Sujet Précédent Sujet Suivant

Ordi lent et connexion intempestive....

Résolu/Fermé
wen452 Messages postés 47 Date d'inscription lundi 20 juillet 2009 Statut Membre Dernière intervention 2 janvier 2014 - 20 juil. 2009 à 17:59
 Utilisateur anonyme - 6 août 2009 à 00:56
Bonjour,
Mon ordi est lent depuis quelque temps et la connexion internet l'est aussi, sans oublier le fait qu'elle ne cesse de se couper. Je ne sais pas d'où ça vient, peut-être d'une virus ?

J'ai windows Xp
Spyboot (que je n'arrive pas à mettre à jour mais je cherche à régler le probléme)
Sygate en pare feu
Antivir en antivirus
et j'utilise ccleaner

Je viens de faire un rapport hijackthis, pourriez-vous me dire s'il est correct ?
(Je viens de supprimer ad-ware, mais je vois qu'il y en a encore des traces dans le rapport)
************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:42, on 20/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Wallpaper\Wallpaper.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aurelie\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?hl=fr&tab=nw&gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_S82.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Wallpaper] "D:\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.bellapix.com/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFB91060-AB8D-4E10-A91C-4B0D1B1981B3}: NameServer = 86.64.145.148 84.103.237.148
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Update Service (gupdate1c999c9fc4ff206) (gupdate1c999c9fc4ff206) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
A voir également:

28 réponses

  • 1
  • 2
Réponse 1 / 28
Utilisateur anonyme
20 juil. 2009 à 18:12
salut :

Mets Windows à jour
Mets Internet Explorer à jour

desinstalle Ad-Aware

ensuite :

######## | XP _ Instal & recherche | #######


Telecharge et install UsbFix (de C_XX & Chiquitine29)

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisi l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.



0
Réponse 2 / 28
wen452 Messages postés 47 Date d'inscription lundi 20 juillet 2009 Statut Membre Dernière intervention 2 janvier 2014
20 juil. 2009 à 18:25
Voici le rapport :

############################## | UsbFix V6.008 |


############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Wallpaper\Wallpaper.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\FREEDO~1\fdm.exe

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\Aurelie\Temporary Internet Files |


################## | All Drives ... |

Présent ! F:\Setup.exe
Présent ! F:\autorun.inf

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |


################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.008 ! |




Je viens aussi de nettoyer ma liste de démarrage de windows, il y avait deux entrées assimilée à des virus selon la liste de pacman :

http://assiste.com.free.fr/p/pacman/pacman_startup_list_q.html



Je lance tout de suite la mise à jour de windows, c'est vrai que je ne l'ai pas fait depuis un moment.

Par contre, suis-je obligée de mettre à jour IE ? Je l'avais fais, mais il ralentissait mon ordinateur et ma connexion, et j'avoue que je n'aimais pas vraiment sa conception, donc j'étais revenue avec joie à la version 6.


Par ailleurs, j'ai souvent un message concernant l'utilisation de mes contrôles active X qui s'affiche en haut de pas mal de site internet. Je ne sais pas si ça peut jouer dans la lenteur de la navigation.


merci de votre aide !
Wen
0
Réponse 3 / 28
Utilisateur anonyme
20 juil. 2009 à 18:28
si tu veux que ton pc s'infecte , reste a la version 6 qui contient d'enormes failles de securité et laisse tout passer

il manque l'entete du rapport
0
Réponse 4 / 28
wen452 Messages postés 47 Date d'inscription lundi 20 juillet 2009 Statut Membre Dernière intervention 2 janvier 2014
20 juil. 2009 à 18:34
Il manque quelque chose ? il n'y a rien d'autre dans le rapport, je viens de vérifier, j'ai pourtant tout séléctionné.
Je le refait complétement au cas où


############################## | UsbFix V6.008 |


############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Wallpaper\Wallpaper.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\Aurelie\Temporary Internet Files |


################## | All Drives ... |

Présent ! F:\Setup.exe
Présent ! F:\autorun.inf

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |


################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.008 ! |



Et aie, pour la mise à jour windows, c'est délicat vu que ma connexion saute et que le chargement repart à chaque fois au début...ça risque d'être un peu long.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
Utilisateur anonyme
20 juil. 2009 à 18:39
;)

desinstalle USBFix , retelecharge-le et refais l option 1 stp

lien :

########### | XP _ Suppression | ########



(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

• Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

• Ton bureau disparaitra et le pc redémarrera .

• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 6 / 28
wen452
20 juil. 2009 à 19:06
voici le rapport :


############################## | UsbFix V6.008 |


############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\Aurelie\Temporary Internet Files |


################## | All Drives ... |

(!) Non supprimé ! F:\Setup.exe
(!) Non supprimé ! F:\autorun.inf

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |


################## | Listing des fichiers présent |

[20/07/2009 18:59|--a------|220] - C:\aaw7boot.log
[21/07/2006 15:17|--a------|0] - C:\AUTOEXEC.BAT
[06/01/2009 16:59|--a------|53] - C:\biosinfo
[20/07/2009 18:19|---hs----|216] - C:\boot.ini
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[21/07/2006 15:17|--a------|0] - C:\CONFIG.SYS
[12/05/2007 18:22|--a------|68096] - C:\diff.exe
[12/05/2007 18:22|--a------|103424] - C:\grep.exe
[?|?|?] - C:\hiberfil.sys
[21/07/2006 15:17|-rahs----|0] - C:\IO.SYS
[01/01/2009 12:49|--a------|32394] - C:\MACDR005.CST
[21/07/2006 15:17|-rahs----|0] - C:\MSDOS.SYS
[05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
[26/07/2008 18:09|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[07/05/2008 15:43|--a------|13030] - C:\PDOXUSRS.NET
[12/05/2007 18:22|--a------|853] - C:\reboot.cmd
[02/02/2009 19:55|--a------|203] - C:\scrantic.ini
[18/05/2009 13:34|--ah-----|136] - C:\sqmdata00.sqm
[21/04/2009 11:09|--ah-----|268] - C:\sqmdata01.sqm
[03/06/2009 10:54|--ah-----|232] - C:\sqmdata02.sqm
[03/06/2009 11:19|--ah-----|232] - C:\sqmdata03.sqm
[03/06/2009 11:22|--ah-----|232] - C:\sqmdata04.sqm
[03/06/2009 09:08|--ah-----|232] - C:\sqmdata05.sqm
[03/06/2009 09:08|--ah-----|232] - C:\sqmdata06.sqm
[03/06/2009 10:50|--ah-----|232] - C:\sqmdata07.sqm
[03/06/2009 10:53|--ah-----|232] - C:\sqmdata08.sqm
[03/06/2009 10:53|--ah-----|232] - C:\sqmdata09.sqm
[03/06/2009 10:54|--ah-----|232] - C:\sqmdata10.sqm
[02/07/2009 18:55|--ah-----|136] - C:\sqmdata11.sqm
[03/07/2009 09:54|--ah-----|232] - C:\sqmdata12.sqm
[03/07/2009 09:54|--ah-----|232] - C:\sqmdata13.sqm
[08/07/2009 09:30|--ah-----|232] - C:\sqmdata14.sqm
[08/07/2009 09:32|--ah-----|232] - C:\sqmdata15.sqm
[08/07/2009 09:32|--ah-----|232] - C:\sqmdata16.sqm
[08/07/2009 09:32|--ah-----|232] - C:\sqmdata17.sqm
[02/03/2009 11:51|--ah-----|232] - C:\sqmdata18.sqm
[14/04/2009 12:53|--ah-----|232] - C:\sqmdata19.sqm
[18/05/2009 13:34|--ah-----|244] - C:\sqmnoopt00.sqm
[21/04/2009 11:09|--ah-----|244] - C:\sqmnoopt01.sqm
[03/06/2009 10:54|--ah-----|244] - C:\sqmnoopt02.sqm
[03/06/2009 11:19|--ah-----|244] - C:\sqmnoopt03.sqm
[03/06/2009 11:22|--ah-----|244] - C:\sqmnoopt04.sqm
[03/06/2009 09:08|--ah-----|244] - C:\sqmnoopt05.sqm
[03/06/2009 09:08|--ah-----|244] - C:\sqmnoopt06.sqm
[03/06/2009 10:50|--ah-----|244] - C:\sqmnoopt07.sqm
[03/06/2009 10:53|--ah-----|244] - C:\sqmnoopt08.sqm
[03/06/2009 10:53|--ah-----|244] - C:\sqmnoopt09.sqm
[03/06/2009 10:54|--ah-----|244] - C:\sqmnoopt10.sqm
[02/07/2009 18:55|--ah-----|136] - C:\sqmnoopt11.sqm
[03/07/2009 09:54|--ah-----|244] - C:\sqmnoopt12.sqm
[03/07/2009 09:54|--ah-----|244] - C:\sqmnoopt13.sqm
[08/07/2009 09:30|--ah-----|244] - C:\sqmnoopt14.sqm
[08/07/2009 09:32|--ah-----|244] - C:\sqmnoopt15.sqm
[08/07/2009 09:32|--ah-----|244] - C:\sqmnoopt16.sqm
[08/07/2009 09:32|--ah-----|244] - C:\sqmnoopt17.sqm
[02/03/2009 11:51|--ah-----|244] - C:\sqmnoopt18.sqm
[14/04/2009 12:53|--ah-----|244] - C:\sqmnoopt19.sqm
[24/05/2001 12:59|--a------|162304] - C:\UNWISE.EXE
[20/07/2009 19:03|--a------|4058] - C:\UsbFix.txt
[05/04/2008 12:23|--a------|1105480929] - D:\bones.zip
[29/11/2006 17:24|--a------|30208] - D:\citations et proverbes qui me parlent.doc
[16/04/2009 16:21|--a------|288587802] - D:\diaporamas avec pro show.zip
[22/12/2008 12:17|--a------|149658905] - D:\films alpes.zip
[10/11/2008 14:52|--a------|79872] - D:\liens sympas de jeux.doc
[22/01/2008 21:50|--a------|48128] - D:\Mots sympas.doc
[05/04/2008 12:38|--a------|335768762] - D:\patinage.zip
[10/11/2008 14:53|--a------|1432576] - D:\plantes aquatique et chambre.doc
[10/07/2008 16:39|--a------|5024182] - D:\protection des loups.zip
[05/01/2009 18:40|--ahs----|31232] - D:\Thumbs.db
[07/01/2000 14:26|-r-h-----|20] - F:\00000001.TMP
[07/01/2000 14:26|-r-h-----|29440] - F:\00000404.016
[07/01/2000 14:26|-r-h-----|226444] - F:\00000404.256
[07/01/2000 14:26|-r-h-----|29850] - F:\00000407.016
[07/01/2000 14:26|-r-h-----|226560] - F:\00000407.256
[07/01/2000 14:26|-r-h-----|29440] - F:\00000409.016
[07/01/2000 14:26|-r-h-----|226444] - F:\00000409.256
[07/01/2000 14:26|-r-h-----|29522] - F:\0000040c.016
[07/01/2000 14:26|-r-h-----|226324] - F:\0000040c.256
[07/01/2000 14:26|-r-h-----|29440] - F:\00000410.016
[07/01/2000 14:26|-r-h-----|226444] - F:\00000410.256
[07/01/2000 14:26|-r-h-----|26302] - F:\00000411.016
[07/01/2000 14:26|-r-h-----|227560] - F:\00000411.256
[07/01/2000 14:26|-r-h-----|29440] - F:\00000412.016
[07/01/2000 14:26|-r-h-----|226444] - F:\00000412.256
[07/01/2000 14:26|-r-h-----|29440] - F:\00000413.016
[07/01/2000 14:26|-r-h-----|226444] - F:\00000413.256
[07/01/2000 14:26|-r-h-----|29440] - F:\00000415.016
[07/01/2000 14:26|-r-h-----|226444] - F:\00000415.256
[07/01/2000 14:26|-r-h-----|29440] - F:\00000416.016
[07/01/2000 14:26|-r-h-----|226444] - F:\00000416.256
[07/01/2000 14:26|-r-h-----|29476] - F:\0000041d.016
[07/01/2000 14:26|-r-h-----|226406] - F:\0000041d.256
[07/01/2000 14:26|-r-h-----|29476] - F:\0000041e.016
[07/01/2000 14:26|-r-h-----|226406] - F:\0000041e.256
[07/01/2000 14:26|-r-h-----|29440] - F:\00000804.016
[07/01/2000 14:26|-r-h-----|226444] - F:\00000804.256
[07/01/2000 14:26|-r-h-----|29440] - F:\00000809.016
[07/01/2000 14:26|-r-h-----|226444] - F:\00000809.256
[07/01/2000 14:26|-r-h-----|29476] - F:\00000c0a.016
[07/01/2000 14:26|-r-h-----|226406] - F:\00000c0a.256
[07/01/2000 14:26|-r-------|44] - F:\autorun.inf
[07/01/2000 14:26|-r-h-----|6784] - F:\clcd16.dll
[07/01/2000 14:26|-r-h-----|27648] - F:\clcd32.dll
[07/01/2000 14:26|-r-h-----|177152] - F:\clokspl.exe
[07/01/2000 14:28|-r-------|26644] - F:\Creare una Pagina Web LEGGIMI.html
[07/01/2000 14:26|-r-h-----|172544] - F:\dplayerx.dll
[07/01/2000 14:26|-r-h-----|31744] - F:\drvmgt.dll
[07/01/2000 14:28|-r-------|21684] - F:\Ensemble de pages Internet lisezmoi.html
[07/01/2000 14:28|-r-------|14] - F:\maxis.ini
[07/01/2000 14:25|-r-------|4552] - F:\MSEULA_Eng.txt
[07/01/2000 14:25|-r-------|5237] - F:\MSEULA_Fre.txt
[07/01/2000 14:25|-r-------|5279] - F:\MSEULA_Ger.txt
[07/01/2000 14:25|-r-------|4684] - F:\MSEULA_Ita.txt
[07/01/2000 14:25|-r-------|4964] - F:\MSEULA_Spa.txt
[07/01/2000 14:26|-r-h-----|10848] - F:\secdrv.sys
[07/01/2000 14:26|-r-------|6152192] - F:\Setup.exe
[07/01/2000 14:26|-r-h-----|2158637] - F:\SIMS.ICD
[07/01/2000 14:26|-r-h-----|6574] - F:\simscd.ico
[07/01/2000 14:28|-r-------|20692] - F:\Web Page Template README.html
[07/01/2000 14:28|-r-------|21274] - F:\Webpagina Sjablonen LEESMIJ.htm
[07/01/2000 14:28|-r-------|62738] - F:\Webseiten-Vorlagen Liesmich.html

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## | Etat / Services / Informations |

# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.008 ! |
0
Réponse 7 / 28
Utilisateur anonyme
20 juil. 2009 à 19:17
Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

D:\Wallpaper\Wallpaper.exe

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
0
Réponse 8 / 28
Utilisateur anonyme
20 juil. 2009 à 21:26
Fichier Wallpaper.exe reçu le 2009.03.27 16:55:19 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.27 -
AhnLab-V3 5.0.0.2 2009.03.27 -
AntiVir 7.9.0.129 2009.03.27 -
Antiy-AVL 2.0.3.1 2009.03.27 -
Authentium 5.1.2.4 2009.03.27 -
Avast 4.8.1335.0 2009.03.26 -
AVG 8.5.0.283 2009.03.27 -
BitDefender 7.2 2009.03.27 -
CAT-QuickHeal 10.00 2009.03.26 -
ClamAV 0.94.1 2009.03.27 -
Comodo 1086 2009.03.27 -
DrWeb 4.44.0.09170 2009.03.27 -
eSafe 7.0.17.0 2009.03.26 -
eTrust-Vet 31.6.6420 2009.03.27 -
F-Prot 4.4.4.56 2009.03.27 -
F-Secure 8.0.14470.0 2009.03.27 -
Fortinet 3.117.0.0 2009.03.27 -
GData 19 2009.03.27 -
Ikarus T3.1.1.48.0 2009.03.27 -
K7AntiVirus 7.10.683 2009.03.27 -
Kaspersky 7.0.0.125 2009.03.27 -
McAfee 5565 2009.03.26 -
McAfee+Artemis 5565 2009.03.26 -
McAfee-GW-Edition 6.7.6 2009.03.27 -
Microsoft 1.4502 2009.03.27 -
NOD32 3969 2009.03.27 -
Norman 6.00.06 2009.03.27 -
nProtect 2009.1.8.0 2009.03.27 -
Panda 10.0.0.10 2009.03.27 -
PCTools 4.4.2.0 2009.03.27 -
Prevx1 V2 2009.03.27 -
Rising 21.22.42.00 2009.03.27 -
Sophos 4.40.0 2009.03.27 -
Sunbelt 3.2.1858.2 2009.03.26 -
Symantec 1.4.4.12 2009.03.27 -
TheHacker 6.3.3.7.292 2009.03.26 -
TrendMicro 8.700.0.1004 2009.03.27 -
VBA32 3.12.10.1 2009.03.26 -
ViRobot 2009.3.27.1666 2009.03.27 -

Information additionnelle
File size: 233472 bytes
MD5 : df105989c770c6ab43970a2cc0b9561a
SHA1 : 462d1d6cd3f6e185907b4101d5c82cbffb699988
SHA256: 2be13d9e8ff67fb41b642b625150c6795281587bb920a98910d31cd342f58978
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2988<BR>timedatestamp.....: 0x46CA2368 (Tue Aug 21 01:27:36 2007)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x336A4 0x34000 6.02 568001684c351380983e72a87b040df5<BR>.data 0x35000 0x2BD0 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<BR>.rsrc 0x38000 0x2780 0x3000 4.74 920e4f0bfa1da7c4f81f0b497cb7dbf5<BR><BR>( 4 imports )<BR><BR>> gdiplus.dll: GdipDrawImageRectI, GdipBitmapUnlockBits, GdipDeleteGraphics, GdipDrawImageI, GdipReleaseDC, GdipLoadImageFromFile, GdipLoadImageFromStream, GdipRotateWorldTransform, GdipDisposeImage, GdipCreateBitmapFromScan0, GdiplusShutdown, GdipGetDC, GdipSetInterpolationMode, GdipCreateBitmapFromHBITMAP, GdipCreateBitmapFromGraphics, GdiplusStartup, GdipGetImagePixelFormat, GdipTranslateWorldTransform, GdipSetImagePalette, GdipResetWorldTransform, GdipGetImageEncoders, GdipBitmapLockBits, GdipGetImageThumbnail, GdipCreateFromHWND, GdipSaveImageToFile, GdipCreateFromHDC, GdipCreateHBITMAPFromBitmap, GdipGetImageGraphicsContext, GdipGetImageDimension, GdipGetImageEncodersSize, GdipGetImagePalette, GdipSaveImageToStream<BR>> kernel32.dll: RtlMoveMemory, lstrlenW<BR>> msvbvm60.dll: __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaLateIdCall, __vbaStrVarMove, __vbaPut3, __vbaEnd, __vbaFreeVarList, _adj_fdiv_m64, __vbaRaiseEvent, __vbaFreeObjList, -, _adj_fprem1, __vbaRecAnsiToUni, -, __vbaCopyBytes, __vbaStrCat, -, -, __vbaLsetFixstr, -, __vbaRecDestruct, __vbaSetSystemError, __vbaLenBstrB, -, __vbaHresultCheckObj, -, _adj_fdiv_m32, __vbaAryDestruct, __vbaStrBool, __vbaBoolStr, -, __vbaExitProc, -, -, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaStrFixstr, __vbaForEachCollVar, _CIsin, -, -, -, -, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, __vbaCyI2, -, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, -, -, __vbaI2I4, __vbaNextEachCollVar, DllFunctionCall, -, __vbaCySub, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaLateIdCallLd, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, -, __vbaUI1I2, _CIsqrt, __vbaObjIs, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, -, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, __vbaFailedFriend, __vbaI2Str, -, -, -, __vbaFPException, __vbaInStrVar, __vbaUbound, __vbaStrVarVal, __vbaVarCat, __vbaDateVar, __vbaI2Var, -, -, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaVar2Vec, __vbaR8Str, __vbaInStr, __vbaNew2, __vbaCyMulI2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, -, _adj_fdiv_r, -, -, __vbaVarTstNe, __vbaI4Var, -, __vbaAryLock, -, __vbaVarDup, __vbaStrToAnsi, __vbaFpI2, __vbaVarTstGe, -, __vbaFpI4, __vbaR8IntI2, __vbaRecDestructAnsi, _CIatan, -, __vbaStrMove, __vbaCastObj, __vbaI4Cy, __vbaR8IntI4, __vbaStrVarCopy, -, -, -, _allmul, __vbaLateIdSt, -, -, _CItan, -, __vbaAryUnlock, -, __vbaFPInt, _CIexp, __vbaFreeObj, __vbaFreeStr<BR>> ole32.dll: IIDFromString, CreateStreamOnHGlobal<BR><BR>( 0 exports )<BR>
TrID : File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: <A href="https://www.symantec.com?md5=df105989c770c6ab43970a2cc0b9561a" target=_blank>https://www.symantec.com?md5=df105989c770c6ab43970a2cc0b9561a</A>
ssdeep: 3072:75KXeW3mCFFDrUPdNAuPQcVjRZ7+dxOa8AWhQfeEWRv8cSB3O+n6oZUk5VfkrDr:FKuOHuDQnUQG5+LUkq
PEiD : -
RDS : NSRL Reference Data Set<BR>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.27 -
AhnLab-V3 5.0.0.2 2009.03.27 -
AntiVir 7.9.0.129 2009.03.27 -
Antiy-AVL 2.0.3.1 2009.03.27 -
Authentium 5.1.2.4 2009.03.27 -
Avast 4.8.1335.0 2009.03.26 -
AVG 8.5.0.283 2009.03.27 -
BitDefender 7.2 2009.03.27 -
CAT-QuickHeal 10.00 2009.03.26 -
ClamAV 0.94.1 2009.03.27 -
Comodo 1086 2009.03.27 -
DrWeb 4.44.0.09170 2009.03.27 -
eSafe 7.0.17.0 2009.03.26 -
eTrust-Vet 31.6.6420 2009.03.27 -
F-Prot 4.4.4.56 2009.03.27 -
F-Secure 8.0.14470.0 2009.03.27 -
Fortinet 3.117.0.0 2009.03.27 -
GData 19 2009.03.27 -
Ikarus T3.1.1.48.0 2009.03.27 -
K7AntiVirus 7.10.683 2009.03.27 -
Kaspersky 7.0.0.125 2009.03.27 -
McAfee 5565 2009.03.26 -
McAfee+Artemis 5565 2009.03.26 -
McAfee-GW-Edition 6.7.6 2009.03.27 -
Microsoft 1.4502 2009.03.27 -
NOD32 3969 2009.03.27 -
Norman 6.00.06 2009.03.27 -
nProtect 2009.1.8.0 2009.03.27 -
Panda 10.0.0.10 2009.03.27 -
PCTools 4.4.2.0 2009.03.27 -
Prevx1 V2 2009.03.27 -
Rising 21.22.42.00 2009.03.27 -
Sophos 4.40.0 2009.03.27 -
Sunbelt 3.2.1858.2 2009.03.26 -
Symantec 1.4.4.12 2009.03.27 -
TheHacker 6.3.3.7.292 2009.03.26 -
TrendMicro 8.700.0.1004 2009.03.27 -
VBA32 3.12.10.1 2009.03.26 -
ViRobot 2009.3.27.1666 2009.03.27 -

Information additionnelle
File size: 233472 bytes
MD5 : df105989c770c6ab43970a2cc0b9561a
SHA1 : 462d1d6cd3f6e185907b4101d5c82cbffb699988
SHA256: 2be13d9e8ff67fb41b642b625150c6795281587bb920a98910d31cd342f58978
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2988<BR>timedatestamp.....: 0x46CA2368 (Tue Aug 21 01:27:36 2007)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x336A4 0x34000 6.02 568001684c351380983e72a87b040df5<BR>.data 0x35000 0x2BD0 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<BR>.rsrc 0x38000 0x2780 0x3000 4.74 920e4f0bfa1da7c4f81f0b497cb7dbf5<BR><BR>( 4 imports )<BR><BR>> gdiplus.dll: GdipDrawImageRectI, GdipBitmapUnlockBits, GdipDeleteGraphics, GdipDrawImageI, GdipReleaseDC, GdipLoadImageFromFile, GdipLoadImageFromStream, GdipRotateWorldTransform, GdipDisposeImage, GdipCreateBitmapFromScan0, GdiplusShutdown, GdipGetDC, GdipSetInterpolationMode, GdipCreateBitmapFromHBITMAP, GdipCreateBitmapFromGraphics, GdiplusStartup, GdipGetImagePixelFormat, GdipTranslateWorldTransform, GdipSetImagePalette, GdipResetWorldTransform, GdipGetImageEncoders, GdipBitmapLockBits, GdipGetImageThumbnail, GdipCreateFromHWND, GdipSaveImageToFile, GdipCreateFromHDC, GdipCreateHBITMAPFromBitmap, GdipGetImageGraphicsContext, GdipGetImageDimension, GdipGetImageEncodersSize, GdipGetImagePalette, GdipSaveImageToStream<BR>> kernel32.dll: RtlMoveMemory, lstrlenW<BR>> msvbvm60.dll: __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaLateIdCall, __vbaStrVarMove, __vbaPut3, __vbaEnd, __vbaFreeVarList, _adj_fdiv_m64, __vbaRaiseEvent, __vbaFreeObjList, -, _adj_fprem1, __vbaRecAnsiToUni, -, __vbaCopyBytes, __vbaStrCat, -, -, __vbaLsetFixstr, -, __vbaRecDestruct, __vbaSetSystemError, __vbaLenBstrB, -, __vbaHresultCheckObj, -, _adj_fdiv_m32, __vbaAryDestruct, __vbaStrBool, __vbaBoolStr, -, __vbaExitProc, -, -, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaStrFixstr, __vbaForEachCollVar, _CIsin, -, -, -, -, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, __vbaCyI2, -, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, -, -, __vbaI2I4, __vbaNextEachCollVar, DllFunctionCall, -, __vbaCySub, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaLateIdCallLd, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, -, __vbaUI1I2, _CIsqrt, __vbaObjIs, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, -, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, __vbaFailedFriend, __vbaI2Str, -, -, -, __vbaFPException, __vbaInStrVar, __vbaUbound, __vbaStrVarVal, __vbaVarCat, __vbaDateVar, __vbaI2Var, -, -, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaVar2Vec, __vbaR8Str, __vbaInStr, __vbaNew2, __vbaCyMulI2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, -, _adj_fdiv_r, -, -, __vbaVarTstNe, __vbaI4Var, -, __vbaAryLock, -, __vbaVarDup, __vbaStrToAnsi, __vbaFpI2, __vbaVarTstGe, -, __vbaFpI4, __vbaR8IntI2, __vbaRecDestructAnsi, _CIatan, -, __vbaStrMove, __vbaCastObj, __vbaI4Cy, __vbaR8IntI4, __vbaStrVarCopy, -, -, -, _allmul, __vbaLateIdSt, -, -, _CItan, -, __vbaAryUnlock, -, __vbaFPInt, _CIexp, __vbaFreeObj, __vbaFreeStr<BR>> ole32.dll: IIDFromString, CreateStreamOnHGlobal<BR><BR>( 0 exports )<BR>
TrID : File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: <A href="https://www.symantec.com?md5=df105989c770c6ab43970a2cc0b9561a" target=_blank>https://www.symantec.com?md5=df105989c770c6ab43970a2cc0b9561a</A>
ssdeep: 3072:75KXeW3mCFFDrUPdNAuPQcVjRZ7+dxOa8AWhQfeEWRv8cSB3O+n6oZUk5VfkrDr:FKuOHuDQnUQG5+LUkq
PEiD : -
RDS : NSRL Reference Data Set<BR>-
0
Réponse 9 / 28
Utilisateur anonyme
20 juil. 2009 à 21:28
j ai demandé la restauration de cirus total (rapport)

pour repondre à cela il y a une infection qui porte le meme nom

Télécharge OTL de OLDTimer

et enregistre le sur ton Bureau.

Double clic sur OTL.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant scan all users

Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier ci-dessus.

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt" s'il t'est demandé
0
Réponse 10 / 28
wen452 Messages postés 47 Date d'inscription lundi 20 juillet 2009 Statut Membre Dernière intervention 2 janvier 2014
20 juil. 2009 à 22:17
voilà le résultat, j'espére que cette fois-ci ma réponse va apparaitre :

http://www.cijoint.fr/cjlink.php?file=cj200907/cijUVn8FOJ.txt

et l'autre :
http://www.cijoint.fr/cjlink.php?file=cj200907/cijmmPBc6i.txt

merci !
0
Réponse 11 / 28
Utilisateur anonyme
20 juil. 2009 à 22:43
relance USBFix option Desinstallation

ensuite :

Télécharge HostXpert sur ton Bureau :

---> Décompresse-le (Clic droit >> Extraire ici)

---> Double-clique sur HostsXpert pour le lancer

---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

s'il est fermé , clique dessus :)

ensuite :

Télécharge Zeb-Restore http://telechargement.zebulon.fr/zeb-restore.html enregistre ce fichier sur le bureau.

-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
- Coche la case devant :sites de confiance
- Ne coche aucune autre case
-Clique sur Restaurer
-Redémarre ton PC

ensuite :

Double clic sur OTL.exe pour le lancer.


Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans la zone sous Customs Scans/Fixes

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe

:services
Boonty Games
Lavasoft Ad-Aware Service

:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-1383384898-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-1383384898-682003330-1004\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-1383384898-682003330-1004\..\Toolbar\WebBrowser: (no name) - {B0FB8BD0-196F-40AE-86E4-D8A507C25CC3} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-1383384898-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-1383384898-682003330-1004\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.rdl File not found
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - Reg Error: Key error. File not found
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F951183D
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F4B378
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49CABE45
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:367F03D2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B3D15A
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47C3EF59
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76BA037
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30E8F700
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFC63BDF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:531885AC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51A22C60
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DECED1B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C25C9263
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE89FFE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01442FD8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF818E2B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B745EBA5
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71F96743
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551E1CB4
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09A43FB1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA8B212D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8A67568
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80EB80C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC95B5ED
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7E5A8F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB603FE4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEE3BBB
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:997E6AF4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:798A3728
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABBECF62
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:273A8657
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:128A6DC9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95B8F7F6
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957053A5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C07C19F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4A1F01E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9446E8B9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2E567F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5E15C93
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBA7E1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54362937
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38317199
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:226A6E31
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDF08FAF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7F8B6E9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A745DB5D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D632CD7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B8F0FD3
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30376ACC
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D644D3DF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9641B31
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42228396
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2CB42C9
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A7901A9
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A97C459
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216EF84
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E736CE6B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0DFB793
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A77A28B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7AD9690
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D26DD363
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A15F65E0
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B321E944
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CF23EC3
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:213AFE42
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3064D21D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BC949AF
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A524EE6
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7091055F
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D9D2CAF
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28476D43
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C9565AC
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB338B9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2411B07C
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB48E5A3
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C


:files
C:\Program Files\GamesBar
C:\WINDOWS\System32\mmfinfo.dll
C:\WINDOWS\System32\avs.dll
C:\WINDOWS\SlantAdj.dll
%Homedrive%\*.sqm
C:\Documents and Settings\All Users\Application Data\BOONTY

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]


Clique sur RunFix pour lancer la suppression.


Poste le rapport.

ensuite :


♦ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


♦ Déconnecte toi et ferme toutes applications en cours !

♦ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

♦ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

♦ Au menu principal choisis l'option "L" et tape sur [entrée] .

♦ Laisse travailler l'outil et ne touche à rien ...

♦ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 12 / 28
wen452 Messages postés 47 Date d'inscription lundi 20 juillet 2009 Statut Membre Dernière intervention 2 janvier 2014
21 juil. 2009 à 11:23
Alors, le rapport de l’OLT :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named TeaTimer.exe was found!
========== SERVICES/DRIVERS ==========

Service\Driver Boonty Games deleted successfully.

Service\Driver Lavasoft Ad-Aware Service deleted successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1614895754-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry value HKEY_USERS\S-1-5-21-1614895754-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_USERS\S-1-5-21-1614895754-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B0FB8BD0-196F-40AE-86E4-D8A507C25CC3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0FB8BD0-196F-40AE-86E4-D8A507C25CC3}\ not found.
Registry value HKEY_USERS\S-1-5-21-1614895754-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry value HKEY_USERS\S-1-5-21-1614895754-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Chercher avec Copernic Agent\ deleted successfully.
Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\copernicagent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6}\ not found.
File {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\copernicagentcache\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D}\ not found.
File {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:lsdelete deleted successfully.
C:\WINDOWS\System32\lsdelete.exe moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F951183D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:68F4B378 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:49CABE45 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:367F03D2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F5B3D15A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:47C3EF59 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C76BA037 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30E8F700 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FFC63BDF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:531885AC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:51A22C60 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1DECED1B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C25C9263 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ABE89FFE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:01442FD8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FF818E2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B745EBA5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71F96743 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:551E1CB4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:09A43FB1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA8B212D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F8A67568 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E80EB80C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AC95B5ED deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:639F0420 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D7E5A8F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB603FE4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8EEE3BBB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:997E6AF4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:798A3728 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ABBECF62 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:273A8657 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:128A6DC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:95B8F7F6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:957053A5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C07C19F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C4A1F01E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9446E8B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC2E567F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D5E15C93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1FBA7E1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:54362937 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:38317199 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:226A6E31 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDF08FAF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7F8B6E9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A745DB5D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6D632CD7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B8F0FD3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30376ACC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D644D3DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B9641B31 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:42228396 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E2CB42C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9A7901A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6A97C459 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5216EF84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E736CE6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0DFB793 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8247A199 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A77A28B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E7AD9690 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D26DD363 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A696643D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A15F65E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B321E944 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3CF23EC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:213AFE42 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3064D21D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BC949AF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9A524EE6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7091055F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7D9D2CAF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:28476D43 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1C9565AC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9AB338B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2411B07C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB48E5A3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C deleted successfully.
========== FILES ==========
C:\Program Files\GamesBar moved successfully.
C:\WINDOWS\System32\mmfinfo.dll unregistered successfully.
C:\WINDOWS\System32\mmfinfo.dll moved successfully.
C:\WINDOWS\System32\avs.dll unregistered successfully.
C:\WINDOWS\System32\avs.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SlantAdj.dll
C:\WINDOWS\SlantAdj.dll NOT unregistered.
C:\WINDOWS\SlantAdj.dll moved successfully.
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Aurelie
->Temp folder emptied: 49152 bytes
File delete failed. C:\Documents and Settings\Aurelie\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2922728 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 164259 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82322 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\NV604864.TMP folder deleted successfully.
%systemroot% .tmp files removed: 17063871 bytes
%systemroot%\System32 .tmp files removed: 23788288 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 1415620 bytes

Total Files Cleaned = 43,41 mb


OTL by OldTimer - Version 3.0.9.2 log created on 07212009_103036

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



L’autre rapport :

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 10:42:49, 21/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: RENAUD-GOUD | Utilisateur actuel: Aurelie
.
Administrateur: Administrateur
Administrateur: Aurelie
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité *Desactive*
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKLM\Software\Trymedia Systems
.

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 6.0.2900.5512 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
.
===================================
.
1950 Octet(s) - C:\Ad-Report-CLEAN.log
.
1 Fichier(s) - C:\DOCUME~1\Aurelie\LOCALS~1\Temp
0 Fichier(s) - C:\WINDOWS\Temp
.
17 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 11:19:07 | 21/07/2009
.
============== E.O.F ==============
.



merci encore pour votre aide !
Wen
0
Réponse 13 / 28
Utilisateur anonyme
21 juil. 2009 à 12:49
hello impec on avance

Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau :


!! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !!

* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...

--> Tapes ( option " recherche " ) puis tape sur [Entrée].

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

Tutoriel
0
Réponse 14 / 28
wen452 Messages postés 47 Date d'inscription lundi 20 juillet 2009 Statut Membre Dernière intervention 2 janvier 2014
21 juil. 2009 à 13:32
j'ai eu un avertissement comme quoi "l'accés à windows script est désactivé sur cet ordinateur"

voici le rapport :

-----------\\ ToolBar S&D 1.2.8 XP/Vista


"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 21/07/2009|13:30 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\Aurelie\Cookies\aurelie@www.bananalotto[2].txt
C:\Program Files\Crawler
C:\Program Files\Crawler\Download
C:\Program Files\Crawler\Shared
C:\Program Files\Crawler\SSaver
C:\Program Files\Crawler\ssmodules.dat
C:\Program Files\Crawler\Shared\CShared.dll
C:\Program Files\Crawler\SSaver\bin
C:\Program Files\Crawler\SSaver\CSSaver.exe
C:\Program Files\Crawler\SSaver\Download
C:\Program Files\Crawler\SSaver\imggallery
C:\Program Files\Crawler\SSaver\modelgallery
C:\Program Files\Crawler\SSaver\unins000.dat
C:\Program Files\Crawler\SSaver\unins000.exe
C:\Program Files\Crawler\SSaver\bin\2Dsaver
C:\Program Files\Crawler\SSaver\bin\3DAquarium
C:\Program Files\Crawler\SSaver\bin\cssaver.html
C:\Program Files\Crawler\SSaver\bin\cssaver.ocx
C:\Program Files\Crawler\SSaver\bin\DLL_ACTIVEDESKTOP.xml
C:\Program Files\Crawler\SSaver\bin\2Dsaver\2dsaver.config
C:\Program Files\Crawler\SSaver\bin\2Dsaver\2dsaver.scr
C:\Program Files\Crawler\SSaver\bin\2Dsaver\data.pck
C:\Program Files\Crawler\SSaver\bin\2Dsaver\sav_2dsaver.xml
C:\Program Files\Crawler\SSaver\bin\2Dsaver\ssfxmodul
C:\Program Files\Crawler\SSaver\bin\2Dsaver\ssfxmodul\DLL_SSFXMODUL.xml
C:\Program Files\Crawler\SSaver\bin\2Dsaver\ssfxmodul\ssfxmodul.scr
C:\Program Files\Crawler\SSaver\bin\3DAquarium\3DAquarium.scr
C:\Program Files\Crawler\SSaver\bin\3DAquarium\data.pck
C:\Program Files\Crawler\SSaver\bin\3DAquarium\SAV_3DAQUARIUM.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes
C:\Program Files\Crawler\SSaver\modelgallery\Dolphin Aquarium
C:\Program Files\Crawler\SSaver\modelgallery\Dolphin Aquarium Fishes
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium\MOD_0301_633
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium\MOD_0301_633\MOD_0301_633.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium\MOD_0301_633\MOD_0301_633.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_734
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_735
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_736
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_737
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_738
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_739
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_740
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_741
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_742
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_799
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_874
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_875
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_734\MOD_0302_734.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_734\MOD_0302_734.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_735\MOD_0302_735.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_735\MOD_0302_735.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_736\MOD_0302_736.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_736\MOD_0302_736.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_737\MOD_0302_737.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_737\MOD_0302_737.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_738\MOD_0302_738.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_738\MOD_0302_738.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_739\MOD_0302_739.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_739\MOD_0302_739.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_740\MOD_0302_740.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_740\MOD_0302_740.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_741\MOD_0302_741.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_741\MOD_0302_741.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_742\MOD_0302_742.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_742\MOD_0302_742.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_799\MOD_0302_799.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_799\MOD_0302_799.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_874\MOD_0302_874.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_874\MOD_0302_874.xml
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_875\MOD_0302_875.pck
C:\Program Files\Crawler\SSaver\modelgallery\Coral Aquarium Fishes\MOD_0302_875\MOD_0302_875.xml
C:\Program Files\Crawler\SSaver\modelgallery\Dolphin Aquarium\MOD_0303_1101
C:\Program Files\Crawler\SSaver\modelgallery\Dolphin Aquarium\MOD_0303_1101\MOD_0303_1101.pck
C:\Program Files\Crawler\SSaver\modelgallery\Dolphin Aquarium\MOD_0303_1101\MOD_0303_1101.xml
C:\Program Files\Crawler\SSaver\modelgallery\Dolphin Aquarium Fishes\MOD_0304_743
C:\Program Files\Crawler\SSaver\modelgallery\Dolphin Aquarium Fishes\MOD_0304_743\MOD_0304_743.pck
C:\Program Files\Crawler\SSaver\modelgallery\Dolphin Aquarium Fishes\MOD_0304_743\MOD_0304_743.xml
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Screensaver

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr"
"Search bar"="http://www.bing.com/spresults.aspx"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 21/07/2009|13:31 - Option : [1]

-----------\\ Fin du rapport a 13:31:33,64
0
Réponse 15 / 28
Utilisateur anonyme
21 juil. 2009 à 13:33
Relance Toolbar-S&D en double-cliquant sur le raccourci
.
Ø Tape sur "2" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

0
Réponse 16 / 28
wen452 Messages postés 47 Date d'inscription lundi 20 juillet 2009 Statut Membre Dernière intervention 2 janvier 2014
21 juil. 2009 à 14:18
voilà :
-----------\\ ToolBar S&D 1.2.8 XP/Vista


"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 21/07/2009|14:16 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Aurelie\Cookies\aurelie@www.bananalotto[2].txt
Supprime! - C:\Program Files\Crawler\Download
Supprime! - C:\Program Files\Crawler\Shared
Supprime! - C:\Program Files\Crawler\SSaver
Supprime! - C:\Program Files\Crawler\ssmodules.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Screensaver
Supprime! - C:\Program Files\Crawler

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 21/07/2009|13:31 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 21/07/2009|14:18 - Option : [2]

-----------\\ Fin du rapport a 14:18:24,87
0
Réponse 17 / 28
Utilisateur anonyme
22 juil. 2009 à 10:23
relances un OTL tout neuf stp par le meme moyen utilisé plus haut
0
Réponse 18 / 28
wen452 Messages postés 47 Date d'inscription lundi 20 juillet 2009 Statut Membre Dernière intervention 2 janvier 2014
22 juil. 2009 à 10:50
Voilà :
http://www.cijoint.fr/cjlink.php?file=cj200907/cijHLuQrEN.txt

ce matin mon ordi a redémaré tout seul deux fois....
Une fois lorsque je parcourait un site que je connais, une autre alors que j'étais sur le bureau en train de faire le scan...

Je vais télécharger IE 8, c'était le 7 que j'avais mis avant, peut-être que le 8 me conviendra mieux

Merci !
Wen
0
Réponse 19 / 28
wen452 Messages postés 47 Date d'inscription lundi 20 juillet 2009 Statut Membre Dernière intervention 2 janvier 2014
22 juil. 2009 à 12:44
Mon ordi a encore redémarré seul et refusait de redémarrer.
Devrais-je restaurer le systéme avant les opérations que vous m'avez fait faire, au cas où ?
0
Réponse 20 / 28
Utilisateur anonyme
23 juil. 2009 à 10:56
salut non je ne pense pas cela necessaire

tu devrais voir si'il n y a pas trop de poussiere à l interieur

il le fait n'importe quand ou quand tu travailles dessus ?
0

Discussions similaires

Connexion impossible sur coco.fr
Folya -
Xileh -

6 réponses
je peux plus me connecter sur coco.fr
Domi -
pasc -

3 réponses
Formaté mais pas de connexion Internet ?
VissErale -
VissErale -

4 réponses
[SUJET GROUPÉ] Problèmes rencontrés sur le site COCO.
Pisceneo -
Radinoz -

17 réponses