Disparition de tout contenu windows xp
Dernière réponse : dans Sécurité
Bonjour,
depuis hier soir je pleure, non pas à cause de mon passage dans ma 35ème année mais à cause de la perte de toutes mes données et surtout de mes photos. Hier après midi, je me connecte à internet et des fenetres s'ouvrent ; désolée, je n'ai absolument pas noté les messages affichés. Je les ferme et poursuis ma navigation. Le PC reste allumé toute la journée et le soir je me reconnecte à internet et là stupeur,une fenetre grise s'ouvre avec un truc du genre "windows has updated". Puis plus rien : plus de fond d'écran, plus d'icone sur le bureau, les dossiers sont vides (présents mais comme "grisés").
J'ai perdu un an de souvenirs (avril 2010 étant la date de ma dernière sauvegarde).
Merci d'essayer de me redonner le sourire...
Steph
depuis hier soir je pleure, non pas à cause de mon passage dans ma 35ème année mais à cause de la perte de toutes mes données et surtout de mes photos. Hier après midi, je me connecte à internet et des fenetres s'ouvrent ; désolée, je n'ai absolument pas noté les messages affichés. Je les ferme et poursuis ma navigation. Le PC reste allumé toute la journée et le soir je me reconnecte à internet et là stupeur,une fenetre grise s'ouvre avec un truc du genre "windows has updated". Puis plus rien : plus de fond d'écran, plus d'icone sur le bureau, les dossiers sont vides (présents mais comme "grisés").
J'ai perdu un an de souvenirs (avril 2010 étant la date de ma dernière sauvegarde).
Merci d'essayer de me redonner le sourire...
Steph
Autres pages sur : disparition contenu windows
Lassé par la pub ? Créez un compte
Bonjour
surtout tu ne formates pas ton ordinateur !![:)]( ":)")
Tu vas récupérer tes photos avec un cd live, si tu ne sais pas faire la manip, demande à un proche de t'aider, ça marchera, je l'ai fais de nombreuses fois. Une fois les données récupérées avec le cd OTLPE, tu déroules la procédures pour que l'on répare.
Télécharge OTLPENet.
Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
Pour se faire suivre ce lien : Booter sur un CD.
Tuto OTLPE
Tu lances l'iso d'OTLPENet que tu as gravé.
une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune
Double-clique sur l'icone OTLPE
quand demandé "Do you wish to load the remote registry", select Yes
quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK
![]()
sous Custom Scan box
1 copie_colle le contenu du cadre ci dessous:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
volsnap.sys
nvstor.sys
atapi.sys
i8042prt.sys
cdrom.sys
disk.sys
ndis.sys
tcpip.sys
imapi.sys
RDPCDD.sys
mountmgr.sys
aec.sys
rasacd.sys
redbook.sys
intelide.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\repair\*.*
%systemroot%\repair\*.
%systemroot%\repair\*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
2 Clic Run Scan pour démarrer le scan.
Une fois terminé , le fichier se trouve là C:\OTL.txt
Copie_colle le contenu dans ta prochaine réponse.
surtout tu ne formates pas ton ordinateur !
Tu vas récupérer tes photos avec un cd live, si tu ne sais pas faire la manip, demande à un proche de t'aider, ça marchera, je l'ai fais de nombreuses fois. Une fois les données récupérées avec le cd OTLPE, tu déroules la procédures pour que l'on répare.
Télécharge OTLPENet.
Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
Pour se faire suivre ce lien : Booter sur un CD.
Tuto OTLPE
Tu lances l'iso d'OTLPENet que tu as gravé.
1 copie_colle le contenu du cadre ci dessous:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
volsnap.sys
nvstor.sys
atapi.sys
i8042prt.sys
cdrom.sys
disk.sys
ndis.sys
tcpip.sys
imapi.sys
RDPCDD.sys
mountmgr.sys
aec.sys
rasacd.sys
redbook.sys
intelide.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\repair\*.*
%systemroot%\repair\*.
%systemroot%\repair\*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
Bonjour Sham_Rock,
Tout d'abord, un grand merci pour ta réponse ; avant de faire les manip que tu m'indiques, je voudrais te préciser 2-3 détails qui ont peut etre leur importance :
j'ai farfouillé un peu et j'ai découvert que, en faisant une recherche de fichiers dans l'explorateur windows, j'ai bien, entre autre mon précieux fichier "Images partagées", grisé et vide (avec pourtant 28GO), et dont la case "caché" et lecture seule" sont cochées dans les attributs. D'autre part, j'ai retrouvé également pas mal de fichiers photos dans ma corbeille, tous apriori renommés et que l'on me propose de restaurer quand je clique dessus...
Si on reste sur ton message initial, d'où dois-je copier les photos ? Depuis la corbeille ou depuis l'explorateur ?
Pardon pour ces questions qui te paraissent certainement abérrantes...
Et merci encore !
Tout d'abord, un grand merci pour ta réponse ; avant de faire les manip que tu m'indiques, je voudrais te préciser 2-3 détails qui ont peut etre leur importance :
j'ai farfouillé un peu et j'ai découvert que, en faisant une recherche de fichiers dans l'explorateur windows, j'ai bien, entre autre mon précieux fichier "Images partagées", grisé et vide (avec pourtant 28GO), et dont la case "caché" et lecture seule" sont cochées dans les attributs. D'autre part, j'ai retrouvé également pas mal de fichiers photos dans ma corbeille, tous apriori renommés et que l'on me propose de restaurer quand je clique dessus...
Si on reste sur ton message initial, d'où dois-je copier les photos ? Depuis la corbeille ou depuis l'explorateur ?
Pardon pour ces questions qui te paraissent certainement abérrantes...
Et merci encore !
Bonjour
tu ne touches à rien pour le moment.
Tu peux développer stp, c'est la première fois que je vois un truc pareil. Comment es-tu sûre que ce sont tes photos?
Tu peux me donner leur nom renommé?
évidemment, tu vides pas la corbeille...![:whistle:]( ":whistle:")
J'avais compris que tu n'avais plus rien (écran noir)
donc si tu as un tant soit peu la main sur ton pc, on va pouvoir agir... ça sera moins contraignant que l'option OTLPE, on le fera que si on n'a pas d'autre choix...
1
Télécharge ![]()
Unhide.exe (de Grinler) sur ton Bureau.
Fais un double clic sur l'icône pour lancer Unhide.
Laisse l'outil tourner.
2
Télécharge RogueKiller sur lon bureau
(A partir d'une clé USB si le Rogue empêche l'accès au net) .
http://www.sur-la-toile.com/RogueKiller/
Quitte tous les programmes en cours
Lance RogueKiller.exe.
Sous Vista/Seven, faire un clic droit et choisir Exécuter en tant qu'administrateur.
Choisis l'option 6 et laisse tourner l'outil.
Poste le rapport RKreport.txt crée sur ton bureau.
3
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
Poste ce rapport.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide : Comment utiliser MBAM.
+++
tu ne touches à rien pour le moment.
Citation :
D'autre part, j'ai retrouvé également pas mal de fichiers photos dans ma corbeille, tous apriori renommés et que l'on me propose de restaurer quand je clique dessus... Tu peux développer stp, c'est la première fois que je vois un truc pareil. Comment es-tu sûre que ce sont tes photos?
Tu peux me donner leur nom renommé?
évidemment, tu vides pas la corbeille...
J'avais compris que tu n'avais plus rien (écran noir)
donc si tu as un tant soit peu la main sur ton pc, on va pouvoir agir... ça sera moins contraignant que l'option OTLPE, on le fera que si on n'a pas d'autre choix...
1
Unhide.exe (de Grinler) sur ton Bureau.2
(A partir d'une clé USB si le Rogue empêche l'accès au net) .
http://www.sur-la-toile.com/RogueKiller/
Sous Vista/Seven, faire un clic droit et choisir Exécuter en tant qu'administrateur.
3
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Une fois l'installation et la mise à jour effectuées :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide :
+++
En fait, mes dossier photos s'appelaient tous 2010 - décembre / 2011 - janvier, etc... dans la corbeille, je retrouve des dossiers intitulés 122010 ou 012011 (792 ko, 38 ko) ; en revanche, il ya aussi des fichiers identiques au noms que je leur avais donné "2009-novembre" mais avec 0ko... Dans tous les cas, ils sont en mode caché dans les propriétés. Il semblerait qu'il y ait également mes apllis Iphone et les raccourcis de pages internet initialement enregistrés sur mon bureau.
Effectivement, j'ai un peu la main sur mon PC ; lorsque je t'ai dit que je n'avais plus rien, je voulais dire que le windows semblait avoir été réinstallé et que tout est vierge de trace d'utilisation (programmes vide dans le menu démarrer, plus d'icone sur le bureau, mes documents vides - par contre, présence des icones C D E F G H I dans le poste de travail ainsi que du dossier document partagé (dans lequel il y avait mes photos) mais grisé.
J'attends ton go pour effectuer la 1ère étape, télécharger http://i263.photobucket.com/albums [...] harger.gif
A plus tard !
Effectivement, j'ai un peu la main sur mon PC ; lorsque je t'ai dit que je n'avais plus rien, je voulais dire que le windows semblait avoir été réinstallé et que tout est vierge de trace d'utilisation (programmes vide dans le menu démarrer, plus d'icone sur le bureau, mes documents vides - par contre, présence des icones C D E F G H I dans le poste de travail ainsi que du dossier document partagé (dans lequel il y avait mes photos) mais grisé.
J'attends ton go pour effectuer la 1ère étape, télécharger http://i263.photobucket.com/albums [...] harger.gif
A plus tard !
Voilà le résumé de l'option 6 de Roguekiller ; c'est grave docteur ???
PS : quand tu dis "fais une sauvegarde", ça veut dire que je peux brancher mon disque dur externe pour y copier mes précieuses photos ou est-ce trop risqué ?
RogueKiller V5.2.1 [02/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: SH [Droits d'admin]
Mode: Raccourcis RAZ -- Date : 04/06/2011 22:48:38
Processus malicieux: 13
[BLACKLIST] wuaucldt.exe -- c:\windows\system32\wuaucldt.exe -> KILLED
[SUSP PATH] install.exe -- c:\windows\install.exe -> KILLED
[SUSP PATH] drweb.exe -- c:\windows\drweb.exe -> KILLED
[SUSP PATH] winamp.exe -- c:\windows\winamp.exe -> KILLED
[SUSP PATH] mdm.exe -- c:\windows\mdm.exe -> KILLED
[SUSP PATH] winlogon.exe -- c:\windows\winlogon.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED
[SUSP PATH] mdm.exe -- c:\windows\mdm.exe -> KILLED
[SUSP PATH] drweb.exe -- c:\windows\drweb.exe -> KILLED
[SUSP PATH] install.exe -- c:\windows\install.exe -> KILLED
[SUSP PATH] debug.exe -- c:\windows\debug.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED
[ROGUE ST] 008637703.exe -- c:\documents and settings\sh\application data\008637703.exe -> KILLED
Attributs de fichiers restaures:
Bureau: Success 0 / Fail 0
Lancement rapide: Success 0 / Fail 0
Programmes: Success 4 / Fail 0
Menu demarrer: Success 0 / Fail 0
Dossier utilisateur: Success 88 / Fail 0
Mes documents: Success 1 / Fail 0
Mes favoris: Success 0 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 5372 / Fail 0
Sauvegarde: [NOT FOUND]
Termine : << \RKreport[1].txt >>
RKreport[1].txt
PS : quand tu dis "fais une sauvegarde", ça veut dire que je peux brancher mon disque dur externe pour y copier mes précieuses photos ou est-ce trop risqué ?
RogueKiller V5.2.1 [02/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: SH [Droits d'admin]
Mode: Raccourcis RAZ -- Date : 04/06/2011 22:48:38
Processus malicieux: 13
[BLACKLIST] wuaucldt.exe -- c:\windows\system32\wuaucldt.exe -> KILLED
[SUSP PATH] install.exe -- c:\windows\install.exe -> KILLED
[SUSP PATH] drweb.exe -- c:\windows\drweb.exe -> KILLED
[SUSP PATH] winamp.exe -- c:\windows\winamp.exe -> KILLED
[SUSP PATH] mdm.exe -- c:\windows\mdm.exe -> KILLED
[SUSP PATH] winlogon.exe -- c:\windows\winlogon.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED
[SUSP PATH] mdm.exe -- c:\windows\mdm.exe -> KILLED
[SUSP PATH] drweb.exe -- c:\windows\drweb.exe -> KILLED
[SUSP PATH] install.exe -- c:\windows\install.exe -> KILLED
[SUSP PATH] debug.exe -- c:\windows\debug.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED
[ROGUE ST] 008637703.exe -- c:\documents and settings\sh\application data\008637703.exe -> KILLED
Attributs de fichiers restaures:
Bureau: Success 0 / Fail 0
Lancement rapide: Success 0 / Fail 0
Programmes: Success 4 / Fail 0
Menu demarrer: Success 0 / Fail 0
Dossier utilisateur: Success 88 / Fail 0
Mes documents: Success 1 / Fail 0
Mes favoris: Success 0 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 5372 / Fail 0
Sauvegarde: [NOT FOUND]
Termine : << \RKreport[1].txt >>
RKreport[1].txt
Et voilà le résumé de MAMB ; ce n'était pas du luxe ! Qu'en penses-tu ? Avons-nous éradiqué les bestioles ou y a-t-il d'autres étapes ?
Merci encore mille fois !
Dans l'attente de te lire !
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Version de la base de données: 6773
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
05/06/2011 00:16:43
mbam-log-2011-06-05 (00-16-43).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Elément(s) analysé(s): 286605
Temps écoulé: 48 minute(s), 46 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 30
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 84
Processus mémoire infecté(s):
c:\documents and settings\SH\application data\008637703.exe (Trojan.Agent.Gen) -> 6920 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\ptj22vbu.dll (Trojan.Ertfor) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{24A123C3-A500-99BD-A120-04B53A2C8952} (Trojan.Ertfor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24A123C3-A500-99BD-A120-04B53A2C8952} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{24A123C3-A500-99BD-A120-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\18270 (Malware.NSPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdfss (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wcscd (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{24A123C3-A500-99BD-A120-04B53A2C8952} (Trojan.Ertfor) -> Value: {24A123C3-A500-99BD-A120-04B53A2C8952} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RecProc (Trojan.Agent.Gen) -> Value: RecProc -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Spyware.Passwords.XGen) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dhmtisuk (Spyware.Passwords.XGen) -> Value: dhmtisuk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbta (Malware.Packer.Gen) -> Value: MKbta -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbta (Malware.Packer.Gen) -> Value: MKbta -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgpta (Malware.Packer.Gen) -> Value: HNUOHTgpta -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgnb (Malware.Packer.Gen) -> Value: HNUOHTgnb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKasc (Malware.Packer.Gen) -> Value: MKasc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKasc (Malware.Packer.Gen) -> Value: MKasc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgta (Malware.Packer.Gen) -> Value: HNUOHTgta -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcuc (Malware.Packer.Gen) -> Value: MKcuc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcuc (Malware.Packer.Gen) -> Value: MKcuc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfpe (Malware.Packer.Gen) -> Value: MKfpe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfpe (Malware.Packer.Gen) -> Value: MKfpe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgrvg (Malware.Packer.Gen) -> Value: HNUOHTgrvg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKaoc (Malware.Packer.Gen) -> Value: MKaoc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKaoc (Malware.Packer.Gen) -> Value: MKaoc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgmve (Malware.Packer.Gen) -> Value: HNUOHTgmve -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgupf (Malware.Packer.Gen) -> Value: HNUOHTgupf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcZ (Malware.Packer.Gen) -> Value: MKcZ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcZ (Malware.Packer.Gen) -> Value: MKcZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfsc (Malware.Packer.Gen) -> Value: MKfsc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfsc (Malware.Packer.Gen) -> Value: MKfsc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Heuristics.Shuriken) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Heuristics.Shuriken) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\RLA\Local Settings\Application Data\fcr.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\RLA\Local Settings\Application Data\fcr.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\RLA\Local Settings\Application Data\fcr.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\system32\ptj22vbu.dll (Trojan.Ertfor) -> Delete on reboot.
c:\documents and settings\SH\application data\008637703.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\WINDOWS\system32\wuaucldt.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dhmtisuk.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\install.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\services.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\cmd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\drweb.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\user.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\lsass.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\spoolsv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\hexdump.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\sysedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\mdm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\winlogon.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\aadrive32.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\system\130168.exe (Malware.NSPack) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\cdfss (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\wcscd.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\17030948.exe (Trojan.Agent.GD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\iwtqjsalxi.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\Invité\local settings\Temp\NS10.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\LL\local settings\Temp\NS4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\LL\local settings\Temp\NSB.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\1WH5D5U9\f3b30e830325364467444f13fa92940a[2].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\dhmtisuk.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\hoperz.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\wuaucldt.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\10.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\11.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\12.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\14.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\15.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\16.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\17.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\2.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\3.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\4.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\5.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\6.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\7.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\C.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\D.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\E.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\F.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\Otgugi.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\application data\fcr.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\NS1.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\NS7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\ojsbbw.exe (Malware.NSPack) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\B.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\sd6we.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\svfhjo8znjja9nt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\system.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\taskmgr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\yjeqmxs.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\jcxwpv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\mdm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\qrls.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\application data\619914501.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\008637703.exe.vir (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\debug.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\drweb.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\install.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\mdm.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\winamp.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\winlogon.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\wuaucldt.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\NS1.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\NS4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\NS5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\NS6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\NS7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\user.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\wininst.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\0.020353337260544446.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\QRC.exe (Adware.QUADRegClean) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\Adobe\plugs\mmc193.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
Merci encore mille fois !
Dans l'attente de te lire !
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Version de la base de données: 6773
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
05/06/2011 00:16:43
mbam-log-2011-06-05 (00-16-43).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Elément(s) analysé(s): 286605
Temps écoulé: 48 minute(s), 46 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 30
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 84
Processus mémoire infecté(s):
c:\documents and settings\SH\application data\008637703.exe (Trojan.Agent.Gen) -> 6920 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\ptj22vbu.dll (Trojan.Ertfor) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{24A123C3-A500-99BD-A120-04B53A2C8952} (Trojan.Ertfor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24A123C3-A500-99BD-A120-04B53A2C8952} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{24A123C3-A500-99BD-A120-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\18270 (Malware.NSPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdfss (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wcscd (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{24A123C3-A500-99BD-A120-04B53A2C8952} (Trojan.Ertfor) -> Value: {24A123C3-A500-99BD-A120-04B53A2C8952} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RecProc (Trojan.Agent.Gen) -> Value: RecProc -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Spyware.Passwords.XGen) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dhmtisuk (Spyware.Passwords.XGen) -> Value: dhmtisuk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbta (Malware.Packer.Gen) -> Value: MKbta -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbta (Malware.Packer.Gen) -> Value: MKbta -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgpta (Malware.Packer.Gen) -> Value: HNUOHTgpta -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgnb (Malware.Packer.Gen) -> Value: HNUOHTgnb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKasc (Malware.Packer.Gen) -> Value: MKasc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKasc (Malware.Packer.Gen) -> Value: MKasc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgta (Malware.Packer.Gen) -> Value: HNUOHTgta -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcuc (Malware.Packer.Gen) -> Value: MKcuc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcuc (Malware.Packer.Gen) -> Value: MKcuc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfpe (Malware.Packer.Gen) -> Value: MKfpe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfpe (Malware.Packer.Gen) -> Value: MKfpe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgrvg (Malware.Packer.Gen) -> Value: HNUOHTgrvg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKaoc (Malware.Packer.Gen) -> Value: MKaoc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKaoc (Malware.Packer.Gen) -> Value: MKaoc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgmve (Malware.Packer.Gen) -> Value: HNUOHTgmve -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUOHTgupf (Malware.Packer.Gen) -> Value: HNUOHTgupf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcZ (Malware.Packer.Gen) -> Value: MKcZ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcZ (Malware.Packer.Gen) -> Value: MKcZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfsc (Malware.Packer.Gen) -> Value: MKfsc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfsc (Malware.Packer.Gen) -> Value: MKfsc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Heuristics.Shuriken) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Heuristics.Shuriken) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\RLA\Local Settings\Application Data\fcr.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\RLA\Local Settings\Application Data\fcr.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\RLA\Local Settings\Application Data\fcr.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\system32\ptj22vbu.dll (Trojan.Ertfor) -> Delete on reboot.
c:\documents and settings\SH\application data\008637703.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\WINDOWS\system32\wuaucldt.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dhmtisuk.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\install.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\services.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\cmd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\drweb.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\user.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\lsass.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\spoolsv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\hexdump.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\sysedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\mdm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\winlogon.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\aadrive32.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\system\130168.exe (Malware.NSPack) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\cdfss (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\wcscd.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\17030948.exe (Trojan.Agent.GD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\iwtqjsalxi.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\Invité\local settings\Temp\NS10.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\LL\local settings\Temp\NS4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\LL\local settings\Temp\NSB.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\1WH5D5U9\f3b30e830325364467444f13fa92940a[2].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\dhmtisuk.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\hoperz.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\wuaucldt.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\10.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\11.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\12.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\14.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\15.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\16.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\17.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\2.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\3.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\4.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\5.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\6.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\7.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\C.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\D.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\E.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\F.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\Otgugi.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\application data\fcr.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\NS1.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\NS7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\ojsbbw.exe (Malware.NSPack) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\B.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\sd6we.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\svfhjo8znjja9nt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\system.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\taskmgr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\yjeqmxs.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\jcxwpv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\mdm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\qrls.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\application data\619914501.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\008637703.exe.vir (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\debug.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\drweb.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\install.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\mdm.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\winamp.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\winlogon.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\Bureau\rk_quarantine\wuaucldt.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\NS1.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\NS4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\NS5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\NS6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\NS7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\user.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\wininst.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\local settings\Temp\0.020353337260544446.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\SH\local settings\Temp\QRC.exe (Adware.QUADRegClean) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\RLA\application data\Adobe\plugs\mmc193.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
Bonsoir
Oui, car c'est pas encore gagné...
++++++++++
Télécharge![]()
DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
Citation :
quand tu dis "fais une sauvegarde", ça veut dire que je peux brancher mon disque dur externe pour y copier mes précieuses photosOui, car c'est pas encore gagné...
++++++++++
Télécharge
DDS et sauvegarde-le sur ton bureau.Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumDisparition bureau windows xp
- ForumDisparition windows xp
- ForumWindows xp afficher contenu fichier explorateur
- ForumDisparition bouton arreter windows xp
- ForumDisparition du bureau windows xp sp2
- ForumPatch windows xp disparition lecteur dvd
- ForumDisparition barre des taches windows xp
- ForumDisparition du bureau windows xp
- solutionsDisparition icones bureau windows xp
- ForumDisparition lecteur cd windows xp
- Voir plus
