Sujet Précédent Sujet Suivant

Malware très embêtant, du style Baggle

Résolu/Fermé
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009 - 25 mars 2009 à 17:29
 Mehdi - 3 juin 2010 à 17:50
Bonjour,
J'ai eu un gros problème jeudi soir, après avoir accidentellement rencontrer le chemin d'un faux crack, Windows c'est eteind et il rédemarrait sans cesse. Le lendemain un ami m'a prêter son CD d'installation de Windows XP (c'est mon OS) puis j'ai réparer mon Windows.

J'ai réussi a chasser le trojan "RelevantKnowledge" mais j'ai toujours des problèmes, je ne peux pas accéder a tout les dossiers et périphériques en double-cliquant, il faut que j'aille sur explorer sinon j'ai des erreurs "RECYCLER/...".

Autrement mon ordinateur est lent, mon navigateur bug pas mal, j'ai des tâches suspectes genre "364215.exe" (le numero change tout le temps) et je n'ai pas de mode sans échec, ça ne fonctionne pas.

J'ai voulu installer un anti-virus: Application win32 non valide.

J'ai déjà essayer Combofix et 2 autres mais je ne peux pas les lancer même en les renommant avant le download..

Je ne souhaite pas vraiment formater, donc si vous avez une autre solution,

Merci à vous, Amicalement.
A voir également:

45 réponses

Précédent
Réponse 21 / 45
Utilisateur anonyme
25 mars 2009 à 21:03
ok , alors tu branchera ton tel tout a l heure ..

en attendant :

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.


* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

Tuto : https://sites.google.com/site/toolbarsd/aideenimages
info : https://forum.malekal.com/viewtopic.php?f=45&t=6173

0
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
25 mars 2009 à 21:07
Voilà,

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Thomas ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:17 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:2 Go (Free:0 Go)
G:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
H:\ (USB) - FAT32 - Total:3813 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 25/03/2009|21:06 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\ShoppingReport\Bin\2.5.0
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\---Yahoo.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\01net.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\1
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\1px_dark.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\1px_green.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\1px_white.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\a.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\amazon.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\an.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrowB.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrowT.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrow_down.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrow_red.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrow_red2.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrow_up.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\autofill.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\avstate.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\b.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\background2.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\bgmeteo_results.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\bg_pub.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\bg_ttl.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\bn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\btn_close.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\btn_minus.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\btn_moreforecast.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\c.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\canalblog.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\cn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\d.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\dictionary2.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\dn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\downfile
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\DownloadCOM.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\dropdown.css
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\f.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_argentine.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_australia.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_brazil.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_canada.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_china.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_france.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_germany.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_greece.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_hongkong.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_india.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_indonesia.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_italy.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_japan.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_korea.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_mexico.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_netherlands.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_spain.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_sweeden.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_taiwan.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_uk.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_usa.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\fn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\g.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\gaming.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\gn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\gograph.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred0.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred0_5.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred1.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred1_5.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred2.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred2_5.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred3.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred3_5.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred4.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred4_5.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred5.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\help.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\hideremove.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\highlight.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\hn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_aquarius.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_aries.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_cancer.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_capricorn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_gemini.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_leo.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_libra.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_pisces.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_sagittarius.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_scorpio.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_taurus.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_virgo.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\i.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\IEtab1_7b.zip
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\in.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\ipsearch.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\j.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\jn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\k.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\kn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\l.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\ln.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\loading.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\login.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\logo.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\n.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\New York_NY_weather.txt
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\New York_NY_weather.txt91965171
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\new02.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\NewCfg
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\news.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\news.html
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\nn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\o.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\on.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\p.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\pestscanimg.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\pixsy.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\pn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\popup_off.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\popup_on.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\popup_ona.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\p_yahoo.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\q.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\qn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\r.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\relatedlinks.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\report.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rss.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rss.xsl
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rss1.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rsslib.js
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rssmenu1_6a.zip
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\s.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\security.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\Sinfo.txt
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\siteinfo.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\slider.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\sn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\spacer.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\stars-red1.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\stars-red2.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\stars-red3.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\stars-red4.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\stars-red5.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\storage.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\t.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tabdata.js
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tablib.js
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tabwelcome_en.html
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tabwelcome_fr.html
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tab_icon.png
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\technorati.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\thes_search.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\Thumbs.db
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tools.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\translate.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\u.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\un.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\userbadsites.txt
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\utf8.js
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\v.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\vmlib.js
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\vmntoolbartb1500.cfg
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\vn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\w.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\web.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\wikipedia.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\wn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\x.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\xp_close_small.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\yahoo.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\yahoo_search.gif
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\YouTube.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\z.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\zn.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\zoom.bmp
C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\1\rsscenter.xml
C:\Program Files\VMNToolbar
C:\Program Files\VMNToolbar\install.ico
C:\Program Files\VMNToolbar\toolbar.ini
C:\Program Files\VMNToolbar\uninstall.exe
C:\Program Files\VMNToolbar\vmntoolbar.dll
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(SARAH2704) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Thomas) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Thomas) - {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} => tamperdata
(Thomas) - {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} => chrome.manifest


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.sfr.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Thomas\Application Data\LimeWire\.AppSpecialShare\[PC]POSTAL.2.SHARE.THE.PAIN.+.APOCALYPSE.WEEKEND.+.CRACK.+.PATCH.&.CHEAT.by.DARK.SHADOW.zip.torrent
C:\DOCUME~1\Thomas\Application Data\uTorrent\antivirus nod32_ 2.7 FRENCH + crack.zip.torrent
C:\DOCUME~1\Thomas\Application Data\uTorrent\Windows XP SP2 Pro & Home Activation Crack.torrent
C:\DOCUME~1\Thomas\Mes documents\Keygen
C:\DOCUME~1\Thomas\Mes documents\AUTRE\antivirus nod32_ 2.7 FRENCH + crack.zip
C:\DOCUME~1\Thomas\Mes documents\AUTRE\eDonkey.2000.Pro.v1.4.5.Multilangages.Incl-Crack.rar
C:\DOCUME~1\Thomas\Mes documents\AUTRE\ImTOO.PSP.Video.Converter.2.1.59.Build-0206b-KeyGen_CiM.zip
C:\DOCUME~1\Thomas\Mes documents\AUTRE\NeoTrace_v3.25_(WWW.CRACK-LOCATOR.ORG).zip
C:\DOCUME~1\Thomas\Mes documents\AUTRE\Programme - Alcohol 120% 1.9.5.2802 fr + crack.rar
C:\DOCUME~1\Thomas\Mes documents\AUTRE\Windows_XP_SP1_Keygen.zip
C:\DOCUME~1\Thomas\Mes documents\Downloads\Windows XP SP2 Pro & Home Activation Crack
C:\DOCUME~1\Thomas\Mes documents\Downloads\Windows XP SP2 Pro & Home Activation Crack\readme.txt
C:\DOCUME~1\Thomas\Mes documents\Downloads\Windows XP SP2 Pro & Home Activation Crack\Win XP SP2 Activator.exe
C:\DOCUME~1\Thomas\Mes documents\GTA San Andreas User Files\GTA4 crack+Mini Image by piix hakwara.rar
C:\DOCUME~1\Thomas\Mes documents\Jeu\Unreal_Tournament_2004_Online_Play_Enabler_Crack.zip
C:\DOCUME~1\Thomas\Mes documents\Jeu\Jeux\Code de la route\Simulateur\Crack
C:\DOCUME~1\Thomas\Mes documents\Jeu\Jeux\Code de la route\Simulateur\Crack\Simulator.eXe
C:\DOCUME~1\Thomas\Mes documents\Jeu\Jeux\Code de la route\Simulateur\Crack\winsimulator.eXe
C:\DOCUME~1\Thomas\Mes documents\Keygen\FFF - EA Games Multikg.xm
C:\DOCUME~1\Thomas\Mes documents\Keygen\FFF - Font Creator 5.0.0.237.63crk.xm
C:\DOCUME~1\Thomas\Mes documents\Keygen\FFF - HiDownload4.4kg.xm
C:\DOCUME~1\Thomas\Mes documents\Keygen\FFF - NetLimiter Pro 2.0.9.1crk.MOD
C:\DOCUME~1\Thomas\Mes documents\Keygen\FFF-Doom3trn.rar
C:\DOCUME~1\Thomas\Mes documents\Keygen\Ftp Expert v3.80.2 Fr Jino22 Incl Keygen.rar
C:\DOCUME~1\Thomas\Mes documents\Keygen\packmay08.7z
C:\DOCUME~1\Thomas\Mes documents\Ma musique\Mon Crack Feat Iron Sy And Lino.mp3
C:\DOCUME~1\Thomas\Mes documents\OMG\Autodesk.3ds.Max.2009(32&64).Keygen.rar
C:\DOCUME~1\Thomas\Mes documents\OMG\Colin McRae Rally 2005 Crack No-DVD CD-Key.par.eMule-Paradise.com.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\Crack NoDVD Colin McRae Rally 2005.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\Google.Earth.Pro.Original.2008.+.Crack by Bey.rar
C:\DOCUME~1\Thomas\Mes documents\OMG\Unreal Tournament 2004 - Crack & Keygen.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\Winrar v3.71 Fr Keygen For Windows Xp & Vista.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\WinRAR.v3.70.FR.Incl-Crack.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\[Apps] WinZip 9.0 Fr + WinRar 3.42 Fr + WinAce 2.55 Fr + QuickZip 2.22 Fr + Cracks.zip
C:\DOCUME~1\Thomas\Recent\Windows XP SP2 Pro & Home Activation Crack.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 25/03/2009|21:07 - Option : [1]

-----------\\ Fin du rapport a 21:07:18,57
0
Réponse 22 / 45
Utilisateur anonyme
25 mars 2009 à 21:11
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
0
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
25 mars 2009 à 21:19
Voila,

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Thomas ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:17 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:2 Go (Free:0 Go)
G:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 25/03/2009|21:12 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\ShoppingReport\Bin
Supprime! - C:\Program Files\ShoppingReport\Uninst.exe
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\---Yahoo.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\01net.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\1
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\1px_dark.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\1px_green.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\1px_white.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\a.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\amazon.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\an.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrowB.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrowT.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrow_down.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrow_red.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrow_red2.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\arrow_up.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\autofill.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\avstate.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\b.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\background2.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\bgmeteo_results.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\bg_pub.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\bg_ttl.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\bn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\btn_close.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\btn_minus.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\btn_moreforecast.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\c.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\canalblog.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\cn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\d.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\dictionary2.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\dn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\downfile
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\DownloadCOM.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\dropdown.css
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\f.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_argentine.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_australia.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_brazil.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_canada.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_china.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_france.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_germany.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_greece.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_hongkong.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_india.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_indonesia.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_italy.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_japan.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_korea.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_mexico.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_netherlands.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_spain.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_sweeden.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_taiwan.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_uk.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\flag_usa.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\fn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\g.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\gaming.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\gn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\gograph.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred0.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred0_5.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred1.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred1_5.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred2.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred2_5.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred3.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred3_5.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred4.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred4_5.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\graphred5.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\help.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\hideremove.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\highlight.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\hn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_aquarius.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_aries.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_cancer.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_capricorn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_gemini.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_leo.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_libra.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_pisces.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_sagittarius.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_scorpio.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_taurus.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\h_virgo.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\i.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\IEtab1_7b.zip
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\in.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\ipsearch.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\j.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\jn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\k.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\kn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\l.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\ln.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\loading.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\login.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\logo.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\n.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\New York_NY_weather.txt
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\New York_NY_weather.txt91965171
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\new02.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\NewCfg
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\news.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\news.html
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\nn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\o.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\on.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\p.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\pestscanimg.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\pixsy.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\pn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\popup_off.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\popup_on.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\popup_ona.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\p_yahoo.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\q.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\qn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\r.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\relatedlinks.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\report.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rss.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rss.xsl
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rss1.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rsslib.js
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\rssmenu1_6a.zip
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\s.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\security.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\Sinfo.txt
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\siteinfo.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\slider.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\sn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\spacer.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\stars-red1.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\stars-red2.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\stars-red3.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\stars-red4.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\stars-red5.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\storage.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\t.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tabdata.js
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tablib.js
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tabwelcome_en.html
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tabwelcome_fr.html
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tab_icon.png
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\technorati.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\thes_search.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\Thumbs.db
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\tools.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\translate.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\u.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\un.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\userbadsites.txt
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\utf8.js
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\v.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\vmlib.js
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\vmntoolbartb1500.cfg
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\vn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\w.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\web.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\wikipedia.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\wn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\x.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\xp_close_small.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\yahoo.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\yahoo_search.gif
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\YouTube.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\z.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\zn.bmp
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar\zoom.bmp
Supprime! - C:\Program Files\VMNToolbar\install.ico
Supprime! - C:\Program Files\VMNToolbar\toolbar.ini
Supprime! - C:\Program Files\VMNToolbar\uninstall.exe
Supprime! - C:\Program Files\VMNToolbar\vmntoolbar.dll
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\ShoppingReport
Supprime! - C:\DOCUME~1\Thomas\APPLIC~1\VMNToolbar
Supprime! - C:\Program Files\VMNToolbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(SARAH2704) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Thomas) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Thomas) - {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} => tamperdata
(Thomas) - {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} => chrome.manifest


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.sfr.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Thomas\Application Data\LimeWire\.AppSpecialShare\[PC]POSTAL.2.SHARE.THE.PAIN.+.APOCALYPSE.WEEKEND.+.CRACK.+.PATCH.&.CHEAT.by.DARK.SHADOW.zip.torrent
C:\DOCUME~1\Thomas\Application Data\uTorrent\antivirus nod32_ 2.7 FRENCH + crack.zip.torrent
C:\DOCUME~1\Thomas\Application Data\uTorrent\Windows XP SP2 Pro & Home Activation Crack.torrent
C:\DOCUME~1\Thomas\Mes documents\Keygen
C:\DOCUME~1\Thomas\Mes documents\AUTRE\antivirus nod32_ 2.7 FRENCH + crack.zip
C:\DOCUME~1\Thomas\Mes documents\AUTRE\eDonkey.2000.Pro.v1.4.5.Multilangages.Incl-Crack.rar
C:\DOCUME~1\Thomas\Mes documents\AUTRE\ImTOO.PSP.Video.Converter.2.1.59.Build-0206b-KeyGen_CiM.zip
C:\DOCUME~1\Thomas\Mes documents\AUTRE\NeoTrace_v3.25_(WWW.CRACK-LOCATOR.ORG).zip
C:\DOCUME~1\Thomas\Mes documents\AUTRE\Programme - Alcohol 120% 1.9.5.2802 fr + crack.rar
C:\DOCUME~1\Thomas\Mes documents\AUTRE\Windows_XP_SP1_Keygen.zip
C:\DOCUME~1\Thomas\Mes documents\Downloads\Windows XP SP2 Pro & Home Activation Crack
C:\DOCUME~1\Thomas\Mes documents\Downloads\Windows XP SP2 Pro & Home Activation Crack\readme.txt
C:\DOCUME~1\Thomas\Mes documents\Downloads\Windows XP SP2 Pro & Home Activation Crack\Win XP SP2 Activator.exe
C:\DOCUME~1\Thomas\Mes documents\GTA San Andreas User Files\GTA4 crack+Mini Image by piix hakwara.rar
C:\DOCUME~1\Thomas\Mes documents\Jeu\Unreal_Tournament_2004_Online_Play_Enabler_Crack.zip
C:\DOCUME~1\Thomas\Mes documents\Jeu\Jeux\Code de la route\Simulateur\Crack
C:\DOCUME~1\Thomas\Mes documents\Jeu\Jeux\Code de la route\Simulateur\Crack\Simulator.eXe
C:\DOCUME~1\Thomas\Mes documents\Jeu\Jeux\Code de la route\Simulateur\Crack\winsimulator.eXe
C:\DOCUME~1\Thomas\Mes documents\Keygen\FFF - EA Games Multikg.xm
C:\DOCUME~1\Thomas\Mes documents\Keygen\FFF - Font Creator 5.0.0.237.63crk.xm
C:\DOCUME~1\Thomas\Mes documents\Keygen\FFF - HiDownload4.4kg.xm
C:\DOCUME~1\Thomas\Mes documents\Keygen\FFF - NetLimiter Pro 2.0.9.1crk.MOD
C:\DOCUME~1\Thomas\Mes documents\Keygen\FFF-Doom3trn.rar
C:\DOCUME~1\Thomas\Mes documents\Keygen\Ftp Expert v3.80.2 Fr Jino22 Incl Keygen.rar
C:\DOCUME~1\Thomas\Mes documents\Keygen\packmay08.7z
C:\DOCUME~1\Thomas\Mes documents\Ma musique\Mon Crack Feat Iron Sy And Lino.mp3
C:\DOCUME~1\Thomas\Mes documents\OMG\Autodesk.3ds.Max.2009(32&64).Keygen.rar
C:\DOCUME~1\Thomas\Mes documents\OMG\Colin McRae Rally 2005 Crack No-DVD CD-Key.par.eMule-Paradise.com.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\Crack NoDVD Colin McRae Rally 2005.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\Google.Earth.Pro.Original.2008.+.Crack by Bey.rar
C:\DOCUME~1\Thomas\Mes documents\OMG\Unreal Tournament 2004 - Crack & Keygen.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\Winrar v3.71 Fr Keygen For Windows Xp & Vista.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\WinRAR.v3.70.FR.Incl-Crack.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\[Apps] WinZip 9.0 Fr + WinRar 3.42 Fr + WinAce 2.55 Fr + QuickZip 2.22 Fr + Cracks.zip
C:\DOCUME~1\Thomas\Recent\Windows XP SP2 Pro & Home Activation Crack.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 25/03/2009|21:07 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/03/2009|21:18 - Option : [2]

-----------\\ Fin du rapport a 21:18:37,18
0
Réponse 23 / 45
Utilisateur anonyme
25 mars 2009 à 21:24
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :



:processes
explorer.exe
services.exe

:files
C:\autorun.inf
H:\autorun.inf
C:\RECYCLER\S-6-6-86-100022539-100031327-100020875-7038.com
H:\RECYCLER\S-6-6-86-100022539-100031327-100020875-7038.com
C:\WINDOWS\system32\nsbA8.tmp
C:\WINDOWS\system32\nsi9E.tmp
C:\WINDOWS\system32\nsc9C.tmp
C:\WINDOWS\system32\nsl9A.tmp
C:\WINDOWS\system32\nsu96.tmp
C:\WINDOWS\system32\nsp94.tmp
C:\WINDOWS\system32\nsf98.tmp
C:\WINDOWS\system32\nsy90.tmp
C:\WINDOWS\system32\nsy8E.tmp
C:\WINDOWS\system32\nse92.tmp
C:\WINDOWS\system32\nsw8A.tmp
C:\WINDOWS\system32\nss8C.tmp
C:\WINDOWS\system32\nsl88.tmp
C:\WINDOWS\system32\nsf86.tmp
C:\WINDOWS\system32\nsf84.tmp
C:\WINDOWS\system32\nsu82.tmp
C:\WINDOWS\system32\nst7E.tmp
C:\WINDOWS\system32\nso80.tmp
C:\WINDOWS\system32\nsi7C.tmp
C:\WINDOWS\system32\nsc7A.tmp
C:\WINDOWS\system32\nsm78.tmp
C:\WINDOWS\system32\nsb76.tmp
C:\WINDOWS\system32\nsc74.tmp
C:\WINDOWS\system32\nsy72.tmp
C:\WINDOWS\system32\nsh6C.tmp
C:\WINDOWS\system32\nsd70.tmp
C:\WINDOWS\nsm6E.tmp
C:\WINDOWS\system32\nsp64.tmp
C:\WINDOWS\system32\nsb6A.tmp
C:\WINDOWS\system32\nsb68.tmp
C:\WINDOWS\system32\nsa66.tmp
C:\WINDOWS\system32\nst5C.tmp
C:\WINDOWS\system32\nsk62.tmp
C:\WINDOWS\system32\nse5E.tmp
C:\WINDOWS\nse60.tmp
C:\WINDOWS\system32\nsy5A.tmp
C:\WINDOWS\system32\nsx56.tmp
C:\WINDOWS\system32\nsx54.tmp
C:\WINDOWS\system32\nsi58.tmp
C:\WINDOWS\system32\nsl50.tmp
C:\WINDOWS\system32\nsb52.tmp
C:\WINDOWS\system32\nsv4E.tmp
C:\WINDOWS\system32\nsk4C.tmp
C:\WINDOWS\system32\nsj4A.tmp
C:\WINDOWS\system32\nsx44.tmp
C:\WINDOWS\system32\nss46.tmp
C:\WINDOWS\system32\nso48.tmp
C:\WINDOWS\system32\nsw40.tmp
C:\WINDOWS\system32\nsr3E.tmp
C:\WINDOWS\system32\nsq3C.tmp
C:\WINDOWS\system32\nsc42.tmp
C:\WINDOWS\system32\nsb3A.tmp
C:\WINDOWS\system32\nsp36.tmp
C:\WINDOWS\system32\nsf38.tmp
C:\WINDOWS\system32\nss34.tmp
C:\WINDOWS\nst32.tmp
C:\WINDOWS\system32\nsr30.tmp
C:\WINDOWS\system32\nsq2C.tmp
C:\WINDOWS\system32\nsk2A.tmp
C:\WINDOWS\system32\nsg2E.tmp
C:\WINDOWS\system32\nsz26.tmp
C:\WINDOWS\system32\nsz24.tmp
C:\WINDOWS\system32\nso22.tmp
C:\WINDOWS\system32\nso20.tmp
C:\WINDOWS\system32\nsf28.tmp
C:\WINDOWS\system32\nsh1C.tmp
C:\WINDOWS\system32\nsd1E.tmp
C:\program files\relevantknowledge\rlvknlg.exe
C:\Program Files\Video Add-on
C:\PROGRA~1\ALWILS~1
c:\program files\steam
C:\program files\relevantknowledge
C:\WINDOWS\tmp174658218.bat
C:\Program Files\ImTOO
C:\DOCUME~1\Thomas\Application Data\LimeWire\.AppSpecialShare\[PC]POSTAL.2.SHARE.THE.PAIN.+.APOCALYPSE.WEEKEND.+.CRACK.+.PATCH.&.CHEAT.by.DARK.SHADOW.zip.torrent
C:\DOCUME~1\Thomas\Application Data\uTorrent\antivirus nod32_ 2.7 FRENCH + crack.zip.torrent
C:\DOCUME~1\Thomas\Application Data\uTorrent\Windows XP SP2 Pro & Home Activation Crack.torrent
C:\DOCUME~1\Thomas\Mes documents\Keygen
C:\DOCUME~1\Thomas\Mes documents\AUTRE\antivirus nod32_ 2.7 FRENCH + crack.zip
C:\DOCUME~1\Thomas\Mes documents\AUTRE\eDonkey.2000.Pro.v1.4.5.Multilangages.Incl-Crack.rar
C:\DOCUME~1\Thomas\Mes documents\AUTRE\ImTOO.PSP.Video.Converter.2.1.59.Build-0206b-KeyGen_CiM.zip
C:\DOCUME~1\Thomas\Mes documents\AUTRE\NeoTrace_v3.25_(WWW.CRACK-LOCATOR.ORG).zip
C:\DOCUME~1\Thomas\Mes documents\AUTRE\Programme - Alcohol 120% 1.9.5.2802 fr + crack.rar
C:\DOCUME~1\Thomas\Mes documents\AUTRE\Windows_XP_SP1_Keygen.zip
C:\DOCUME~1\Thomas\Mes documents\Downloads\Windows XP SP2 Pro & Home Activation Crack
C:\DOCUME~1\Thomas\Mes documents\GTA San Andreas User Files\GTA4 crack+Mini Image by piix hakwara.rar
C:\DOCUME~1\Thomas\Mes documents\Jeu\Unreal_Tournament_2004_Online_Play_Enabler_Crack.zip
C:\DOCUME~1\Thomas\Mes documents\Jeu\Jeux\Code de la route\Simulateur\Crack
C:\DOCUME~1\Thomas\Mes documents\Keygen
C:\DOCUME~1\Thomas\Mes documents\OMG\Autodesk.3ds.Max.2009(32&64).Keygen.rar
C:\DOCUME~1\Thomas\Mes documents\OMG\Colin McRae Rally 2005 Crack No-DVD CD-Key.par.eMule-Paradise.com.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\Crack NoDVD Colin McRae Rally 2005.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\Google.Earth.Pro.Original.2008.+.Crack by Bey.rar
C:\DOCUME~1\Thomas\Mes documents\OMG\Unreal Tournament 2004 - Crack & Keygen.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\Winrar v3.71 Fr Keygen For Windows Xp & Vista.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\WinRAR.v3.70.FR.Incl-Crack.zip
C:\DOCUME~1\Thomas\Mes documents\OMG\[Apps] WinZip 9.0 Fr + WinRar 3.42 Fr + WinAce 2.55 Fr + QuickZip 2.22 Fr + Cracks.zip
C:\DOCUME~1\Thomas\Recent\Windows XP SP2 Pro & Home Activation Crack.lnk

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"some"=-
"start"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e260f0f6-c619-11dd-90e8-00110941980b}]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]




---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 24 / 45
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
25 mars 2009 à 21:31
Voila,

========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: services.exe
========== FILES ==========
File/Folder C:\autorun.inf not found.
File/Folder H:\autorun.inf not found.
File/Folder C:\RECYCLER\S-6-6-86-100022539-100031327-100020875-7038.com not found.
File/Folder H:\RECYCLER\S-6-6-86-100022539-100031327-100020875-7038.com not found.
C:\WINDOWS\system32\nsbA8.tmp moved successfully.
C:\WINDOWS\system32\nsi9E.tmp moved successfully.
C:\WINDOWS\system32\nsc9C.tmp moved successfully.
C:\WINDOWS\system32\nsl9A.tmp moved successfully.
C:\WINDOWS\system32\nsu96.tmp moved successfully.
C:\WINDOWS\system32\nsp94.tmp moved successfully.
C:\WINDOWS\system32\nsf98.tmp moved successfully.
C:\WINDOWS\system32\nsy90.tmp moved successfully.
C:\WINDOWS\system32\nsy8E.tmp moved successfully.
C:\WINDOWS\system32\nse92.tmp moved successfully.
C:\WINDOWS\system32\nsw8A.tmp moved successfully.
C:\WINDOWS\system32\nss8C.tmp moved successfully.
C:\WINDOWS\system32\nsl88.tmp moved successfully.
C:\WINDOWS\system32\nsf86.tmp moved successfully.
C:\WINDOWS\system32\nsf84.tmp moved successfully.
C:\WINDOWS\system32\nsu82.tmp moved successfully.
C:\WINDOWS\system32\nst7E.tmp moved successfully.
C:\WINDOWS\system32\nso80.tmp moved successfully.
C:\WINDOWS\system32\nsi7C.tmp moved successfully.
C:\WINDOWS\system32\nsc7A.tmp moved successfully.
C:\WINDOWS\system32\nsm78.tmp moved successfully.
C:\WINDOWS\system32\nsb76.tmp moved successfully.
C:\WINDOWS\system32\nsc74.tmp moved successfully.
C:\WINDOWS\system32\nsy72.tmp moved successfully.
C:\WINDOWS\system32\nsh6C.tmp moved successfully.
C:\WINDOWS\system32\nsd70.tmp moved successfully.
C:\WINDOWS\nsm6E.tmp moved successfully.
C:\WINDOWS\system32\nsp64.tmp moved successfully.
C:\WINDOWS\system32\nsb6A.tmp moved successfully.
C:\WINDOWS\system32\nsb68.tmp moved successfully.
C:\WINDOWS\system32\nsa66.tmp moved successfully.
C:\WINDOWS\system32\nst5C.tmp moved successfully.
C:\WINDOWS\system32\nsk62.tmp moved successfully.
C:\WINDOWS\system32\nse5E.tmp moved successfully.
C:\WINDOWS\nse60.tmp moved successfully.
C:\WINDOWS\system32\nsy5A.tmp moved successfully.
C:\WINDOWS\system32\nsx56.tmp moved successfully.
C:\WINDOWS\system32\nsx54.tmp moved successfully.
C:\WINDOWS\system32\nsi58.tmp moved successfully.
C:\WINDOWS\system32\nsl50.tmp moved successfully.
C:\WINDOWS\system32\nsb52.tmp moved successfully.
C:\WINDOWS\system32\nsv4E.tmp moved successfully.
C:\WINDOWS\system32\nsk4C.tmp moved successfully.
C:\WINDOWS\system32\nsj4A.tmp moved successfully.
C:\WINDOWS\system32\nsx44.tmp moved successfully.
C:\WINDOWS\system32\nss46.tmp moved successfully.
C:\WINDOWS\system32\nso48.tmp moved successfully.
C:\WINDOWS\system32\nsw40.tmp moved successfully.
C:\WINDOWS\system32\nsr3E.tmp moved successfully.
C:\WINDOWS\system32\nsq3C.tmp moved successfully.
C:\WINDOWS\system32\nsc42.tmp moved successfully.
C:\WINDOWS\system32\nsb3A.tmp moved successfully.
C:\WINDOWS\system32\nsp36.tmp moved successfully.
C:\WINDOWS\system32\nsf38.tmp moved successfully.
C:\WINDOWS\system32\nss34.tmp moved successfully.
C:\WINDOWS\nst32.tmp moved successfully.
C:\WINDOWS\system32\nsr30.tmp moved successfully.
C:\WINDOWS\system32\nsq2C.tmp moved successfully.
C:\WINDOWS\system32\nsk2A.tmp moved successfully.
C:\WINDOWS\system32\nsg2E.tmp moved successfully.
C:\WINDOWS\system32\nsz26.tmp moved successfully.
C:\WINDOWS\system32\nsz24.tmp moved successfully.
C:\WINDOWS\system32\nso22.tmp moved successfully.
C:\WINDOWS\system32\nso20.tmp moved successfully.
C:\WINDOWS\system32\nsf28.tmp moved successfully.
C:\WINDOWS\system32\nsh1C.tmp moved successfully.
C:\WINDOWS\system32\nsd1E.tmp moved successfully.
File/Folder C:\program files\relevantknowledge\rlvknlg.exe not found.
File/Folder C:\Program Files\Video Add-on not found.
C:\PROGRA~1\Alwil Software\Avast4 moved successfully.
C:\PROGRA~1\Alwil Software moved successfully.
c:\program files\Steam\SteamApps\SourceMods moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\platform\config moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\platform moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\patches moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\hl2\resource moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\hl2\media moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\hl2\cfg moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\hl2 moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\[WS]Sounds moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\ukcs moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\soundlist\les-rescapes moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\soundlist moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\say sounds moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\quake\female moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\quake moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\packet moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\misc moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\gungame moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\bandage moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\admin_plugin\actions moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound\admin_plugin moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\sound moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\screenshots moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\SAVE moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\resource\maphtml moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\resource moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\media moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\materials\temp moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\materials\mapDesc moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\materials\decals\custom\mani_admin_plugin moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\materials\decals\custom moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\materials\decals moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\materials moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\maps\soundcache moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\maps\graphs moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\maps moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\downloads moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\cfg moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\cache moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod\bin moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\dod moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\bin\tools moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source\bin moved successfully.
c:\program files\Steam\SteamApps\love_rock\day of defeat source moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\platform\config moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\platform moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\hl2\resource moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\hl2\cfg moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\hl2 moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike_french\materials\VGUI\logos\UI moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike_french\materials\VGUI\logos moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike_french\materials\VGUI moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike_french\materials moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike_french\cfg moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike_french moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\xlteam_net\connect moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\xlteam_net moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\soundlist\ghost974 moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\soundlist moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\sexyquakesound moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\quakechatsource moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\quake\tmih moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\quake\sex moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\quake\female moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\quake moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\nlfunsource moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\gungame\default moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\gungame moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\ges moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\dep\actions moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\dep moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\copsound moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\connectsounds moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\c4_fr moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\anticamp moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\admin_plugin\slippers moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\admin_plugin\doozersound moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\admin_plugin\actions moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound\admin_plugin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\sound moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\SAVE moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\resource moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\lduke\admintv1 moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\lduke\adminctv1 moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\lduke moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\ics\t_leet_admin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\ics\t_guerilla_admin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\ics\t_arctic_admin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\ics\skull_admin_v2 moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\ics\ct_sas_admin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\ics\admin_t_fixed moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\ics\admin_ct_fixed moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player\ics moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models\player moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\models moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\temp moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\lduke\admintv1 moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\lduke\adminctv1 moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\lduke moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\ics\t_leet_admin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\ics\t_guerilla_admin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\ics\t_arctic_admin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\ics\skull_admin_v2 moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\ics\ct_sas_admin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\ics\admin_t_fixed moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\ics\admin_ct_fixed moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player\ics moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models\player moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\models moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\decals\custom\mani_admin_plugin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\decals\custom moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials\decals moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\materials moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\maps\soundcache moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\maps moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\downloads moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\DownloadLists moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cstrike\sound\radio moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cstrike\sound\hostage moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cstrike\sound moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cstrike\maps moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cstrike\manual moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cstrike\gfx\shell moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cstrike\gfx moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cstrike\classes moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cstrike moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cfg moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\cache moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike\bin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\cstrike moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source\bin moved successfully.
c:\program files\Steam\SteamApps\love_rock\counter-strike source moved successfully.
c:\program files\Steam\SteamApps\love_rock moved successfully.
c:\program files\Steam\SteamApps\common\valvetestapp9810 moved successfully.
c:\program files\Steam\SteamApps\common\tom clancys endwar moved successfully.
c:\program files\Steam\SteamApps\common\quake 3 arena moved successfully.
c:\program files\Steam\SteamApps\common\prince of persia moved successfully.
c:\program files\Steam\SteamApps\common\fallout 3 moved successfully.
c:\program files\Steam\SteamApps\common\empire total war moved successfully.
c:\program files\Steam\SteamApps\common\defensegridtheawakening moved successfully.
c:\program files\Steam\SteamApps\common moved successfully.
c:\program files\Steam\SteamApps moved successfully.
c:\program files\Steam\steam\games moved successfully.
c:\program files\Steam\steam moved successfully.
c:\program files\Steam\skins\Flat - Sand\Steam\cached moved successfully.
c:\program files\Steam\skins\Flat - Sand\Steam moved successfully.
c:\program files\Steam\skins\Flat - Sand\Servers moved successfully.
c:\program files\Steam\skins\Flat - Sand\Resource moved successfully.
c:\program files\Steam\skins\Flat - Sand\Graphics moved successfully.
c:\program files\Steam\skins\Flat - Sand\Friends moved successfully.
c:\program files\Steam\skins\Flat - Sand moved successfully.
c:\program files\Steam\skins\Flat - Obsidian\Steam\cached moved successfully.
c:\program files\Steam\skins\Flat - Obsidian\Steam moved successfully.
c:\program files\Steam\skins\Flat - Obsidian\Servers moved successfully.
c:\program files\Steam\skins\Flat - Obsidian\Resource moved successfully.
c:\program files\Steam\skins\Flat - Obsidian\Graphics moved successfully.
c:\program files\Steam\skins\Flat - Obsidian\Friends moved successfully.
c:\program files\Steam\skins\Flat - Obsidian moved successfully.
c:\program files\Steam\skins\Flat - Ice\Steam\cached moved successfully.
c:\program files\Steam\skins\Flat - Ice\Steam moved successfully.
c:\program files\Steam\skins\Flat - Ice\Servers moved successfully.
c:\program files\Steam\skins\Flat - Ice\Resource moved successfully.
c:\program files\Steam\skins\Flat - Ice\Graphics moved successfully.
c:\program files\Steam\skins\Flat - Ice\Friends moved successfully.
c:\program files\Steam\skins\Flat - Ice moved successfully.
c:\program files\Steam\skins\Flat - Grey\Steam\cached moved successfully.
c:\program files\Steam\skins\Flat - Grey\Steam moved successfully.
c:\program files\Steam\skins\Flat - Grey\Servers moved successfully.
c:\program files\Steam\skins\Flat - Grey\Resource moved successfully.
c:\program files\Steam\skins\Flat - Grey\Graphics moved successfully.
c:\program files\Steam\skins\Flat - Grey\Friends moved successfully.
c:\program files\Steam\skins\Flat - Grey moved successfully.
c:\program files\Steam\skins\Dark Messiah\Steam\cached moved successfully.
c:\program files\Steam\skins\Dark Messiah\Steam moved successfully.
c:\program files\Steam\skins\Dark Messiah\Servers moved successfully.
c:\program files\Steam\skins\Dark Messiah\Resource\Borders moved successfully.
c:\program files\Steam\skins\Dark Messiah\Resource moved successfully.
c:\program files\Steam\skins\Dark Messiah\Friends moved successfully.
c:\program files\Steam\skins\Dark Messiah moved successfully.
c:\program files\Steam\skins moved successfully.
c:\program files\Steam\servers moved successfully.
c:\program files\Steam\resource\borders moved successfully.
c:\program files\Steam\resource moved successfully.
c:\program files\Steam\Public moved successfully.
c:\program files\Steam\logs moved successfully.
c:\program files\Steam\Graphics moved successfully.
c:\program files\Steam\friends moved successfully.
c:\program files\Steam\config moved successfully.
c:\program files\Steam\bin\shaders moved successfully.
c:\program files\Steam\bin moved successfully.
c:\program files\Steam\appcache\stats moved successfully.
c:\program files\Steam\appcache moved successfully.
c:\program files\Steam moved successfully.
File/Folder C:\program files\relevantknowledge not found.
C:\WINDOWS\tmp174658218.bat moved successfully.
C:\Program Files\ImTOO\PSP Video Converter 3\skin\Default moved successfully.
C:\Program Files\ImTOO\PSP Video Converter 3\skin moved successfully.
C:\Program Files\ImTOO\PSP Video Converter 3\psp-video-manager\skin\Default moved successfully.
C:\Program Files\ImTOO\PSP Video Converter 3\psp-video-manager\skin moved successfully.
C:\Program Files\ImTOO\PSP Video Converter 3\psp-video-manager moved successfully.
C:\Program Files\ImTOO\PSP Video Converter 3\profile moved successfully.
C:\Program Files\ImTOO\PSP Video Converter 3\plugin moved successfully.
C:\Program Files\ImTOO\PSP Video Converter 3\lang moved successfully.
C:\Program Files\ImTOO\PSP Video Converter 3 moved successfully.
C:\Program Files\ImTOO moved successfully.
C:\DOCUME~1\Thomas\Application Data\LimeWire\.AppSpecialShare\[PC]POSTAL.2.SHARE.THE.PAIN.+.APOCALYPSE.WEEKEND.+.CRACK.+.PATCH.&.CHEAT.by.DARK.SHADOW.zip.torrent moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\some deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\start deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast! deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e260f0f6-c619-11dd-90e8-00110941980b}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Thomas\LOCALS~1\Temp\etilqs_eXeUWYBZnrFe4kirLRp2 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7bc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\orajj9by.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\orajj9by.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\orajj9by.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\orajj9by.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\orajj9by.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\orajj9by.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03252009_212832

J'ai fais exprès de ne pas sélectionner mes fichiers car ils ne sont pas infectés.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
Utilisateur anonyme
25 mars 2009 à 21:35
J'ai fais exprès de ne pas sélectionner mes fichiers car ils ne sont pas infectés

Si tu le dis ... infection bagle + detournement de Dns .. etc .. , c est comme tu veux

Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Ensuite :

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install.
L'outil sera extrait à la racine du lecteur système (généralement le C:\)..

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
Il est possible que l'outil demande un redémarrage en mode Sans Échec en début de routine, si une infection particulière est détectée; valide et tapote la touche F8 au redémarrage pour accéder aux options de démarrage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

TUTO : https://www.malekal.com/slenfbot-still-an-other-irc-bot/
__________________

Si SDfix ne se lance pas (ça arrive!)

* Démarrer->Exécuter
* Copie/colle ceci dans la fenêtre :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe


* Clique sur ok, et valide.
* Redémarre et essaye de nouveau de lancer SDfix.
0
Réponse 26 / 45
Mehdi
3 juin 2010 à 17:50
Je sais que c'est très embêtant pour toi, mais, il faut formater tout. Car c'est le seul moyen le plus sûr, sans risque, et facile.
Car ça m'est déjà arrivé la même chose, sauf que le vilain cheval de Troie qui s'est installé dans mon ordinateur, m'a désinstallé avast!, google Chrome, a bloqué mon parefeu, et supprimé toutes les mises à jour.


Information : Le cheval de Troie = Win32MalwareGen
0
Réponse 27 / 45
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
25 mars 2009 à 22:14
Voila,

Toolscleaner:

[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\SmitFraudFix.exe: trouvé !
C:\VundoFix.txt: trouvé !
C:\egd.txt: trouvé !
C:\Navipromo.txt: trouvé !
C:\TB.txt: trouvé !
C:\OTMoveIt3.exe: trouvé !
C:\SDFIX: trouvé !
C:\Vundofix backups: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\BFU\EGDACCESS.bfu: trouvé !
C:\Documents and Settings\Thomas\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Thomas\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Thomas\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Thomas\Mes documents\FindyKill: trouvé !
C:\Documents and Settings\Thomas\Mes documents\AUTRE\EGDACCESS.bfu: trouvé !
C:\Documents and Settings\Thomas\Mes documents\AUTRE\Gmer.zip: trouvé !
C:\Documents and Settings\Thomas\Mes documents\AUTRE\Bfu.exe: trouvé !
C:\Documents and Settings\Thomas\Mes documents\AUTRE\vundoFix.exe: trouvé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\SmitFraudFix.exe: supprimé !
C:\BFU\EGDACCESS.bfu: supprimé !
C:\Documents and Settings\Thomas\Bureau\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\Thomas\Bureau\ToolBarSD.exe: supprimé !
C:\Documents and Settings\Thomas\Mes documents\AUTRE\EGDACCESS.bfu: supprimé !
C:\Documents and Settings\Thomas\Mes documents\AUTRE\Gmer.zip: supprimé !
C:\Documents and Settings\Thomas\Mes documents\AUTRE\Bfu.exe: supprimé !
C:\Documents and Settings\Thomas\Mes documents\AUTRE\vundoFix.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\VundoFix.txt: supprimé !
C:\egd.txt: supprimé !
C:\Navipromo.txt: supprimé !
C:\TB.txt: supprimé !
C:\OTMoveIt3.exe: supprimé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Vundofix backups: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\Thomas\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\Thomas\Mes documents\FindyKill: supprimé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: supprimé !




SDfix:


[b]SDFix: Version 1.240 /b
Run by Thomas on 25/03/2009 at 22:00

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files /b:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\EWLH.DLL - Deleted
C:\WINDOWS\Config\csrss.exe - Deleted
C:\WINDOWS\system32\kr_done1 - Deleted





Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 22:12:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Thomas\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Call"
"c:\\program files\\relevantknowledge\\rlvknlg.exe"="c:\\program files\\relevantknowledge\\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files /b:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:


[b]Finished!/b
-1
Réponse 28 / 45
Utilisateur anonyme
25 mars 2009 à 22:19
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-1
Réponse 29 / 45
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
25 mars 2009 à 22:45
Voila,

ComboFix 09-03-23.01 - Thomas 2009-03-25 22:35:08.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.767.578 [GMT 1:00]
Lancé depuis: c:\documents and settings\Thomas\Mes documents\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Thomas\Thomas.exe
c:\recycler\S-4-3-29-100032439-100013389-100006072-6216.com
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\gaopdxbfalkrviqxumexmkpyvibnetirsbpfmq.sys
c:\windows\system32\drivers\gaopdxcbvxvkosiecuhlnnlsbsiemurwbfpdfq.sys
c:\windows\system32\drivers\gaopdxfibtsufvjnaakrmfxeoommfqlsqaavos.sys
c:\windows\system32\drivers\gaopdxkntlvvrjnckndmkjfgpsdmmbbufwbmil.sys
c:\windows\system32\drivers\gaopdxsmbivamrqhesiswbeavxepxurubwxlvd.sys
c:\windows\system32\drivers\gaopdxxujruyfqadpakcxbitqlvfbwuiqxfmvv.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxfwkvebwlwoikprrmthyqxqquyiyvgovx.dll
c:\windows\system32\gaopdxxnqxheycpyrevfassyarioexnqwmqppt.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-25 au 2009-03-25 ))))))))))))))))))))))))))))))))))))
.

2009-03-25 21:44 . 2009-03-25 22:12 <REP> d-------- C:\SDFix
2009-03-25 20:49 . 2009-03-25 20:49 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 20:49 . 2009-03-25 20:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-25 20:49 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 20:49 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-25 20:48 . 2009-03-25 20:49 2,876,720 --a------ C:\mbam-setup.exe
2009-03-25 19:51 . 2009-03-25 21:42 <REP> d-------- c:\program files\trend micro
2009-03-24 18:27 . 2009-03-24 18:27 <REP> d-------- c:\documents and settings\Thomas\Application Data\ImTOO Software Studio
2009-03-22 12:35 . 2009-03-22 12:35 157 --a------ c:\windows\system32\temp_0000_85-19.aok
2009-03-22 11:43 . 2009-03-22 20:08 200 --a------ c:\windows\system32\test.aok
2009-03-22 11:40 . 2009-03-22 11:41 <REP> d-------- c:\program files\Ultra Mobile 3GP Video Converter
2009-03-22 11:40 . 2002-10-05 07:04 921,600 --a------ c:\windows\system32\vorbisenc.dll
2009-03-22 11:40 . 2004-01-11 08:02 258,048 --a------ c:\windows\system32\GplMpgDec.ax
2009-03-22 11:40 . 2002-10-07 02:42 237,568 --a------ c:\windows\system32\OggDS.dll
2009-03-22 11:40 . 2002-10-05 07:04 188,416 --a------ c:\windows\system32\vorbis.dll
2009-03-22 11:40 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll
2009-03-22 11:40 . 2002-10-05 07:04 45,056 --a------ c:\windows\system32\ogg.dll
2009-03-22 11:40 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll
2009-03-20 23:01 . 2009-03-20 23:03 1,896 --a------ c:\windows\BricoPackFoldersDelete.cmd
2009-03-20 20:34 . 2004-08-05 13:00 131,584 --a--c--- c:\windows\system32\dllcache\pmxviceo.dll
2009-03-20 20:33 . 2004-08-05 13:00 563,712 --a--c--- c:\windows\system32\dllcache\fxsst.dll
2009-03-20 20:32 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2009-03-20 20:28 . 2009-03-20 20:28 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-03-20 20:27 . 2009-03-20 20:27 749 -rah----- c:\windows\WindowsShell.Manifest
2009-03-20 20:27 . 2009-03-20 20:27 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-20 20:27 . 2009-03-20 20:27 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-03-20 20:27 . 2009-03-20 20:27 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-03-20 20:18 . 2001-08-17 20:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2009-03-20 20:07 . 2004-08-05 13:00 1,897,552 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2009-03-20 19:32 . 2009-03-20 19:32 <REP> d-------- c:\windows\Provisioning
2009-03-20 19:32 . 2009-03-20 21:04 <REP> d-------- c:\windows\PeerNet
2009-03-20 18:55 . 2001-08-17 21:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys
2009-03-20 18:53 . 2004-08-03 22:41 1,309,184 --a------ c:\windows\system32\drivers\mtlstrm.sys
2009-03-20 18:53 . 2004-08-03 22:41 404,990 --a------ c:\windows\system32\drivers\slntamr.sys
2009-03-20 18:53 . 2004-08-04 00:54 286,792 --a------ c:\windows\system32\slextspk.dll
2009-03-20 18:53 . 2004-08-04 00:54 188,508 --a------ c:\windows\system32\SLGen.dll
2009-03-20 18:53 . 2004-08-03 22:41 180,360 --a------ c:\windows\system32\drivers\ntmtlfax.sys
2009-03-20 18:53 . 2004-08-03 22:41 126,686 --a------ c:\windows\system32\drivers\mtlmnt5.sys
2009-03-20 18:53 . 2004-08-03 22:41 95,424 --a------ c:\windows\system32\drivers\slnthal.sys
2009-03-20 18:53 . 2004-08-04 00:54 73,832 --a------ c:\windows\system32\slcoinst.dll
2009-03-20 18:53 . 2004-08-04 00:55 73,796 --a------ c:\windows\system32\slserv.exe
2009-03-20 18:53 . 2004-08-04 00:55 32,866 --a------ c:\windows\system32\slrundll.exe
2009-03-20 18:53 . 2004-08-03 22:41 13,776 --a------ c:\windows\system32\drivers\RecAgent.sys
2009-03-20 18:53 . 2004-08-03 22:41 13,240 --a------ c:\windows\system32\drivers\slwdmsup.sys
2009-03-20 18:43 . 2004-08-05 13:00 79,360 --a------ c:\windows\system32\winar30.ime
2009-03-20 18:43 . 2004-08-05 13:00 79,360 --a--c--- c:\windows\system32\dllcache\winar30.ime
2009-03-20 18:43 . 2004-08-05 13:00 77,824 --a------ c:\windows\system32\quick.ime
2009-03-20 18:43 . 2004-08-05 13:00 77,824 --a--c--- c:\windows\system32\dllcache\quick.ime
2009-03-20 18:43 . 2004-08-05 13:00 65,536 --a------ c:\windows\system32\winime.ime
2009-03-20 18:43 . 2004-08-05 13:00 65,536 --a--c--- c:\windows\system32\dllcache\winime.ime
2009-03-20 18:43 . 2004-08-05 13:00 65,024 --a------ c:\windows\system32\unicdime.ime
2009-03-20 18:43 . 2004-08-05 13:00 65,024 --a--c--- c:\windows\system32\dllcache\unicdime.ime
2009-03-20 18:43 . 2004-08-05 13:00 15,872 --a--c--- c:\windows\system32\dllcache\padrs404.dll
2009-03-20 18:43 . 2004-08-05 13:00 11,776 --a------ c:\windows\system32\miniime.tpl
2009-03-20 18:41 . 2004-08-05 13:00 1,086,058 -ra------ c:\windows\SETB4.tmp
2009-03-20 18:41 . 2004-08-05 13:00 1,014,836 -ra------ c:\windows\SETB3.tmp
2009-03-20 18:41 . 2004-08-05 13:00 14,043 -ra------ c:\windows\SETC0.tmp
2009-03-20 18:41 . 2004-08-05 13:00 7,334 --a--c--- c:\windows\system32\dllcache\wmerrenu.cat
2009-03-19 19:24 . 2009-03-19 19:24 <REP> d-------- c:\program files\PlayMe
2009-03-19 19:24 . 2009-03-19 19:24 163,840 --a------ c:\windows\system32\nvtpm32.dll
2009-03-19 19:24 . 2009-03-19 19:24 97,280 --a------ c:\windows\system32\azton.mt
2009-03-19 19:24 . 2009-03-19 19:24 64,512 --a------ c:\windows\system32\ewf3.pxf
2009-03-19 19:24 . 2009-03-19 19:24 32,768 --a------ c:\windows\system32\fe3.wa
2009-03-19 18:41 . 2009-03-19 18:41 <REP> d-------- c:\program files\MIKSOFT
2009-03-18 14:02 . 2009-03-18 14:02 <REP> d-------- c:\program files\MIDITracker
2009-03-17 22:07 . 2009-03-17 22:07 <REP> d-------- c:\program files\Common Files
2009-03-17 22:01 . 2009-03-17 22:02 <REP> d-------- c:\program files\XeroBank
2009-03-17 21:12 . 2009-03-17 21:12 <REP> d-------- c:\documents and settings\Thomas\Application Data\Sites prédéfinis
2009-03-17 21:11 . 2009-03-17 21:11 <REP> d-------- c:\program files\Visicom Media
2009-03-17 21:11 . 2009-03-17 21:12 <REP> d-------- c:\documents and settings\Thomas\Application Data\Dynamique
2009-03-17 21:05 . 2009-03-17 21:06 <REP> d-------- c:\program files\Kamzy FTP
2009-03-17 21:05 . 2005-04-05 06:51 24,576 --a------ c:\windows\system32\KzLib.dll
2009-03-15 11:38 . 2009-03-20 19:15 325,405 --a------ c:\windows\setupapi.old
2009-03-13 23:11 . 2009-03-13 23:11 <REP> d-------- c:\program files\KC Softwares
2009-03-07 19:38 . 2009-03-07 19:38 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2009-03-07 12:24 . 2009-03-07 12:26 <REP> d-------- c:\program files\Simulateur de conduite 3D
2009-03-06 20:39 . 2009-03-06 20:44 <REP> d-------- c:\program files\SystemRequirementsLab
2009-03-06 20:39 . 2009-03-06 20:39 <REP> d-------- c:\documents and settings\Thomas\Application Data\SystemRequirementsLab
2009-03-05 13:27 . 2009-03-05 13:27 <REP> d-------- c:\program files\Teamspeak2_RC2
2009-03-01 21:36 . 2009-03-02 00:45 <REP> d-------- c:\program files\Privoxy
2009-03-01 21:00 . 2009-03-01 21:02 <REP> d-------- c:\program files\JAP
2009-03-01 21:00 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2009-03-01 21:00 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-03-01 21:00 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-03-01 21:00 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2009-03-01 21:00 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2009-03-01 21:00 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2009-03-01 21:00 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2009-03-01 21:00 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll
2009-03-01 21:00 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2009-03-01 21:00 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2009-03-01 21:00 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2009-03-01 21:00 . 2007-10-22 03:37 17,928 --a------ c:\windows\system32\X3DAudio1_2.dll
2009-03-01 21:00 . 2007-03-05 12:42 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2009-03-01 20:02 . 2009-03-01 20:02 <REP> d-------- c:\windows\Logs
2009-02-26 21:57 . 2009-02-26 21:57 <REP> d-------- c:\program files\Ghost Navigator

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 21:18 --------- d-----w c:\documents and settings\Thomas\Application Data\Skype
2009-03-25 20:50 --------- d-----w c:\program files\ESET
2009-03-25 15:35 --------- d-----w c:\documents and settings\Thomas\Application Data\skypePM
2009-03-24 18:16 --------- d-----w c:\documents and settings\Thomas\Application Data\uTorrent
2009-03-23 17:24 --------- d-----w c:\documents and settings\Thomas\Application Data\dvdcss
2009-03-22 10:05 --------- d-----w c:\program files\eMule
2009-03-21 14:37 --------- d-----w c:\program files\RACE 07 Offline
2009-03-21 07:36 --------- d-----w c:\program files\Hijackthis Version Française
2009-03-20 22:03 47,661 ----a-w c:\windows\BricoPackUninst.cmd
2009-03-20 22:03 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-03-20 20:02 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-20 20:02 --------- d-----w c:\program files\Java
2009-03-17 17:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 17:15 --------- d-----w c:\program files\TvAnts
2009-03-08 16:47 --------- d-----w c:\program files\Rockstar Games
2009-03-07 21:52 --------- d-----w c:\documents and settings\Thomas\Application Data\teamspeak2
2009-03-06 18:38 --------- d-----w c:\program files\MTA San Andreas
2009-03-06 17:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-05 12:26 --------- d-----w c:\program files\mIRC
2009-03-05 12:26 --------- d-----w c:\documents and settings\Thomas\Application Data\mIRC
2009-03-05 08:49 --------- d-----w c:\program files\Electronic Arts
2009-02-24 09:15 --------- d-----w c:\program files\Codemasters
2009-02-22 23:15 --------- d-----w c:\program files\SIW
2009-02-21 19:34 --------- d-----w c:\program files\utorrent
2009-02-19 22:34 --------- d-----w c:\program files\CCleaner
2009-02-16 16:45 --------- d-----w c:\documents and settings\Thomas\Application Data\Desktopicon
2009-02-14 23:50 --------- d-----w c:\documents and settings\Thomas\Application Data\StarOffice8
2009-02-09 20:56 --------- d-----w c:\program files\GIMP-2.0
2009-02-09 20:51 --------- d-----w c:\documents and settings\Thomas\Application Data\gtk-2.0
2009-02-09 20:44 --------- d-----w c:\program files\ImageMagick-6.4.9-Q16
2009-02-09 20:38 --------- d-----w c:\program files\PhotoFiltre
2009-02-08 18:33 --------- d-----w c:\program files\VDOWNLOADER
2009-02-08 15:20 --------- d-----w c:\program files\Avanquest update
2009-02-06 06:22 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2009-02-06 06:10 --------- d-----w c:\program files\MSN Messenger
2009-02-06 06:10 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-05 19:46 --------- d-----w c:\program files\Tencent
2009-01-31 23:40 --------- d-----w c:\program files\Globe7
2009-01-31 22:14 --------- d-----w c:\documents and settings\Thomas\Application Data\Globe7
2009-01-31 21:27 --------- d-----w c:\program files\Skype
2009-01-31 21:27 --------- d-----w c:\program files\Fichiers communs\Skype
2009-01-31 21:27 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-01-27 04:02 481,367 ----a-w C:\JabbaDDOS.exe
2007-07-07 13:57 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
1996-07-29 10:11 733,296 ----a-w c:\documents and settings\Thomas\OPENGL32.DLL
1996-07-29 10:09 139,712 ----a-w c:\documents and settings\Thomas\GLU32.DLL
.

------- Sigcheck -------

2004-08-05 13:00 1220096 de43b7f2d8b37ca03f7794bb7f3275f7 c:\windows\system32\wininet.dll
2004-08-05 13:00 1220096 de43b7f2d8b37ca03f7794bb7f3275f7 c:\windows\system32\dllcache\wininet.dll

2004-08-05 13:00 1884672 90e794c5d2d368686fe71b4a0354462c c:\windows\explorer.exe
2004-08-05 13:00 1884672 90e794c5d2d368686fe71b4a0354462c c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-24 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-05 44544]

c:\documents and settings\Thomas\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2005-06-21 122880]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-29 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 jklvd;jklvd;c:\windows\system32\drivers\jklvd.sys [2008-12-28 155136]
R0 jklvd1;jklvd1;c:\windows\system32\drivers\jklvd1.sys [2008-12-28 5248]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [2007-07-30 48928]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 SPF4;Sunbelt Personal Firewall 4; [x]
S3 cpuz131;cpuz131;\??\c:\docume~1\Thomas\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Thomas\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-14 13352]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2007-07-21 163328]
S3 UsbSagCom;Mobile Device Full USB Driver;c:\windows\system32\drivers\UsbSagCom.sys [2007-06-29 51712]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
mWindow Title =
uInternet Settings,ProxyServer = 127.0.0.1:8088
uInternet Settings,ProxyOverride = <local>
IE: &Download FLV by WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.79\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.79\MediaManager\grab.html
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Ghost Navigator\Ghost
IE: {{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\WinAVI FLV Converter\FLVTune.dll
Trusted Zone: pogo.fr\www
Trusted Zone: slutload.com\www
FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\orajj9by.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 22:40:13
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system.ini 326 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-484763869-854245398-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-484763869-854245398-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:70,e5,f3,3b,f0,b2,f6,e7,c0,a5,d7,51,78,ef,27,10,27,ae,43,50,56,b1,02,
d1,ce,56,13,85,92,0d,09,0c,f3,fe,f2,cf,bb,a5,04,bc,ce,6f,42,8f,e9,da,70,3f,\
"??"=hex:d1,57,84,6b,5e,be,68,ba,c4,d6,80,90,25,4b,9b,14

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
Heure de fin: 2009-03-25 22:44:57
ComboFix-quarantined-files.txt 2009-03-25 21:44:56

Avant-CF: 27,249,377,280 octets libres
Après-CF: 27,539,496,960 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect

287 --- E O F --- 2007-07-27 15:12:31
-1
Réponse 30 / 45
Utilisateur anonyme
25 mars 2009 à 22:53
Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : c:\windows\system.ini


Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.
-1
Réponse 31 / 45
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
25 mars 2009 à 22:58
Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.03.25 -
AhnLab-V3 5.0.0.2 2009.03.25 -
AntiVir 7.9.0.126 2009.03.25 -
Antiy-AVL 2.0.3.1 2009.03.25 -
Authentium 5.1.2.4 2009.03.25 -
Avast 4.8.1335.0 2009.03.25 -
AVG 8.5.0.283 2009.03.25 -
BitDefender 7.2 2009.03.25 -
CAT-QuickHeal 10.00 2009.03.25 -
ClamAV 0.94.1 2009.03.25 -
Comodo 1084 2009.03.25 -
DrWeb 4.44.0.09170 2009.03.25 -
eSafe 7.0.17.0 2009.03.25 -
eTrust-Vet 31.6.6417 2009.03.25 -
F-Prot 4.4.4.56 2009.03.25 -
F-Secure 8.0.14470.0 2009.03.25 -
Fortinet 3.117.0.0 2009.03.25 -
GData 19 2009.03.25 -
Ikarus T3.1.1.48.0 2009.03.25 -
K7AntiVirus 7.10.680 2009.03.24 -
Kaspersky 7.0.0.125 2009.03.25 -
McAfee 5564 2009.03.25 -
McAfee+Artemis 5564 2009.03.25 -
McAfee-GW-Edition 6.7.6 2009.03.25 -
Microsoft 1.4502 2009.03.25 -
NOD32 3963 2009.03.25 -
Norman 6.00.06 2009.03.25 -
nProtect 2009.1.8.0 2009.03.25 -
Panda 10.0.0.10 2009.03.25 -
PCTools 4.4.2.0 2009.03.25 -
Prevx1 V2 2009.03.25 -
Rising 21.22.21.00 2009.03.25 -
Sophos 4.39.0 2009.03.25 -
Sunbelt 3.2.1858.2 2009.03.25 -
Symantec 1.4.4.12 2009.03.25 -
TheHacker 6.3.3.6.291 2009.03.25 -
TrendMicro 8.700.0.1004 2009.03.25 -
VBA32 3.12.10.1 2009.03.24 -
ViRobot 2009.3.25.1663 2009.03.25 -
VirusBuster 4.6.5.0 2009.03.25 -

Information additionnelle

File size: 326 bytes
MD5...: c91f93744826bdf8945c887b16371308
SHA1..: 6d8ab55150ee579af30483f1ffcd537dfd5af7bb
SHA256: 5a1b4337e6645ad33dc94b3a354d22d88cea7545dd2ab80eeb8c6ad1da50e999
SHA512: 44aeea6639c76deb845880745a9641a2bac3566d1b2e14021c804296029fe5f3
854eaee8e6efee835f5c5781af0f79e36fe6fb4e16944ccdfb3ffe8a60b26453
ssdeep: 6:aQ44VvYbie0xTHFlMsqQPMK+H5/hqQS2gV4voVnOfH9YfxCmfjN:F4YvYwHLMZ
u+H6QS2g+j/CkC
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
RDS...: NSRL Reference Data Set
-
-1
Réponse 32 / 45
Utilisateur anonyme
25 mars 2009 à 23:12
g besoin du rapport complet ..
-1
Réponse 33 / 45
Utilisateur anonyme
25 mars 2009 à 23:25
désolé , ton rapport est complet ,


tu veux bien réinstaller malewarebytes et scanner , puis poster le rapport stp
-1
Réponse 34 / 45
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
25 mars 2009 à 23:28
J'ai pas pu lancer malwarebytes tout a l'heure, tu m'as dit on va faire autrement.
En tout cas mon PC a l'air d'etre bien,plu de pubs, plu de ralentissements...
Vu l'heure, je pense que si ça te dérange pas on met ça de coter, tu m'as déjà très bien aider, je sais pas ce que j'aurai fait sans toi je te remercie beaucoup !
-1
Réponse 35 / 45
Utilisateur anonyme
25 mars 2009 à 23:30
ok @+
-1
Réponse 36 / 45
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
25 mars 2009 à 23:31
++
-1
Réponse 37 / 45
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
26 mars 2009 à 17:59
Bonjour,

Est-ce qu'il reste a faire quelque chose pour finaliser le travail déjà entamé ?
-1
Réponse 38 / 45
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
27 mars 2009 à 00:19
Bonjour,

J'ai de nouveaux des problèmes,
Désormais je ne peux pas gérer ma connection, je m'explique
Ma connection Reseau Local dans Connexions Reseau s'affiche mais je ne peux rien faire ...
Je ne peux ni utiliser Ajouter/Supprimer des Programmes et Configurer les programmes par defaut non plus.
Merci.
-1
Trying2 Messages postés 7096 Date d'inscription dimanche 13 juillet 2008 Statut Contributeur sécurité Dernière intervention 15 octobre 2015 234
4 avril 2009 à 20:54
Up.
0
Réponse 39 / 45
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
4 avril 2009 à 21:01
J'ai vraiment besoin d'aide svp.
-1
Réponse 40 / 45
JKLVD Messages postés 36 Date d'inscription mercredi 25 mars 2009 Statut Membre Dernière intervention 11 octobre 2009
5 avril 2009 à 11:14
SVP.
-1

Discussions similaires

Comment supprimer tor.jack sur Android
sabinelouisonbruno -
akaloupile -

4 réponses
Choisir un bon ID en ligne
FunkyBlazz -
Fr -

5 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Win64:Malware-gen
ptb35 -
MisteryBean -

3 réponses
Avis site ma-sacoche
Marine -
Amandine -

15 réponses