Votre question

[RESOLU]Vista processus hôte a cessé de fonctionner.

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Avril 2011 13:58:14

Bonjour à tous.

j'ai quelques petits soucis avec mon ordinateur, ça a commencé avec un écran bleu "driver irql not less or equal" donc j'ai pensé a un virus et j'ai fais plusieurs scan Malwarebytes, plusieurs trojans ont été trouvés et supprimés, je n'ai plus d'écran bleu mais j'ai ce problème de processus hôte qui se bloque.

Mon avast me bloque aussi régulièrement des sites internets malveillants et des chevaux de troie.

Mon pc ne s'éteint plus tout seul je dois forcer l'arrêt par le bouton d'allumage.

MAJ : j'ai encore eu un ecran bleu...

voici mon rapport hijackthis :

Spoiler
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:51, on 02/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
R3 - URLSearchHook: (no name) - {3d4d238c-9c48-47cd-a95c-53259acf9e56} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/Gam...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate1c9d58557da49e0) (gupdate1c9d58557da49e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: webcamXP Service (wxpSvc) - Moonware Studios - C:\Program Files\wLite\wService.exe

--
End of file - 6545 bytes

Autres pages sur : resolu vista processus hote cesse fonctionner

2 Avril 2011 14:20:14

Tu as très certainement une infection , attend qu'un helper vienne t'aider
a c 614 8 Sécurité
2 Avril 2011 15:03:34

Bonjour,

@ help-manformatique : ce genre de réponse n'aide personne, en effet, tu affirmes sans vraiment savoir, et fait croire à l'helpé ..., et niveau des helpers éventuels, voyant une réponse postée sur la page de forum, ils pensent que ce sujet est pris en charge ... et ne le lisent donc plus ...
Mieux vaut s'abstenir dans ce cas là ;) 

@ max0u :

Donne-nous le ou les rapports de détection et suppression de MBAM, disponible sous l'onglet "rapport" du logiciel.

Citation :
j'ai quelques petits soucis avec mon ordinateur, ça a commencé avec un écran bleu "driver irql not less or equal" donc j'ai pensé a un virus


Ce n'est malheureusement pas une certitude ... ni une obligation.

En effet, il est souvent plus probable que cela proviennent d'une mise à jour, d'un nouveau périphérique, ou pilote de matériel.

Quand est-ce que ce souci est apparu ? Suite à quelque chose justement ? téléchargement, installation, mise à jour ?

[:_tom_:7]
Contenus similaires
2 Avril 2011 15:26:55

voila les differents log :

Citation :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6230

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

01/04/2011 00:54:26
mbam-log-2011-04-01 (00-54-26).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 165516
Temps écoulé: 8 minute(s), 12 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\Users\Maxime\AppData\Local\Niciape.dll (Trojan.Hiloti) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yzetesecoqafar (Trojan.Hiloti) -> Value: Yzetesecoqafar -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\Maxime\AppData\Local\Niciape.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Maxime\AppData\Local\Temp\raxwcosenm.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Maxime\AppData\Local\Temp\snocaerxwm.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Maxime\local settings\application data\Niciape.dll (Trojan.Hiloti) -> Delete on reboot.


Citation :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6230

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

01/04/2011 04:02:07
mbam-log-2011-04-01 (04-02-07).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 213752
Temps écoulé: 2 heure(s), 14 minute(s), 10 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\Users\Maxime\AppData\Local\Niciape.dll (Trojan.Hiloti) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yzetesecoqafar (Trojan.Hiloti) -> Value: Yzetesecoqafar -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\Maxime\AppData\Local\Niciape.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Windows\System32\trzA220.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzDE56.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\temp\nwxi\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Citation :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6230

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

01/04/2011 13:19:35
mbam-log-2011-04-01 (13-19-35).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 163932
Temps écoulé: 6 minute(s), 25 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 181

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Windows\System32\trz105.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz120B.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz125D.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz1303.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz1556.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz15FB.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz175F.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz17E0.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz1BEB.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz1C9D.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz1D0B.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz1D4B.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz1E38.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz1F59.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz20D3.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz23F1.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz24B0.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz252B.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz2726.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz276F.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz28B5.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz2995.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz2A20.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz2BA2.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz2BC9.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz2DF5.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz2E48.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz2F87.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz3001.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz3787.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz3A1D.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz3A40.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz3A96.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz3BFF.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz3C41.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz3E6B.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz4296.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz439A.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz44FA.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz4760.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz47B9.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz496A.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz4A77.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz4AC.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz4B0.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz4D86.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz5147.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz528A.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz533B.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz54E5.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz5728.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz572A.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz57B1.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz57CA.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz5887.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz5984.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz5A43.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz5A86.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz5BDF.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz5C1F.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz5FFC.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz6096.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz6272.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz6275.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz62DA.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz658B.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz6735.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz68CE.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz6922.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz6AD3.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz6D11.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz6D8.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz6E05.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz6E1F.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz72E3.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz7354.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz73BA.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz757C.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz75F2.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz774A.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz77BC.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz79B7.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz7DF1.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz7EEA.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz7EF6.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz829C.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz8315.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz84D5.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz85B3.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz88B3.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz896A.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz8C92.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz8DC6.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9030.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9306.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz930C.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz93D3.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz94EF.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz958F.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9610.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9679.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz971B.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9950.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9AE.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9B96.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9BDE.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9BE2.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9BF8.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9DAE.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trz9DC1.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzA0C7.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzA3D8.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzA8BB.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzA96A.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzA980.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzA9CA.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzADEA.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzAE4E.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzAED6.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzAF06.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzAF2C.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzAF70.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzAF71.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzB09E.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzB0C8.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzB365.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzB4F3.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzB92E.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzB9C6.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzBA36.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzBC56.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzBE36.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzC021.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzC0FF.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzC2.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzC23.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzC375.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzC3FE.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzC6D.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzC7A4.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzC7EE.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzC941.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzCB7C.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzCD2.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzCDCA.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzCE52.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzD04A.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzD148.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzD267.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzD4BC.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzD711.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzD7C6.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzD91C.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzDAAF.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzDAF9.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzDC13.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzDF24.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzE090.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzE0AB.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzE0D5.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzE1D0.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzE426.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzE504.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzE587.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzE945.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzE9A9.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzEB05.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzEBFA.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzEC04.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzEE49.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzF04F.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzF056.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzF2AA.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzF45A.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzF615.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzFC4B.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzFE45.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzFEE0.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzFEE4.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzFF4A.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows\System32\trzFF8.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.


les rapports suivants n'ont rien trouvé!

pour l'apparition du problème je ne sais pas trop! peut être cette toolbar de msn plus que j'ai installée sans le vouloir..

j'installe pas mal de chose donc je ne sais vraiment pas! en tout cas j'ai désinstaller la toolbar msn plus après l'apparition des problèmes. J'ai fait un nettoyage de disque et de registre.

Firefox commence a m'ouvrir des liens publicitaires de plus en plus souvent et je n'ai pas réussi à rallumer mon pc en mode normal je suis actuellement en mode sans échec.

MERCI
a c 614 8 Sécurité
2 Avril 2011 22:20:59

Re,

Bon déjà vu les rapports, on va quand même étudier les souci d'infection, car y'en avaient pas mal.

Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Coche en haut la case devant "Tous les utilisateurs"
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
    PS : Les rapports sont aussi enregistrés sur le bureau

    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    a c 614 8 Sécurité
    3 Avril 2011 09:54:40

    Re,


    1) Désinstalle les programmes suivants (si présent) :

    - Norton Internet Security (reste de ton ancien antivirus)
    - Uninstall 1.0.0.1
    - Vuze_Remote Toolbar (ces deux derniers : toolbar publicitaire)

    2) Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Copie/colle ce qui suit dans le cadre Personnalisation en bas à gauche.
    :OTL
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1232409618-4075783369-2336674721-1000\..\URLSearchHook: {3d4d238c-9c48-47cd-a95c-53259acf9e56} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1232409618-4075783369-2336674721-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {3d4d238c-9c48-47cd-a95c-53259acf9e56}:3.2.5.2
    [2011/03/25 00:16:17 | 000,000,000 | ---D | M] (Messenger Plus FR Community Toolbar) -- C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\{3d4d238c-9c48-47cd-a95c-53259acf9e56}
    [2011/04/01 00:43:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\engine@conduit.com
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1232409618-4075783369-2336674721-1000\..\Toolbar\WebBrowser: (no name) - {3D4D238C-9C48-47CD-A95C-53259ACF9E56} - No CLSID value found.
    O3 - HKU\S-1-5-21-1232409618-4075783369-2336674721-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
    [2011/04/03 01:22:13 | 000,000,000 | ---D | C] -- C:\Users\Maxime\AppData\Local\{A4DDD35A-A72C-40EC-A5FE-1A003FADCB77}
    [2011/04/02 11:19:56 | 000,000,000 | ---D | C] -- C:\Users\Maxime\AppData\Local\{86174D4F-8CFB-493D-8A7F-55DA8313748B}
    [2011/04/01 17:41:17 | 000,000,000 | ---D | C] -- C:\Users\Maxime\AppData\Local\{12F579D3-AC0D-430C-AD29-C9A4DEA72B61}
    [2011/04/01 13:26:19 | 000,000,000 | ---D | C] -- C:\Users\Maxime\AppData\Local\{843C48F3-70E9-4C0D-8685-F30A0FE8C8EB}
    [2011/04/01 12:48:01 | 000,000,000 | ---D | C] -- C:\Users\Maxime\AppData\Local\{AB7B96F9-CCC0-4C46-83D8-D6F790176306}
    [2011/04/01 00:15:45 | 000,000,000 | ---D | C] -- C:\Users\Maxime\Desktop\PCEM1
    [2011/03/31 23:57:49 | 000,000,000 | ---D | C] -- C:\Users\Maxime\AppData\Roaming\OfferBox
    [2011/03/31 23:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\OfferBox
    [2011/03/31 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\Maxime\AppData\Local\{3D588BC0-D153-4E49-B685-A48014CA0BCE}
    [2011/03/31 10:50:40 | 000,000,000 | ---D | C] -- C:\Users\Maxime\AppData\Local\{49456530-FCE1-4585-9D29-5CC17B0B2D4A}
    [2011/03/25 00:16:18 | 000,000,000 | ---D | C] -- C:\Users\Maxime\AppData\Local\Conduit
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Maxime\Desktop\*.tmp files -> C:\Users\Maxime\Desktop\*.tmp -> ]
    [2010/10/22 20:12:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\vezicuyx.sys
    [2008/01/21 10:40:50 | 000,673,938 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
    [2008/01/21 10:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
    [2008/01/21 10:40:50 | 000,125,636 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
    [2008/01/21 10:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
    [2008/01/21 04:23:50 | 001,659,648 | ---- | C] () -- C:\Windows\System32\mmhaoyoz.dat
    [2008/01/21 04:23:50 | 000,633,600 | ---- | C] () -- C:\Windows\System32\qwpmhafz.dat
    [2008/01/21 04:23:50 | 000,151,296 | ---- | C] () -- C:\Windows\System32\hyatccut.dat
    [2008/01/21 04:23:50 | 000,135,936 | ---- | C] () -- C:\Windows\System32\ipooowjq.dat
    [2008/01/21 04:23:50 | 000,050,432 | ---- | C] () -- C:\Windows\System32\wrmcetsn.dat
    [2008/01/21 04:23:50 | 000,039,680 | ---- | C] () -- C:\Windows\System32\givgypsb.dat
    [2008/01/21 04:23:50 | 000,034,560 | ---- | C] () -- C:\Windows\System32\kbzqweuu.dat
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F35A93AD

    :Files
    C:\Program Files\ConduitEngine
    [2011/03/31 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\Maxime\AppData\Roaming\OfferBox

    :Commands
    [emptytemp]
    [emptyflash]


  • Puis clique sur le bouton Correction en haut à gauche
  • Si le pc demande à redémarrer accepte.
  • Poste le rapport de suppression.


    Autre question :

    - Normal que ton UAC soit désactivé ?

    3 Avril 2011 14:00:37

    Voila le rapport de suppression, désolé mais le site cijoint n'a pas fonctionné pour ce lien ci... :

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    File C:\Program Files\Vuze_Remote\tbVuz0.dll not found.
    Registry value HKEY_USERS\S-1-5-21-1232409618-4075783369-2336674721-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3d4d238c-9c48-47cd-a95c-53259acf9e56} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1232409618-4075783369-2336674721-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    File C:\Program Files\Vuze_Remote\tbVuz0.dll not found.
    Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
    Prefs.js: {3d4d238c-9c48-47cd-a95c-53259acf9e56}:3.2.5.2 removed from extensions.enabledItems
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\searchplugin folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\META-INF folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\lib folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\defaults folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\components folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\chrome folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\{3d4d238c-9c48-47cd-a95c-53259acf9e56} folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\engine@conduit.com\META-INF folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\engine@conduit.com\lib folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\engine@conduit.com\defaults folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\engine@conduit.com\components folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\engine@conduit.com\chrome folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\mozilla\Firefox\Profiles\93hafy4z.default\extensions\engine@conduit.com folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
    C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    File C:\Program Files\Vuze_Remote\tbVuz0.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    File C:\Program Files\Vuze_Remote\tbVuz0.dll not found.
    Registry value HKEY_USERS\S-1-5-21-1232409618-4075783369-2336674721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3D4D238C-9C48-47CD-A95C-53259ACF9E56} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D4D238C-9C48-47CD-A95C-53259ACF9E56}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1232409618-4075783369-2336674721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
    File C:\Program Files\Vuze_Remote\tbVuz0.dll not found.
    C:\Users\Maxime\AppData\Local\{A4DDD35A-A72C-40EC-A5FE-1A003FADCB77} folder moved successfully.
    C:\Users\Maxime\AppData\Local\{86174D4F-8CFB-493D-8A7F-55DA8313748B} folder moved successfully.
    C:\Users\Maxime\AppData\Local\{12F579D3-AC0D-430C-AD29-C9A4DEA72B61} folder moved successfully.
    C:\Users\Maxime\AppData\Local\{843C48F3-70E9-4C0D-8685-F30A0FE8C8EB} folder moved successfully.
    C:\Users\Maxime\AppData\Local\{AB7B96F9-CCC0-4C46-83D8-D6F790176306} folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Tronc commun\Physio\Secteur plasmatique et intersticielle et tout folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Tronc commun\Physio\Regulation endocrinienne folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Tronc commun\Physio folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Tronc commun\genetique 2 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Tronc commun\Addiction folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Tronc commun folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Semestre 1\Pictures folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Semestre 1\Physique folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Semestre 1\Histologie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Semestre 1\Embryo folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Semestre 1\Chimie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Semestre 1\Biostat folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Semestre 1\Biocell folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Semestre 1 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Science Economic et Social\Natalite folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Science Economic et Social\Geste de premier secours folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Science Economic et Social\Cancer folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Science Economic et Social folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Psychologie\Psychologie des emotions folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Psychologie\Psycho 5 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Psychologie\Enfant et adolescent folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Psychologie\Dopamine machin folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Psychologie\Addiction folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Psychologie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Physiologie\Cour 1 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Physiologie\Coeur et tout et tout folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Physiologie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Medicaments\Pharmaco cinetique ou temps et medoc folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Medicaments\Cibles, mecanismes d'action folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Medicaments folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Ethique, Deontologie\Prelevement et transplantation d'organe folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Ethique, Deontologie\Enfant et fin de vie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Ethique, Deontologie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Epistemologie\Evolution folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Epistemologie\Eugenisme folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Epistemologie\EPISTEMOLOGIE folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Epistemologie\Education et medecine folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Epistemologie\Ed de la fac folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Epistemologie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\paul sem 12 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\paul sem 11\FOLDER_E folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\paul sem 11\FOLDER_D folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\paul sem 11\FOLDER_C folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\paul sem 11\FOLDER_B folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\paul sem 11\FOLDER_A folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\paul sem 11 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\paul 3 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\Nouveau dossier\medoc 7 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\Nouveau dossier\epistemo 5 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\Nouveau dossier folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\emilie sem 12 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\emilie sem 11\RECORDER\FOLDER_E folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\emilie sem 11\RECORDER\FOLDER_D folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\emilie sem 11\RECORDER\FOLDER_C folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\emilie sem 11\RECORDER\FOLDER_B folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\emilie sem 11\RECORDER\FOLDER_A folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\emilie sem 11\RECORDER folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\emilie sem 11 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac\emilie 3 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\dicta vrac folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Chimie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Biophy\Transport 2 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Biophy folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Anatomie\Systeme nerveux central folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Anatomie\SNC 2 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Anatomie\Penis vagin et tout et tout folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Anatomie\Membre sup\cours 2 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Anatomie\Membre sup folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Anatomie\Membre inferieur folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Anatomie\Appareil digestive folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Anatomie\Appareil circulatoire folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul\Anatomie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\zPCEM1 paul folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\SES\2010 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\SES folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Psycho\2010 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Psycho folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Physio\2010\enregistrement folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Physio\2010\diapo folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Physio\2010 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Physio folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Médicament folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Génétique\2010 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Génétique folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Ethique\2010\éthique folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Ethique\2010 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Ethique folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Epistémo\epistemo 5 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Epistémo\2010 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Epistémo folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Divers folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Chimie G folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Biophy folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Anat\2010 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE\Anat folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\SECOND SEMESTRE folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Physique folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Methode folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Metabo folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Histo\Enregistrement folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Histo\Diapos cours\onolfotissu2 folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Histo\Diapos cours folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Histo folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Embryo folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Divers folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Chimie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Biostat folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Biophysique folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Biodev folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Biochimie folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Biocell\Nouveau dossier folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE\Biocell folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1\PREMIER SEMESTRE folder moved successfully.
    C:\Users\Maxime\Desktop\PCEM1 folder moved successfully.
    C:\Users\Maxime\AppData\Roaming\OfferBox folder moved successfully.
    C:\Program Files\OfferBox\offerboxffx@offerbox.com\components folder moved successfully.
    C:\Program Files\OfferBox\offerboxffx@offerbox.com folder moved successfully.
    C:\Program Files\OfferBox folder moved successfully.
    C:\Users\Maxime\AppData\Local\{3D588BC0-D153-4E49-B685-A48014CA0BCE} folder moved successfully.
    C:\Users\Maxime\AppData\Local\{49456530-FCE1-4585-9D29-5CC17B0B2D4A} folder moved successfully.
    C:\Users\Maxime\AppData\Local\Conduit folder moved successfully.
    C:\Windows\System32\ConduitEngine.tmp deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCall.dll deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla17.dll deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla18.exe deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla19.dll deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla2.dll deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla20.dll deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla21.dll deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla21.exe deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseData.ini deleted successfully.
    C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP folder deleted successfully.
    C:\Users\Maxime\Desktop\~WRL3997.tmp deleted successfully.
    C:\Windows\System32\drivers\vezicuyx.sys moved successfully.
    C:\Windows\System32\perfh00C.dat moved successfully.
    C:\Windows\System32\perfi00C.dat moved successfully.
    C:\Windows\System32\perfc00C.dat moved successfully.
    C:\Windows\System32\perfd00C.dat moved successfully.
    C:\Windows\System32\mmhaoyoz.dat moved successfully.
    C:\Windows\System32\qwpmhafz.dat moved successfully.
    C:\Windows\System32\hyatccut.dat moved successfully.
    C:\Windows\System32\ipooowjq.dat moved successfully.
    C:\Windows\System32\wrmcetsn.dat moved successfully.
    C:\Windows\System32\givgypsb.dat moved successfully.
    C:\Windows\System32\kbzqweuu.dat moved successfully.
    ADS C:\ProgramData\TEMP:F35A93AD deleted successfully.
    ========== FILES ==========
    C:\Program Files\ConduitEngine folder moved successfully.
    Invalid Switch: 31 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\Maxime\AppData\Roaming\OfferBox
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Maxime
    ->Temp folder emptied: 11659914 bytes
    ->Temporary Internet Files folder emptied: 2340279 bytes
    ->Java cache emptied: 9344 bytes
    ->FireFox cache emptied: 76101845 bytes
    ->Flash cache emptied: 10307 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1141712 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 550764878 bytes

    Total Files Cleaned = 612,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Maxime
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04032011_132140

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\_avast5_\Webshlock.txt not found!

    Registry entries deleted on Reboot...


    J'avais désactiver le UAC en pensant que ça aurait peut être réglé le problème du processus hôte qui ne fonctionnait plus.

    Sinon j'ai vu que des données extrasensibles ont été changé de place (dossier PCEM1), elle ne risquent rien? parce que je ne dois absolument pas perdre ça! MERCI


    Voila le genre de message que je reçois d'avast si ça peut aider. : http://i55.tinypic.com/bh0l1i.jpg
    a c 614 8 Sécurité
    3 Avril 2011 14:28:18

    Re,

    Citation :
    J'avais désactiver le UAC en pensant que ça aurait peut être réglé le problème du processus hôte qui ne fonctionnait plus.

    Non, rien à voir, c'est dangereux même de le désactiver, faudra le remettre.

    Citation :
    Sinon j'ai vu que des données extrasensibles ont été changé de place (dossier PCEM1), elle ne risquent rien? parce que je ne dois absolument pas perdre ça! MERCI


    oui je vois çà, j'ai été induit en erreur, mais rien n'est perdu, on va les remettre.
    Va dans ce dossier :
    C:\_OTL\MovedFiles\xxxxxx (ou xxx est la date_heure)
    Tu vas trouver un dossier "C:" puis "Users" puis "Maxime" puis "Desktop" et enfin "PCEM1"

    Copie-colle le de nouveau sur ton bureau où là où tu le souhaites, regarde que tout soit dedans.


    Pour l'alerte, tu l'obtiens quand ? quand tu ouvres le navigateur, quand tu navigue, ou même sans naviguer ?

    Pour voir :


    Télécharge TDSSKiller de Kaspersky sur ton bureau.

  • Décompresse-le en faisant clic-droit dessus -> extraire tout... (clique sur "suivant", "suivant" et "Terminer".)
  • Double clique sur "TDSSKiller.exe" pour lancer l'outil.
    (Utilisateur de Vista/Windows 7 : effectue un clic droit sur TDSSKiller.exe et sélectionne "Exécuter en tant qu'administrateur".)

  • Clique alors sur le bouton "Start Scan".
  • Laisse le scan s'effectuer.

  • Dans la fenêtre de résultat :
  • Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.
  • Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
  • Pour la partie "Suspicious object" laisse sur "Skip"
  • Si TDSS.tdl4 (mbr) est détecté assure toi que Cure est bien coché.
  • Clique enfin sur "Continue"

  • Il te sera surement demandé de redémarrer ton pc, fait-le en cliquant sur "Reboot now"

  • Au redémarrage va chercher le rapport de suppression, il se trouve ici :
    C:\ TDSSKiller.x.x.x.x_date_heure_log.txt

    Poste son contenu dans ta prochaine réponse.

    [:_tom_:7]
    3 Avril 2011 14:46:51

    ça pose pas de pb si je fais tout en mode sans echec? parce que en mode normal ça me met un ecran bleu 1 fois sur 2.
    a c 614 8 Sécurité
    3 Avril 2011 18:35:57

    Re,

    Mouarf, c'est bon, j'ai eu la bonne idée, et j'ai trouvé le coupable :
    Citation :
    2011/04/03 14:48:38.0421 0600 Detected object count: 1
    2011/04/03 14:49:21.0046 0600 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/03 14:49:21.0046 0600 \HardDisk0 - ok
    2011/04/03 14:49:21.0046 0600 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/03 14:49:26.0210 0720 Deinitialize success


    çà devrait s'arranger normalement maintenant.

    Tu as bien récupéré ton dossier au fait ?

    Regarde si tu as de nouveau les écrans bleu et les autres problème maintenant.

    [:_tom_:7]
    3 Avril 2011 19:15:43

    Effectivement j'ai pas eu de soucis depuis la dernière manip' :) 

    Une idée d'où j'ai pu choper ça?

    sinon j'ai bien récupéré mon dossier!

    Merci encore pour ton aide !
    a c 614 8 Sécurité
    3 Avril 2011 22:06:58

    Re,

    Cette infection dangereuse et malheureusement assez répandu s'attrape généralement via des exploits sur des sites web piégé, surtout si son système ou ses programmes ne sont pas à jour (Java, adobe reader, flash player, etc ...)


    On termine le ménage alors :

    1) Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Clique sur "Purge d'outils"
  • Valide l'avertissement par "ok" et laisse le pc redémarrer.


    2) Purge de la restauration système :

    Elle contient des restes de l'infection, suis ce tuto pour la purger :

    Vista/7 :
    http://www.inforumatique.fr/post82670.html#p82670


    Mise à jour du système et des logiciels :


    Assures-toi que ton système soit à jour via Windows Update (démarrer -> tous les programmes -> Windows Update) fais l'ensemble des mises à jours proposées, notamment Internet Explorer 8 :

    Met à jour les programmes suivants :
    - Java vers la version 6 update 24 (pense à supprimer les anciennes version dans ajout/suppression des programmes si encore présente )



    Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :

  • Attention lors de l'installation de logiciel :
    Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou tout autre atteintes à la vie privée. Refuser les toolbars et autres addons proposés.

  • Maintenir ses logiciels et son système à jour :
    De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
    Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.

    Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
    A lire !
    4 Avril 2011 20:39:22

    MERCI
    a c 614 8 Sécurité
    4 Avril 2011 21:03:36

    [:archi]

    Tu peux indiquer ton sujet "réglé" en cliquant sur le bouton "éditer" dans ton tout premier message.
    -> Ajoute ensuite "résolu" à coté de ton titre et valide.

    Tu peux aussi, si tu le souhaites, valider une "meilleure réponse", ton sujet sera alors automatiquement marqué comme "résolu"

    A bientôt sur les forums Tom's Guide
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS