Virus Win32/Sirefef.gen!C

Airiin -
g3n-h@ckm@n Messages postés 14350 Statut Membre - 8 avr. 2013 à 11:02

Bonjour,
Je me suis rendus compte qu'un virus c'était installé sur mon ordinateur, ce serait un virus nommé Win32/Sirefef.gen!C
J'ai lu que ce virus pouvait être très dangereux.
Comment puis-je faire pour m'en débarrasser ?
Merci !

Afficher la suite

A voir également:

Virus Win32/Sirefef.gen!C
Virus mcafee - Accueil - Piratage
Virus facebook demande d'amis - Accueil - Facebook
Undisclosed-recipients virus - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
Virus informatique - Guide

3 réponses

Réponse 1 / 3

g3n-h@ckm@n Messages postés 14350 Statut Membre 948

salut

Attention !!! : Seuls ces liens sont officiels ne pas telecharger l'outil sur d'autres liens !!
Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous

tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail. Il y aura une extinction du bureau pendant le scan --> pas de panique.

Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....: https://forum.pcastuces.com/default.asp

telecharge et enregistre Pre_Scan sur ton bureau :

http://services.service-webmaster.fr/cpt-clics/clics-30453-6820.html (renommé winlogon)

ou , si le lien n'est pas fonctionnel :

http://www.archive-host.com (renommé winlogon)
http://www.security-helpzone.com/Tools/g3n/winlogon.exe (renommé winlogon)

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Scan|Kill"

si l'outil est bloqué par l'infection utilise cette version avec ces autres extensions :

http://www.security-helpzone.com/Tools/g3n/Pre_Scan.scr
http://www.security-helpzone.com/Tools/g3n/Pre_Scan.pif
http://www.security-helpzone.com/Tools/g3n/Pre_Scan.com

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut que des fenêtres noires clignotent , laisse-le travailler.

l'outil va envoyer sur un serveur les virus qu'il a mis en quarantaine afin que je puisse l'ameliorer et etudier ces infections plus en profondeur.

Laisse l'outil redemarrer ton pc.

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra à la racine de ton disque système ( généralement C:\ )

NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur https://www.cjoint.com/ puis donne le lien obtenu en echange sur le forum où tu te fais aider

Airiin

Avant de commencer la manipulation, est-ce que mes données sauvegardés risquent quelque chose ?

nestor

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0403 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 15:00:22

~ Update on 03/04/2013 | 13.00 by g3n-h@ckm@n
~ Evolution : http://www.security-helpzone.com/forum/Forum-Mises-%C3%A0-jour-Pre-Scan | http://sosvirus.org/viewforum.php?f=229
~ Pre_Script Infos : http://sosvirus.org/viewtopic.php?f=228&t=312 | http://www.security-helpzone.com/forum/Thread-Les-Switches
~ Pre_scan Feedbacks : http://sosvirus.org/viewforum.php?f=233 | http://www.security-helpzone.com/forum/Forum-Feedbacks-Pre-Scan

~ [Mado (Administrator)] - [MADO-F7C2635C92]
~ SID = S-1-5-21-1123561945-527237240-839522115-1003

~ System : Microsoft Windows XP (32 bits) Service Pack 2
~ ProcessorNameString : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
~ Identifier : x86 Family 6 Model 15 Stepping 13

~ Mémory RAM = Total (KB) : 1965230 | Free (KB) : 1524590
~ Pagefile = Total (KB) : 3904540 | Free (KB) : 3651620
~ Virtual = Total (KB) : 2097020 | Free (KB) : 2011670

¤¤¤¤¤¤¤¤¤¤ | Boot's scripts

¤¤¤¤¤¤¤¤¤¤ | Drives

c:\ -> [Fixed] | [] | Total : 145610 Mo | Free : 128330 Mo -> NTFS
f:\ -> [CDROM] | [SAMSUNG_LBP] | Total : 220 Mo | Free : 0 Mo -> CDFS

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

Next search : 2013-03-27 14:45:32

~ Service Pack 3 not installed !!!

¤¤¤¤¤¤¤¤¤¤ | Sessions

~ C:\WINDOWS\system32\config\systemprofile
~ C:\Documents and Settings\LocalService
~ C:\Documents and Settings\NetworkService
~ C:\Documents and Settings\Mado

New restorepoint created

¤¤¤¤¤¤¤¤¤¤ | stopped Processes

(1424) -- ati2evxx.exe
(1844) -- ati2evxx.exe
(332) -- spoolsv.exe
(1056) -- sm56hlpr.exe
(1064) -- RTHDCPL.exe
(1084) -- ASUSTPE.exe
(1092) -- HControl.exe
(1100) -- SSMMgr.exe
(1108) -- SweetIM.exe
(1136) -- ctfmon.exe
(1476) -- MOM.exe
(1988) -- IcoSauve.exe
(560) -- soffice.exe
(588) -- soffice.bin
(676) -- CCC.exe
(880) -- ATKOSD.exe
(1932) -- dmwu.exe
(1128) -- HelperService.exe
(656) -- ConversionService.exe
(204) -- TosBtSrv.exe
(2668) -- stij.exe
(3656) -- chrome.exe
(3336) -- chrome.exe
(2892) -- chrome.exe
(1332) -- chrome.exe
(1020) -- rundll32.exe
(3756) -- chrome.exe
(960) -- chrome.exe
(3576) -- explorer.exe
(5760) -- chrome.exe
(3024) -- chrome.exe
(5900) -- chrome.exe
(4492) -- chrome.exe
(684) -- chrome.exe
(3416) -- chrome.exe
(6076) -- chrome.exe
(5124) -- chrome.exe
(4684) -- chrome.exe

¤¤¤¤¤¤¤¤¤¤ | Running processes

Boot : Normal

[MD5.70A9BCEA4D3B3B4773F9A871F5FEEF57] - [19/08/2004 18:10:03] - 440 | C:\WINDOWS\System32\smss.exe (.Microsoft Corporation - Gestionnaire de session Windows NT.) - (5.1.2600.2180) -> \SystemRoot\System32\smss.exe [50688 Ko]
[MD5.1707FC2BF42EE4BC0C58AF1A604B3934] - [19/08/2004 18:10:05] - 1156 | C:\WINDOWS\system32\winlogon.exe (.Microsoft Corporation - Application d'ouverture de session Windows NT.) - (5.1.2600.2180) -> winlogon.exe [506368 Ko]
[MD5.63DCDE1A0D86EEB8924D6738FF616EAD] - [19/08/2004 18:10:03] - 1200 | C:\WINDOWS\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (5.1.2600.2180) -> C:\WINDOWS\system32\services.exe [108544 Ko]
[MD5.259AF82A0932EEA4F316F92DB94707B6] - [19/08/2004 18:09:55] - 1212 | C:\WINDOWS\system32\lsass.exe (.Microsoft Corporation - LSA Shell (Export Version).) - (5.1.2600.2180) -> C:\WINDOWS\system32\lsass.exe [13312 Ko]
[MD5.2979B03D5382A602623C0535B16AB9C0] - [19/08/2004 18:10:03] - 1448 | C:\WINDOWS\system32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.2180) -> C:\WINDOWS\system32\svchost -k DcomLaunch [14336 Ko]
[MD5.2979B03D5382A602623C0535B16AB9C0] - [19/08/2004 18:10:03] - 1596 | C:\WINDOWS\System32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.2180) -> C:\WINDOWS\System32\svchost.exe -k netsvcs [14336 Ko]
[MD5.2979B03D5382A602623C0535B16AB9C0] - [19/08/2004 18:10:03] - 276 | C:\WINDOWS\system32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.2180) -> C:\WINDOWS\system32\svchost.exe -k imgsvc [14336 Ko]
[MD5.41735B82DB57E4EBE9504EC400FD120E] - [06/04/2013 14:04:23] - 2224 | C:\Program Files\AVAST Software\Avast\AvastSvc.exe (.AVAST Software - avast! Service.) - (8.0.1483.72) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [45248 Ko]
[MD5.EB11385D353074882A69B7B2C993DE02] - [06/04/2013 14:04:23] - 2168 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (8.0.1483.72) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [4767304 Ko]
[MD5.734FEE1FCA408DA971C982E98814A240] - [06/04/2013 14:33:23] - 1320 | C:\Documents and Settings\Mado\Mes documents\Downloads\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.4.3) -> "C:\Documents and Settings\Mado\Mes documents\Downloads\winlogon.exe" [2427705 Ko]
[MD5.84F8BB3DED08453983546523C086F152] - [15/01/2013 00:17:03] - 4392 | C:\Pre_Scan\Process\Pre_Scan_Protect.exe (. - g3n-h@ckm@n.) - (3.0.2.14) -> "C:\Pre_Scan\Process\Pre_Scan_Protect.exe" [311107 Ko]

¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !

¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK !

Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | Associations

Repaired : [HKCR\InternetShortcut\shell\open\command] : rundll32.exe ieframe.dll,OpenURL %l -> "C:\WINDOWS\System32\rundll32.exe" "C:\WINDOWS\System32\ieframe.dll",OpenURL %l
Repaired : [HKCR\Application.Reference\shell\open\command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1 -> rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\Explorer.exe

¤

Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"

¤¤¤¤¤¤¤¤¤¤ | Registry

Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [HKU\S-1-5-21-1123561945-527237240-839522115-1003\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Start_ShowMyPics] : 2 -> 1
Repaired : [HKU\S-1-5-21-1123561945-527237240-839522115-1003\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Start_ShowMyDocs] : 2 -> 1
Repaired : [HKU\S-1-5-21-1123561945-527237240-839522115-1003\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Start_ShowMyComputer] : 2 -> 1
Repaired : [HKU\S-1-5-21-1123561945-527237240-839522115-1003\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Start_ShowControlPanel] : 2 -> 1
Repaired : [HKU\S-1-5-21-1123561945-527237240-839522115-1003\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 1 -> 0
Repaired : [HKU\S-1-5-21-1123561945-527237240-839522115-1003\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[DisallowCpl] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

Safeboot Keys are O.K

Alternate shell is OK !

¤

Repaired : [HKLM | Minimal\vds] : -> Service
Repaired : [HKLM | Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : -> Volume shadow copy

¤

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ | IFEO

Deleted : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\Your Image File Name Here without a path] : ntsd -d

¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 : OK !

Contenu de F:\Autorun.inf :

[autorun]
open = Setup.exe
ICON = Setup.exe

////////////////////////////////////////////////
//
// For Windows 9x USB Port Driver and
// Windws 9x/2000/XP Vender Setup
//
// Installer Version
////////////////////////////////////////////////
[INFOMATION]
VERSION =V3.00.50.01:04

MFG_0=Samsung
MDL_0=ML-1865W Series

DRIVER_NAME_0=Samsung ML-1865W Series

////////////////////////////////////////////////////////////////////////
// For Windows XP PnP . Set Printer to PCL
////////////////////////////////////////////////////////////////////////
[DeviceInstall]
DriverPath=PRINTER

¤¤¤¤¤¤¤¤¤¤ | Windows

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

Winsrv : OK !

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd

¤¤¤¤¤¤¤¤¤¤ | Security Center : OK !

¤¤¤¤¤¤¤¤¤¤ | Services Corrections

Service : WSCSVC : Restored
Service : WUAUSERV : Restored
Service : SHAREDACCESS : Restored

Repaired : [HKLM | Services\srService] : 4 -> 2
Repaired : [HKLM | Services\NVSvc] : 4 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Repaired : [HKU\S-1-5-21-1123561945-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : http://www.google.fr/ie -> http://www.google.com/
Repaired : [HKU\S-1-5-21-1123561945-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.fr/ -> http://www.google.com/
Repaired : [HKU\S-1-5-21-1123561945-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.google.fr -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[SearchAssistant] : http://www.google.fr/ie -> http://www.google.com/ie
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Local Page] : %SystemRoot%\system32\blank.htm -> C:\WINDOWS\system32\blank.htm

¤

Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\PhishingFilter]|[Enabled] : 0 -> 2

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\WINDOWS\System32\Drivers\etc\hosts : Cleaned

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

Deleted : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION] -> svchost.exe

Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc20.url
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc22.url
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc30.rtf#
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc5.rtf
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc29.rtf
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc100.pdf
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc33.pdf
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc175.pdf
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc39.ott
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc38.ott
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc160.ott
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc4.odt#
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc19.odt#
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc34.odt#
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc35.odt
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc99.odt
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc161.odt
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc40.odt
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc171.odt
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc108.odt
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc174.odt
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc173.odt
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc125.MTS
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc126.MTS
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc127.MTS
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc128.MTS
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc124.MTS
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc169.mp3
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc111.lnk
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc157.lnk
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc155.lnk
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc158.lnk
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc156.lnk
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc170.lnk
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc1.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc2.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc21.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc110.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc6.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc7.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc8.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc9.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc10.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc11.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc12.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc13.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc14.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc15.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc16.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc17.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc36.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc18.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc37.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc27.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc26.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc25.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc24.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc23.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc28.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc118.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc114.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc115.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc117.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc116.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc119.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc112.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc120.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc31.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc136.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc121.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc137.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc122.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc123.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc138.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc130.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc165.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc154.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc131.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc132.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc133.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc134.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc135.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc142.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc141.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc140.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc139.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc153.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc152.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc151.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc150.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc149.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc148.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc147.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc146.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc145.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc144.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc143.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc42.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc41.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc43.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc44.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc45.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc47.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc46.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc48.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc95.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc49.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc51.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc50.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc52.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc53.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc55.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc54.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc56.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc57.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc59.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc58.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc61.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc60.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc96.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc62.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc63.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc64.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc97.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc65.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc67.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc66.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc68.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc69.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc71.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc70.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc72.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc73.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc74.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc75.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc76.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc78.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc77.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc79.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc81.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc80.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc98.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc82.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc84.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc83.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc86.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc85.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc88.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc87.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc90.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc89.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc91.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc92.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc94.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc93.jpg
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc159.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc162.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc163.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc164.JPG
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\desktop.ini
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc3.doc
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc32.doc
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc168.doc
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc101.db
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc176.db
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc113.db
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc129.db
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc103
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc102
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc105
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc106
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc107
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc104
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc109
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc166
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc167
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\Dc172
Moved to quarantine successfully : C:\Recycler\S-1-5-21-1123561945-527237240-839522115-1003\INFO2

Deleted : [HKLM\Software\Microsoft\Active Setup\Installed Components\ccc-core-static] : msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
Deleted : [HKU\S-1-5-21-1123561945-527237240-839522115-1003\Software\Microsoft\Active Setup\Installed Components\ccc-core-static] : msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
Deleted : [HKLM\Software\Microsoft\Active Setup\Installed Components\Microsoft Base Smart Card Crypto Provider Package] : 1

Moved to quarantine successfully : C:\Documents and Settings\Mado\Local Settings\Application Data\fusioncache.dat
Moved to quarantine successfully : C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
Moved to quarantine successfully : C:\WINDOWS\assembly\tmp\

Prefetch -> Emptied

Suspect : C:\Documents and Settings\Mado\Application Data\PDF Pro 10\Standard.Settings
Suspect : C:\Documents and Settings\Mado\Application Data\vlc\vlcrc
Suspect : C:\WINDOWS\epplauncher.mif

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Program Files] : Hidden : 2 | Restored : 2
~ [Users] : Hidden : 2 | Restored : 2
~ [Desktop] : Hidden : 31 | Restored : 31
~ [Windows] : Hidden : 178 | Restored : 178

¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

Disk: 0 Size=153G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 1C-FAT32x 7.0G No Yes 2,048 14,336,000
1 1 07-NTFS 146G Yes No 14,346,045 298,214,595

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

End : 15:08:16

Pre_Scan_Protect.exe Stopped successfully !

¤¤¤¤¤¤¤¤¤¤ | Attempt to restart stopped

14:58:01 : ati2evxx.exe
14:58:01 : ati2evxx.exe
14:58:01 : spoolsv.exe
14:58:01 : RTHDCPL.exe
14:58:01 : SSMMgr.exe
14:58:01 : SweetIM.exe
14:58:01 : MOM.exe
14:58:01 : soffice.bin
14:58:01 : CCC.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:01 : chrome.exe
14:58:02 : ati2evxx.exe
14:58:02 : spoolsv.exe
14:58:02 : RTHDCPL.exe
14:58:02 : SweetIM.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:02 : chrome.exe
14:58:03 : ati2evxx.exe
14:58:03 : chrome.exe
14:58:03 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:04 : chrome.exe
14:58:08 : dmwu.exe
14:58:14 : dmwu.exe
14:58:19 : dmwu.exe
14:58:24 : dmwu.exe
14:58:30 : dmwu.exe
14:58:35 : dmwu.exe
14:58:40 : dmwu.exe
14:58:46 : dmwu.exe
14:58:51 : dmwu.exe
14:58:56 : dmwu.exe
14:59:02 : dmwu.exe
14:59:03 : spoolsv.exe
14:59:07 : dmwu.exe
14:59:12 : dmwu.exe
14:59:18 : dmwu.exe
14:59:23 : dmwu.exe
14:59:28 : dmwu.exe
14:59:34 : dmwu.exe
14:59:39 : dmwu.exe
14:59:44 : dmwu.exe
14:59:50 : dmwu.exe
14:59:55 : dmwu.exe
15:00:01 : dmwu.exe
15:00:04 : spoolsv.exe
15:00:06 : dmwu.exe
15:00:11 : dmwu.exe
15:00:17 : dmwu.exe
15:00:22 : dmwu.exe
15:00:27 : dmwu.exe
15:00:33 : dmwu.exe

~ Thx to C_XX , Slyk for their help for the evolution of the tool

¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 547

g3n-h@ckm@n Messages postés 14350 Statut Membre 948

bonjour merci d ouvrir ton propre sujet ,

Réponse 2 / 3

g3n-h@ckm@n Messages postés 14350 Statut Membre 948

aucune donnée ne sera supprimée

Airiin

J'ai commencé la manipulation mais ma barre Windows a disparus, est-ce normal ?
Désolé de poser tant de questions

g3n-h@ckm@n Messages postés 14350 Statut Membre 948

ben oui ca prouve que tu as cliqué sans lire avant....c'est ecrit

Airiin

Mes pages ont été fermez je n'ai plus aucunes barres depuis 5 minutes, combien de temps ça va durer ?

Réponse 3 / 3

g3n-h@ckm@n Messages postés 14350 Statut Membre 948

laisse tourner , arrête de stresser !

Airiin

Ca fait maintenant 2h ça m'angoisse ><

g3n-h@ckm@n Messages postés 14350 Statut Membre 948

soit ton pc est bien pourri , soit t'as 2 To de fichiers...

Airiin

Mon pc est pourrit et j'ai 2tonnes de fichiers, pour faire simple

g3n-h@ckm@n Messages postés 14350 Statut Membre 948

mdr ! avec ca........

Airiin

Je fais comment du coup, j'attends ?
Ou j'essaie de l'eteindre ?

Discussions similaires

Softonic,est-ce un virus ?

Problème avec "PUADIManager:Win32/OfferCore

Désinstaller Softonic

Message Apple virus !!

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne

Newsletters

Newsletters

Actu du jour

Voir un exemple