De retour,
Sauvegardes faites.
1) Voici le rapport de Roguekiller :
RogueKiller V7.6.5 [03/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion- ... ntees.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur: kicik [Droits d'admin]
Mode: Recherche -- Date: 06/08/2012 22:59:39
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\kicik\AppData\Local\{d8a0ba5a-29f7-2ba6-b226-3249ae4e939e}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{d8a0ba5a-29f7-2ba6-b226-3249ae4e939e}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{d8a0ba5a-29f7-2ba6-b226-3249ae4e939e}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{d8a0ba5a-29f7-2ba6-b226-3249ae4e939e}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\kicik\appdata\local\{d8a0ba5a-29f7-2ba6-b226-3249ae4e939e}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\kicik\appdata\local\{d8a0ba5a-29f7-2ba6-b226-3249ae4e939e}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\kicik\appdata\local\{d8a0ba5a-29f7-2ba6-b226-3249ae4e939e}\L --> FOUND
¤¤¤ Driver: [CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
192.168.1.10 kicik.fr
192.168.1.20 mail.kicik.fr
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725032VLA360 ATA Device +++++
--- User ---
[MBR] 1ff550ad08691a7e1d94eb9fd30f362c
[BSP] e5ceb32d28cd94f50d817d9647d862a7 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 277685 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 568700928 | Size: 27557 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SAMSUNG HD103UJ ATA Device +++++
--- User ---
[MBR] 07ea87904c9987c3c1f0a5f7b8c54d26
[BSP] c18bc20f70d014c7f198c1560dd28ef6 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: ST320002 1A USB Device +++++
--- User ---
[MBR] 2f3970186dc7707cf1bf304f54ca21db
[BSP] a2405411ca8b5c2ac36dbed5b0636aa3 : MaxSS MBR Code!
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 218137203 | Size: 937608 Mo
1 - [XXXXXX] UNKNOWN (0x74) [VISIBLE] Offset (sectors): 544370800 | Size: 937645 Mo
2 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 225600882 | Size: 265696 Mo
3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2760638474 | Size: 25 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: PI-239 USB 2.0 Drive USB Device +++++
--- User ---
[MBR] 4a58ea30070289308b4716ed69f1670b
[BSP] c72a129041a0e773a8b714ca80073440 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1].txt >>
RKreport[1].txt
2) Et voici le rapport de ZHPDIAG
http://cjoint.com/?0HgxlxFeS8Q