Help! Plantage pc sans arrêt
Résolu/Fermé
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
-
26 nov. 2009 à 21:26
Utilisateur anonyme - 3 déc. 2009 à 19:33
Utilisateur anonyme - 3 déc. 2009 à 19:33
A voir également:
- Help! Plantage pc sans arrêt
- Benchmark pc - Guide
- Ecran noir pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Télécharger musique gratuitement sur pc - Télécharger - Conversion & Extraction
59 réponses
lu dans un forum que fallait surtout pas faire ça quand le pc était infecté...!
en mode sans echec les virus sont inactifs pour la plupart
tente l'option 2 en mode sans echec toujours
en mode sans echec les virus sont inactifs pour la plupart
tente l'option 2 en mode sans echec toujours
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
30 nov. 2009 à 19:41
30 nov. 2009 à 19:41
Je retente,
Adieu... (lol)
Adieu... (lol)
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
30 nov. 2009 à 20:21
30 nov. 2009 à 20:21
Yiiihaaa!
ça a marché en mode normal avec option 2.
voici le log:
############################## | FindyKill V5.020 |
# User : claude (Administrateurs) # PCGRISECIVE
# Update on 26/11/2009 by Chiquitine29
# Start at: 19:46:33 | 30/11/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : Antivirus BitDefender 12.0 [ (!) Disabled | (!) Outdated ]
# AV : avast! antivirus 4.8.1351 [VPS 091130-1] 4.8.1351 [ Enabled | Updated ]
# FW : Pare-feu BitDefender [ (!) Disabled ]12.0
# C:\ # Disque fixe local # 126,7 Go (69,09 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1,89 Go (549,41 Mo free) [FLASH DISK] # FAT32
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# K:\ # Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Borland\Interbase\bin\IbGuard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\Interbase\bin\IbServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\WINDOWS |
Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## | C:\WINDOWS\system32 |
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\claude\Application Data |
################## | Autres suppressions ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallOverride"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.020 ! |
ça a marché en mode normal avec option 2.
voici le log:
############################## | FindyKill V5.020 |
# User : claude (Administrateurs) # PCGRISECIVE
# Update on 26/11/2009 by Chiquitine29
# Start at: 19:46:33 | 30/11/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : Antivirus BitDefender 12.0 [ (!) Disabled | (!) Outdated ]
# AV : avast! antivirus 4.8.1351 [VPS 091130-1] 4.8.1351 [ Enabled | Updated ]
# FW : Pare-feu BitDefender [ (!) Disabled ]12.0
# C:\ # Disque fixe local # 126,7 Go (69,09 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1,89 Go (549,41 Mo free) [FLASH DISK] # FAT32
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# K:\ # Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Borland\Interbase\bin\IbGuard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\Interbase\bin\IbServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\WINDOWS |
Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## | C:\WINDOWS\system32 |
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\claude\Application Data |
################## | Autres suppressions ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallOverride"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.020 ! |
C:\WINDOWS\vbface.INI
peux-tu poster le contenu de ceci(ne double-clique pas dessus => clic droit / modifier) puis tu colles ici
peux-tu poster le contenu de ceci(ne double-clique pas dessus => clic droit / modifier) puis tu colles ici
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
30 nov. 2009 à 20:41
30 nov. 2009 à 20:41
Il n'y a pas l'option modifier avec le clic droit.
Voici le copier/coller.
J'ai l'impression que ça va mieux (pas de plantage depuis 1/2h...
[RestoreIT!_Bar_State-Summary]
Bars=3
ScreenCX=1440
ScreenCY=900
[RestoreIT!_Bar_State-Bar0]
BarID=59392
XPos=-2
YPos=-2
Docking=1
MRUDockID=0
MRUDockLeftPos=-2
MRUDockTopPos=-2
MRUDockRightPos=378
MRUDockBottomPos=41
MRUFloatStyle=8196
MRUFloatXPos=-1
MRUFloatYPos=0
[RestoreIT!_Bar_State-Bar1]
BarID=59393
[RestoreIT!_Bar_State-Bar2]
BarID=59419
Bars=3
Bar#0=0
Bar#1=59392
Bar#2=0
Voici le copier/coller.
J'ai l'impression que ça va mieux (pas de plantage depuis 1/2h...
[RestoreIT!_Bar_State-Summary]
Bars=3
ScreenCX=1440
ScreenCY=900
[RestoreIT!_Bar_State-Bar0]
BarID=59392
XPos=-2
YPos=-2
Docking=1
MRUDockID=0
MRUDockLeftPos=-2
MRUDockTopPos=-2
MRUDockRightPos=378
MRUDockBottomPos=41
MRUFloatStyle=8196
MRUFloatXPos=-1
MRUFloatYPos=0
[RestoreIT!_Bar_State-Bar1]
BarID=59393
[RestoreIT!_Bar_State-Bar2]
BarID=59419
Bars=3
Bar#0=0
Bar#1=59392
Bar#2=0
c'est bon c'est un fichier qui va avec ta restauration du logiciel RestoreIt
on a debloqué des services
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
on a debloqué des services
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
30 nov. 2009 à 21:23
30 nov. 2009 à 21:23
log OTL posté.
j'ai toujours pas de lien , tu lis mal l'énoncé ;)
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
1 déc. 2009 à 18:03
1 déc. 2009 à 18:03
Désolé, je ne suis pas allé jusqu'aun bout.
Voici le lien:http://www.cijoint.fr/cjlink.php?file=cj200912/cij7BsaEsF.txt
+ le log extra
http://www.cijoint.fr/cjlink.php?file=cj200912/cijdsvGLTV.txt
Voici le lien:http://www.cijoint.fr/cjlink.php?file=cj200912/cij7BsaEsF.txt
+ le log extra
http://www.cijoint.fr/cjlink.php?file=cj200912/cijdsvGLTV.txt
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
1 déc. 2009 à 17:47
1 déc. 2009 à 17:47
Désolé, je ne suis pas allé jusqu'aun bout.
Voici le lien:http://www.cijoint.fr/cjlink.php?file=cj200912/cij7BsaEsF.txt
Voici le lien:http://www.cijoint.fr/cjlink.php?file=cj200912/cij7BsaEsF.txt
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
1 déc. 2009 à 17:50
1 déc. 2009 à 17:50
+ le log extra
http://www.cijoint.fr/cjlink.php?file=cj200912/cijdsvGLTV.txt
http://www.cijoint.fr/cjlink.php?file=cj200912/cijdsvGLTV.txt
fais attention a ce que tu fais stp
tu ne m as pas envoyé le log.txt mais le rapport de findykill !
tu ne m as pas envoyé le log.txt mais le rapport de findykill !
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
1 déc. 2009 à 20:36
1 déc. 2009 à 20:36
décidément, j'ai du mal.
lien log OTL:
http://www.cijoint.fr/cjlink.php?file=cj200912/cijpzZRsS2.txt
+ log extra:
http://www.cijoint.fr/cjlink.php?file=cj200912/cijYjgKKpQ.txt
J'espère que c'est bon...
lien log OTL:
http://www.cijoint.fr/cjlink.php?file=cj200912/cijpzZRsS2.txt
+ log extra:
http://www.cijoint.fr/cjlink.php?file=cj200912/cijYjgKKpQ.txt
J'espère que c'est bon...
▶ Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau.
▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
▶- Coche la case devant : sites de confiance
▶- Ne coche aucune autre case
▶-Clique sur Restaurer
▶-Redémarre ton PC
ensuite :
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\system32\drivers\VVBackd5.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
ensuite :
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O4 - Startup: C:\Documents and Settings\virginie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Component Manager"=-
"HP Software Update"=-
:files
C:\Kill'em
C:\Documents and Settings\claude\Local Settings\Application Data\eSupport.com
C:\Documents and Settings\All Users\Application Data\McAfee
C:\Documents and Settings\claude\Bureau\List_Kill'em.exe
C:\Documents and Settings\claude\Bureau\Raccourci vers ComboFix.exe.lnk
C:\Documents and Settings\All Users\Application Data\118300.34
C:\Documents and Settings\All Users\Application Data\Ultima_T15
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
▶- Coche la case devant : sites de confiance
▶- Ne coche aucune autre case
▶-Clique sur Restaurer
▶-Redémarre ton PC
ensuite :
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\system32\drivers\VVBackd5.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
ensuite :
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O4 - Startup: C:\Documents and Settings\virginie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Component Manager"=-
"HP Software Update"=-
:files
C:\Kill'em
C:\Documents and Settings\claude\Local Settings\Application Data\eSupport.com
C:\Documents and Settings\All Users\Application Data\McAfee
C:\Documents and Settings\claude\Bureau\List_Kill'em.exe
C:\Documents and Settings\claude\Bureau\Raccourci vers ComboFix.exe.lnk
C:\Documents and Settings\All Users\Application Data\118300.34
C:\Documents and Settings\All Users\Application Data\Ultima_T15
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
2 déc. 2009 à 18:11
2 déc. 2009 à 18:11
J'ai fait le necessaire (voir discussion).
Qu'est-ce que tu en penses?
Qu'est-ce que tu en penses?
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
2 déc. 2009 à 14:11
2 déc. 2009 à 14:11
Bonjour,
résultat du scan virustotal:
Fichier VVBackd5.sys reçu le 2009.12.02 13:05:44 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.02 -
AhnLab-V3 5.0.0.2 2009.12.02 -
AntiVir 7.9.1.92 2009.12.02 -
Antiy-AVL 2.0.3.7 2009.12.02 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.02 -
AVG 8.5.0.426 2009.12.02 -
BitDefender 7.2 2009.12.02 -
CAT-QuickHeal 10.00 2009.12.02 -
ClamAV 0.94.1 2009.12.02 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.02 -
eSafe 7.0.17.0 2009.12.01 -
eTrust-Vet 35.1.7152 2009.12.02 -
F-Prot 4.5.1.85 2009.12.02 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.12.02 -
GData 19 2009.12.02 -
Ikarus T3.1.1.74.0 2009.12.02 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.12.02 -
McAfee 5819 2009.12.01 -
McAfee+Artemis 5819 2009.12.01 -
McAfee-GW-Edition 6.8.5 2009.12.02 -
Microsoft 1.5302 2009.12.02 -
NOD32 4654 2009.12.02 -
Norman 6.03.02 2009.12.02 -
nProtect 2009.1.8.0 2009.12.02 -
Panda 10.0.2.2 2009.12.02 -
PCTools 7.0.3.5 2009.12.02 -
Prevx 3.0 2009.12.02 -
Rising 22.24.02.09 2009.12.02 -
Sophos 4.48.0 2009.12.02 -
Sunbelt 3.2.1858.2 2009.12.02 -
Symantec 1.4.4.12 2009.12.02 -
TheHacker 6.5.0.2.083 2009.12.01 -
TrendMicro 9.100.0.1001 2009.12.02 -
VBA32 3.12.12.0 2009.12.02 -
ViRobot 2009.12.2.2068 2009.12.02 -
VirusBuster 5.0.21.0 2009.12.01 -
Information additionnelle
File size: 179482 bytes
MD5...: 0f973c30146ebf2fce236abc541852c8
SHA1..: 149b86db4c3b56789448c56d0151827e36e06557
SHA256: 7ea443ec4067564bdf0dcb25fca74e2cd182eb34ea29a370b50b88f10a67bfeb
ssdeep: 1536:Qe6ft4iTxzMO0jAr0xHJ6QAHbNe9zH4BZZZZZ8ZZZZZJ4xm3+f:QPV4iTWO<br>080xp6QAHY9zixA+f<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x291e0<br>timedatestamp.....: 0x3ec1b660 (Wed May 14 03:22:08 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2a0 0x1081a 0x10820 6.50 4d774bbad61e8ecad3f4608cddda0706<br>.rdata 0x10ac0 0x188 0x1a0 3.79 b1f981c63814db099ae327f87aa11ed9<br>.data 0x10c60 0x17de0 0x17de0 0.02 a13c4d1bbc21bb538a8a90b7b38f45f3<br>PAGE 0x28a40 0x783 0x7a0 6.17 6e7a50847fef34a288d9d33956c040a8<br>INIT 0x291e0 0x7c0 0x7c0 5.65 95f25cc9b69b3281b8497e872277f8fe<br>.reloc 0x299a0 0x11ee 0x1200 6.46 4e549c84091da2eb1e8ed5ebf960c9b8<br><br>( 3 imports ) <br>> ntoskrnl.exe: _allmul, KeWaitForSingleObject, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoFreeIrp, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoAllocateIrp, KeCancelTimer, KeSetTimer, MmAllocateContiguousMemory, ExAllocatePoolWithTag, ExFreePool, ExSystemTimeToLocalTime, KeQuerySystemTime, _allrem, _alldiv, MmMapIoSpace, KeInitializeDpc, KeInitializeTimer, KeInitializeSpinLock, KeSetEvent, sprintf, IoBuildDeviceIoControlRequest, swprintf, ObfDereferenceObject, IoGetConfigurationInformation, RtlCopyUnicodeString, IoDeleteDevice, IoAttachDeviceToDeviceStack, KeNumberProcessors, IoCreateDevice, IofCompleteRequest, InterlockedDecrement, InterlockedIncrement, IoDetachDevice, InterlockedExchange, IoWMIRegistrationControl, PoCallDriver, PoStartNextPowerIrp, DbgPrint, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, strncmp, MmMapLockedPagesSpecifyCache, ObReferenceObjectByHandle, ExEventObjectType, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, RtlInitUnicodeString, ZwCreateFile, ZwWriteFile, ZwReadFile, ZwClose, KefReleaseSpinLockFromDpcLevel, IoGetDeviceObjectPointer, KefAcquireSpinLockAtDpcLevel<br>> HAL.dll: KeGetCurrentIrql, KeQueryPerformanceCounter, KfReleaseSpinLock, KfAcquireSpinLock<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.02 -
AhnLab-V3 5.0.0.2 2009.12.02 -
AntiVir 7.9.1.92 2009.12.02 -
Antiy-AVL 2.0.3.7 2009.12.02 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.02 -
AVG 8.5.0.426 2009.12.02 -
BitDefender 7.2 2009.12.02 -
CAT-QuickHeal 10.00 2009.12.02 -
ClamAV 0.94.1 2009.12.02 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.02 -
eSafe 7.0.17.0 2009.12.01 -
eTrust-Vet 35.1.7152 2009.12.02 -
F-Prot 4.5.1.85 2009.12.02 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.12.02 -
GData 19 2009.12.02 -
Ikarus T3.1.1.74.0 2009.12.02 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.12.02 -
McAfee 5819 2009.12.01 -
McAfee+Artemis 5819 2009.12.01 -
McAfee-GW-Edition 6.8.5 2009.12.02 -
Microsoft 1.5302 2009.12.02 -
NOD32 4654 2009.12.02 -
Norman 6.03.02 2009.12.02 -
nProtect 2009.1.8.0 2009.12.02 -
Panda 10.0.2.2 2009.12.02 -
PCTools 7.0.3.5 2009.12.02 -
Prevx 3.0 2009.12.02 -
Rising 22.24.02.09 2009.12.02 -
Sophos 4.48.0 2009.12.02 -
Sunbelt 3.2.1858.2 2009.12.02 -
Symantec 1.4.4.12 2009.12.02 -
TheHacker 6.5.0.2.083 2009.12.01 -
TrendMicro 9.100.0.1001 2009.12.02 -
VBA32 3.12.12.0 2009.12.02 -
ViRobot 2009.12.2.2068 2009.12.02 -
VirusBuster 5.0.21.0 2009.12.01 -
Information additionnelle
File size: 179482 bytes
MD5...: 0f973c30146ebf2fce236abc541852c8
SHA1..: 149b86db4c3b56789448c56d0151827e36e06557
SHA256: 7ea443ec4067564bdf0dcb25fca74e2cd182eb34ea29a370b50b88f10a67bfeb
ssdeep: 1536:Qe6ft4iTxzMO0jAr0xHJ6QAHbNe9zH4BZZZZZ8ZZZZZJ4xm3+f:QPV4iTWO<br>080xp6QAHY9zixA+f<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x291e0<br>timedatestamp.....: 0x3ec1b660 (Wed May 14 03:22:08 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2a0 0x1081a 0x10820 6.50 4d774bbad61e8ecad3f4608cddda0706<br>.rdata 0x10ac0 0x188 0x1a0 3.79 b1f981c63814db099ae327f87aa11ed9<br>.data 0x10c60 0x17de0 0x17de0 0.02 a13c4d1bbc21bb538a8a90b7b38f45f3<br>PAGE 0x28a40 0x783 0x7a0 6.17 6e7a50847fef34a288d9d33956c040a8<br>INIT 0x291e0 0x7c0 0x7c0 5.65 95f25cc9b69b3281b8497e872277f8fe<br>.reloc 0x299a0 0x11ee 0x1200 6.46 4e549c84091da2eb1e8ed5ebf960c9b8<br><br>( 3 imports ) <br>> ntoskrnl.exe: _allmul, KeWaitForSingleObject, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoFreeIrp, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoAllocateIrp, KeCancelTimer, KeSetTimer, MmAllocateContiguousMemory, ExAllocatePoolWithTag, ExFreePool, ExSystemTimeToLocalTime, KeQuerySystemTime, _allrem, _alldiv, MmMapIoSpace, KeInitializeDpc, KeInitializeTimer, KeInitializeSpinLock, KeSetEvent, sprintf, IoBuildDeviceIoControlRequest, swprintf, ObfDereferenceObject, IoGetConfigurationInformation, RtlCopyUnicodeString, IoDeleteDevice, IoAttachDeviceToDeviceStack, KeNumberProcessors, IoCreateDevice, IofCompleteRequest, InterlockedDecrement, InterlockedIncrement, IoDetachDevice, InterlockedExchange, IoWMIRegistrationControl, PoCallDriver, PoStartNextPowerIrp, DbgPrint, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, strncmp, MmMapLockedPagesSpecifyCache, ObReferenceObjectByHandle, ExEventObjectType, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, RtlInitUnicodeString, ZwCreateFile, ZwWriteFile, ZwReadFile, ZwClose, KefReleaseSpinLockFromDpcLevel, IoGetDeviceObjectPointer, KefAcquireSpinLockAtDpcLevel<br>> HAL.dll: KeGetCurrentIrql, KeQueryPerformanceCounter, KfReleaseSpinLock, KfAcquireSpinLock<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
résultat du scan virustotal:
Fichier VVBackd5.sys reçu le 2009.12.02 13:05:44 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.02 -
AhnLab-V3 5.0.0.2 2009.12.02 -
AntiVir 7.9.1.92 2009.12.02 -
Antiy-AVL 2.0.3.7 2009.12.02 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.02 -
AVG 8.5.0.426 2009.12.02 -
BitDefender 7.2 2009.12.02 -
CAT-QuickHeal 10.00 2009.12.02 -
ClamAV 0.94.1 2009.12.02 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.02 -
eSafe 7.0.17.0 2009.12.01 -
eTrust-Vet 35.1.7152 2009.12.02 -
F-Prot 4.5.1.85 2009.12.02 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.12.02 -
GData 19 2009.12.02 -
Ikarus T3.1.1.74.0 2009.12.02 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.12.02 -
McAfee 5819 2009.12.01 -
McAfee+Artemis 5819 2009.12.01 -
McAfee-GW-Edition 6.8.5 2009.12.02 -
Microsoft 1.5302 2009.12.02 -
NOD32 4654 2009.12.02 -
Norman 6.03.02 2009.12.02 -
nProtect 2009.1.8.0 2009.12.02 -
Panda 10.0.2.2 2009.12.02 -
PCTools 7.0.3.5 2009.12.02 -
Prevx 3.0 2009.12.02 -
Rising 22.24.02.09 2009.12.02 -
Sophos 4.48.0 2009.12.02 -
Sunbelt 3.2.1858.2 2009.12.02 -
Symantec 1.4.4.12 2009.12.02 -
TheHacker 6.5.0.2.083 2009.12.01 -
TrendMicro 9.100.0.1001 2009.12.02 -
VBA32 3.12.12.0 2009.12.02 -
ViRobot 2009.12.2.2068 2009.12.02 -
VirusBuster 5.0.21.0 2009.12.01 -
Information additionnelle
File size: 179482 bytes
MD5...: 0f973c30146ebf2fce236abc541852c8
SHA1..: 149b86db4c3b56789448c56d0151827e36e06557
SHA256: 7ea443ec4067564bdf0dcb25fca74e2cd182eb34ea29a370b50b88f10a67bfeb
ssdeep: 1536:Qe6ft4iTxzMO0jAr0xHJ6QAHbNe9zH4BZZZZZ8ZZZZZJ4xm3+f:QPV4iTWO<br>080xp6QAHY9zixA+f<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x291e0<br>timedatestamp.....: 0x3ec1b660 (Wed May 14 03:22:08 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2a0 0x1081a 0x10820 6.50 4d774bbad61e8ecad3f4608cddda0706<br>.rdata 0x10ac0 0x188 0x1a0 3.79 b1f981c63814db099ae327f87aa11ed9<br>.data 0x10c60 0x17de0 0x17de0 0.02 a13c4d1bbc21bb538a8a90b7b38f45f3<br>PAGE 0x28a40 0x783 0x7a0 6.17 6e7a50847fef34a288d9d33956c040a8<br>INIT 0x291e0 0x7c0 0x7c0 5.65 95f25cc9b69b3281b8497e872277f8fe<br>.reloc 0x299a0 0x11ee 0x1200 6.46 4e549c84091da2eb1e8ed5ebf960c9b8<br><br>( 3 imports ) <br>> ntoskrnl.exe: _allmul, KeWaitForSingleObject, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoFreeIrp, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoAllocateIrp, KeCancelTimer, KeSetTimer, MmAllocateContiguousMemory, ExAllocatePoolWithTag, ExFreePool, ExSystemTimeToLocalTime, KeQuerySystemTime, _allrem, _alldiv, MmMapIoSpace, KeInitializeDpc, KeInitializeTimer, KeInitializeSpinLock, KeSetEvent, sprintf, IoBuildDeviceIoControlRequest, swprintf, ObfDereferenceObject, IoGetConfigurationInformation, RtlCopyUnicodeString, IoDeleteDevice, IoAttachDeviceToDeviceStack, KeNumberProcessors, IoCreateDevice, IofCompleteRequest, InterlockedDecrement, InterlockedIncrement, IoDetachDevice, InterlockedExchange, IoWMIRegistrationControl, PoCallDriver, PoStartNextPowerIrp, DbgPrint, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, strncmp, MmMapLockedPagesSpecifyCache, ObReferenceObjectByHandle, ExEventObjectType, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, RtlInitUnicodeString, ZwCreateFile, ZwWriteFile, ZwReadFile, ZwClose, KefReleaseSpinLockFromDpcLevel, IoGetDeviceObjectPointer, KefAcquireSpinLockAtDpcLevel<br>> HAL.dll: KeGetCurrentIrql, KeQueryPerformanceCounter, KfReleaseSpinLock, KfAcquireSpinLock<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.02 -
AhnLab-V3 5.0.0.2 2009.12.02 -
AntiVir 7.9.1.92 2009.12.02 -
Antiy-AVL 2.0.3.7 2009.12.02 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.02 -
AVG 8.5.0.426 2009.12.02 -
BitDefender 7.2 2009.12.02 -
CAT-QuickHeal 10.00 2009.12.02 -
ClamAV 0.94.1 2009.12.02 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.02 -
eSafe 7.0.17.0 2009.12.01 -
eTrust-Vet 35.1.7152 2009.12.02 -
F-Prot 4.5.1.85 2009.12.02 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.12.02 -
GData 19 2009.12.02 -
Ikarus T3.1.1.74.0 2009.12.02 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.12.02 -
McAfee 5819 2009.12.01 -
McAfee+Artemis 5819 2009.12.01 -
McAfee-GW-Edition 6.8.5 2009.12.02 -
Microsoft 1.5302 2009.12.02 -
NOD32 4654 2009.12.02 -
Norman 6.03.02 2009.12.02 -
nProtect 2009.1.8.0 2009.12.02 -
Panda 10.0.2.2 2009.12.02 -
PCTools 7.0.3.5 2009.12.02 -
Prevx 3.0 2009.12.02 -
Rising 22.24.02.09 2009.12.02 -
Sophos 4.48.0 2009.12.02 -
Sunbelt 3.2.1858.2 2009.12.02 -
Symantec 1.4.4.12 2009.12.02 -
TheHacker 6.5.0.2.083 2009.12.01 -
TrendMicro 9.100.0.1001 2009.12.02 -
VBA32 3.12.12.0 2009.12.02 -
ViRobot 2009.12.2.2068 2009.12.02 -
VirusBuster 5.0.21.0 2009.12.01 -
Information additionnelle
File size: 179482 bytes
MD5...: 0f973c30146ebf2fce236abc541852c8
SHA1..: 149b86db4c3b56789448c56d0151827e36e06557
SHA256: 7ea443ec4067564bdf0dcb25fca74e2cd182eb34ea29a370b50b88f10a67bfeb
ssdeep: 1536:Qe6ft4iTxzMO0jAr0xHJ6QAHbNe9zH4BZZZZZ8ZZZZZJ4xm3+f:QPV4iTWO<br>080xp6QAHY9zixA+f<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x291e0<br>timedatestamp.....: 0x3ec1b660 (Wed May 14 03:22:08 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2a0 0x1081a 0x10820 6.50 4d774bbad61e8ecad3f4608cddda0706<br>.rdata 0x10ac0 0x188 0x1a0 3.79 b1f981c63814db099ae327f87aa11ed9<br>.data 0x10c60 0x17de0 0x17de0 0.02 a13c4d1bbc21bb538a8a90b7b38f45f3<br>PAGE 0x28a40 0x783 0x7a0 6.17 6e7a50847fef34a288d9d33956c040a8<br>INIT 0x291e0 0x7c0 0x7c0 5.65 95f25cc9b69b3281b8497e872277f8fe<br>.reloc 0x299a0 0x11ee 0x1200 6.46 4e549c84091da2eb1e8ed5ebf960c9b8<br><br>( 3 imports ) <br>> ntoskrnl.exe: _allmul, KeWaitForSingleObject, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoFreeIrp, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoAllocateIrp, KeCancelTimer, KeSetTimer, MmAllocateContiguousMemory, ExAllocatePoolWithTag, ExFreePool, ExSystemTimeToLocalTime, KeQuerySystemTime, _allrem, _alldiv, MmMapIoSpace, KeInitializeDpc, KeInitializeTimer, KeInitializeSpinLock, KeSetEvent, sprintf, IoBuildDeviceIoControlRequest, swprintf, ObfDereferenceObject, IoGetConfigurationInformation, RtlCopyUnicodeString, IoDeleteDevice, IoAttachDeviceToDeviceStack, KeNumberProcessors, IoCreateDevice, IofCompleteRequest, InterlockedDecrement, InterlockedIncrement, IoDetachDevice, InterlockedExchange, IoWMIRegistrationControl, PoCallDriver, PoStartNextPowerIrp, DbgPrint, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, strncmp, MmMapLockedPagesSpecifyCache, ObReferenceObjectByHandle, ExEventObjectType, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, RtlInitUnicodeString, ZwCreateFile, ZwWriteFile, ZwReadFile, ZwClose, KefReleaseSpinLockFromDpcLevel, IoGetDeviceObjectPointer, KefAcquireSpinLockAtDpcLevel<br>> HAL.dll: KeGetCurrentIrql, KeQueryPerformanceCounter, KfReleaseSpinLock, KfAcquireSpinLock<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
2 déc. 2009 à 15:16
2 déc. 2009 à 15:16
rapport OTL:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
C:\Documents and Settings\virginie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Component Manager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
========== FILES ==========
C:\Kill'em\Winsudate.Kill'em folder moved successfully.
C:\Kill'em folder moved successfully.
C:\Documents and Settings\claude\Local Settings\Application Data\eSupport.com folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee folder moved successfully.
C:\Documents and Settings\claude\Bureau\List_Kill'em.exe moved successfully.
C:\Documents and Settings\claude\Bureau\Raccourci vers ComboFix.exe.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\118300.34 moved successfully.
C:\Documents and Settings\All Users\Application Data\Ultima_T15 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 205815 bytes
User: All Users
User: claude
->Temp folder emptied: 19773030 bytes
->Temporary Internet Files folder emptied: 78013 bytes
->Java cache emptied: 10964 bytes
->FireFox cache emptied: 38838150 bytes
User: cléo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: saul
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: virginie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 928828 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 22484 bytes
Total Files Cleaned = 57,21 mb
OTL by OldTimer - Version 3.1.11.4 log created on 12022009_141331
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat not found!
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
C:\Documents and Settings\virginie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Component Manager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
========== FILES ==========
C:\Kill'em\Winsudate.Kill'em folder moved successfully.
C:\Kill'em folder moved successfully.
C:\Documents and Settings\claude\Local Settings\Application Data\eSupport.com folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee folder moved successfully.
C:\Documents and Settings\claude\Bureau\List_Kill'em.exe moved successfully.
C:\Documents and Settings\claude\Bureau\Raccourci vers ComboFix.exe.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\118300.34 moved successfully.
C:\Documents and Settings\All Users\Application Data\Ultima_T15 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 205815 bytes
User: All Users
User: claude
->Temp folder emptied: 19773030 bytes
->Temporary Internet Files folder emptied: 78013 bytes
->Java cache emptied: 10964 bytes
->FireFox cache emptied: 38838150 bytes
User: cléo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: saul
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: virginie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 928828 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 22484 bytes
Total Files Cleaned = 57,21 mb
OTL by OldTimer - Version 3.1.11.4 log created on 12022009_141331
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat not found!
Registry entries deleted on Reboot...
ton pc plante toujours sans arret ?
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
2 déc. 2009 à 20:55
2 déc. 2009 à 20:55
Il semblerait qu'il y ait un net mieux, mais:
En effet, j'ai pu lancer en même temps youtube,dailymotion,,adobe,wmp, outlook sans plantage... jusqu'au plantage!
Après, toujours pareil: reboot immédiat = lancement du bios, lancement phoenix puis page noire ou sous-éclairée.
J'ai attendu quelques minutes (3-4) pour pouvoir atteindre windows.
Bref, ça va mieux mais c'est pas encore ça.
PS: j'ai fait quelques modif sur firefox pour ménager la mémoire vive.
En effet, j'ai pu lancer en même temps youtube,dailymotion,,adobe,wmp, outlook sans plantage... jusqu'au plantage!
Après, toujours pareil: reboot immédiat = lancement du bios, lancement phoenix puis page noire ou sous-éclairée.
J'ai attendu quelques minutes (3-4) pour pouvoir atteindre windows.
Bref, ça va mieux mais c'est pas encore ça.
PS: j'ai fait quelques modif sur firefox pour ménager la mémoire vive.
avec 512 Mo de ram , c est sur !!!
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
2 déc. 2009 à 21:35
2 déc. 2009 à 21:35
Merci pour le commentaire mais venant de toi, c'est plutôt une solution que je cherche.
Qu'est-ce que tu penses de tout ça? pbm hardware?
Qu'est-ce que tu penses de tout ça? pbm hardware?
bc47
Messages postés
79
Date d'inscription
mardi 12 juin 2007
Statut
Membre
Dernière intervention
29 avril 2014
2
3 déc. 2009 à 19:12
3 déc. 2009 à 19:12
Bonjour gen-hackman,
Mon problème n'est pas résolu.
Selon toi, sur le plan virus/sécurité, je voudrais savoir :
1/ mon pc était-il infecté et par quoi.?
2/y a-t-il autre chose à faire?
penses-tu que rajouter de la ram résoudra le pbm, sachant que, il 2 ou 3 semaines encore, je n'avais aucun pbm.
j'attends ta réponse et tes conseils sur ce point.
En tout cas, merci à Flo 91 et à toi pour votre aide.
bc47
Mon problème n'est pas résolu.
Selon toi, sur le plan virus/sécurité, je voudrais savoir :
1/ mon pc était-il infecté et par quoi.?
2/y a-t-il autre chose à faire?
penses-tu que rajouter de la ram résoudra le pbm, sachant que, il 2 ou 3 semaines encore, je n'avais aucun pbm.
j'attends ta réponse et tes conseils sur ce point.
En tout cas, merci à Flo 91 et à toi pour votre aide.
bc47