Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

  • Modérateurs
Posté(e)

Bonjour Pantouflar,

 

Voilà typiquement un rapport qu'il était dangereux de coller directement dans un message, au risque de bloquer le sujet (à cause des limites du gestionnaire de forum IPB 3.1), donc de le rendre inaccessible. C'est ce qu'il s'est passé… :outch:

 

Il est donc préférable de faire héberger de tels rapports, par exemple chez icne2cjoint.png

C'est ce que j'ai fait aussi avec le rapport OTL Extras, afin de prévenir un nouveau plantage :D

Nota : on peut accéder à la page 2 de l'ancien topic, en se positionnant sur le début du topic et en cliquant sur "Ajouter une réponse". On voit alors les 10 derniers messages en ordre chronologique inversé.

Posté(e)

Bonsoir,

 

[/color]

 

Relancez Otl:

 

Sous Custom scan Files ou Personnalisation

Copiez Collez

:Otl

PRC - [2011/10/24 16:51:19 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

FF - prefs.js..browser.startup.homepage: "http://freakylinks.info/643"

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

O2 - BHO: (MediaBar) - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files (x86)\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll ()

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll (Xi)

O3 - HKLM\..\Toolbar: (MediaBar) - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files (x86)\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-4057456930-615517595-1230037521-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKU\S-1-5-21-4057456930-615517595-1230037521-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

 

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk - - File not found

MsConfig:64bit - StartUpFolder: C:^Users^ANONYMOUS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip - - File not found

MsConfig:64bit - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: PlayMovie - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: VoipCheapCom - hkey= - key= - File not found

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

 

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

 

:files

 

[purity]

[emptytemp]

[resethosts]

[Reboot]

-------->Cliquer Runfix ou Correction

 

OTL redémarrera le système automatiquement.

Postez le rapport.

 

 

 

 

 

Télécharger Usb Fix , sur le bureau

 

Installez le avec les paramètres par défault

Vous devez désactiver la protection en temps réel de votre Antivirus qui peut considérer certains composants de ce logiciel comme néfastes.

Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Brancher les périphériques externes (clé USB, disque dur externe, etc...) sans les ouvrir

Si vous êtes sous Vista:Désactiver L'UAC ,avant utilisation.

 

Faire un Clic-droit sur le raccourci Usbfix sur le bureau et choisir "Exécuter en tant qu'administrateur".

 

Lancer l' option 1(Recherche)

le rapport UsbFix.txt est sauvegardé à la racine du disque .

Faites en un copier/coller dans le bloc notes pour le poster.

 

Ensuite,

Lancer l'option 2(Suppression)

Le bureau disparait et le pc redémarre

Patientez le temps du scan.

le rapport UsbFix.txt est sauvegardé à la racine du disque

Faites en un copier/coller dans le bloc notes pour le poster.

Pour les rapports qui sont courts (ex. Malwarebytes, AD-R, USBFix, etc.), copiez/collez sur votre sujet

 

Vaccination

Pour vous éviter une infection ultérieure:

Lancer l' Option 3 (vaccination)

 

 

Pour Désinstaller UsbFix (après la désinfection)

Double clic sur le raccourci sur le bureau

Lancer l' option 5 ( Désinstaller ) ....

Posté(e)

All processes killed
========== OTL ==========
No active process named PlusService.exe was found!
Prefs.js: "http://freakylinks.info/643" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE9A4208-64EC-11DE-8440-204256D89593}\ deleted successfully.
C:\Program Files (x86)\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A}\ deleted successfully.
C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE9A4208-64EC-11DE-8440-204256D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE9A4208-64EC-11DE-8440-204256D89593}\ not found.
File C:\Program Files (x86)\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-4057456930-615517595-1230037521-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-4057456930-615517595-1230037521-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PlusService deleted successfully.
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Starting removal of ActiveX control {20A60F0D-9AFA-4515-A0FD-83BD84642501}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20A60F0D-9AFA-4515-A0FD-83BD84642501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{20A60F0D-9AFA-4515-A0FD-83BD84642501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20A60F0D-9AFA-4515-A0FD-83BD84642501}\ not found.
Starting removal of ActiveX control {C345E174-3E87-4F41-A01C-B066A90A49B4}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Starting removal of ActiveX control {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ArcadeDeluxeAgent\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NortonOnlineBackupReminder\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PlayMovie\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PlusService\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\StartCCC\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\VoipCheapCom\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== FILES ==========
File\Folder [purity] not found.
File\Folder [emptytemp] not found.
File\Folder [resethosts] not found.
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.2.32.0 log created on 02162012_194734

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

############################## | UsbFix V 7.081 | [suppression]

Utilisateur: ANONYMOUS (Administrateur) # ANONYMOUS-PC
Mis à jour le 05/02/2012 par El Desaparecido
Lancé à 20:01:09 | 16/02/2012

Site Web: [url=http://eldesaparecido.com]http://eldesaparecido.com[/url]
Fichier suspect ? : [url=http://eldesaparecido.com/upload.html]http://eldesaparecido.com/upload.html[/url]
Contact: contact@eldesaparecido.com

PC: Acer (Aspire M5810) (x64-based PC) # Desktop Computer
CPU: Intel(R) Core(TM) i5 CPU         650  @ 3.20GHz (3201)
RAM -> [ Total : 8183 | Free : 6340 ]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [ Enabled ]
WU: Windows Update Service [ Enabled ]
AV: Avira Desktop [ (!) Disabled | Updated ]
FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Disque fixe # 458 Go (146 Go libre(s) - 32%) [Acer] # NTFS
D:\ -> Disque fixe # 458 Go (93 Go libre(s) - 20%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM

################## | Processus Actif |

C:\Windows\system32\csrss.exe (560)
C:\Windows\system32\wininit.exe (652)
C:\Windows\system32\csrss.exe (680)
C:\Windows\system32\services.exe (728)
C:\Windows\system32\lsass.exe (768)
C:\Windows\system32\winlogon.exe (776)
C:\Windows\system32\lsm.exe (812)
C:\Windows\system32\svchost.exe (900)
C:\Windows\system32\nvvsvc.exe (972)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (1000)
C:\Windows\system32\svchost.exe (420)
C:\Windows\system32\atiesrxx.exe (580)
C:\Windows\System32\svchost.exe (712)
C:\Windows\System32\svchost.exe (1064)
C:\Windows\system32\svchost.exe (1092)
C:\Windows\system32\svchost.exe (1216)
C:\Windows\system32\svchost.exe (1312)
C:\Windows\system32\atieclxx.exe (1400)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1472)
C:\Windows\system32\nvvsvc.exe (1484)
C:\Windows\System32\spoolsv.exe (1688)
C:\Windows\system32\taskhost.exe (1700)
C:\Windows\system32\Dwm.exe (1792)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1808)
C:\Windows\Explorer.EXE (1836)
C:\Windows\system32\svchost.exe (1992)
C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe (1128)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1576)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (2052)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2084)
C:\Program Files (x86)\Cacheman\CachemanServ.exe (2156)
C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe (2220)
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (2272)
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (2312)
C:\Windows\System32\svchost.exe (2368)
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe (2388)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (2560)
C:\Windows\system32\conhost.exe (2568)
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (2624)
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (2672)
C:\Windows\System32\svchost.exe (2708)
C:\Windows\SysWOW64\PnkBstrA.exe (2728)
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (2892)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2912)
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (2936)
C:\Windows\SysWOW64\vmnat.exe (2960)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3000)
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (3024)
C:\Windows\system32\SearchIndexer.exe (1272)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2444)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (2572)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (1900)
C:\Windows\system32\wbem\wmiprvse.exe (1296)
C:\Windows\SysWOW64\vmnetdhcp.exe (3196)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3244)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (3376)
C:\Windows\system32\DllHost.exe (3384)
C:\Windows\system32\svchost.exe (4092)
C:\Windows\sysWOW64\wbem\wmiprvse.exe (3688)
C:\Windows\system32\svchost.exe (3804)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4060)
C:\Program Files (x86)\Nero\Update\NASvc.exe (3224)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (3844)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4068)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (4632)
C:\Users\ANONYMOUS\Local Settings\Apps\F.lux\flux.exe (4672)
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (4700)
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (4984)
C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (1940)
C:\Windows\system32\svchost.exe (3852)
C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (4016)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (4272)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (3008)
C:\Program Files\iPod\bin\iPodService.exe (4756)
C:\UsbFix\Go.exe (3568)

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\nvvsvc.exe (972)
Stoppé! C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (1000)
Stoppé! C:\Windows\system32\atiesrxx.exe (580)
Stoppé! C:\Windows\system32\atieclxx.exe (1400)
Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1472)
Stoppé! C:\Windows\system32\nvvsvc.exe (1484)
Stoppé! C:\Windows\System32\spoolsv.exe (1688)
Stoppé! C:\Windows\system32\taskhost.exe (1700)
Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1808)
Stoppé! C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe (1128)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1576)
Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (2052)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2084)
Stoppé! C:\Program Files (x86)\Cacheman\CachemanServ.exe (2156)
Stoppé! C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe (2220)
Stoppé! C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (2272)
Stoppé! C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (2312)
Stoppé! C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe (2388)
Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (2560)
Stoppé! C:\Windows\system32\conhost.exe (2568)
Stoppé! C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (2624)
Stoppé! C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (2672)
Stoppé! C:\Windows\SysWOW64\PnkBstrA.exe (2728)
Stoppé! C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (2892)
Stoppé! C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2912)
Stoppé! C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (2936)
Stoppé! C:\Windows\SysWOW64\vmnat.exe (2960)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3000)
Stoppé! C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (3024)
Stoppé! C:\Windows\system32\SearchIndexer.exe (1272)
Stoppé! C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2444)
Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (2572)
Stoppé! C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (1900)
Stoppé! C:\Windows\SysWOW64\vmnetdhcp.exe (3196)
Stoppé! C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (3376)
Stoppé! C:\Windows\system32\DllHost.exe (3384)
Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4060)
Stoppé! C:\Program Files (x86)\Nero\Update\NASvc.exe (3224)
Stoppé! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (3844)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (4068)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (4632)
Stoppé! C:\Users\ANONYMOUS\Local Settings\Apps\F.lux\flux.exe (4672)
Stoppé! C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (4700)
Stoppé! C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (4984)
Stoppé! C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (1940)
Stoppé! C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (4016)
Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (4272)
Stoppé! C:\Program Files (x86)\iTunes\iTunesHelper.exe (3008)
Stoppé! C:\Program Files\iPod\bin\iPodService.exe (4756)

################## | Éléments infectieux |

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3502637348-2363490317-610118177-500
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-4057456930-615517595-1230037521-1000
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-4057456930-615517595-1230037521-500
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-4057456930-615517595-1230037521-1000
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-4057456930-615517595-1230037521-500

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\G
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{ad736f35-635b-11e0-9d4c-90fba62e6b15}

################## | Listing |

[16/02/2012 - 20:01:32 | SHD ] 	C:\$Recycle.Bin
[23/10/2011 - 19:31:09 | N | 1024] 	C:\.rnd
[24/09/2011 - 12:48:28 | N | 7648314] 	C:\01-raelsan.mp3
[17/06/2010 - 11:02:47 | D ] 	C:\AcerSW
[08/02/2012 - 12:50:17 | N | 2774] 	C:\AdwCleaner[R1].txt
[08/02/2012 - 12:52:02 | N | 2516] 	C:\AdwCleaner[s1].txt
[16/02/2012 - 04:25:52 | N | 1923] 	C:\ANONYMOUS-PC.rtf
[17/06/2010 - 11:02:41 | D ] 	C:\book
[13/10/2009 - 00:02:21 | N | 8192] 	C:\BOOTSECT.BAK
[16/02/2012 - 04:25:47 | D ] 	C:\Config.Msi
[07/04/2011 - 13:56:07 | D ] 	C:\cygwin
[14/07/2009 - 06:08:56 | SHD ] 	C:\Documents and Settings
[23/10/2011 - 19:35:14 | D ] 	C:\Downloads
[17/06/2010 - 10:50:23 | D ] 	C:\ENZ1LP11
[07/11/2007 - 07:00:40 | N | 17734] 	C:\eula.1028.txt
[07/11/2007 - 07:00:40 | N | 17734] 	C:\eula.1031.txt
[07/11/2007 - 07:00:40 | N | 10134] 	C:\eula.1033.txt
[07/11/2007 - 07:00:40 | N | 17734] 	C:\eula.1036.txt
[07/11/2007 - 07:00:40 | N | 17734] 	C:\eula.1040.txt
[07/11/2007 - 07:00:40 | N | 118] 	C:\eula.1041.txt
[07/11/2007 - 07:00:40 | N | 17734] 	C:\eula.1042.txt
[07/11/2007 - 07:00:40 | N | 17734] 	C:\eula.2052.txt
[07/11/2007 - 07:00:40 | N | 17734] 	C:\eula.3082.txt
[01/08/2010 - 00:54:15 | N | 7132] 	C:\Fading Spy_9139.zip
[05/08/2010 - 13:11:44 | D ] 	C:\Fraps
[20/10/2010 - 14:41:02 | D ] 	C:\Games
[07/11/2007 - 07:00:40 | N | 1110] 	C:\globdata.ini
[01/07/2011 - 01:46:43 | D ] 	C:\hb2860d48
[16/02/2012 - 19:48:30 | ASH | 6435434496] 	C:\hiberfil.sys
[07/11/2007 - 07:44:20 | N | 855040] 	C:\install.exe
[07/11/2007 - 07:00:40 | N | 843] 	C:\install.ini
[07/11/2007 - 07:44:20 | N | 75280] 	C:\install.res.1028.dll
[07/11/2007 - 07:44:20 | N | 95248] 	C:\install.res.1031.dll
[07/11/2007 - 07:44:20 | N | 90128] 	C:\install.res.1033.dll
[07/11/2007 - 07:44:20 | N | 96272] 	C:\install.res.1036.dll
[07/11/2007 - 07:44:20 | N | 94224] 	C:\install.res.1040.dll
[07/11/2007 - 07:44:20 | N | 80400] 	C:\install.res.1041.dll
[07/11/2007 - 07:44:20 | N | 78864] 	C:\install.res.1042.dll
[07/11/2007 - 07:44:20 | N | 74768] 	C:\install.res.2052.dll
[07/11/2007 - 07:44:20 | N | 95248] 	C:\install.res.3082.dll
[12/10/2009 - 23:08:02 | D ] 	C:\Intel
[28/04/2011 - 21:24:14 | N | 12948744] 	C:\lol.mp3
[30/11/2011 - 18:27:49 | D ] 	C:\MDK
[30/11/2011 - 18:25:51 | N | 1494193] 	C:\MDK.rar.fdp
[12/10/2009 - 23:37:39 | RHD ] 	C:\MSOCache
[03/04/2011 - 23:22:07 | D ] 	C:\MySLAXTemp
[03/12/2010 - 13:17:35 | D ] 	C:\Northrend
[20/03/2011 - 23:15:29 | D ] 	C:\NVIDIA
[17/06/2010 - 11:02:45 | D ] 	C:\OEM
[12/02/2011 - 14:52:20 | N | 231398] 	C:\P1005.log
[16/02/2012 - 19:48:31 | ASH | 8580579328] 	C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] 	C:\PerfLogs
[07/05/2011 - 00:12:42 | D ] 	C:\Perl64
[30/11/2011 - 15:26:21 | N | 512] 	C:\PhysicalDisk0_MBR.bin
[16/02/2012 - 04:31:51 | N | 512] 	C:\PhysicalMBR.bin
[16/02/2012 - 04:23:14 | D ] 	C:\Program Files
[16/02/2012 - 16:26:16 | D ] 	C:\Program Files (x86)
[02/01/2012 - 19:04:04 | HD ] 	C:\ProgramData
[21/09/2010 - 12:01:50 | D ] 	C:\Python26
[12/10/2009 - 23:21:09 | D ] 	C:\RaidTool
[17/06/2010 - 10:45:01 | SHD ] 	C:\Recovery
[01/03/2011 - 00:11:00 | D ] 	C:\RECYCLED
[23/12/2009 - 19:39:37 | N | 2022] 	C:\RHDSetup.log
[25/08/2010 - 22:52:56 | N | 89] 	C:\Setting.txt
[16/02/2012 - 15:24:10 | SHD ] 	C:\System Volume Information
[09/02/2012 - 13:45:49 | N | 86376] 	C:\TDSSKiller.2.7.11.0_09.02.2012_13.45.23_log.txt
[23/09/2010 - 14:27:53 | D ] 	C:\Temp
[16/02/2012 - 20:01:32 | D ] 	C:\UsbFix
[16/02/2012 - 20:01:17 | A | 12934] 	C:\UsbFix.txt
[29/11/2011 - 19:49:05 | D ] 	C:\Users
[07/11/2007 - 07:00:40 | N | 5686] 	C:\vcredist.bmp
[18/08/2010 - 19:47:30 | D ] 	C:\vcs5BGEffects
[07/11/2007 - 07:50:40 | N | 1927956] 	C:\VC_RED.cab
[07/11/2007 - 07:53:12 | N | 242176] 	C:\VC_RED.MSI
[16/02/2012 - 19:39:35 | D ] 	C:\Windows
[07/02/2012 - 13:16:53 | D ] 	C:\ZHP
[16/02/2012 - 19:47:34 | D ] 	C:\_OTL
[16/02/2012 - 20:01:32 | SHD ] 	D:\$RECYCLE.BIN
[01/05/2011 - 12:24:15 | N | 454] 	D:\Acer (C).lnk
[30/01/2012 - 17:38:47 | D ] 	D:\ANONYMOUS-PC
[12/07/2010 - 02:44:03 | N | 524] 	D:\log.txt
[30/06/2010 - 14:49:55 | N | 528] 	D:\MediaID.bin
[16/02/2011 - 21:31:36 | D ] 	D:\msdownld.tmp
[01/02/2012 - 00:39:46 | SHD ] 	D:\System Volume Information
[30/06/2010 - 14:52:54 | D ] 	D:\WindowsImageBackup

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

 

 

Merci bien :)

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...