Sujet Précédent Sujet Suivant

J'ai un virus

Fermé
martha30 Messages postés 7 Date d'inscription jeudi 25 octobre 2012 Statut Membre Dernière intervention 27 octobre 2012 - 25 oct. 2012 à 00:54
 Utilisateur anonyme - 27 oct. 2012 à 20:57
Bonsoir,


Je cherche de l'aide je crois que j'ai un virus sur mon pc car il est tres tres ralenti , j'ai des fenetres publicitaires et surtout il ne repond plus vraiment a mes commandes . Est ce que quelqu'un peut m'aider ? car evidemment cela arrive toujours au mauvais moment j'ai un rapport a rendre pour mon boulot lundi . Merci pour votre aide, je dois ajouter que je suis nulle en informatique .




12 réponses

Réponse 1 / 12
Utilisateur anonyme
25 oct. 2012 à 01:32
salut t'inquietes tu n'es pas la seule ^^

==

Télécharge et enregistre ADWcleaner sur ton bureau :

ADWCleaner (Merci à Xplode)

Lance le,

(Pour vista et seven => clic droit "executer en tant qu'administrateur")

clique sur suppression et poste son rapport.

il sera aussi : C:\Adwcleaner[Sx].txt
0
martha30
25 oct. 2012 à 08:29
Euh !!! bonjour et merci pour votre réponse . je suis au boulot (donc pas sur mon pc ) je ne pourrai faire la manoeuvre que ce soir vers 17h. Par contre je n'ai pas vista mais XP et je ne sais pas comment on fait pour poster un rapport ( quand je dis que je suis nulle c'est un doux euphemisme !!!)
0
Réponse 2 / 12
Utilisateur anonyme
25 oct. 2012 à 11:25
hello

ben si t'as pas vista tu ignores ce qui est entre parentheses

pour poster un rapport ? ben tu colles son contenu ici ^^
0
martha30 Messages postés 7 Date d'inscription jeudi 25 octobre 2012 Statut Membre Dernière intervention 27 octobre 2012
25 oct. 2012 à 17:48
# AdwCleaner v2.005 - Rapport créé le 25/10/2012 à 17:35:04
# Mis à jour le 14/10/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : 30022 - NOM-EB85C523610
# Mode de démarrage : Normal
# Exécuté depuis : C:\Documents and Settings\30022\Bureau\adwcleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : supdate

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Documents and Settings\30022\Application Data\Ironsource
Dossier Supprimé : C:\Documents and Settings\30022\Application Data\PriceGong
Dossier Supprimé : C:\Documents and Settings\30022\Local Settings\Application Data\Conduit
Dossier Supprimé : C:\Documents and Settings\30022\Local Settings\Application Data\Giant Savings
Dossier Supprimé : C:\Documents and Settings\30022\Local Settings\Application Data\Software
Dossier Supprimé : C:\Documents and Settings\30022\Local Settings\Application Data\uTorrentBar_FR
Dossier Supprimé : C:\Documents and Settings\30022\Local Settings\Application Data\WiseConvert_1.5
Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\Babylon
Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Dossier Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DealPly
Dossier Supprimé : C:\Documents and Settings\HP_Propriétaire\Application Data\PriceGong
Dossier Supprimé : C:\Documents and Settings\HP_Propriétaire\Application Data\ShoppingReport
Dossier Supprimé : C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Conduit
Dossier Supprimé : C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\uTorrentBar_FR
Dossier Supprimé : C:\Documents and Settings\louis\Application Data\PriceGong
Dossier Supprimé : C:\Documents and Settings\louis\Application Data\ShoppingReport
Dossier Supprimé : C:\Documents and Settings\louis\Local Settings\Application Data\Conduit
Dossier Supprimé : C:\Documents and Settings\louis\Local Settings\Application Data\uTorrentBar_FR
Dossier Supprimé : C:\Program Files\Ask.com
Dossier Supprimé : C:\Program Files\Boxore
Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\Program Files\DealPly
Dossier Supprimé : C:\Program Files\Giant Savings
Dossier Supprimé : C:\Program Files\Software
Dossier Supprimé : C:\Program Files\uTorrentBar_FR
Fichier Supprimé : C:\DOCUME~1\30022\LOCALS~1\Temp\Uninstall.exe
Fichier Supprimé : C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineCore.job
Fichier Supprimé : C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineUA.job

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\BabylonToolbar
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\ConduitSearchScopes
Clé Supprimée : HKCU\Software\Cr_Installer
Clé Supprimée : HKCU\Software\Crossrider
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\DealPly
Clé Supprimée : HKCU\Software\Giant Savings
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Ironsource
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19803860-B306-423C-BBB5-F60A7D82CDE5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}
Clé Supprimée : HKCU\Software\PriceGong
Clé Supprimée : HKCU\Software\SmartBar
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\uTorrentBar_FR
Clé Supprimée : HKCU\Software\WiseConvert_1.5
Clé Supprimée : HKCU\Toolbar
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\Software\BabylonToolbar
Clé Supprimée : HKLM\Software\Boxore
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\b
Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{19803860-B306-423C-BBB5-F60A7D82CDE5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{493CCB71-DCAD-4257-9F08-8750F63BD792}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D6533F74-218B-41BE-9D91-5BD471FECFFD}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\I
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Clé Supprimée : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
Clé Supprimée : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
Clé Supprimée : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
Clé Supprimée : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
Clé Supprimée : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
Clé Supprimée : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.software.oneclickctrl.8
Clé Supprimée : HKLM\SOFTWARE\Classes\S
Clé Supprimée : HKLM\SOFTWARE\Classes\Software.OneClickCtrl.8
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass.1
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.useroptions
Clé Supprimée : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2851639
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT3242339
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\DealPly
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\jeaihkehdlhkocphopopahkfjcfcphef
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Clé Supprimée : HKLM\Software\Ironsource
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07721343-6010-439E-ADAC-CA321424BC72}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DAADB76-A425-4636-ADCA-2E7D0A2A18AC}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F27DF5E-3058-4605-BDA5-BD891E4C2114}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BED07C50-D67D-4405-97CE-ADC5B46E4D94}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EF8FC2FA-BE02-444B-8355-08C75A6D7E3A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\searchya
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar_FR Toolbar
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseConvert_1.5 Toolbar
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19803860-B306-423C-BBB5-F60A7D82CDE5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{493CCB71-DCAD-4257-9F08-8750F63BD792}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF8FC2FA-BE02-444B-8355-08C75A6D7E3A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchya
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_FR Toolbar
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_1.5 Toolbar
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8
Clé Supprimée : HKLM\SOFTWARE\Software
Clé Supprimée : HKLM\Software\uTorrentBar_FR
Clé Supprimée : HKLM\Software\WiseConvert_1.5
Donnée Supprimée : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\pcperf~1\23811~1.154\{61d8b~1\pcpmngr.dll
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{19803860-B306-423C-BBB5-F60A7D82CDE5}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{19803860-B306-423C-BBB5-F60A7D82CDE5}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{19803860-B306-423C-BBB5-F60A7D82CDE5}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Boxore Client]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtCzz0EyBzztD0E0DtA0DyC0EyEtBtN0D0Tzu0StBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1275368362 --> hxxp://www.google.com
Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtCzz0EyBzztD0E0DtA0DyC0EyEtBtN0D0Tzu0StBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1275368362 --> hxxp://www.google.com

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

Fichier : C:\Documents and Settings\30022\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

Fichier : C:\Documents and Settings\louis\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [26398 octets] - [25/10/2012 17:35:04]

########## EOF - C:\AdwCleaner[S1].txt - [26459 octets] ##########
0
martha30 Messages postés 7 Date d'inscription jeudi 25 octobre 2012 Statut Membre Dernière intervention 27 octobre 2012
25 oct. 2012 à 17:50
Re bonjour de retour a la maison voila le rapport dois je faire qq chose de plus ? Mon PC a l'air + calme
0
Réponse 3 / 12
Utilisateur anonyme
25 oct. 2012 à 20:59
Attention !!! : Seuls ces liens sont officiels ne pas telecharger l'outil sur d'autres liens !!
Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous

tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.

Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....

telecharge et enregistre Pre_Scan sur ton bureau :

https://forums-fec.be/gen-hackman/Pre_Scan.exe

si le lien ne fonctionne pas :

http://www.archive-host.com

Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

https://forums-fec.be/gen-hackman/Pre_Scan.pif

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan

Il est possible que l'outil fasse redemarrer ton pc , laisse-le faire

NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur https://forums-fec.be/upload puis donne le lien obtenu en echange sur le forum où tu te fais aider


0
martha30 Messages postés 7 Date d'inscription jeudi 25 octobre 2012 Statut Membre Dernière intervention 27 octobre 2012
Modifié par martha30 le 25/10/2012 à 22:07
Bonsoir,

Euh vous me faites peur avec ( les attentions!!!!!Attention !!! : Seuls ces liens sont officiels ne pas telecharger l'outil sur d'autres liens !!
Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous)

Mon pc fonctionne correctement maintenant dois je faire toutes ses manipulations J'(ai peur de ne pas etre capable de le faire et de planter mon PC. Pouvez vous me guider pas a pas .......et si je perds ma connexion internet....... comment vous contacter ? J'ai peur que le scan et la manoeuvre soient un peu longue , J'ai sommeil je tenterai demain en rentrant .En esperant que cela marche car j'ai réellement besoin de mon PC ce w end pour mon rapport. Merci pour votre aide et a demain
0
Réponse 4 / 12
Utilisateur anonyme
25 oct. 2012 à 21:58
tu ne la perdras pas

lol c'(est la premiere fois que je fais peur avec mes attention !!! mdr ^^
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
marha30
Modifié par marha30 le 26/10/2012 à 18:52
https://forums-fec.be/upload/www/?a=d&i=1547148996
Lien de suppression: https://forums-fec.be/upload/www/?a=r&i=1547148996&r=6892776027
0
Réponse 6 / 12
marha30
26 oct. 2012 à 18:51
Bonjour,
j'ai suivi les consignes . Que dois je faire maintenant ? mon PC etait il vérolé ? Merci
0
Réponse 7 / 12
Utilisateur anonyme
27 oct. 2012 à 10:33
salut je ne peux pas lire ton rapport

heberge-le ici :

https://www.cjoint.com/
0
Réponse 8 / 12
martha30 Messages postés 7 Date d'inscription jeudi 25 octobre 2012 Statut Membre Dernière intervention 27 octobre 2012
27 oct. 2012 à 17:44
Je ne sais pas comment faire autrement que de faire un copier/coller .Désolée


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.1025 | g3n-h@ckm@n & Saachaa | ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

~ Update on 25/10/2012 | 23.30 by g3n-h@ckm@n
~ Informations | Evolution : https://gen-hackman.kanak.fr/
~ Informations for the switches Pre_Script : https://gen-hackman.kanak.fr/
~ Feedback Pre_scan : https://gen-hackman.kanak.fr/#505
~ Thx to C_XX , Slyk for their help for the evolution of the tool

~ User : 30022 (Administrateurs) | SID = S-1-5-21-2967661739-2396343248-751707741-1009
~ Computer : NOM-EB85C523610

~ System : Microsoft Windows XP (32 bits) Service Pack 3
~ RegisteredOwner : martine chabal
~ RegisteredOrganization :
~ ProcessorNameString : Intel(R) Pentium(R) 4 CPU 2.93GHz
~ Identifier : x86 Family 15 Model 4 Stepping 1

~ Mémory RAM = Total (KB) : 523570 | Used (%) : 58 | Free (KB) : 215650
~ Pagefile = Total (KB) : 1276730 | Free (KB) : 1045420
~ Virtual = Total (KB) : 2097020 | Free (KB) : 1968400

¤¤¤¤¤¤¤¤¤¤ | Boot's scripts


¤¤¤¤¤¤¤¤¤¤ | Drives

c:\ -> [Fixed] | [HP_PAVILION] | Total : 146470 Mo | Free : 129070 Mo -> NTFS
d:\ -> [Fixed] | [HP_RECOVERY] | Total : 6130 Mo | Free : 1950 Mo -> FAT32
j:\ -> [Fixed] | [disque dur externe] | Total : 476940 Mo | Free : 361360 Mo -> NTFS

Scan : 18:13:35 | 26/10/2012

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

Last(s) détection(s) : 2012-10-26 16:05:42
Last(s) download(s) : 2012-08-21 17:46:17
Last(s) installation(s) : 2012-08-21 18:23:29
Next search : 2012-10-27 12:40:42


¤¤¤¤¤¤¤¤¤¤ | Sessions

~ C:\WINDOWS\system32\config\systemprofile
~ C:\Documents and Settings\LocalService
~ C:\Documents and Settings\NetworkService
~ C:\Documents and Settings\HP_Propriétaire
~ C:\Documents and Settings\30022
~ C:\Documents and Settings\louis

Impossible to create restorepoint !!!


¤¤¤¤¤¤¤¤¤¤ | MD5 Control

[MD5.D462D1CA19C1CE7B0976855ABD59B057] - [26/10/2012 18:13:36] - [0.5 Ko] - C:\Pre_Scan\MBR.bin
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - Explorateur Windows.) - [1013.5 Ko] - (6.0.2900.5512) - C:\WINDOWS\explorer.exe
[MD5.4C33E5B9A6197B6ED215F6CFBA0A2DAA] - [27/09/2009 15:33:32] - (.© Microsoft Corporation. - Explorateur Windows.) - [1012 Ko] - (6.0.2900.2180) - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - [14/04/2008 04:34:03] - (.© Microsoft Corporation. - Explorateur Windows.) - [1013.5 Ko] - (6.0.2900.5512) - C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[MD5.78C1F1278CF2C9B476504C572CB98E5E] - [27/09/2009 15:33:24] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[MD5.E0E8A531CFCE1C2E5D79F683282C10C3] - [14/04/2008 04:33:59] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[MD5.E0E8A531CFCE1C2E5D79F683282C10C3] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\csrss.exe
[MD5.9D6BF82FE50D55F20F8E10E0F6653886] - [27/09/2009 15:32:33] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [108.5 Ko] - (5.1.2600.3520) - C:\WINDOWS\$NtServicePackUninstall$\services.exe
[MD5.54CB50058851D95E56EC70D09F70857F] - [27/09/2009 15:49:30] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [106.5 Ko] - (5.1.2600.5512) - C:\WINDOWS\$NtUninstallKB956572$\services.exe
[MD5.732E0B1ABAACE15D80EC19056B0A2AF9] - [03/09/2009 11:50:26] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [106 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[MD5.54CB50058851D95E56EC70D09F70857F] - [14/04/2008 04:34:20] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [106.5 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\services.exe
[MD5.C3FB1D70CB88722267949694BA51759E] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [108.5 Ko] - (5.1.2600.5755) - C:\WINDOWS\system32\services.exe
[MD5.C3FB1D70CB88722267949694BA51759E] - [01/09/2009 21:47:20] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [108.5 Ko] - (5.1.2600.5755) - C:\WINDOWS\system32\dllcache\services.exe
[MD5.B4C08D31E8C2EA9D76F892052A6FCAEB] - [27/09/2009 15:32:33] - (.© Microsoft Corporation. - Gestionnaire de session Windows NT.) - [49.5 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[MD5.4AB4DB9D2CB393E2095330D668FFD5A9] - [02/09/2009 02:41:05] - (.© Microsoft Corporation. - Programme d'installation de Windows NT (portion en mode utilisateur
de la phase texte).) - [500.5 Ko] - (5.1.2600.2180) - C:\WINDOWS\I386\SYSTEM32\smss.exe
[MD5.48E430297DA757F5CC2793CCFACAD5E7] - [14/04/2008 04:34:22] - (.© Microsoft Corporation. - Gestionnaire de session Windows NT.) - [49.5 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\smss.exe
[MD5.48E430297DA757F5CC2793CCFACAD5E7] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - Gestionnaire de session Windows NT.) - [49.5 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\smss.exe
[MD5.D6D65EA32B190401B57EDB6706F29669] - [27/09/2009 15:32:32] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [24.5 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[MD5.E74DDB12188C2FF57A78624DBF7332FC] - [14/04/2008 04:34:26] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [26 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[MD5.E74DDB12188C2FF57A78624DBF7332FC] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [26 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\userinit.exe
[MD5.D2DE785AEAB0BB8CA4C14A8A199DBE4E] - [27/09/2009 15:32:41] - (.© Microsoft Corporation. - Application d'ouverture de session Windows NT.) - [494.5 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - [14/04/2008 04:34:28] - (.© Microsoft Corporation. - Application d'ouverture de session Windows NT.) - [500 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - Application d'ouverture de session Windows NT.) - [500 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\winlogon.exe
[MD5.55E6E1C51B6D30E54335750955453702] - [27/09/2009 15:32:32] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [135.13 Ko] - (5.1.2600.3427) - C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[MD5.7E775010EF291DA96AD17CA4B17137D7] - [19/05/2011 18:26:29] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [135.25 Ko] - (5.1.2600.5657) - C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[MD5.7618D5218F2A614672EC61A80D854A37] - [12/12/2011 18:35:28] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [135.25 Ko] - (5.1.2600.5695) - C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[MD5.322D0E36693D6E24A2398BEE62A268CD] - [27/09/2009 15:48:47] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [134.88 Ko] - (5.1.2600.5512) - C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - [03/09/2009 11:45:59] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [135.25 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[MD5.E3049B90FE06F3F740B7CFDA44995E2C] - [27/09/2009 15:49:50] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [135.25 Ko] - (5.1.2600.5625) - C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[MD5.944CA435BFCFC82CC1ED9E3A7D731AA9] - [03/09/2009 11:55:29] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [135.13 Ko] - (5.1.2600.3394) - C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[MD5.322D0E36693D6E24A2398BEE62A268CD] - [13/04/2008 21:19:23] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [134.88 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\afd.sys
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - [20/06/2008 13:40:08] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [135.25 Ko] - (5.1.2600.6142) - C:\WINDOWS\system32\dllcache\afd.sys
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [135.25 Ko] - (5.1.2600.6142) - C:\WINDOWS\system32\drivers\afd.sys
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - [27/09/2009 15:32:31] - (.© Microsoft Corporation. - IDE/ATAPI Port Driver.) - [93.13 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - [13/04/2008 20:40:30] - (.© Microsoft Corporation. - IDE/ATAPI Port Driver.) - [94.25 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - IDE/ATAPI Port Driver.) - [94.25 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.AF9C19B3100FE010496B1A27181FBF72] - [27/09/2009 15:32:31] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [48.38 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - [13/04/2008 20:40:46] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [61.5 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [61.5 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\drivers\cdrom.sys
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - [27/09/2009 15:32:28] - (.© Microsoft Corporation. - MBT Transport driver.) - [159 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - [13/04/2008 21:21:00] - (.© Microsoft Corporation. - MBT Transport driver.) - [159 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - MBT Transport driver.) - [159 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\drivers\netbt.sys
[MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7] - [27/09/2009 15:32:25] - (.© Microsoft Corporation. - Pilote de cliché instantané du volume.) - [52.13 Ko] - (5.1.2600.2180) - C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
[MD5.46DE1126684369BACE4849E4FC8C43CA] - [14/04/2008 03:56:04] - (.© Microsoft Corporation. - Pilote de cliché instantané du volume.) - [52.13 Ko] - (5.1.2600.5512) - C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[MD5.46DE1126684369BACE4849E4FC8C43CA] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - Pilote de cliché instantané du volume.) - [52.13 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\dllcache\volsnap.sys
[MD5.46DE1126684369BACE4849E4FC8C43CA] - [05/08/2004 20:00:00] - (.© Microsoft Corporation. - Pilote de cliché instantané du volume.) - [52.13 Ko] - (5.1.2600.5512) - C:\WINDOWS\system32\drivers\volsnap.sys

18:14:11

¤¤¤¤¤¤¤¤¤¤ | Processes stopped

spoolsv.exe (1640)
AppleMobileDeviceService.exe (1752)
mDNSResponder.exe (1924)
FTRTSVC.exe (1964)
jqs.exe (180)
nvsvc32.exe (464)
PMBDeviceInfoProvider.exe (640)
HPZIPM12.EXE (672)
TomTomHOMEService.exe (736)
alg.exe (2212)
explorer.exe (2304)
jusched.exe (3196)
hpsysdrv.exe (3296)
SOUNDMAN.EXE (3408)
ALCWZRD.EXE (3444)
rundll32.exe (3456)
ALCMTR.EXE (3480)
kbd.exe (3536)
hpwuschd2.exe (3664)
QTTask.exe (3672)
opwareSE2.exe (3712)
iTunesHelper.exe (3768)
SystrayApp.exe (3812)
PMBVolumeWatcher.exe (3992)
msmsgs.exe (4004)
ctfmon.exe (4012)
uTorrent.exe (4036)
DesktopSearchService.exe (224)
AlertModule.exe (1836)
OrangeInside.exe (1996)
MyTomTomSA.exe (2196)
TomTomHOMERunner.exe (2820)
iPodService.exe (3636)
hpqtra08.exe (2432)
wuauclt.exe (2672)
iexplore.exe (2532)
iexplore.exe (3096)
jucheck.exe (1212)
wscntfy.exe (3224)

¤¤¤¤¤¤¤¤¤¤ | Running processes

Boot : Normal

[MD5.48E430297DA757F5CC2793CCFACAD5E7] - [05/08/2004 20:00:00] - 528 | C:\WINDOWS\System32\smss.exe (.Microsoft Corporation - Gestionnaire de session Windows NT.) - (5.1.2600.5512) -> \SystemRoot\System32\smss.exe [50688 Ko]
[MD5.3854F2A22DDED71A3504A9D0899F1C99] - [05/08/2004 20:00:00] - 768 | C:\WINDOWS\system32\winlogon.exe (.Microsoft Corporation - Application d'ouverture de session Windows NT.) - (5.1.2600.5512) -> winlogon.exe [512000 Ko]
[MD5.C3FB1D70CB88722267949694BA51759E] - [05/08/2004 20:00:00] - 812 | C:\WINDOWS\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (5.1.2600.5755) -> C:\WINDOWS\system32\services.exe [111104 Ko]
[MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - [05/08/2004 20:00:00] - 824 | C:\WINDOWS\system32\lsass.exe (.Microsoft Corporation - LSA Shell (Export Version).) - (5.1.2600.5512) -> C:\WINDOWS\system32\lsass.exe [13312 Ko]
[MD5.E4BDF223CD75478BF44567B4D5C2634D] - [05/08/2004 20:00:00] - 984 | C:\WINDOWS\system32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) -> C:\WINDOWS\system32\svchost -k DcomLaunch [14336 Ko]
[MD5.E4BDF223CD75478BF44567B4D5C2634D] - [05/08/2004 20:00:00] - 1100 | C:\WINDOWS\System32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) -> C:\WINDOWS\System32\svchost.exe -k netsvcs [14336 Ko]
[MD5.E4BDF223CD75478BF44567B4D5C2634D] - [05/08/2004 20:00:00] - 1148 | C:\WINDOWS\system32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) -> C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup [14336 Ko]
[MD5.2F7C0F3E39C45E0127FB78B2F18A41F3] - [19/09/2010 16:22:48] - 1584 | C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (.AVAST Software - avast! Service.) - (7.0.1456.418) -> "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44808 Ko]
[MD5.E4BDF223CD75478BF44567B4D5C2634D] - [05/08/2004 20:00:00] - 704 | C:\WINDOWS\system32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) -> C:\WINDOWS\system32\svchost.exe -k imgsvc [14336 Ko]
[MD5.39941F88BE0BB63F82651BB84D66A115] - [19/09/2010 16:22:48] - 3820 | C:\Program Files\Alwil Software\Avast5\avastUI.exe (.AVAST Software - avast! Antivirus.) - (7.0.1456.418) -> "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4273976 Ko]
[MD5.7E16EBA85A155FB25A5651A3504735A0] - [26/10/2012 18:13:03] - 2400 | C:\Documents and Settings\30022\Bureau\winlogon.exe (. - g3n-h@ckm@n.) - (2.1.0.25) -> "C:\Documents and Settings\30022\Bureau\winlogon.exe" [2206746 Ko]
[MD5.02DA31AB433A6C1110A736C85701DECA] - [05/08/2004 20:00:00] - 3524 | C:\WINDOWS\system32\wscntfy.exe (.Microsoft Corporation - Windows Security Center Notification App.) - (5.1.2600.5512) -> C:\WINDOWS\system32\wscntfy.exe [13824 Ko]
[MD5.60784F891563FB1B767F70117FC2428F] - [05/08/2004 20:00:00] - 2160 | C:\WINDOWS\system32\spoolsv.exe (.Microsoft Corporation - Spooler SubSystem App.) - (5.1.2600.6024) -> C:\WINDOWS\system32\spoolsv.exe [58880 Ko]
[MD5.018857EAD9A077A56AEDFC0E5EF7A24A] - [16/10/2010 01:40:40] - 2152 | C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.64.0.5) -> "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [37664 Ko]

¤¤¤¤¤¤¤¤¤¤ | Winlogon


¤

[HKLM | Winlogon]|[Shell] : Explorer.exe
[HKLM | Winlogon]|[AutoRestartShell] : 1 -> 0
[HKLM | Winlogon]|[userinit] : C:\WINDOWS\system32\userinit.exe,
[HKLM | Winlogon]|[PowerDownAfterShutdown] : 0 -> 1
[HKLM | Winlogon]|[System] :

¤¤¤¤¤¤¤¤¤¤ | Associations

Extensions associations are OK !

Repaired : [HKCR\Application.Manifest\shell\open\command] : -> rundll32.exe dfshim.dll,ShOpenVerbApplication %1
Repaired : [HKCR\Application.Reference\shell\open\command] : -> rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\explorer.exe


¤

Repaired : [HKLM | IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ | Corrections diverses

[HKU\S-1-5-19 | Desktop]|[Wallpaper] : (Aucun)
[HKU\S-1-5-20 | Desktop]|[Wallpaper] : (Aucun)
[HKU\S-1-5-21-2967661739-2396343248-751707741-1009 | Desktop]|[Wallpaper] : -> C:\Documents and Settings\30022\Application Data\Microsoft\Wallpaper1.bmp
[HKU\S-1-5-18 | Desktop]|[Wallpaper] : (Aucun)
Taskmgr and Registry access are OK !

18:14:28

¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair


¤

Safeboot Keys are O.K for : Minimal

¤

Safeboot Keys are O.K for : Network

¤¤¤¤¤¤¤¤¤¤ | IFEO


¤¤¤¤¤¤¤¤¤¤ | Mountpoints2



¤¤¤¤¤¤¤¤¤¤ | Windows

[HKLM | Session Manager\SubSystems]|[Windows] : winsrv : %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd

¤¤¤¤¤¤¤¤¤¤ | Security Center

[HKLM | Security Center]|[FirstRunDisabled] : 1
[HKLM | Security Center]|[AntiVirusDisableNotify] : 0
[HKLM | Security Center]|[AntiVirusOverride] : 0
[HKLM | Security Center]|[FirewallDisableNotify] : 0
[HKLM | Security Center]|[FirewallOverride] : 0
[HKLM | Security Center]|[UpdatesDisableNotify] : 0

[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKLM | FirewallPolicy\StandardProfile]|[DisableNotifications] : 0

¤¤¤¤¤¤¤¤¤¤ | Services Corrections


Repaired : [HKLM | Services\Parvdm] : 4 -> 2
Repaired : [HKLM | Services\EapHost] : 3 -> 2

18:14:37

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

[HKU\S-1-5-21-2967661739-2396343248-751707741-1009 | Main]|[Start Page] : https://www.orange.fr/portail?utm_source=oi&utm_medium=na&utm_campaign=sp -> https://www.google.com/?gws_rd=ssl
[HKU\S-1-5-18 | Main]|[Start Page] : https://www.msn.com/fr-fr/?ocid=iehp -> https://www.google.com/?gws_rd=ssl
[HKU\S-1-5-21-2967661739-2396343248-751707741-1009 | Main]|[Local Page] : C:\WINDOWS\system32\blank.htm
[HKU\S-1-5-18 | Main]|[Local Page] : C:\WINDOWS\system32\blank.htm
[HKU\S-1-5-21-2967661739-2396343248-751707741-1009 | Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKU\S-1-5-18 | Main]|[Search Page] : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Search]|[SearchAssistant] : https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/toolbar/ie8/sidebar.html
[HKLM | Main]|[Start Page] : https://www.google.com/?gws_rd=ssl -> https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main]|[Local Page] : C:\WINDOWS\system32\blank.htm
[HKLM | Main]|[Default_Search_URL] : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main]|[Default_Page_URL] : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main]|[Search Page] : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | AboutURLs]|[Tabs] : https://www.google.com/?gws_rd=ssl -> res://ieframe.dll/tabswelcome.htm

¤

[HKU\S-1-5-21-2967661739-2396343248-751707741-1009 | PhishingFilter]|[EnabledV8] : 0 -> 1
[HKU\S-1-5-21-2967661739-2396343248-751707741-1009 | Internet settings]|[ProxyOverride] : *.local
[HKU\S-1-5-21-2967661739-2396343248-751707741-1009 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-18 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-19 | Internet settings]|[MigrateProxy] : 0 -> 1
[HKU\S-1-5-20 | Internet settings]|[MigrateProxy] : 0 -> 1
[HKU\S-1-5-21-2967661739-2396343248-751707741-1009 | Internet settings]|[MigrateProxy] : 1
[HKU\S-1-5-18 | Internet settings]|[MigrateProxy] : 0 -> 1
[HKU\S-1-5-21-2967661739-2396343248-751707741-1009 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-18 | Internet settings]|[AutoConfigProxy] : wininet.dll


¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\WINDOWS\System32\Drivers\etc\hosts : Cleaned :)

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

Quarantined and deleted Successfully : |AC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1008\Dc1.jpg
Quarantined and deleted Successfully : |AC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1008\Dc2.pdf
Quarantined and deleted Successfully : |AC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1008\Dc3.pdf
Quarantined and deleted Successfully : |ASHC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1008\desktop.ini
Quarantined and deleted Successfully : |AHC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1008\INFO2
Quarantined and deleted Successfully : |D| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc1.XviD-NERD
Quarantined and deleted Successfully : |D| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc10.XviD-TiCKETS
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc11.doc
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc12.doc
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc14.lnk
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc15.zip
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc16.exe
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc17.exe
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc2.ofx
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc20.pf
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc21.pf
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc22.pf
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc23.pf
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc24.pf
Quarantined and deleted Successfully : |D| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc25
Quarantined and deleted Successfully : |D| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc26.5
Quarantined and deleted Successfully : |D| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc27
Quarantined and deleted Successfully : |D| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc28
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc29
Quarantined and deleted Successfully : |D| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc3
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc30
Quarantined and deleted Successfully : |D| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc31
Quarantined and deleted Successfully : |D| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc4
Quarantined and deleted Successfully : |AC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc5.dat
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc6.url
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc7.url
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc8.pdf
Quarantined and deleted Successfully : |A| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\Dc9.avi
Quarantined and deleted Successfully : |ASH| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\desktop.ini
Quarantined and deleted Successfully : |AH| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1009\INFO2
Quarantined and deleted Successfully : |AC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1010\Dc1.lnk
Quarantined and deleted Successfully : |AC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1010\Dc2.url
Quarantined and deleted Successfully : |AC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1010\Dc3.lnk
Quarantined and deleted Successfully : |AC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1010\Dc4.lnk
Quarantined and deleted Successfully : |AC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1010\Dc5.lnk
Quarantined and deleted Successfully : |AHC| - C:\Recycler\S-1-5-21-2967661739-2396343248-751707741-1010\INFO2
Deleted : [HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] | @ -> C:\Program Files\Conduit\Community Alerts\Alert0.dll

Quarantined and deleted Successfully : C:\WINDOWS\002532_.tmp
Quarantined and deleted Successfully : C:\WINDOWS\RTHDCPL_DB.dbt
Quarantined and deleted Successfully : C:\DOCUME~1\30022\LOCALS~1\Temp\hpodvd09.log
Quarantined and deleted Successfully : C:\DOCUME~1\30022\LOCALS~1\Temp\jre-6u37-windows-i586-iftw.exe
Quarantined and deleted Successfully : C:\DOCUME~1\30022\LOCALS~1\Temp\jusched.log
Quarantined and deleted Successfully : C:\DOCUME~1\30022\LOCALS~1\Temp\_hphtra07.log
Impossible to move : C:\DOCUME~1\30022\LOCALS~1\Temp\~DF43D4.tmp
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\FrostWire\downloads.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\FrostWire\hostiles.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\FrostWire\installer.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\FrostWire\library.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\FrostWire\spam.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\dht.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\dht.dat.old
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\dht_feed.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\dht_feed.dat.old
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\Non.Ma.Fille.Tu.N'iras.Pas.Danser.French.Dvdrip.Repack.1CD.Xvid-LECHTI.By.Hadopix.[emule-island.com].avi.torrent
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\resume.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\resume.dat.old
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\rss.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\rss.dat.old
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\settings.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\settings.dat.old
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\uTorrent\[www.CpasBien.com] La.Verite.Si.Je.Mens.3.2012.FRENCH.DVDRiP.XViD-PeeR2Me.avi.torrent
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Application Data\wklnhst.dat
Quarantined and deleted Successfully : C:\Documents and Settings\All Users\Application Data\Sonic\license.dat
Quarantined and deleted Successfully : C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir\xscan32.dat
Quarantined and deleted Successfully : C:\Documents and Settings\All Users\Application Data\SSScanWizard\xscan32.dat
Quarantined and deleted Successfully : C:\Documents and Settings\30022\SVGView.exe
Quarantined and deleted Successfully : C:\Documents and Settings\30022\Downloads\WindowsXP-KB959765-x86-FRA.exe
Quarantined and deleted Successfully : C:\WINDOWS\system32\Config\systemprofile\Local settings\Temp\chrome_installer.log
Quarantined and deleted Successfully : C:\WINDOWS\system32\Config\systemprofile\Local settings\Temp\hpodvd09.log
Quarantined and deleted Successfully : C:\WINDOWS\system32\Config\systemprofile\Local settings\Temp\_hphtra07.log
Quarantined and Deleted successfully : C:\Documents and Settings\30022\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000} -> WLM
Quarantined and deleted Successfully : C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

18:32:09

Impossible to move : C:\Documents and Settings\30022\Application Data\PerformerSoft
Quarantined and deleted Successfully : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Installation du Contrôle Parental.lnk
Impossible to move : |D| - C:\Documents and Settings\30022\Application Data\InstallShield
Impossible to move : |D| - C:\Documents and Settings\30022\Application Data\ScanSoft
Quarantined and deleted Successfully : |D| - C:\WINDOWS\assembly\tmp\18FLSY5B
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-10255AA7.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ADWCLEANER.EXE-0FCC718C.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ADWCLEANER[1].EXE-03C70C10.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ALCMTR.EXE-01A7139B.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ALCWZRD.EXE-2B4E256F.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ALERTMODULE.EXE-0BAE2D4B.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\APPLEMOBILEDEVICESERVICE.EXE-118B1065.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ASWREGSVR.EXE-1382C9A3.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\AVASTEMUPDATE.EXE-030F8E4E.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\AVASTUI.EXE-2D58DFD5.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\BOXORE.EXE-2493A27E.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\CCLEANER.EXE-09CFC2BC.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\CLEANMGR.EXE-31B430FE.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\CONNECTIVITYMANAGER.EXE-1C8FAE7B.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\CORECOM.EXE-22557242.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\DESKTOPSEARCHSERVICE.EXE-2FE7632C.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\DLLHOST.EXE-14573387.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ERUNT.EXE-064D753A.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\GIANT SAVINGS-BG.EXE-0D79C644.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\GIANT SAVINGS.EXE-24B44BD0.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\HDASHCUT.EXE-2D2D5319.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\HELPCTR.EXE-0BD5B31B.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\HPHUPD08.EXE-2A19B048.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\HPQTRA08.EXE-014253AB.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\HPSYSDRV.EXE-2AB39D03.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\HPWUSCHD2.EXE-162EFF4C.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\INSTALL.EXE-14BEEDC0.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\IPODSERVICE.EXE-37043579.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-0A1B0F2C.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\JAVA.EXE-32FD225F.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\JUCHECK.EXE-38C83F9E.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\JUSCHED.EXE-0E6FA1F7.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\KBD.EXE-0E231C6E.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\LAUNCHER.EXE-0089C807.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\MMC.EXE-55643954.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\MSINFO32.EXE-0B942B2D.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\MYTOMTOMSA.EXE-25974913.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\NTVDM.EXE-0A81AB7B.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\NWIZ.EXE-2D374245.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\OPWARESE2.EXE-091B18A0.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ORACONFIGRECOVER.EXE-1020D737.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\ORANGEINSIDE.EXE-078D2610.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\OUINDICATOR.EXE-38D5D720.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\OUSOFTWAREMANAGER.EXE-34BFAA79.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\PMBMEDIAIMPORTER.EXE-1103EED1.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\PMBPORTABLELAUNCHER.EXE-2A2F1C29.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\PMBVOLUMEWATCHER.EXE-24913145.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\PS2.EXE-23667557.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\READER_SL.EXE-2FCCA463.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\RECGUARD.EXE-16078673.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\RSTRUI.EXE-05C31B56.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\RUNDLL32.EXE-59FE0E96.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\RUNDLL32.EXE-5C7EB599.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\RUNDLL32.EXE-5F120771.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\RUNDLL32.EXE-6ACD0C83.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\RUNDLL32.EXE-6DF739B2.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SESSIONMANAGER.EXE-1BCF4CF4.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SETUP.EXE-33D89C42.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SMSS.EXE-33E4773B.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SOFFICE.EXE-012D2D56.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SOFTWARECRASHHANDLER.EXE-0425ECA6.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1709A272.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-2B19A56C.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SOUNDMAN.EXE-2979F3F4.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SPOOLSV.EXE-3A613CE3.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SUITECHECKER.EXE-19A06C12.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SVCHOST.EXE-09A9E429.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SWRITER.EXE-04499097.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\SYSTRAYAPP.EXE-2B5A70CC.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\TOMTOMHOMERUNNER.EXE-23330B1F.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\UNO.EXE-3A89ECC8.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\UNOPKG.EXE-34A6E2CE.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\UTORRENT.EXE-01137797.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\VCREDIST_X86.EXE-028CBEB2.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\WINLOGON.EXE-01EDD25C.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\WINLOGON.EXE-0F3A7C92.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\WKDSTORE.EXE-23505CEE.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\WKSDB.EXE-2963811E.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\WKSSB.EXE-225BDE58.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\WKSSS.EXE-29C28516.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\WSCRIPT.EXE-0C5C5251.pf
Quarantined and deleted successfully : C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf


¤¤¤¤¤¤¤¤¤¤ | quarantined at reboot

Quarantined and deleted Successfully at Reboot : C:\DOCUME~1\30022\LOCALS~1\Temp\~DF43D4.tmp
Quarantined and deleted Successfully at Reboot : C:\Documents and Settings\30022\Application Data\PerformerSoft
Not quarantined at Reboot : C:\Documents and Settings\30022\Application Data\InstallShield
Not quarantined at Reboot : C:\Documents and Settings\30022\Application Data\ScanSoft

¤¤¤¤¤

18:37:48

¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

Disk: 0 Size=153G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 0C-FAT32X 6.1G No No 63 12,579,777
1 1 07-NTFS 146G Yes No 12,579,840 299,980,800

¤¤¤¤¤¤¤¤¤¤ | MBR Control

MBR code signature : 32 F2 49 15


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD160JJ/P rev.ZM100-34 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
1 ntkrnlpa!IofCallDriver[804EE140] -> \Device\Harddisk0\DR0[82D20AB8]
3 CLASSPNP[F8685FD7] -> ntkrnlpa!IofCallDriver[804EE140] -> \Device\Ide\IdeDeviceP2T0L0-e[82D24B00]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 200; MOV SS, DI; MOV SP, 7a00; MOV BX, 7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 7a0:5c; }
user & kernel MBR OK

18:37:54

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Disque d:] Folders : 9 | Files : 75 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 9 | Files : 75
~ [Disque j:] Folders : 0 | Files : 261 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 0 | Files : 261
~ [Disque C:] Folders : 5 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 5 | Files : 0
~ [ProgramFiles] Folders : 0 | Files : 4 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 0 | Files : 4
~ [Utilisateurs] Folders : 2 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 2 | Files : 0
~ [Music] Folders : 0 | Files : 0
~ [Pictures] Folders : 0 | Files : 0
~ [Videos] Folders : 0 | Files : 0
~ [Downloads] Folders : 0 | Files : 0
~ [Desktop] Folders : 0 | Files : 0
~ [Links] Folders : 0 | Files : 0
~ [Searches] Folders : 0 | Files : 0
~ [Contacts] Folders : 0 | Files : 0
~ [Saved_Games] Folders : 0 | Files : 0
~ [Favorites] Folders : 0 | Files : 0
~ [Documents] Folders : 0 | Files : 0
~ [Windows] Folders : 233 | Files : 218 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 233 | Files : 218
~ [Start_Menu] Folders : 0 | Files : 0
~ [Libraries] Folders : 0 | Files : 0
~ [quick launch] Folders : 0 | Files : 0
~ [AppData] Folders : 0 | Files : 18 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 0 | Files : 18

Fin : 18:41:51


¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
0
Réponse 9 / 12
Utilisateur anonyme
27 oct. 2012 à 17:57
relance l outil , clique sur diag et heberge le rapport sur https://www.cjoint.com/
0
Réponse 10 / 12
martha30 Messages postés 7 Date d'inscription jeudi 25 octobre 2012 Statut Membre Dernière intervention 27 octobre 2012
27 oct. 2012 à 18:55
Est ce cela ?


https://www.cjoint.com/?3JBsUTfjPNQ


je l'ai "hébergé" sur https://www.cjoint.com/
0
Réponse 11 / 12
Utilisateur anonyme
27 oct. 2012 à 19:00
▶ Télécharge ici : Ad-remover sur ton bureau :


▶ Déconnecte toi et ferme toutes applications en cours !

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


0
martha30 Messages postés 7 Date d'inscription jeudi 25 octobre 2012 Statut Membre Dernière intervention 27 octobre 2012
27 oct. 2012 à 20:35
et voila comme une grande WHAT NEXT ?



======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 20:24:22 le 27/10/2012, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
30022@NOM-EB85C523610 ( )

============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{1A42EA66-2898-4e93-8128-D9A450B27D1D}
Clé supprimée: HKLM\Software\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}
Clé supprimée: HKLM\Software\Classes\CLSID\{910FDD7E-873A-4983-84C5-FB4C88BF7A59}
Clé supprimée: HKLM\Software\Classes\TypeLib\{28256861-4286-4022-B9CD-EAEAD0442AAD}
Clé supprimée: HKLM\Software\Classes\TypeLib\{64064B80-4463-49C0-8FD5-8F19E3150445}
Clé supprimée: HKLM\Software\Classes\TypeLib\{F0CF944C-F160-4F65-8F0A-2773322FF357}
Clé supprimée: HKCU\Software\Winsudate
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Zango
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{445E54C5-A2B0-4F02-B2A1-AD0AAE6D6194}

Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|winusr


============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{AEEC3B59-CA98-4EBA-A140-57B94E283583} (x)
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll)
HKCU_SearchScopes\{db250a75-ead2-4ca6-a773-8eb71cddd9fd} - "Searcheo" (hxxp://www.searcheo.fr/renseignement?search&q={searchTerms})
HKLM_SearchScopes\{354EE235-E9B3-3258-AE67-7C8568EAB820} - "Search Results" (hxxp://dts.search-results.com/sr?src=ieb&appid=702&systemid=2&sr=0&q={searchTerm...)
HKCU_Toolbar\WebBrowser|{D3028143-6145-4318-99D3-3EDCE54A95A9} (C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll)
HKLM_Toolbar|{327C2873-E90D-4c37-AA9D-10AC9BABA46C} (C:\Program Files\Canon\Easy-WebPrint\Toolband.dll)
HKLM_Toolbar|{D3028143-6145-4318-99D3-3EDCE54A95A9} (C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll)
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll)
HKLM_ElevationPolicy\{21111111-1111-1111-1111-110011441179} - C:\Program Files\Giant Savings\Giant Savings-bg.exe (x)
HKLM_Extensions\{E2D4D26B-0180-43a4-B05F-462D6D54C789} - "Aide à la connexion" (C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\conn_support.ico)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll)
BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 12 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 27/10/2012 20:24:33 (3090 Octet(s))

Fin à: 20:25:30, 27/10/2012

============== E.O.F ==============
0
Réponse 12 / 12
Utilisateur anonyme
27 oct. 2012 à 20:57
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


▶ Télécharge ici :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)


0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses