Jibione
-
Compteur de contenus
41 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Jibione
-
Bonjour à tous, Depuis 2 jours, impossible de démarrer mon PC. La page d'ouverture reste figée sur "acer explore beyond limits". Je n'arrive pas à faire un démarrage en mode sans échec. Quelqu'un aurait-il une idée? Merci d'avance
-
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
bon du coup, après d'autres essais, j'ai fini par craquer et j'ai rebooté le cd d'install d'xp sp2. j'ai tout perdu, et j'ai bien galéré pour retrouver une connexion internet mais j'ai pu (a priori) loader le sp3 et ça a l'air de bien tourner. merci 1000 fois encore pour ton aide et ta patience! à + (peut-être) je pense qu'on peut clore le sujet. -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
salut pear, après maintes et maintes essais, j'ai enfin réussi à installer le sp3. (merci au passage pour tes consignes). je me retrouve avec un pc qui ne se reboot plus tout seul (cool) mais par contre qui est hyper lent pour la plupart des tâches (ouverture explorateur, fichier exécutable...) j'arrive à avoir une RAM efficace quand je configure msconfig en mode "réglage de base", mais par contre, tous mes drivers sautent et je n'ai plus accès à internet. y aurait-il un lien avec les manips précédentes. merci (encore une foi) pour ton aide. -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Je n'arrive pas a mettre à jour le SP3, mon Pc rame énormément dès que je sors du mode sans échec. Y aurait-il une manip a effectuer? Merci -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Ok je fais ça. -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
C'est cool ça ne plante plus. Par contre ça rame pas mal. C'est normal. ? -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Et donc le rapport USB Fix après suppression : ############################## | UsbFix V 7.097 | [Deletion] User: Jibione (Administrator) # JB Updated 02/09/2012 by El Desaparecido Started at 14:42:14 | 07/11/2012 Website: http://eldesaparecido.com Forum: SoSVirus • Portail Suspicious file ? : http://eldesaparecido.com/upload.php Contact: contact@eldesaparecido.com PC: Acer (Aspire M1610) (X86-based PC CPU: Genuine Intel® CPU 2140 @ 1.60GHz (1600) CPU: Genuine Intel® CPU 2140 @ 1.60GHz (1600) RAM -> [Total : 1023 | Free : 522] BIOS: Phoenix - AwardBIOS v6.00PG BOOT: Fail-safe with network boot OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2 WB: Windows Internet Explorer 6.0.2900.2180 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 112 Gb (64 Mb free - 57%) [] # NTFS I:\ -> Fixed drive # 111 Gb (189 Mb free - 0%) [DATA] # NTFS J:\ -> CD-ROM L:\ -> CD-ROM M:\ -> CD-ROM N:\ -> Fixed drive # 465 Gb (16 Mb free - 3%) [bibi] # NTFS ################## | Active Processes | C:\WINDOWS\System32\smss.exe (472) C:\WINDOWS\system32\winlogon.exe (688) C:\WINDOWS\system32\services.exe (732) C:\WINDOWS\system32\lsass.exe (744) C:\WINDOWS\system32\svchost.exe (904) C:\WINDOWS\system32\svchost.exe (1092) C:\WINDOWS\Explorer.EXE (1456) C:\Program Files\Mozilla Firefox\firefox.exe (1932) C:\UsbFix\Go.exe (1284) ################## | Stopped processes | Stopped! C:\WINDOWS\Explorer.EXE (1456) Stopped! C:\Program Files\Mozilla Firefox\firefox.exe (1932) ################## | Files # Infected Folders | Deleted ! C:\Recycler\S-1-5-21-842925246-2139871995-1801674531-1003 Deleted ! I:\Recycler\S-1-5-21-842925246-2139871995-1801674531-1003 Deleted ! N:\Recycler\S-1-5-21-842925246-2139871995-1801674531-1003 Not deleted ! M:\autorun.inf (!) Temporary files deleted. ################## | Registry | ################## | Mountpoints2 | ################## | Listing | [11/03/2010 - 08:46:51 | N | 1024] C:\.rnd [07/11/2012 - 13:33:05 | N | 2080] C:\AdwCleaner[R8].txt [07/11/2012 - 13:34:30 | N | 2142] C:\AdwCleaner[s8].txt [06/03/2008 - 18:18:09 | N | 0] C:\AILog.txt [08/12/2007 - 21:05:24 | D ] C:\ATI [06/12/2007 - 17:36:06 | N | 0] C:\AUTOEXEC.BAT [06/11/2012 - 21:14:47 | RASD ] C:\Autorun.inf [25/10/2008 - 12:03:11 | N | 223] C:\Boot.bak [05/09/2011 - 09:55:46 | N | 293] C:\boot.ini [23/06/2008 - 21:54:51 | N | 2544] C:\caisslog.txt [05/03/2008 - 11:28:12 | N | 2275451] C:\CIMG5703.JPG [05/07/2009 - 11:43:38 | N | 2765] C:\cleannavi.txt [07/12/2007 - 06:17:55 | N | 96] C:\Clé.Microsoft.Office.2007.Professional.Plus.txt [10/01/2009 - 14:33:39 | D ] C:\cmdcons [03/08/2004 - 23:00:08 | N | 263488] C:\cmldr [01/11/2012 - 17:51:37 | D ] C:\col1832 [11/01/2009 - 23:13:46 | N | 15020] C:\ComboFix.txt [05/11/2012 - 14:56:51 | D ] C:\Config.Msi [06/12/2007 - 17:36:06 | N | 0] C:\CONFIG.SYS [13/01/2009 - 06:49:17 | N | 1749] C:\DealioAu.log [08/03/2008 - 21:23:37 | N | 216] C:\DebugTrace-RockallDLL.log [06/11/2012 - 13:59:10 | D ] C:\Documents and Settings [31/05/2011 - 17:02:56 | D ] C:\Downloads [11/05/2009 - 22:27:44 | D ] C:\Drivers [06/05/2011 - 12:57:13 | D ] C:\ERDNT [05/07/2009 - 10:51:57 | N | 2749] C:\fixnavi.txt [06/12/2007 - 17:36:06 | N | 0] C:\IO.SYS [01/11/2012 - 19:33:16 | N | 0] C:\Log.txt [24/07/2010 - 22:14:32 | D ] C:\Mozilla [31/05/2009 - 09:27:54 | N | 4245] C:\MP4debug.log [06/12/2007 - 17:36:06 | N | 0] C:\MSDOS.SYS [02/02/2009 - 17:54:54 | D ] C:\My Videos [03/08/2004 - 21:38:34 | N | 47564] C:\NTDETECT.COM [03/08/2004 - 21:59:34 | N | 250032] C:\ntldr [24/01/2009 - 06:45:14 | N | 2284887] C:\P1030315.JPG [07/11/2012 - 14:33:19 | ASH | 1610612736] C:\pagefile.sys [06/11/2012 - 08:24:18 | N | 0] C:\PhysicalDisk0_MBR.bin [08/12/2010 - 09:16:39 | N | 2617363] C:\pic 009.jpg [08/12/2010 - 09:16:54 | N | 2531801] C:\pic 036.jpg [08/12/2010 - 09:16:52 | N | 2608897] C:\pic 037.jpg [06/11/2012 - 13:51:10 | D ] C:\Program Files [07/11/2012 - 14:42:56 | SHD ] C:\RECYCLER [01/11/2012 - 17:56:18 | D ] C:\sj645 [01/11/2012 - 19:32:20 | D ] C:\sj646 [02/04/2008 - 06:36:09 | N | 268] C:\sqmdata00.sqm [01/05/2008 - 18:10:28 | N | 268] C:\sqmdata01.sqm [15/05/2008 - 20:25:11 | N | 232] C:\sqmdata02.sqm [15/06/2008 - 20:03:22 | N | 268] C:\sqmdata03.sqm [30/06/2008 - 18:30:31 | N | 268] C:\sqmdata04.sqm [14/07/2008 - 20:53:42 | N | 268] C:\sqmdata05.sqm [11/09/2008 - 21:01:55 | N | 232] C:\sqmdata06.sqm [11/09/2008 - 21:02:27 | N | 232] C:\sqmdata07.sqm [11/09/2008 - 21:06:39 | N | 232] C:\sqmdata08.sqm [11/09/2008 - 21:27:35 | N | 232] C:\sqmdata09.sqm [12/10/2008 - 11:10:05 | N | 268] C:\sqmdata10.sqm [26/10/2008 - 11:52:53 | N | 268] C:\sqmdata11.sqm [24/11/2008 - 21:32:56 | N | 268] C:\sqmdata12.sqm [10/12/2008 - 00:48:45 | N | 268] C:\sqmdata13.sqm [25/12/2008 - 23:48:05 | N | 268] C:\sqmdata14.sqm [28/12/2008 - 00:16:10 | N | 268] C:\sqmdata15.sqm [28/12/2008 - 14:25:07 | N | 268] C:\sqmdata16.sqm [02/04/2008 - 06:36:09 | N | 244] C:\sqmnoopt00.sqm [01/05/2008 - 18:10:28 | N | 244] C:\sqmnoopt01.sqm [15/05/2008 - 20:25:11 | N | 244] C:\sqmnoopt02.sqm [15/06/2008 - 20:03:22 | N | 244] C:\sqmnoopt03.sqm [30/06/2008 - 18:30:31 | N | 244] C:\sqmnoopt04.sqm [14/07/2008 - 20:53:42 | N | 244] C:\sqmnoopt05.sqm [11/09/2008 - 21:01:54 | N | 244] C:\sqmnoopt06.sqm [11/09/2008 - 21:02:27 | N | 244] C:\sqmnoopt07.sqm [11/09/2008 - 21:06:39 | N | 244] C:\sqmnoopt08.sqm [11/09/2008 - 21:27:35 | N | 244] C:\sqmnoopt09.sqm [12/10/2008 - 11:10:05 | N | 244] C:\sqmnoopt10.sqm [26/10/2008 - 11:52:53 | N | 244] C:\sqmnoopt11.sqm [24/11/2008 - 21:32:56 | N | 244] C:\sqmnoopt12.sqm [10/12/2008 - 00:48:45 | N | 244] C:\sqmnoopt13.sqm [25/12/2008 - 23:48:04 | N | 244] C:\sqmnoopt14.sqm [28/12/2008 - 00:16:10 | N | 244] C:\sqmnoopt15.sqm [28/12/2008 - 14:25:06 | N | 244] C:\sqmnoopt16.sqm [07/07/2009 - 22:17:20 | SHD ] C:\System Volume Information [13/01/2009 - 07:31:13 | N | 3845] C:\TB.txt [15/10/2012 - 09:12:28 | ASH | 15872] C:\Thumbs.db [07/11/2012 - 14:42:56 | D ] C:\UsbFix [07/11/2012 - 14:42:56 | A | 2016] C:\UsbFix.txt [11/05/2009 - 22:27:05 | D ] C:\USB_DRV [20/04/2010 - 13:49:31 | D ] C:\vc_temp [06/11/2012 - 23:54:03 | D ] C:\WINDOWS [06/11/2012 - 23:38:24 | D ] C:\ZHP [06/07/2009 - 20:40:39 | D ] C:\_OTM [06/11/2012 - 21:05:02 | SHD ] I:\$RECYCLE.BIN [22/08/2009 - 02:06:11 | D ] I:\72c7f392f529508c033e23 [11/11/2009 - 14:48:57 | D ] I:\853b11d5d668804da6b60dfa431c [06/11/2012 - 21:14:50 | RASD ] I:\Autorun.inf [12/03/2010 - 12:19:58 | D ] I:\EVG beber [16/07/2010 - 09:00:02 | D ] I:\Films [07/12/2007 - 04:59:22 | D ] I:\found.000 [01/04/2010 - 13:09:55 | RD ] I:\MSOCache [05/11/2012 - 19:05:10 | D ] I:\My Music [07/11/2012 - 14:42:56 | SHD ] I:\RECYCLER [07/12/2007 - 04:59:29 | SHD ] I:\System Volume Information [15/01/2010 - 08:46:59 | ASH | 17920] I:\Thumbs.db [18/06/2009 - 22:12:18 | R | 88] M:\autorun.inf [14/11/2009 - 01:33:06 | RD ] M:\Extras [13/11/2009 - 20:25:22 | R | 3687200] M:\Unlock.exe [13/11/2009 - 22:42:23 | RD ] M:\User Manuals [14/11/2009 - 01:30:12 | R | 1456475] M:\Virtual CD Manager.exe [14/11/2009 - 01:33:33 | RD ] M:\WD SmartWare [13/11/2009 - 20:25:22 | R | 3280672] M:\WD SmartWare.exe [18/06/2009 - 18:06:24 | R | 695] M:\What is this.html [06/11/2012 - 21:05:51 | SHD ] N:\$RECYCLE.BIN [06/11/2012 - 21:14:52 | RASD ] N:\Autorun.inf [05/11/2012 - 12:35:01 | D ] N:\docs [29/10/2012 - 11:10:19 | D ] N:\films [20/12/2011 - 19:12:36 | D ] N:\iPod Photo Cache [05/11/2012 - 14:23:34 | D ] N:\photos [28/12/2011 - 17:33:54 | D ] N:\programmes [07/11/2012 - 14:42:56 | SHD ] N:\RECYCLER [28/12/2011 - 17:37:11 | D ] N:\sons [18/04/2010 - 11:23:07 | SHD ] N:\System Volume Information [25/02/2011 - 13:31:14 | ASH | 43520] N:\Thumbs.db ################## | Vaccin | C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) N:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | Upload | Please send the file: C:\UsbFix_Upload_Me_JB.zip http://eldesaparecido.com/upload.php Thank you for your contribution. ################## | E.O.F | -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
J'ai lancé USB fix, je colle les rappors à mon retour ce soir Rapport USB fix après scan : ############################## | UsbFix V 7.097 | [Research] User: Jibione (Administrator) # JB Updated 02/09/2012 by El Desaparecido Started at 14:34:46 | 07/11/2012 Website: http://eldesaparecido.com Forum: SoSVirus • Portail Suspicious file ? : http://eldesaparecido.com/upload.php Contact: contact@eldesaparecido.com PC: Acer (Aspire M1610) (X86-based PC CPU: Genuine Intel® CPU 2140 @ 1.60GHz (1600) CPU: Genuine Intel® CPU 2140 @ 1.60GHz (1600) RAM -> [Total : 1023 | Free : 620] BIOS: Phoenix - AwardBIOS v6.00PG BOOT: Fail-safe with network boot OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2 WB: Windows Internet Explorer 6.0.2900.2180 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 112 Gb (64 Mb free - 57%) [] # NTFS I:\ -> Fixed drive # 111 Gb (189 Mb free - 0%) [DATA] # NTFS J:\ -> CD-ROM L:\ -> CD-ROM M:\ -> CD-ROM N:\ -> Fixed drive # 465 Gb (16 Mb free - 3%) [bibi] # NTFS ################## | Active Processes | C:\WINDOWS\System32\smss.exe (472) C:\WINDOWS\system32\winlogon.exe (688) C:\WINDOWS\system32\services.exe (732) C:\WINDOWS\system32\lsass.exe (744) C:\WINDOWS\system32\svchost.exe (904) C:\WINDOWS\system32\svchost.exe (1092) C:\WINDOWS\Explorer.EXE (1456) C:\Program Files\Mozilla Firefox\firefox.exe (1932) C:\UsbFix\Go.exe (1956) ################## | Files # Infected Folders | Found ! M:\autorun.inf ################## | Registry | ################## | Mountpoints2 | ################## | Vaccin | C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) N:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | E.O.F | -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Rapport après suppression Malware : Malwarebytes Anti-Malware (Essai) 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.07.04 Windows XP Service Pack 2 x86 NTFS (Mode sans échec/Réseau) Internet Explorer 6.0.2900.2180 Jibione :: JB [administrateur] Protection: Désactivé 07/11/2012 13:43:04 mbam-log-2012-11-07 (13-43-04).txt Type d'examen: Examen complet (C:\|E:\|F:\|G:\|H:\|I:\|J:\|L:\|M:\|N:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 393123 Temps écoulé: 45 minute(s), 48 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 1 N:\programmes\Camtasia Studio 7 + Keygen\Camtasia_Studio_7_Keygen.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès. (fin) -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Rapport ADW après suppression : # AdwCleaner v2.007 - Logfile created 11/07/2012 at 13:34:25 # Updated 06/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Jibione - JB # Boot Mode : Safe mode with networking # Running from : C:\Documents and Settings\Jibione\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\RelevantKnowledge\rlvknlg.exe] ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.2180 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (fr) Profile name : default File : C:\Documents and Settings\Jibione\Application Data\Mozilla\Firefox\Profiles\3qb0duha.default\prefs.js [OK] File is clean. Profile name : default File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fi70phbz.default\prefs.js [OK] File is clean. -\\ Opera v12.2.1578.0 File : C:\Documents and Settings\Jibione\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [5290 octets] - [06/11/2012 13:49:25] AdwCleaner[R2].txt - [1127 octets] - [06/11/2012 13:55:45] AdwCleaner[R3].txt - [1188 octets] - [06/11/2012 13:56:26] AdwCleaner[R4].txt - [1370 octets] - [06/11/2012 14:01:07] AdwCleaner[R5].txt - [1654 octets] - [06/11/2012 14:05:47] AdwCleaner[R6].txt - [1714 octets] - [06/11/2012 21:23:26] AdwCleaner[R7].txt - [1774 octets] - [06/11/2012 22:27:53] AdwCleaner[R8].txt - [2080 octets] - [07/11/2012 13:32:59] AdwCleaner[s1].txt - [5410 octets] - [06/11/2012 13:51:09] AdwCleaner[s3].txt - [1248 octets] - [06/11/2012 13:56:48] AdwCleaner[s4].txt - [1430 octets] - [06/11/2012 14:01:17] AdwCleaner[s5].txt - [1594 octets] - [06/11/2012 14:03:59] AdwCleaner[s7].txt - [1834 octets] - [06/11/2012 22:28:19] AdwCleaner[s8].txt - [2013 octets] - [07/11/2012 13:34:25] ########## EOF - C:\AdwCleaner[s8].txt - [2073 octets] ########## -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Rapport HOST : RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : HOSTSFix -- Date : 07/11/2012 13:24:12 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ Resetted HOSTS: ¤¤¤ 127.0.0.1 localhost Finished : << RKreport[27]_H_07112012_132412.txt >> RKreport[11]_S_06112012_212117.txt ; RKreport[12]_D_06112012_212127.txt ; RKreport[13]_S_06112012_212135.txt ; RKreport[14]_S_06112012_212922.txt ; RKreport[25]_S_07112012_132055.txt ; RKreport[26]_D_07112012_132331.txt ; RKreport[27]_H_07112012_132412.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt ; RKreport[4]_D_06112012_134651.txt Rapport PROXY : RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : ProxyFix -- Date : 07/11/2012 13:25:49 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ Finished : << RKreport[28]_PR_07112012_132549.txt >> RKreport[11]_S_06112012_212117.txt ; RKreport[12]_D_06112012_212127.txt ; RKreport[13]_S_06112012_212135.txt ; RKreport[14]_S_06112012_212922.txt ; RKreport[25]_S_07112012_132055.txt ; RKreport[26]_D_07112012_132331.txt ; RKreport[27]_H_07112012_132412.txt ; RKreport[28]_PR_07112012_132549.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt ; RKreport[4]_D_06112012_134651.txt Rapport DNS : RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : DNSFix -- Date : 07/11/2012 13:26:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ Finished : << RKreport[29]_DN_07112012_132611.txt >> RKreport[11]_S_06112012_212117.txt ; RKreport[12]_D_06112012_212127.txt ; RKreport[13]_S_06112012_212135.txt ; RKreport[14]_S_06112012_212922.txt ; RKreport[25]_S_07112012_132055.txt ; RKreport[26]_D_07112012_132331.txt ; RKreport[27]_H_07112012_132412.txt ; RKreport[28]_PR_07112012_132549.txt ; RKreport[29]_DN_07112012_132611.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt ; RKreport[4]_D_06112012_134651.txt Rapport RACCOURCI : RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Shortcuts HJfix -- Date : 07/11/2012 13:29:33 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 0 / Fail 0 Quick launch: Success 0 / Fail 0 Programs: Success 0 / Fail 0 Start menu: Success 0 / Fail 0 User folder: Success 6 / Fail 0 My documents: Success 0 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 0 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 10 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [E:] \Device\Harddisk2\DP(1)0-0+a -- 0x2 --> Restored [F:] \Device\Harddisk3\DP(1)0-0+b -- 0x2 --> Restored [G:] \Device\Harddisk4\DP(1)0-0+c -- 0x2 --> Restored [H:] \Device\Harddisk5\DP(1)0-0+d -- 0x2 --> Restored [i:] \Device\HarddiskVolume3 -- 0x3 --> Restored [J:] \Device\CdRom0 -- 0x5 --> Skipped [L:] \Device\CdRom1 -- 0x5 --> Skipped [M:] \Device\CdRom2 -- 0x5 --> Skipped [N:] \Device\HarddiskVolume4 -- 0x3 --> Restored Finished : << RKreport[30]_SC_07112012_132933.txt >> RKreport[25]_S_07112012_132055.txt ; RKreport[26]_D_07112012_132331.txt ; RKreport[27]_H_07112012_132412.txt ; RKreport[28]_PR_07112012_132549.txt ; RKreport[29]_DN_07112012_132611.txt ; RKreport[30]_SC_07112012_132933.txt Rapport ADW Cleaner après recherche : # AdwCleaner v2.007 - Logfile created 11/07/2012 at 13:32:59 # Updated 06/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Jibione - JB # Boot Mode : Safe mode with networking # Running from : C:\Documents and Settings\Jibione\Desktop\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\RelevantKnowledge\rlvknlg.exe] ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.2180 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (fr) Profile name : default File : C:\Documents and Settings\Jibione\Application Data\Mozilla\Firefox\Profiles\3qb0duha.default\prefs.js [OK] File is clean. Profile name : default File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fi70phbz.default\prefs.js [OK] File is clean. -\\ Opera v12.2.1578.0 File : C:\Documents and Settings\Jibione\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [5290 octets] - [06/11/2012 13:49:25] AdwCleaner[R2].txt - [1127 octets] - [06/11/2012 13:55:45] AdwCleaner[R3].txt - [1188 octets] - [06/11/2012 13:56:26] AdwCleaner[R4].txt - [1370 octets] - [06/11/2012 14:01:07] AdwCleaner[R5].txt - [1654 octets] - [06/11/2012 14:05:47] AdwCleaner[R6].txt - [1714 octets] - [06/11/2012 21:23:26] AdwCleaner[R7].txt - [1774 octets] - [06/11/2012 22:27:53] AdwCleaner[R8].txt - [1651 octets] - [07/11/2012 13:32:59] AdwCleaner[s1].txt - [5410 octets] - [06/11/2012 13:51:09] AdwCleaner[s3].txt - [1248 octets] - [06/11/2012 13:56:48] AdwCleaner[s4].txt - [1430 octets] - [06/11/2012 14:01:17] AdwCleaner[s5].txt - [1594 octets] - [06/11/2012 14:03:59] AdwCleaner[s7].txt - [1834 octets] - [06/11/2012 22:28:19] ########## EOF - C:\AdwCleaner[R8].txt - [2011 octets] ########## -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Rapport RK after scan : RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Scan -- Date : 07/11/2012 13:20:55 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WD My Book 1110 USB Device +++++ --- User --- [MBR] e25890f977ff9b55d431c2d503f7091a [bSP] 80800248c3ad43dc24815dfff0d27317 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476269 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[25]_S_07112012_132055.txt >> RKreport[10]_D_06112012_212110.txt ; RKreport[11]_S_06112012_212117.txt ; RKreport[12]_D_06112012_212127.txt ; RKreport[13]_S_06112012_212135.txt ; RKreport[14]_S_06112012_212922.txt ; RKreport[1]_S_06112012_132743.txt ; RKreport[21]_S_06112012_223558.txt ; RKreport[22]_S_06112012_223836.txt ; RKreport[23]_S_06112012_225519.txt ; RKreport[24]_S_06112012_225532.txt ; RKreport[25]_S_07112012_132055.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt ; RKreport[4]_D_06112012_134651.txt ; RKreport[8]_D_06112012_212050.txt ; RKreport[9]_D_06112012_212100.txt Rapport RK après suppression : RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Remove -- Date : 07/11/2012 13:23:31 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WD My Book 1110 USB Device +++++ --- User --- [MBR] e25890f977ff9b55d431c2d503f7091a [bSP] 80800248c3ad43dc24815dfff0d27317 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476269 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[26]_D_07112012_132331.txt >> RKreport[11]_S_06112012_212117.txt ; RKreport[12]_D_06112012_212127.txt ; RKreport[13]_S_06112012_212135.txt ; RKreport[14]_S_06112012_212922.txt ; RKreport[25]_S_07112012_132055.txt ; RKreport[26]_D_07112012_132331.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt ; RKreport[4]_D_06112012_134651.txt -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
tout d'abord, merci pear pour ta réponse. j'étais un peu perdu et c'est cool de ta part de prendre de ton temps pour solver mes pbm. je reprends la démarche du début donc! -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
BOnjour, Je rencontre des problèmes de reboot intempestif de mon pc depuis 24h. J'ai lancé un diag ZHP mais je ne sais pas comment m'en servir. L'un d'entre vous pourrait-il m'aiguiller? Je suis un peu paumé... Merci d'avance les zébulonistes Lien CJoint.com BKgxQWjepet -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
y a-t-il d'autres manips à effectuer pear? -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Rapport USBFIX après suppression : ############################## | UsbFix V 7.097 | [Research] User: Jibione (Administrator) # JB Updated 02/09/2012 by El Desaparecido Started at 20:57:26 | 06/11/2012 Website: http://eldesaparecido.com Forum: SoSVirus • Portail Suspicious file ? : http://eldesaparecido.com/upload.php Contact: contact@eldesaparecido.com PC: Acer (Aspire M1610) (X86-based PC CPU: Genuine Intel® CPU 2140 @ 1.60GHz (1600) CPU: Genuine Intel® CPU 2140 @ 1.60GHz (1600) RAM -> [Total : 1023 | Free : 556] BIOS: Phoenix - AwardBIOS v6.00PG BOOT: Fail-safe with network boot OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2 WB: Windows Internet Explorer 6.0.2900.2180 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 112 Gb (66 Mb free - 59%) [] # NTFS I:\ -> Fixed drive # 111 Gb (189 Mb free - 0%) [DATA] # NTFS J:\ -> CD-ROM L:\ -> CD-ROM M:\ -> CD-ROM N:\ -> Fixed drive # 465 Gb (15 Mb free - 3%) [bibi] # NTFS ################## | Active Processes | C:\WINDOWS\System32\smss.exe (472) C:\WINDOWS\system32\winlogon.exe (700) C:\WINDOWS\system32\services.exe (752) C:\WINDOWS\system32\lsass.exe (764) C:\WINDOWS\system32\svchost.exe (924) C:\WINDOWS\system32\svchost.exe (1112) C:\WINDOWS\Explorer.EXE (1820) C:\Program Files\Mozilla Firefox\firefox.exe (272) C:\UsbFix\Go.exe (1260) ################## | Files # Infected Folders | Found ! C:\Documents and Settings\Jibione\Application Data\Temp ################## | Registry | Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{0cdd83a2-bffb-11dc-af5e-be0ac0faea2a} Shell\AutoRun\Command = D:\Autorun.exe /run Shell\Shell00\Command = D:\Autorun.exe /run Shell\Shell01\Command = D:\Autorun.exe /action Shell\Shell02\Command = D:\Autorun.exe /uninstall HKCU\.\.\.\.\Explorer\MountPoints2\{2118c315-0ec2-11dd-aff1-001c2532569f} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe HKCU\.\.\.\.\Explorer\MountPoints2\{31846512-3e7c-11df-b2c0-001c2532569f} Shell\AutoRun\Command = "M:\WD SmartWare.exe" autoplay=true HKCU\.\.\.\.\Explorer\MountPoints2\{3ef6e9f7-2c74-11e0-b3cd-001c2532569f} Shell\AutoRun\Command = M:\qhyncyll.exe Shell\explore\Command = M:\qhyncyll.exe Shell\open\Command = M:\qhyncyll.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
et enfin le USBfix : ############################## | UsbFix V 7.097 | [Research] User: Jibione (Administrator) # JB Updated 02/09/2012 by El Desaparecido Started at 20:57:26 | 06/11/2012 Website: http://eldesaparecido.com Forum: SoSVirus • Portail Suspicious file ? : http://eldesaparecido.com/upload.php Contact: contact@eldesaparecido.com PC: Acer (Aspire M1610) (X86-based PC CPU: Genuine Intel® CPU 2140 @ 1.60GHz (1600) CPU: Genuine Intel® CPU 2140 @ 1.60GHz (1600) RAM -> [Total : 1023 | Free : 556] BIOS: Phoenix - AwardBIOS v6.00PG BOOT: Fail-safe with network boot OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2 WB: Windows Internet Explorer 6.0.2900.2180 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 112 Gb (66 Mb free - 59%) [] # NTFS I:\ -> Fixed drive # 111 Gb (189 Mb free - 0%) [DATA] # NTFS J:\ -> CD-ROM L:\ -> CD-ROM M:\ -> CD-ROM N:\ -> Fixed drive # 465 Gb (15 Mb free - 3%) [bibi] # NTFS ################## | Active Processes | C:\WINDOWS\System32\smss.exe (472) C:\WINDOWS\system32\winlogon.exe (700) C:\WINDOWS\system32\services.exe (752) C:\WINDOWS\system32\lsass.exe (764) C:\WINDOWS\system32\svchost.exe (924) C:\WINDOWS\system32\svchost.exe (1112) C:\WINDOWS\Explorer.EXE (1820) C:\Program Files\Mozilla Firefox\firefox.exe (272) C:\UsbFix\Go.exe (1260) ################## | Files # Infected Folders | Found ! C:\Documents and Settings\Jibione\Application Data\Temp ################## | Registry | Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{0cdd83a2-bffb-11dc-af5e-be0ac0faea2a} Shell\AutoRun\Command = D:\Autorun.exe /run Shell\Shell00\Command = D:\Autorun.exe /run Shell\Shell01\Command = D:\Autorun.exe /action Shell\Shell02\Command = D:\Autorun.exe /uninstall HKCU\.\.\.\.\Explorer\MountPoints2\{2118c315-0ec2-11dd-aff1-001c2532569f} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe HKCU\.\.\.\.\Explorer\MountPoints2\{31846512-3e7c-11df-b2c0-001c2532569f} Shell\AutoRun\Command = "M:\WD SmartWare.exe" autoplay=true HKCU\.\.\.\.\Explorer\MountPoints2\{3ef6e9f7-2c74-11e0-b3cd-001c2532569f} Shell\AutoRun\Command = M:\qhyncyll.exe Shell\explore\Command = M:\qhyncyll.exe Shell\open\Command = M:\qhyncyll.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Donc rapport DNS : RogueKiller V8.2.2 [03/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Scan -- Date : 06/11/2012 20:52:40 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{45BCFF62-AB81-4033-A84F-C015C618050B} : NameServer (212.27.53.252,212.27.54.252) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[5]_S_06112012_205240.txt >> RKreport[1]_S_06112012_132743.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt ; RKreport[4]_D_06112012_134651.txt ; RKreport[5]_S_06112012_205240.txt Je suis désolé Pear, je rentre à l'instant du boulot, et étant commercant, je n'ai pas accès à mon PC. Merci pour ton aide en tout cas -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Malware report : Malwarebytes Anti-Malware (Essai) 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.06.04 Windows XP Service Pack 2 x86 NTFS (Mode sans échec/Réseau) Internet Explorer 6.0.2900.2180 Jibione :: JB [administrateur] Protection: Désactivé 06/11/2012 14:14:53 mbam-log-2012-11-06 (14-14-53).txt Type d'examen: Examen complet (C:\|I:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 353800 Temps écoulé: 34 minute(s), 6 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 1 C:\Documents and Settings\Jibione\My Documents\Downloads\PhotoFiltre.Studio.X.10.7.0\Keygen\keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès. (fin) -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Après suppression fichier sur ADW : # AdwCleaner v2.006 - Logfile created 11/06/2012 at 14:05:47 # Updated 30/10/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Jibione - JB # Boot Mode : Safe mode with networking # Running from : C:\Documents and Settings\Jibione\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.2180 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (fr) Profile name : default File : C:\Documents and Settings\Jibione\Application Data\Mozilla\Firefox\Profiles\3qb0duha.default\prefs.js [OK] File is clean. Profile name : default File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fi70phbz.default\prefs.js [OK] File is clean. -\\ Opera v12.2.1578.0 File : C:\Documents and Settings\Jibione\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [5290 octets] - [06/11/2012 13:49:25] AdwCleaner[s1].txt - [5410 octets] - [06/11/2012 13:51:09] AdwCleaner[R2].txt - [1127 octets] - [06/11/2012 13:55:45] AdwCleaner[R3].txt - [1188 octets] - [06/11/2012 13:56:26] AdwCleaner[s3].txt - [1248 octets] - [06/11/2012 13:56:48] AdwCleaner[R4].txt - [1370 octets] - [06/11/2012 14:01:07] AdwCleaner[s4].txt - [1430 octets] - [06/11/2012 14:01:17] AdwCleaner[s5].txt - [1594 octets] - [06/11/2012 14:03:59] AdwCleaner[R5].txt - [1525 octets] - [06/11/2012 14:05:47] ########## EOF - C:\AdwCleaner[R5].txt - [1585 octets] ########## -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Rapport ADW : # AdwCleaner v2.006 - Logfile created 11/06/2012 at 13:49:25 # Updated 30/10/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Jibione - JB # Boot Mode : Safe mode with networking # Running from : C:\Documents and Settings\Jibione\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Documents and Settings\Jibione\Application Data\Mozilla\Firefox\Profiles\3qb0duha.default\searchplugins\Askcom.xml File Found : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js Folder Found : C:\Documents and Settings\Jibione\Application Data\pdfforge Folder Found : C:\Documents and Settings\Jibione\Application Data\Search Settings Folder Found : C:\Program Files\Ask.com ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E908B145-C847-4E85-B315-07E2E70DECF8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Softonic Key Found : HKLM\Software\AskBarDis Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Found : HKLM\SOFTWARE\Classes\Installer\Features\81337C0DA4B761D40A4CB3380F57AE88 Key Found : HKLM\SOFTWARE\Classes\Installer\Products\81337C0DA4B761D40A4CB3380F57AE88 Key Found : HKLM\SOFTWARE\Classes\Interface\{03C390E8-B836-4B82-8D56-1BFDDC06AE8A} Key Found : HKLM\SOFTWARE\Classes\Interface\{2C4470A2-E099-4B9E-ABFE-BBA56D046AFD} Key Found : HKLM\SOFTWARE\Classes\Interface\{391769AE-D8EC-45EC-967D-F5120456E514} Key Found : HKLM\SOFTWARE\Classes\Interface\{39AEF150-C270-4690-AE7D-955E51BC8960} Key Found : HKLM\SOFTWARE\Classes\Interface\{3EDDA953-1C3B-4823-8F25-D075FBB2D2B5} Key Found : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362} Key Found : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B67A4CBA-520A-43DB-B03F-414E539F90EC} Key Found : HKLM\SOFTWARE\Classes\Interface\{CD73B1AB-3403-4E47-B196-517C57BE76A2} Key Found : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} Key Found : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742} Key Found : HKLM\SOFTWARE\Classes\SearchSettings.BHO Key Found : HKLM\SOFTWARE\Classes\SearchSettings.BHO.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4C1E5902-FE99-4591-8582-2A2605462857} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2} Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88} Key Found : HKU\S-1-5-21-842925246-2139871995-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}] Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\RelevantKnowledge\rlvknlg.exe] ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.2180 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (fr) Profile name : default File : C:\Documents and Settings\Jibione\Application Data\Mozilla\Firefox\Profiles\3qb0duha.default\prefs.js Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultenginename", "Ask.com"); Found : user_pref("browser.search.order.1", "Ask.com"); Found : user_pref("extensions.snipit.askTbInstalled", true); -\\ Opera v12.2.1578.0 File : C:\Documents and Settings\Jibione\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [5161 octets] - [06/11/2012 13:49:25] ########## EOF - C:\AdwCleaner[R1].txt - [5221 octets] ########## -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
HOST : RogueKiller V8.2.2 [03/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Remove -- Date : 06/11/2012 13:37:15 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{45BCFF62-AB81-4033-A84F-C015C618050B} : NameServer (212.27.53.252,212.27.54.252) -> NOT REMOVED, USE DNSFIX [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_06112012_133715.txt >> RKreport[1]_S_06112012_132743.txt ; RKreport[2]_D_06112012_133715.txt PROXy : RogueKiller V8.2.2 [03/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Scan -- Date : 06/11/2012 13:41:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{45BCFF62-AB81-4033-A84F-C015C618050B} : NameServer (212.27.53.252,212.27.54.252) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_S_06112012_134138.txt >> RKreport[1]_S_06112012_132743.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt DNS : RogueKiller V8.2.2 [03/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Scan -- Date : 06/11/2012 13:41:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{45BCFF62-AB81-4033-A84F-C015C618050B} : NameServer (212.27.53.252,212.27.54.252) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_S_06112012_134138.txt >> RKreport[1]_S_06112012_132743.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt DRIVER : RogueKiller V8.2.2 [03/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Scan -- Date : 06/11/2012 13:41:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{45BCFF62-AB81-4033-A84F-C015C618050B} : NameServer (212.27.53.252,212.27.54.252) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_S_06112012_134138.txt >> RKreport[1]_S_06112012_132743.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt FILES : RogueKiller V8.2.2 [03/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Scan -- Date : 06/11/2012 13:41:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{45BCFF62-AB81-4033-A84F-C015C618050B} : NameServer (212.27.53.252,212.27.54.252) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_S_06112012_134138.txt >> RKreport[1]_S_06112012_132743.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt MBR : RogueKiller V8.2.2 [03/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Scan -- Date : 06/11/2012 13:41:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{45BCFF62-AB81-4033-A84F-C015C618050B} : NameServer (212.27.53.252,212.27.54.252) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_S_06112012_134138.txt >> RKreport[1]_S_06112012_132743.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt SHORTCUT : RogueKiller V8.2.2 [03/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Scan -- Date : 06/11/2012 13:41:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{45BCFF62-AB81-4033-A84F-C015C618050B} : NameServer (212.27.53.252,212.27.54.252) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_S_06112012_134138.txt >> RKreport[1]_S_06112012_132743.txt ; RKreport[2]_D_06112012_133715.txt ; RKreport[3]_S_06112012_134138.txt -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
RogueKiller V8.2.2 [03/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Remove -- Date : 06/11/2012 13:37:15 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{45BCFF62-AB81-4033-A84F-C015C618050B} : NameServer (212.27.53.252,212.27.54.252) -> NOT REMOVED, USE DNSFIX [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_06112012_133715.txt >> RKreport[1]_S_06112012_132743.txt ; RKreport[2]_D_06112012_133715.txt -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Par contre : "Dans l'onglet "Registre", décocher les lignes suivantes: (Lignes à décocher:celles que vous avez volontairement modifiées)" Je ne saisis pas quelles lignes dois-je décocher? -
[Résolu] PC infecté ?
Jibione a répondu à un(e) sujet de Jibione dans Analyses et éradication malwares
Merci à toi pour ton aide Pear (en plus avec le triskel, la classe) voici donc le rapport de RK RogueKiller V8.2.2 [03/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: RogueKiller - Geeks to Go Forums Website: RogueKiller Blog: tigzy-RK Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Jibione [Admin rights] Mode : Scan -- Date : 06/11/2012 13:27:43 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{45BCFF62-AB81-4033-A84F-C015C618050B} : NameServer (212.27.53.252,212.27.54.252) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250820AS +++++ --- User --- [MBR] 5f5e0f443283fc8f8026ccc0da6239fa [bSP] 8fc88cb3104fbcbcab51de587040b941 : Windows XP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 114372 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254701568 | Size: 114108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_06112012_132743.txt >> RKreport[1]_S_06112012_132743.txt