossible d'accéder au pc, que faire?

Est-il possible remédier au bluescreen? Sachant que je ne peux pas accéder au pc en "mode normal" puisque le virus gendarmerie me bloque tout accès.

Peut être puis-je peux passer par un live CD linux pour supprimer manuellement le ou les fichier(s) virus?
Si oui comment trouver le chemin d'accès du virus?
Et-il possible de supprimer une clé registre Windows via un linux?

OS: win XP

D'avance merci pour vos réponses

Tophe =)


A voir également:

13 réponses

Réponse 1 / 13
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Salut fais ça : https://www.commentcamarche.net/faq/34284-pre-scan-pe-sous-environnement-win-7-live
0
Réponse 2 / 13
tophelillo Messages postés 41 Date d'inscription   Statut Membre Dernière intervention   1
 
^^ merci pour ta reactivité! =)

Le pc infecté est ou sous XP ça passe quand mm?
0
Réponse 3 / 13
Macheword Messages postés 23 Date d'inscription   Statut Membre Dernière intervention   5
 
Tente de suivre ce tutoriel: ça devrait résoudre ton problème.

https://gen-hackman.kanak.fr/
0
Macheword Messages postés 23 Date d'inscription   Statut Membre Dernière intervention   5
 
Cela devrait conserver tes données ! il me semble
0
tophelillo Messages postés 41 Date d'inscription   Statut Membre Dernière intervention   1
 
voila le resultat, par contre il n'a pas dû scanner le bon dique je pense car il a mis une erreur au debut du chargement du bureau et le dossier prescan ne ce trouvé pas sur le disque principal...

<code>¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_PE | 2.0928 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

~ Update on 28/09/2012 | 23.25 by g3n-h@ckm@n
~ Informations | Evolution : https://gen-hackman.kanak.fr/
~ Informations for the switches Pre_Script : https://gen-hackman.kanak.fr/
~ Feedback Pre_scan : https://gen-hackman.kanak.fr/#505
~ Thx to C_XX , Slyk & Saachaa for their help for the evolution of the tool

~ Ordinateur : MININT-LIRJAAB

~ Système d'exploitation : Microsoft Windows XP :
~ Enregistré sous : poupine
~ Processeur : AMD Athlon(tm) 64 Processor 3400+
~ Identification : x86 Family 15 Model 47 Stepping 2
Internet Explorer : 7.0.5730.11
Mozilla Firefox : 12.0 (fr)


¤¤¤¤¤¤¤¤¤¤ | Boot's scripts



¤¤¤¤¤¤¤¤¤¤ | Frameworks

[24/12/2005 01:44:33] - C:\WINDOWS\Microsoft.net\Framework\v1.0.3705
[24/12/2005 01:44:33] - C:\WINDOWS\Microsoft.net\Framework\v1.1.4322
[21/02/2010 16:32:47] - C:\WINDOWS\Microsoft.net\Framework\v2.0.50727
[21/02/2010 16:34:55] - C:\WINDOWS\Microsoft.net\Framework\v3.0
[21/02/2010 16:35:54] - C:\WINDOWS\Microsoft.net\Framework\v3.5

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

Last(s) détection(s) : 2012-10-18 17:17:09
Last(s) download(s) : 2012-10-10 16:58:09
Last(s) installation(s) : 2012-10-11 01:07:48
Next search : 2012-10-19 11:30:45


¤¤¤¤¤¤¤¤¤¤ | Contrôle MD5

[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - [16/08/2004 17:40:21] - (.© Microsoft Corporation. - Explorateur Windows.) - [1013.5 Ko] - (6.0.2900.5512) - C:\WINDOWS\explorer.exe
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - [14/04/2008 03:34:03] - (.© Microsoft Corporation. - Explorateur Windows.) - [1013.5 Ko] - (6.0.2900.5512) - C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[MD5.78C1F1278CF2C9B476504C572CB98E5E] - [23/09/2008 10:52:54] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[MD5.E0E8A531CFCE1C2E5D79F683282C10C3] - [16/08/2004 17:40:04] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\csrss.exe
[MD5.E0E8A531CFCE1C2E5D79F683282C10C3] - [14/04/2008 03:33:59] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[MD5.B4C08D31E8C2EA9D76F892052A6FCAEB] - [23/09/2008 10:52:28] - (.© Microsoft Corporation. - Gestionnaire de session Windows NT.) - [49.5 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[MD5.48E430297DA757F5CC2793CCFACAD5E7] - [16/08/2004 17:41:06] - (.© Microsoft Corporation. - Gestionnaire de session Windows NT.) - [49.5 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\smss.exe
[MD5.4AB4DB9D2CB393E2095330D668FFD5A9] - [05/08/2004 14:00:00] - (.© Microsoft Corporation. - Programme d'installation de Windows NT (portion en mode utilisateur
de la phase texte).) - [500.5 Ko] - (5.1.2600.2180) - C:\WINDOWS\I386\SYSTEM32\SMSS.EXE
[MD5.48E430297DA757F5CC2793CCFACAD5E7] - [14/04/2008 03:34:22] - (.© Microsoft Corporation. - Gestionnaire de session Windows NT.) - [49.5 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\smss.exe
[MD5.D6D65EA32B190401B57EDB6706F29669] - [23/09/2008 10:52:27] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [24.5 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[MD5.E74DDB12188C2FF57A78624DBF7332FC] - [16/08/2004 17:41:17] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [26 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\userinit.exe
[MD5.E74DDB12188C2FF57A78624DBF7332FC] - [14/04/2008 03:34:26] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [26 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[MD5.D2DE785AEAB0BB8CA4C14A8A199DBE4E] - [23/09/2008 10:52:31] - (.© Microsoft Corporation. - Application d'ouverture de session Windows NT.) - [494.5 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - [16/08/2004 17:41:22] - (.© Microsoft Corporation. - Application d'ouverture de session Windows NT.) - [500 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\winlogon.exe
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - [14/04/2008 03:34:28] - (.© Microsoft Corporation. - Application d'ouverture de session Windows NT.) - [500 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.322D0E36693D6E24A2398BEE62A268CD] - [13/04/2008 20:19:23] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [134.88 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\afd.sys
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - [20/06/2008 12:40:08] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [135.25 Ko] - (5.1.2600.6142) - C:\WINDOWS\system32\dllcache\afd.sys
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - [16/08/2004 17:39:57] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [135.25 Ko] - (5.1.2600.6142) - C:\WINDOWS\system32\drivers\afd.sys
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - [13/04/2008 19:40:30] - (.© Microsoft Corporation. - IDE/ATAPI Port Driver.) - [94.25 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - [03/08/2004 22:59:44] - (.© Microsoft Corporation. - IDE/ATAPI Port Driver.) - [94.25 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - [13/04/2008 19:40:46] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [61.5 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[MD5.7B53584D94E9D8716B2DE91D5F1CB42D] - [22/12/2009 19:39:20] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [61.13 Ko] - (5.1.2600.3126) - C:\WINDOWS\system32\dllcache\cdrom.sys
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - [03/08/2004 22:59:54] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [61.5 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\drivers\cdrom.sys
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - [13/04/2008 20:21:00] - (.© Microsoft Corporation. - MBT Transport driver.) - [159 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - [16/08/2004 17:40:46] - (.© Microsoft Corporation. - MBT Transport driver.) - [159 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\drivers\netbt.sys
[MD5.46DE1126684369BACE4849E4FC8C43CA] - [14/04/2008 02:56:04] - (.© Microsoft Corporation. - Pilote de cliché instantané du volume.) - [52.13 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[MD5.46DE1126684369BACE4849E4FC8C43CA] - [16/08/2004 17:41:17] - (.© Microsoft Corporation. - Pilote de cliché instantané du volume.) - [52.13 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\drivers\volsnap.sys

14:42:33

¤¤¤¤¤¤¤¤¤¤ | HKCR\Applications

[HKCR\Applications\acad.exe\Shell\open\command] : "C:\Program Files\Autodesk\MDT 2006\acad.exe" "%1"
[HKCR\Applications\AcLauncher.exe\Shell\open\command] : "C:\Program Files\Fichiers communs\Autodesk Shared\AcShellEx\AcLauncher.exe" /O "%1"
[HKCR\Applications\aol.exe\Shell\open\command] : "C:\Program Files\AOL 9.0\aol.exe" "%1"
[HKCR\Applications\AsProjet.exe\Shell\open\command] : F:\PROGRA~1\AUTOMA~1.0\AsProjet.exe "%1"
[HKCR\Applications\ComponentLauncher.exe\Shell\open\command] : "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\ComponentLauncher.exe" module=jpegviewer bg params "filepath=%1"
[HKCR\Applications\EXCEL.EXE\Shell\open\command] : "C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE" /e
[HKCR\Applications\firefox.exe\Shell\open\command] : "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
[HKCR\Applications\fp.exe\Shell\open\command] : "C:\etienne\free pascal\FPC\2.0.4\bin\i386-win32\fp.exe" "%1"
[HKCR\Applications\GP5.exe\Shell\open\command] : "F:\etienne\Guitar Pro 5\GP5.exe" "%1"
[HKCR\Applications\Iedit.exe\Shell\open\command] : "C:\Apps\Ulead Systems\Ulead PhotoImpact 10 SE\Iedit.exe" "%1"
[HKCR\Applications\iexplore.exe\Shell\open\command] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKCR\Applications\infopath.exe\Shell\open\command] : "C:\Program Files\Microsoft Office\OFFICE11\INFOPATH.EXE" "%1"
[HKCR\Applications\Inventor.exe\Shell\open\command] : C:\PROGRA~1\Autodesk\INVENT~1\Bin\Inventor.exe /dde
[HKCR\Applications\MSOXMLED.EXE\Shell\open\command] : "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLED.EXE" /verb open "%1"
[HKCR\Applications\MSPVIEW.EXE\Shell\open\command] : "C:\Program Files\Fichiers communs\Microsoft Shared\MODI\11.0\MSPVIEW.EXE" "%1"
[HKCR\Applications\notepad.exe\Shell\open\command] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKCR\Applications\ois.exe\Shell\open\command] : C:\PROGRA~1\MICROS~4\OFFICE11\OIS.EXE /shellOpen "%1"
[HKCR\Applications\Omgjbox.exe\Shell\open\command] : C:\Program Files\Sony\SonicStage\Omgjbox.exe "%1"
[HKCR\Applications\Photoshop.exe\Shell\open\command] : "C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe" "%1"
[HKCR\Applications\PicasaPhotoViewer.exe\Shell\open\command] : "C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe" "%1"
[HKCR\Applications\PictureViewer.exe\Shell\open\command] : C:\Program Files\QuickTime\PictureViewer.exe "%1"
[HKCR\Applications\POWERPNT.EXE\Shell\open\command] : "C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE" /s "%1"
[HKCR\Applications\QuickTimePlayer.exe\Shell\open\command] : C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe "%1"
[HKCR\Applications\RealPlay.exe\Shell\open\command] : "C:\Program Files\Real\RealPlayer\realplay.exe" "%1"
[HKCR\Applications\RecordNow.exe\Shell\open\command] : "C:\Apps\RecordNow\RecordNow.exe" "%1"
[HKCR\Applications\RegCloneCD.exe\Shell\open\command] : "C:\Program Files\SlySoft\CloneCD\RegCloneCD.exe" "%1"
[HKCR\Applications\shimgvw.dll\Shell\open\command] : rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullscreen %1
[HKCR\Applications\sldworks.exe\Shell\open\command] : C:\PROGRA~1\SOLIDW~1\sldworks.exe /dde
[HKCR\Applications\vb5.exe\Shell\open\command] : C:\etienne\program_file\VB5PRO\vb5.exe "%1"
[HKCR\Applications\WinAce.exe\Shell\open\command] : "C:\etienne\winace\WinAce.exe" "%1"
[HKCR\Applications\winfxdocobj.exe\Shell\open\command] : C:\WINDOWS\system32\winfxdocobj.exe %1
[HKCR\Applications\WinRAR.exe\Shell\open\command] : "C:\Program Files\WinRAR\WinRAR.exe" "%1"
[HKCR\Applications\winzip32.exe\Shell\open\command] : C:\PROGRA~1\WINZIP\winzip32.exe "%1"
[HKCR\Applications\wmplayer.exe\Shell\open\command] : C:\Program Files\Windows Media Player\wmplayer.exe /Open "%L"
[HKCR\Applications\WOOKIE~1.EXE\Shell\open\command] : C:\DOCUME~1\poupine\LOCALS~1\Temp\RP7A42~1.ZIP\WOOKIE~1.EXE "%1"
[HKCR\Applications\wordpad.exe\Shell\open\command] : "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE" "%1"
[HKCR\Applications\XPSViewer.exe\Shell\open\command] : "C:\WINDOWS\system32\XPSViewer\XPSViewer.exe" "%1" %*

¤¤¤¤¤¤¤¤¤¤ | Windows

[HKLM | Session Manager\SubSystems]|[Windows] : winsrv : %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16


[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=

¤¤¤¤¤¤¤¤¤¤ | Svchost - Netsvc

Audiov
Tapiv

¤¤¤¤¤¤¤¤¤¤ | Winlogon


¤

[HKLM | Winlogon]|[Shell] : Explorer.exe
[HKLM | Winlogon]|[userinit] : C:\WINDOWS\system32\userinit.exe,
[HKLM | Winlogon]|[PowerDownAfterShutdown] : 0 -> 1
[HKLM | Winlogon]|[System] :

¤¤¤¤¤¤¤¤¤¤ | Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : comfile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : rundll32.exe ieframe.dll,OpenURL %l -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : %SystemRoot%\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\explorer.exe

¤


¤

[Firefox | Command] : C:\Program Files\Mozilla Firefox\firefox.exe -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[Assoc | Applications] : http://shell.windows.com/fileassoc/%04x/xml/redir.aspExt=%s

¤¤¤¤¤¤¤¤¤¤ | Corrections diverses

[HKU\S-1-5-18 | HideDesktopIcons\ClassicStartMenu]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 0
[HKU\S-1-5-18 | HideDesktopIcons\ClassicStartMenu]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 0
[HKLM | Advanced\Folder\Hidden\SHOWALL]|[CheckedValue] : 1
[HKU\S-1-5-18 | Explorer\Advanced]|[Start_ShowUser] : 1
[HKU\S-1-5-18 | Explorer\Advanced]|[Start_ShowHelp] : 0 -> 1
[HKU\S-1-5-18 | Explorer\Advanced]|[Start_EnableDragDrop] : 1
[HKU\LocalService_ON_E | Explorer\Advanced]|[Hidden] : -> 0
[HKU\NetworkService_ON_E | Explorer\Advanced]|[Hidden] : -> 0
[HKU\poupine_ON_E | Explorer\Advanced]|[Hidden] : 1 -> 0
[HKU\S-1-5-19 | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-20 | Explorer\Advanced]|[Hidden] : -> 0
[HKU\systemprofile_ON_D | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-18 | Explorer\Advanced]|[Hidden] : 1 -> 0
[HKU\LocalService_ON_E | Policies\Explorer]|[NoDriveTypeAutoRun] : 145
[HKU\NetworkService_ON_E | Policies\Explorer]|[NoDriveTypeAutoRun] : 145
[HKU\poupine_ON_E | Policies\Explorer]|[NoDriveTypeAutoRun] : FF000000 -> 1
[HKU\S-1-5-18 | Policies\Explorer]|[NoDriveTypeAutoRun] : 145
[HKLM | policies\Explorer]|[HonorAutoRunSetting] : 1
[HKU\poupine_ON_E | Policies\System]|[DisableTaskMgr] : 0

14:42:35


¤¤¤¤¤¤¤¤¤¤ | Security Center

[HKLM | Security Center]|[FirstRunDisabled] : 1
[HKLM | Security Center]|[AntiVirusDisableNotify] : 1 -> 0
[HKLM | Security Center]|[AntiVirusOverride] : 0
[HKLM | Security Center]|[FirewallDisableNotify] : 1 -> 0
[HKLM | Security Center]|[FirewallOverride] : 0
[HKLM | Security Center]|[UpdatesDisableNotify] : 0


[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]|[DisableMonitoring] : 1
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]|[DisableMonitoring] : 1

[HKLM | FirewallPolicy\StandardProfile]|[DisableNotifications] : 0

¤¤¤¤¤¤¤¤¤¤ | Services

[RPCSS] : 2
[srService] : 2
[Ndisuio] : 3
[PlugPlay] : 2
[Parvdm] : 4 -> 2
[lmhosts] : 2
[LanmanWorkstation] : 2
[LanmanServer] : 2
[agp440] : 0 -> 2
[Audiosrv] : 2
[ERSvc] : 2
[Bits] : 3 -> 2
[CryptSvc] : 2
[EapHost] : 3 -> 2
[SharedAccess] : 2
[wuauserv] : 2
[WerSvc] : -> 2
[wscsvc] : 2
[wzcsvc] : 2

14:42:36

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

[HKU\poupine_ON_E | Main]|[Start Page] : https://www.google.fr/?gws_rd=ssl -> https://www.google.com/?gws_rd=ssl
[HKU\S-1-5-18 | Main]|[Start Page] : https://www.google.com/?gws_rd=ssl
[HKU\poupine_ON_E | Main]|[Local Page] : C:\WINDOWS\system32\blank.htm
[HKU\S-1-5-18 | Main]|[Local Page] : X:\windows\system32\blank.htm -> C:\WINDOWS\system32\blank.htm
[HKU\poupine_ON_E | Main]|[Search Page] : https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f -> http://www.microsoft.com/isapi/redir.dllprd=ie&ar=iesearch
[HKU\S-1-5-18 | Main]|[Search Page] : http://go.microsoft.com/fwlink/LinkId=54896 -> http://www.microsoft.com/isapi/redir.dllprd=ie&ar=iesearch

[HKLM | Search]|[SearchAssistant] : https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/toolbar/ie8/sidebar.html
[HKLM | Main]|[Start Page] : http://go.microsoft.com/fwlink/LinkId=69157
[HKLM | Main]|[Local Page] : %SystemRoot%\system32\blank.htm -> C:\WINDOWS\system32\blank.htm
[HKLM | Main]|[Default_Search_URL] : http://www.microsoft.com/isapi/redir.dllprd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/LinkId=54896
[HKLM | Main]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/LinkId=69157
[HKLM | Main]|[Search Page] : http://go.microsoft.com/fwlink/LinkId=54896
[HKLM | AboutURLs]|[Tabs] : res://ieframe.dll/tabswelcome.htm

¤

[HKU\poupine_ON_E | PhishingFilter]|[Enabled] : 0 -> 2
[HKU\S-1-5-18 | PhishingFilter]|[EnabledV8] : 1
[HKU\poupine_ON_E | Internet settings]|[ProxyOverride] : *.local
[HKU\poupine_ON_E | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-18 | Internet settings]|[EnableHttp1_1] : 1
[HKU\LocalService_ON_E | Internet settings]|[MigrateProxy] : 0 -> 1
[HKU\NetworkService_ON_E | Internet settings]|[MigrateProxy] : 0 -> 1
[HKU\poupine_ON_E | Internet settings]|[MigrateProxy] : 1
[HKU\poupine_ON_E | Internet settings]|[WarnonZoneCrossing] : 0 -> 1
[HKU\S-1-5-18 | Internet settings]|[WarnonZoneCrossing] : 0 -> 1
[HKU\poupine_ON_E | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-18 | Internet settings]|[AutoConfigProxy] : wininet.dll

¤¤¤¤¤¤¤¤¤¤ | DNS

[HKLM\SYSTEM\CCS | Tcpip\Parameters]|[DhcpNameServer] : 192.168.1.254
[HKLM\SYSTEM\ControlSet001 | Interfaces\{3DAF9E07-6BA9-48D6-A7FF-57D7F4D916F4}]|[DhcpNameServer] : 192.168.1.254
[HKLM\SYSTEM\ControlSet003 | Interfaces\{3DAF9E07-6BA9-48D6-A7FF-57D7F4D916F4}]|[DhcpNameServer] : 192.168.1.254
[HKLM\SYSTEM\ControlSet004 | Interfaces\{3DAF9E07-6BA9-48D6-A7FF-57D7F4D916F4}]|[DhcpNameServer] : 192.168.1.254

14:42:36

¤¤¤¤¤¤¤¤¤¤ | Traitement Files | Folders | Registre

Key deleted : [HKLM | standardprofile\authorizedapplications\list]|[C:\utorrent.exe] : C:\utorrent.exe:*:EnableC:µTorrent
Key deleted : [HKU\poupine_ON_E | Run]|[igxjlpisdcqmumg] : C:\WINDOWS\igxjlpis.exe
Deleted : C:\utorrent.exe
Deleted : C:\WINDOWS\igxjlpis.exe
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\Dc1.avi
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\Dc10
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\Dc2.rar
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\Dc3.rar
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\Dc4.avi
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\Dc5.txt
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\Dc6.rar
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\Dc7.avi
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\Dc8
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\Dc9.url
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\desktop.ini
Quarantined and deleted successfully : C:\Recycler\S-1-5-21-3454963484-989223462-538194534-1006\INFO2
Key deleted : [HKLM | Microsoft\RFC1156Agent]
Key deleted : [HKU\poupine_ON_E | Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}]


14:56:44

Quarantined and deleted successfully : C:\Program Files\SpyHeals
Quarantined and deleted successfully : C:\WINDOWS\Thumbs.db
Quarantined and deleted successfully : C:\WINDOWS\002732_.tmp
Quarantined and deleted successfully : C:\Ad-AwareAE.exe
Quarantined and deleted successfully : C:\ImgBurn_2.3.2.0_Fr.exe
Quarantined and deleted successfully : C:\mediacenter.exe
Quarantined and deleted successfully : C:\sqmdata00.sqm
Quarantined and deleted successfully : C:\sqmdata01.sqm
Quarantined and deleted successfully : C:\sqmdata02.sqm
Quarantined and deleted successfully : C:\sqmdata03.sqm
Quarantined and deleted successfully : C:\sqmdata04.sqm
Quarantined and deleted successfully : C:\sqmdata05.sqm
Quarantined and deleted successfully : C:\sqmdata06.sqm
Quarantined and deleted successfully : C:\sqmdata07.sqm
Quarantined and deleted successfully : C:\sqmdata08.sqm
Quarantined and deleted successfully : C:\sqmdata09.sqm
Quarantined and deleted successfully : C:\sqmdata10.sqm
Quarantined and deleted successfully : C:\sqmdata11.sqm
Quarantined and deleted successfully : C:\sqmdata12.sqm
Quarantined and deleted successfully : C:\sqmdata13.sqm
Quarantined and deleted successfully : C:\sqmdata14.sqm
Quarantined and deleted successfully : C:\sqmdata15.sqm
Quarantined and deleted successfully : C:\sqmdata16.sqm
Quarantined and deleted successfully : C:\sqmdata17.sqm
Quarantined and deleted successfully : C:\sqmdata18.sqm
Quarantined and deleted successfully : C:\sqmdata19.sqm
Quarantined and deleted successfully : C:\sqmnoopt00.sqm
Quarantined and deleted successfully : C:\sqmnoopt01.sqm
Quarantined and deleted successfully : C:\sqmnoopt02.sqm
Quarantined and deleted successfully : C:\sqmnoopt03.sqm
Quarantined and deleted successfully : C:\sqmnoopt04.sqm
Quarantined and deleted successfully : C:\sqmnoopt05.sqm
Quarantined and deleted successfully : C:\sqmnoopt06.sqm
Quarantined and deleted successfully : C:\sqmnoopt07.sqm
Quarantined and deleted successfully : C:\sqmnoopt08.sqm
Quarantined and deleted successfully : C:\sqmnoopt09.sqm
Quarantined and deleted successfully : C:\sqmnoopt10.sqm
Quarantined and deleted successfully : C:\sqmnoopt11.sqm
Quarantined and deleted successfully : C:\sqmnoopt12.sqm
Quarantined and deleted successfully : C:\sqmnoopt13.sqm
Quarantined and deleted successfully : C:\sqmnoopt14.sqm
Quarantined and deleted successfully : C:\sqmnoopt15.sqm
Quarantined and deleted successfully : C:\sqmnoopt16.sqm
Quarantined and deleted successfully : C:\sqmnoopt17.sqm
Quarantined and deleted successfully : C:\sqmnoopt18.sqm
Quarantined and deleted successfully : C:\sqmnoopt19.sqm
Deleted : C:\~QTWTMP.TMP
Quarantined and deleted successfully : C:\WINDOWS\Temp\alcrmv.exe
Quarantined and deleted successfully : C:\WINDOWS\Temp\alcupd.exe
Quarantined and deleted successfully : C:\WINDOWS\Temp\ChCfg.exe
Quarantined and deleted successfully : C:\WINDOWS\Temp\HitmanPro.exe
Quarantined and deleted successfully : C:\WINDOWS\Temp\RTLCPL.exe
Quarantined and deleted successfully : C:\WINDOWS\Temp\SETUP.EXE
Quarantined and deleted successfully : C:\WINDOWS\Temp\soundman.exe
Quarantined and deleted successfully : C:\WINDOWS\Temp\__OOOO__.EXE
Quarantined and deleted successfully : C:\WINDOWS\Temp\0CF6E057.TMP
Quarantined and deleted successfully : C:\WINDOWS\Temp\10C.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\111.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\112.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\D653F3EC.TMP
Quarantined and deleted successfully : C:\WINDOWS\Temp\DSP28E6.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\DSP28E7.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\DSP28E8.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\DSP28E9.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\flaC4.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DF4A3B.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DF4B1D.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DF4ED.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DF5AA8.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DF5BFF.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DF5E08.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DF5E10.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DF8DDE.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DF96E8.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DFECD8.tmp
Quarantined and deleted successfully : C:\WINDOWS\Temp\~DFF87.tmp
Quarantined and deleted successfully : C:\Program Files\PCFriendly\iti123.tmp
Quarantined and deleted successfully : \setup.exe

14:58:00

¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

[HKLM | Safeboot] -> OK
[HKLM | Safeboot\Minimal] -> OK
[HKLM | Safeboot\Network] -> OK

¤

[HKLM | Minimal\AppMgmt] : -> Service
[HKLM | Minimal\Base] : -> Driver Group
[HKLM | Minimal\Boot Bus Extender] : -> Driver Group
[HKLM | Minimal\Boot file system] : -> Driver Group
[HKLM | Minimal\CryptSvc] : -> Service
[HKLM | Minimal\DcomLaunch] : -> Service
[HKLM | Minimal\dmadmin] : -> Service
[HKLM | Minimal\dmboot.sys] : -> Driver
[HKLM | Minimal\dmio.sys] : -> Driver
[HKLM | Minimal\dmload.sys] : -> Driver
[HKLM | Minimal\dmserver] : -> Service
[HKLM | Minimal\EventLog] : -> Service
[HKLM | Minimal\File system] : -> Driver Group
[HKLM | Minimal\Filter] : -> Driver Group
[HKLM | Minimal\HelpSvc] : -> Service
[HKLM | Minimal\Netlogon] : -> Service
[HKLM | Minimal\PCI Configuration] : -> Driver Group
[HKLM | Minimal\PlugPlay] : -> Service
[HKLM | Minimal\PNP Filter] : -> Driver Group
[HKLM | Minimal\Primary disk] : -> Driver Group
[HKLM | Minimal\RpcSs] : -> Service
[HKLM | Minimal\SCSI Class] : -> Driver Group
[HKLM | Minimal\sermouse.sys] : -> Driver
[HKLM | Minimal\sr.sys] : -> FSFilter System Recovery
[HKLM | Minimal\SRService] : -> Service
[HKLM | Minimal\System Bus Extender] : -> Driver Group
[HKLM | Minimal\vds] : -> Service
[HKLM | Minimal\vga.sys] : -> Driver
[HKLM | Minimal\vgasave.sys] : -> Driver
[HKLM | Minimal\WinMgmt] : -> Service
[HKLM | Minimal\{36FC9E60-C465-11CF-8056-444553540000}] : -> Universal Serial Bus controllers
[HKLM | Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] : -> CD-ROM Drive
[HKLM | Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] : -> DiskDrive
[HKLM | Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] : -> Standard floppy disk controller
[HKLM | Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : -> Hdc
[HKLM | Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : -> Keyboard
[HKLM | Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : -> Mouse
[HKLM | Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] : -> PCMCIA Adapters
[HKLM | Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : -> SCSIAdapter
[HKLM | Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : -> System
[HKLM | Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] : -> Floppy disk drive
[HKLM | Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : -> Volume shadow copy
[HKLM | Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : -> Volume
[HKLM | Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : -> Human Interface Devices

¤

[HKLM | Network\AFD] : -> Service
[HKLM | Network\AppMgmt] : -> Service
[HKLM | Network\Base] : -> Driver Group
[HKLM | Network\Boot Bus Extender] : -> Driver Group
[HKLM | Network\Boot file system] : -> Driver Group
[HKLM | Network\Browser] : -> Service
[HKLM | Network\CryptSvc] : -> Service
[HKLM | Network\DcomLaunch] : -> Service
[HKLM | Network\Dhcp] : -> Service
[HKLM | Network\dmadmin] : -> Service
[HKLM | Network\dmboot.sys] : -> Driver
[HKLM | Network\dmio.sys] : -> Driver
[HKLM | Network\dmload.sys] : -> Driver
[HKLM | Network\dmserver] : -> Service
[HKLM | Network\DnsCache] : -> Service
[HKLM | Network\EventLog] : -> Service
[HKLM | Network\File system] : -> Driver Group
[HKLM | Network\Filter] : -> Driver Group
[HKLM | Network\HelpSvc] : -> Service
[HKLM | Network\ip6fw.sys] : -> Driver
[HKLM | Network\ipnat.sys] : -> Driver
[HKLM | Network\LanmanServer] : -> Service
[HKLM | Network\LanmanWorkstation] : -> Service
[HKLM | Network\LmHosts] : -> Service
[HKLM | Network\Messenger] : -> Service
[HKLM | Network\NDIS] : -> Driver Group
[HKLM | Network\NDIS Wrapper] : -> Driver Group
[HKLM | Network\Ndisuio] : -> Service
[HKLM | Network\NetBIOS] : -> Service
[HKLM | Network\NetBIOSGroup] : -> Driver Group
[HKLM | Network\NetBT] : -> Service
[HKLM | Network\NetDDEGroup] : -> Driver Group
[HKLM | Network\Netlogon] : -> Service
[HKLM | Network\NetMan] : -> Service
[HKLM | Network\Network] : -> Driver Group
[HKLM | Network\NetworkProvider] : -> Driver Group
[HKLM | Network\NtLmSsp] : -> Service
[HKLM | Network\PCI Configuration] : -> Driver Group
[HKLM | Network\PlugPlay] : -> Service
[HKLM | Network\PNP Filter] : -> Driver Group
[HKLM | Network\PNP_TDI] : -> Driver Group
[HKLM | Network\Primary disk] : -> Driver Group
[HKLM | Network\rdpcdd.sys] : -> Driver
[HKLM | Network\rdpdd.sys] : -> Driver
[HKLM | Network\rdpwd.sys] : -> Driver
[HKLM | Network\rdsessmgr] : -> Service
[HKLM | Network\RpcSs] : -> Service
[HKLM | Network\SCSI Class] : -> Driver Group
[HKLM | Network\sermouse.sys] : -> Driver
[HKLM | Network\sharedaccess] : -> Service
[HKLM | Network\sr.sys] : -> FSFilter System Recovery
[HKLM | Network\SRService] : -> Service
[HKLM | Network\Streams Drivers] : -> Driver Group
[HKLM | Network\System Bus Extender] : -> Driver Group
[HKLM | Network\Tcpip] : -> Service
[HKLM | Network\TDI] : -> Driver Group
[HKLM | Network\tdpipe.sys] : -> Driver
[HKLM | Network\tdtcp.sys] : -> Driver
[HKLM | Network\termservice] : -> Service
[HKLM | Network\vga.sys] : -> Driver
[HKLM | Network\vga.sys] : -> Driver
[HKLM | Network\WinMgmt] : -> Service
[HKLM | Network\WZCSVC] : -> Service
[HKLM | Network\{36FC9E60-C465-11CF-8056-444553540000}] : -> Universal Serial Bus controllers
[HKLM | Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] : -> CD-ROM Drive
[HKLM | Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] : -> DiskDrive
[HKLM | Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] : -> Standard floppy disk controller
[HKLM | Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : -> Hdc
[HKLM | Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : -> Keyboard
[HKLM | Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : -> Mouse
[HKLM | Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] : -> Net
[HKLM | Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] : -> NetClient
[HKLM | Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] : -> NetService
[HKLM | Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] : -> NetTrans
[HKLM | Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] : -> PCMCIA Adapters
[HKLM | Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : -> SCSIAdapter
[HKLM | Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : -> System
[HKLM | Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] : -> Floppy disk drive
[HKLM | Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : -> Volume
[HKLM | Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : -> Human Interface Devices

¤¤¤¤¤¤¤¤¤¤ | IFEO


¤¤¤¤¤¤¤¤¤¤ | Mountpoints2

Deleted : HKU\poupine_ON_E | AutoRun\command] : @ -> G:\LaunchU3.exe -a
Deleted : HKU\poupine_ON_E | AutoRun\command] : @ -> wd_windows_tools\WDSetup.exe
Deleted : HKU\poupine_ON_E | AutoRun\command] : @ -> G:\itsduel.exe
Deleted : HKU\poupine_ON_E | explore\command] : @ -> G:\itsduel.exe
Deleted : HKU\poupine_ON_E | open\command] : @ -> G:\itsduel.exe
Deleted : HKU\poupine_ON_E | AutoRun\command] : @ -> G:\itsduel.exe
Deleted : HKU\poupine_ON_E | explore\command] : @ -> G:\itsduel.exe
Deleted : HKU\poupine_ON_E | open\command] : @ -> G:\itsduel.exe
Deleted : HKU\poupine_ON_E | Auto\command] : @ -> AdobeR.exe e
Deleted : HKU\poupine_ON_E | AutoRun\command] : @ -> C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

¤¤¤¤¤¤¤¤¤¤ | Run

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[PHIME2002ASync] : C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[PHIME2002A] : C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SoundMan] : SOUNDMAN.EXE
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[ATIPTA] : "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Vade Retro Outlook Express] : "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[PCMService] : "c:\Apps\Powercinema\PCMService.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[IMJPMIG8.1] : "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[ACTIVBOARD] : c:\apps\ABoard\ABoard.exe
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[TkBellExe] : "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Spyware Quake] : C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SpyQuake2.com] : C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[AntiVerminser] : C:\Program Files\AntiVerminser\AntiVerminser.exe /h
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[EoEngine] :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[EoWeather] :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[LogitechCommunicationsManager] : "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[LogitechQuickCamRibbon] : "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[AppleSyncNotifier] : C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Adobe Photo Downloader] : "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Ad-Watch] : C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[CloneCDTray] : "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SunJavaUpdateSched] : "C:\Program Files\Java\jre6\bin\jusched.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[HP Software Update] : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[D-Link AirPlus XtremeG DWL-G122] : C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[ANIWZCS2Service] : C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[avgnt] : "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[QuickTime Task] : "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[APSDaemon] : "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
[HKU\Administrateur_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[CTFMON.EXE] : C:\WINDOWS\system32\ctfmon.exe
[HKU\Administrateur_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[MSMSGS] : "C:\Program Files\Messenger\msmsgs.exe" /background
[HKU\LocalService_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[CTFMON.EXE] : C:\WINDOWS\system32\CTFMON.EXE
[HKU\NetworkService_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[CTFMON.EXE] : C:\WINDOWS\system32\CTFMON.EXE
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[ctfmon.exe] : C:\WINDOWS\system32\ctfmon.exe
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[updateMgr] : "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Neuf Media Center] : "C:\Program Files\SFR\Media Center\MediaCenter.exe"
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[mscjm.exe] : C:\Documents and Settings\poupine\Application Data\MSA\mscjm.exe
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[mscj.exe] : C:\Documents and Settings\poupine\Application Data\MSA\mscj.exe
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[deskws97] : rundll32.exe "C:\Documents and Settings\poupine\Local Settings\Application Data\deskws97\deskws97.dll", DllInit
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[mscjm] : C:\documents and settings\poupine\application data\msa\mscjm.exe
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[mscj] : C:\documents and settings\poupine\application data\msa\mscj.exe
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[bnbnbu] : "C:\documents and settings\poupine\local settings\application data\bnbnbu.exe" bnbnbu
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[cacaoweb] : "C:\Program Files\cacaoweb\cacaoweb.exe" -noplayer
[HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[HotSwap! Applet] : "X:\Windows\system32\HotSwap!.EXE"

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader] -> (apdproxy) -> "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] -> (iTunesHelper) -> "C:\Program Files\iTunes\iTunesHelper.exe"
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] -> (msnmsgr) -> "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] -> (qttask) -> "C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Suite] -> (Application Launcher) -> "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updateMgr] -> (AdobeUpdateManager) -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

¤¤¤¤¤¤¤¤¤¤ | Others

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKLM\System\CurrentControlSet\Control\SecurityProviders]|[SecurityProviders] : msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
[HKLM\System\CurrentControlSet\Control\Session Manager]|[BootExecute] : autocheck autochk *
lsdelete
[HKLM\System\ControlSet001\Control]|[SystemBootDevice] : multi(0)disk(0)rdisk(0)partition(2)
[HKLM\system\currentcontrolset\control\lsa]|[SecureBoot] : 1
[HKLM\system\currentcontrolset\control\lsa]|[restrictanonymoussam] : 1
[HKLM | Winlogon]|[VMApplet] : rundll32 shell32,Control_RunDLL "sysdm.cpl"
[HKLM | Winlogon]|[SFCDisable] : 0
[HKLM | Winlogon]|[WinStationsDisabled] : 0
[HKLM | Winlogon]|[UIHost] : logonui.exe

¤¤¤¤¤¤¤¤¤¤ | Winlogon\Notify

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] : Ati2evxx.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] : crypt32.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] : cryptnet.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] : cscdll.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] : %SystemRoot%\System32\dimsntfy.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] : wlnotify.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] : wlnotify.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] : sclgntfy.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] : WlNotify.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] : wlnotify.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] : WgaLogon.dll
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] : wlnotify.dll

14:58:04


¤¤¤¤¤¤¤¤¤¤ | Derniers créés/modifiés

[11/10/2012 02:01:16] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2661254-v2$
[11/10/2012 02:07:38] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2724197$
[11/10/2012 02:01:30] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2749655$
[11/10/2012 02:01:37] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2756822$
[10/10/2012 17:54:14] -- |A| -- C:\WINDOWS\KB2661254-v2.log
[10/10/2012 17:57:38] -- |A| -- C:\WINDOWS\KB2724197.log
[10/10/2012 17:54:35] -- |A| -- C:\WINDOWS\KB2749655.log
[11/10/2012 02:01:36] -- |A| -- C:\WINDOWS\KB2756822.log
[19/10/2012 14:40:15] -- |D| -- C:\WINDOWS\Pre_Scan
[19/10/2012 14:40:57] -- |A| -- C:\WINDOWS\Pre_Scan.txt

¤¤¤¤¤¤¤¤¤¤ | Drives


¤¤¤¤¤¤¤¤¤¤ | Homedrive

[19/10/2012 14:29:28] -- |SHD| -- C:\$RECYCLE.BIN
[26/02/2009 16:24:27] -- |A| -- C:\aaw7boot.log
[24/12/2005 01:44:33] -- |D| -- C:\APPS
[24/12/2005 01:44:33] -- |D| -- C:\ATI Technologies
[20/12/2005 22:16:40] -- |RASH| -- C:\BOOT.BAK
[01/01/1980 00:00:00] -- |ASH| -- C:\BOOT.INI
[16/08/2004 17:41:35] -- |RASH| -- C:\Bootfont.bin
[24/12/2005 01:44:33] -- |RSHD| -- C:\cmdcons
[20/12/2005 22:16:38] -- |RASH| -- C:\cmldr
[24/12/2005 01:44:33] -- |HD| -- C:\DIVTOOLS
[08/08/2006 18:49:25] -- |D| -- C:\Documents And Settings
[24/12/2005 01:44:33] -- |SHD| -- C:\DRIVERS
[20/12/2005 22:58:44] -- |A| -- C:\DWNLOG.TXT
[12/03/2009 15:16:19] -- |D| -- C:\EPSON
[12/03/2009 15:17:29] -- |D| -- C:\Fichiers communs
[20/12/2005 22:16:30] -- |RASH| -- C:\IO.SYS
[20/12/2005 22:17:24] -- |AH| -- C:\IPH.PH
[02/06/2006 20:10:56] -- |D| -- C:\moua
[20/12/2005 22:16:30] -- |RASH| -- C:\MSDOS.SYS
[24/12/2005 01:44:33] -- |D| -- C:\My Music
[20/12/2005 22:19:28] -- |A| -- C:\MYInventimeSetup.log
[05/08/2004 14:00:00] -- |A| -- C:\NTDETECT.COM
[05/08/2004 14:00:00] -- |A| -- C:\NTLDR
[09/05/2011 20:51:27] -- |ASH| -- C:\pagefile.sys
[24/12/2005 01:44:33] -- |HD| -- C:\PNP
[24/12/2005 01:44:33] -- |AD| -- C:\Program Files
[11/06/2006 15:18:35] -- |A| -- C:\Raccourci vers rapport de stage.lnk
[16/03/2009 17:26:54] -- |A| -- C:\Raccourci vers utorrent.exe.lnk
[24/12/2005 01:44:33] -- |SHD| -- C:\RECYCLER
[20/12/2005 21:47:50] -- |A| -- C:\SAUDIT.TXT
[17/02/2009 20:34:42] -- |D| -- C:\spoolerlogs
[24/12/2005 01:44:33] -- |SHD| -- C:\System Volume Information
[09/02/2006 18:09:42] -- |D| -- C:\Temp
[05/04/2007 14:12:17] -- |A| -- C:\tv3d_debug.txt
[06/02/2009 21:33:53] -- |D| -- C:\VXIPNP
[24/12/2005 01:44:33] -- |AD| -- C:\WINDOWS

¤¤¤¤¤¤¤¤¤¤ | Systemroot

[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$hf_mig$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$MSI31Uninstall_KB893803$
[02/07/2006 11:41:58] -- |HDC| -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[23/09/2008 10:52:15] -- |HDC| -- C:\WINDOWS\$NtServicePackUninstall$
[06/12/2006 13:18:08] -- |HDC| -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[06/12/2006 13:17:58] -- |HDC| -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[22/10/2010 02:06:51] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2079403$
[22/10/2010 02:07:59] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2115168$
[16/12/2010 12:04:44] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2121546$
[16/12/2010 12:04:22] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2141007$
[16/12/2010 12:05:34] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2158563$
[22/10/2010 02:03:39] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2160329$
[15/07/2010 18:38:18] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2229593$
[16/12/2010 12:04:31] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2259922$
[16/12/2010 12:08:18] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2279986$
[22/10/2010 02:01:23] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2286198$
[16/12/2010 12:05:50] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2296011$
[19/12/2010 16:16:43] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2296199$
[16/12/2010 12:05:58] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2345886$
[16/12/2010 12:04:51] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2347290$
[16/12/2010 12:08:25] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2360937$
[16/12/2010 12:06:29] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2378111_WM9$
[16/12/2010 12:06:38] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2387149$
[11/02/2011 03:01:02] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2393802$
[17/04/2011 02:08:19] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2412687$
[17/01/2011 00:21:24] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2419632$
[19/12/2010 16:09:40] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2423089$
[19/12/2010 16:16:19] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2436673$
[19/12/2010 16:16:30] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2440591$
[19/12/2010 16:16:36] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2443105$
[19/12/2010 16:16:24] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2443685$
[19/12/2010 16:14:16] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2447961_WM9L$
[19/12/2010 16:14:55] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2467659$
[15/06/2011 22:20:47] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2476490$
[11/02/2011 03:01:22] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2476687$
[11/02/2011 03:01:15] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2478960$
[11/02/2011 03:05:14] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2478971$
[11/02/2011 03:04:34] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2479628$
[19/03/2011 20:26:08] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2479943$
[19/03/2011 20:25:58] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2481109$
[11/02/2011 03:04:25] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2483185$
[11/02/2011 03:04:42] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2485376$
[17/04/2011 02:10:05] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2485663$
[23/09/2012 02:01:29] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2491683$
[17/04/2011 02:04:33] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2503658$
[15/06/2011 22:20:38] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2503665$
[17/04/2011 02:03:38] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2506212$
[17/04/2011 02:09:03] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2506223$
[17/04/2011 02:04:26] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2507618$
[12/07/2011 23:58:44] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2507938$
[17/04/2011 02:04:42] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2508272$
[17/04/2011 02:04:18] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2508429$
[17/04/2011 02:01:06] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2509553$
[17/04/2011 02:09:12] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2510581$
[17/04/2011 02:03:47] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2511455$
[23/03/2011 22:27:03] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2524375$
[15/06/2011 22:19:29] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2535512$
[15/06/2011 22:18:49] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2536276$
[17/08/2011 21:13:01] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2536276-v2$
[29/06/2011 23:06:57] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2541763$
[15/06/2011 22:16:21] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2544893$
[09/11/2011 19:30:36] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2544893-v2$
[12/07/2011 23:55:58] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2555917$
[17/08/2011 21:09:30] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2562937$
[18/10/2011 02:09:32] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2564958$
[17/08/2011 21:09:40] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2566454$
[18/10/2011 02:04:03] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2567053$
[17/08/2011 21:13:09] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2567680$
[17/08/2011 21:12:19] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2570222$
[24/08/2011 21:51:02] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2570791$
[15/09/2011 02:01:19] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2570947$
[12/01/2012 03:01:48] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2584146$
[13/01/2012 03:01:22] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2585542$
[18/10/2011 02:03:55] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2592799$
[12/01/2012 03:09:41] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2598479$
[12/01/2012 03:02:03] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2603381$
[08/09/2011 02:00:58] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2607712$
[16/09/2011 18:11:47] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2616676$
[18/12/2011 03:02:34] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2618451$
[18/12/2011 03:02:46] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2619339$
[18/12/2011 03:02:15] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2620712$
[22/03/2012 23:54:39] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2621440$
[18/12/2011 03:10:33] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2624667$
[12/01/2012 03:14:46] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2631813$
[18/12/2011 03:01:52] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2633171$
[18/12/2011 03:03:34] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2633952$
[18/12/2011 03:10:43] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2639417$
[22/03/2012 23:57:46] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2641653$
[11/11/2011 16:42:23] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2641690$
[12/01/2012 03:14:58] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2646524$
[22/03/2012 23:54:29] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2647518$
[18/04/2012 02:03:37] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2653956$
[03/08/2012 00:58:28] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2655992$
[18/05/2012 02:10:49] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2659262$
[19/02/2012 03:04:08] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2660465$
[11/10/2012 02:01:16] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2661254-v2$
[18/05/2012 02:01:24] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2676562$
[24/06/2012 21:23:24] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2685939$
[18/05/2012 02:04:03] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2686509$
[03/08/2012 00:58:44] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2691442$
[18/05/2012 02:03:47] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2695962$
[03/08/2012 00:55:26] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2698365$
[15/08/2012 18:54:15] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2705219$
[03/08/2012 00:58:56] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2707511$
[24/06/2012 21:19:35] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2709162$
[15/08/2012 19:00:46] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2712808$
[03/08/2012 00:58:36] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2718523$
[04/06/2012 19:03:34] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2718704$
[03/08/2012 00:58:20] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2719985$
[15/08/2012 18:53:24] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2723135$
[11/10/2012 02:07:38] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2724197$
[15/08/2012 19:00:33] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2731847$
[12/09/2012 19:34:43] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2736233$
[11/10/2012 02:01:30] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2749655$
[11/10/2012 02:01:37] -- |HDC| -- C:\WINDOWS\$NtUninstallKB2756822$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB873333$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB873339$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB885250$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB885835$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB885836$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB886185$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB887472$
[03/07/2006 02:02:31] -- |HDC| -- C:\WINDOWS\$NtUninstallKB887742$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB888113$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB888302$
[03/07/2006 02:01:47] -- |HDC| -- C:\WINDOWS\$NtUninstallKB890046$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB890047$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB890175$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB890859$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB890923$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB891781$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB893066$
[24/12/2005 01:44:33] -- |HD| -- C:\WINDOWS\$NtUninstallKB893086$
[03/07/2006 02:02:52] -- |HDC| -- C:\WINDOWS\$NtUninstallKB893756$
[03/07/2006 02:00:37] -- |HDC| -- C:\WINDOWS\$NtUninstallKB894391$
[03/07/2006 02:02:27] -- |HDC| -- C:\WINDOWS\$NtUninstallKB896358$
[03/07/2006 02:03:13] -- |HDC| -- C:\WINDOWS\$NtUninstallKB896422$
[03/07/2006 02:02:40] -- |HDC| -- C:\WINDOWS\$NtUninstallKB896423$
[03/07/2006 02:02:57] -- |HDC| -- C:\WINDOWS\$NtUninstallKB896424$
[03/07/2006 02:00:46] -- |HDC| -- C:\WINDOWS\$NtUninstallKB896428$
[03/07/2006 02:02:19] -- |HDC| -- C:\WINDOWS\$NtUninstallKB898458$
[02/07/2006 11:41:41] -- |HDC| -- C:\WINDOWS\$NtUninstallKB898461$
[03/07/2006 02:03:17] -- |HDC| -- C:\WINDOWS\$NtUninstallKB899587$
[03/07/2006 02:03:01] -- |HDC| -- C:\WINDOWS\$NtUninstallKB899591$
[03/07/2006 02:02:37] -- |HDC| -- C:\WINDOWS\$NtUninstallKB900485$
[03/07/2006 02:01:27] -- |HDC| -- C:\WINDOWS\$NtUninstallKB900725$
[03/07/2006 02:03:05] -- |HDC| -- C:\WINDOWS\$NtUninstallKB901017$
[03/07/2006 02:01:16] -- |HDC| -- C:\WINDOWS\$NtUninstallKB901190$
[03/07/2006 02:01:32] -- |HDC| -- C:\WINDOWS\$NtUninstallKB901214$
[03/07/2006 02:01:53] -- |HDC| -- C:\WINDOWS\$NtUninstallKB902400$
[03/07/2006 02:01:19] -- |HDC| -- C:\WINDOWS\$NtUninstallKB904706$
[03/07/2006 02:01:39] -- |HDC| -- C:\WINDOWS\$NtUninstallKB905414$
[03/07/2006 02:01:06] -- |HDC| -- C:\WINDOWS\$NtUninstallKB905749$
[03/07/2006 02:00:33] -- |HDC| -- C:\WINDOWS\$NtUninstallKB908519$
[03/07/2006 02:01:10] -- |HDC| -- C:\WINDOWS\$NtUninstallKB908531$
[03/07/2006 02:02:23] -- |HDC| -- C:\WINDOWS\$NtUninstallKB910437$
[03/07/2006 02:02:48] -- |HDC| -- C:\WINDOWS\$NtUninstallKB911280$
[03/07/2006 02:02:44] -- |HDC| -- C:\WINDOWS\$NtUninstallKB911562$
[03/07/2006 02:02:15] -- |HDC| -- C:\WINDOWS\$NtUninstallKB911564$
[03/07/2006 02:00:42] -- |HDC| -- C:\WINDOWS\$NtUninstallKB911567$
[03/07/2006 02:03:09] -- |HDC| -- C:\WINDOWS\$NtUninstallKB911927$
[03/07/2006 02:01:23] -- |HDC| -- C:\WINDOWS\$NtUninstallKB912919$
[03/07/2006 02:00:50] -- |HDC| -- C:\WINDOWS\$NtUninstallKB913580$
[13/07/2006 02:00:29] -- |HDC| -- C:\WINDOWS\$NtUninstallKB914388$
[03/07/2006 02:00:27] -- |HDC| -- C:\WINDOWS\$NtUninstallKB914389$
[06/12/2006 13:17:40] -- |HDC| -- C:\WINDOWS\$NtUninstallKB915865$
[03/07/2006 02:00:56] -- |HDC| -- C:\WINDOWS\$NtUninstallKB916281$
[13/07/2006 02:00:23] -- |HDC| -- C:\WINDOWS\$NtUninstallKB916595$
[13/07/2006 02:00:33] -- |HDC| -- C:\WINDOWS\$NtUninstallKB917159$
[03/07/2006 02:01:43] -- |HDC| -- C:\WINDOWS\$NtUninstallKB917344$
[13/08/2006 00:00:10] -- |HDC| -- C:\WINDOWS\$NtUninstallKB917422$
[03/07/2006 02:03:26] -- |HDC| -- C:\WINDOWS\$NtUninstallKB917734_WMP10$
[03/07/2006 02:01:35] -- |HDC| -- C:\WINDOWS\$NtUninstallKB917953$
[19/02/2007 03:01:02] -- |HDC| -- C:\WINDOWS\$NtUninstallKB918118$
[03/07/2006 02:02:01] -- |HDC| -- C:\WINDOWS\$NtUninstallKB918439$
[13/08/2006 00:00:18] -- |HDC| -- C:\WINDOWS\$NtUninstallKB918899$
[15/11/2006 01:58:42] -- |HDC| -- C:\WINDOWS\$NtUninstallKB919007$
[19/11/2006 03:00:41] -- |HDC| -- C:\WINDOWS\$NtUninstallKB920213$
[13/08/2006 00:00:38] -- |HDC| -- C:\WINDOWS\$NtUninstallKB920214$
[13/08/2006 00:00:14] -- |HDC| -- C:\WINDOWS\$NtUninstallKB920670$
[13/08/2006 00:00:03] -- |HDC| -- C:\WINDOWS\$NtUninstallKB920683$
[15/11/2006 01:58:57] -- |HDC| -- C:\WINDOWS\$NtUninstallKB920685$
[15/11/2006 01:58:48] -- |HDC| -- C:\WINDOWS\$NtUninstallKB920872$
[13/08/2006 00:00:28] -- |HDC| -- C:\WINDOWS\$NtUninstallKB921398$
[07/09/2007 14:21:28] -- |HDC| -- C:\WINDOWS\$NtUninstallKB921503$
[08/08/2006 21:47:55] -- |HDC| -- C:\WINDOWS\$NtUninstallKB921883$
[15/11/2006 01:58:32] -- |HDC| -- C:\WINDOWS\$NtUninstallKB922582$
[13/08/2006 00:00:34] -- |HDC| -- C:\WINDOWS\$NtUninstallKB922616$
[19/11/2006 03:00:28] -- |HDC| -- C:\WINDOWS\$NtUninstallKB922760$
[15/11/2006 01:59:06] -- |HDC| -- C:\WINDOWS\$NtUninstallKB922819$
[15/11/2006 01:58:37] -- |HDC| -- C:\WINDOWS\$NtUninstallKB923191$
[15/11/2006 01:59:02] -- |HDC| -- C:\WINDOWS\$NtUninstallKB923414$
[17/04/2009 02:00:45] -- |HDC| -- C:\WINDOWS\$NtUninstallKB923561$
[14/12/2006 03:01:09] -- |HDC| -- C:\WINDOWS\$NtUninstallKB923689$
[14/12/2006 03:00:45] -- |HDC| -- C:\WINDOWS\$NtUninstallKB923694$
[19/02/2007 03:01:58] -- |HDC| -- C:\WINDOWS\$NtUninstallKB923723$
[19/11/2006 03:01:19] -- |HDC| -- C:\WINDOWS\$NtUninstallKB923980$
[15/11/2006 01:59:10] -- |HDC| -- C:\WINDOWS\$NtUninstallKB924191$
[19/11/2006 03:01:14] -- |HDC| -- C:\WINDOWS\$Nt
0
tophelillo Messages postés 41 Date d'inscription   Statut Membre Dernière intervention   1
 
non je dit n'imp...
0
Réponse 4 / 13
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Rapport incomplet néamoins

J'espère que tu as bien suivi la procédure et que tu n'as pas encore redémarré car tout n'est pas parti

Copie ce texte :

Key::
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[mscjm.exe]
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[mscj.exe]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Spyware Quake]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SpyQuake2.com]
[HKU\poupine_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[bnbnbu]

File|Fold::
C:\Documents and Settings\poupine\Application Data\MSA\mscjm.exe
C:\Documents and Settings\poupine\Application Data\MSA\mscj.exe
C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
C:\documents and settings\poupine\local settings\application data\bnbnbu.exe


Relance Pre_Scan clique sur Script, colle le rapport qui apparaitra
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
tophelillo Messages postés 41 Date d'inscription   Statut Membre Dernière intervention   1
 
j'ai bien suivi la procédure et le pc n'est pas éteint.

Il me dit d:\$Mft est endommagé et illisible ( est-ce important?)

J'ai deux rapport du scan effectuer avec le tuto de Macheword en texte: OTL.txt et Extras.txt ça t'intéresse?

Avant que je ne touche à quoique ce soit
0
Réponse 6 / 13
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Ouais envoie
0
Réponse 7 / 13
tophelillo Messages postés 41 Date d'inscription   Statut Membre Dernière intervention   1
 
Je te les mets en mp c'est trop gros
0
Réponse 8 / 13
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
...

2ème fois : héberge les fichiers

ils sont trop longs, y'a même pas 1/10ème du rapport là !
0
Réponse 9 / 13
tophelillo Messages postés 41 Date d'inscription   Statut Membre Dernière intervention   1
 
^^ pardon...

Extra.txt:
https://pjjoint.malekal.com/files.php?id=OTL_Extras_20121019_y11l13n6c11n8

OTL.txt
https://pjjoint.malekal.com/files.php?id=OTL_20121019_o15b11j8r1414
0
Réponse 10 / 13
tophelillo Messages postés 41 Date d'inscription   Statut Membre Dernière intervention   1
 
et le second rapport pre_scan:

https://pjjoint.malekal.com/files.php?id=20121019_p6l11m13l11m15

Ces messages d'erreur ce sont affiché à la fin du scan:

"L'ordinal 404 est introuvable dans la bibliotheque de liens dynamiques SHLWAPI.dll"

et

"Le point d'entrée de procédure I_NetNameValidate est introuvable dans la bibliotheque desliens dynamique NETAPI32.dll"
0
Réponse 11 / 13
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
oO

Attend y'a un truc que je pige pas, Pre_Scan détecte des choses qui sont pas détectées par OTL ???

Tu peux redémarrer normalement à ce stade ?
0
Réponse 12 / 13
tophelillo Messages postés 41 Date d'inscription   Statut Membre Dernière intervention   1
 
Salut désolé j'ai travaillé tout le week-end.

J'ai réussi à redémarrer.

Faut-il faire d'autres vérifications ou manipulations avant de mettre mon post en "résolu"?

Merci beaucoup pour tes réponses si réactives.
0
Réponse 13 / 13
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Bon si tu peux redémarrer en normal fait ça :

▶ Télécharge et installe Malwarebytes' Anti-Malware (MBAM).

▶ Exécute-le. Accepte la mise à jour.



Uniquement en cas de problème de mise à jour:

Télécharger mises à jour manuelles MBAM

● Exécute le fichier après l'installation de MBAM



▶ Sélectionne "Exécuter un examen complet"
▶ Clique sur "Rechercher"
▶ L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

▶ Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
▶ Ferme tes navigateurs.
▶ Si des malwares ont été détectés, clique sur Afficher les résultats.
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse : ferme le.

Si MBAM demande à redémarrer le pc : ▶ fais-le.

Au redémarrage, relance MBAM, onglet "Rapport/Logs", copie/colle celui qui correspond à l'analyse effectuée.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses