Help! Plantage pc sans arrêt
Résolu
bc47
Messages postés
79
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Mon pc plante sans arrêt depuis quelques jours lors d'utilisation simultanée de pgm ou de connexion web multiples.
J'ai fait un dépoussiérage de la tour mais pas de changement.
Le pc plante avant les scan antivirus complet (avast/secuser) donc impossible de savoir s'il y a un virus.
J'ai plein de photo et de films de mes gosses dans la machin et je ne veux pas les perdre!
Aidez-moi SVP.
Voici ma config:
Version EVEREST v2.20.405/fr
Site web http://www.lavalys.com/
Type de rapport Rapport rapide
Ordinateur
Générateur claude
Système d'exploitation Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail)
Date 2009-11-26
Heure 21:18
--------[ Résumé ]------------------------------------------------------------------------------------------------------
Ordinateur:
Système d'exploitation Microsoft Windows XP Home Edition
Service Pack du système Service Pack 3
DirectX 4.09.00.0904 (DirectX 9.0c)
Nom du système
Nom de l'utilisateur claude
Carte mère:
Type de processeur Intel Pentium 4, 3000 MHz (15 x 200)
Nom de la carte mère Chaintech MPT800 (3 PCI, 1 AGP, 2 DDR DIMM, Audio, LAN)
Chipset de la carte mère VIA Apollo P4X533/PT880
Mémoire système 512 Mo
Type de BIOS Award (05/10/04)
Port de communication Port de communication (COM1)
Port de communication Port de communication (COM2)
Port de communication Port imprimante ECP (LPT1)
Moniteur:
Carte vidéo NVIDIA GeForce FX 5200LE (128 Mo)
Accélérateur 3D nVIDIA GeForce FX 5200LE
Moniteur Écran Plug-and-Play [NoDB] (HSGP103339)
Multimédia:
Carte audio VIA AC'97 Enhanced Audio Controller
et le rapport hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:37, on 26/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Borland\Interbase\bin\IbGuard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\Interbase\bin\IbServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\claude\Mes documents\My eBooks\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tropal.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{011FC59E-5411-4AFA-B733-0D9E7CBECEE9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS8\Services\Tcpip\..\{011FC59E-5411-4AFA-B733-0D9E7CBECEE9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS9\Services\Tcpip\..\{011FC59E-5411-4AFA-B733-0D9E7CBECEE9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS10\Services\Tcpip\..\{011FC59E-5411-4AFA-B733-0D9E7CBECEE9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS11\Services\Tcpip\..\{011FC59E-5411-4AFA-B733-0D9E7CBECEE9}: NameServer = 192.168.1.1
O23 - Service: Sweex Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\Program Files\Borland\Interbase\bin\IbGuard.exe
O23 - Service: InterBaseServer - Inprise Corporation - C:\Program Files\Borland\Interbase\bin\IbServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Mon pc plante sans arrêt depuis quelques jours lors d'utilisation simultanée de pgm ou de connexion web multiples.
J'ai fait un dépoussiérage de la tour mais pas de changement.
Le pc plante avant les scan antivirus complet (avast/secuser) donc impossible de savoir s'il y a un virus.
J'ai plein de photo et de films de mes gosses dans la machin et je ne veux pas les perdre!
Aidez-moi SVP.
Voici ma config:
Version EVEREST v2.20.405/fr
Site web http://www.lavalys.com/
Type de rapport Rapport rapide
Ordinateur
Générateur claude
Système d'exploitation Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail)
Date 2009-11-26
Heure 21:18
--------[ Résumé ]------------------------------------------------------------------------------------------------------
Ordinateur:
Système d'exploitation Microsoft Windows XP Home Edition
Service Pack du système Service Pack 3
DirectX 4.09.00.0904 (DirectX 9.0c)
Nom du système
Nom de l'utilisateur claude
Carte mère:
Type de processeur Intel Pentium 4, 3000 MHz (15 x 200)
Nom de la carte mère Chaintech MPT800 (3 PCI, 1 AGP, 2 DDR DIMM, Audio, LAN)
Chipset de la carte mère VIA Apollo P4X533/PT880
Mémoire système 512 Mo
Type de BIOS Award (05/10/04)
Port de communication Port de communication (COM1)
Port de communication Port de communication (COM2)
Port de communication Port imprimante ECP (LPT1)
Moniteur:
Carte vidéo NVIDIA GeForce FX 5200LE (128 Mo)
Accélérateur 3D nVIDIA GeForce FX 5200LE
Moniteur Écran Plug-and-Play [NoDB] (HSGP103339)
Multimédia:
Carte audio VIA AC'97 Enhanced Audio Controller
et le rapport hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:37, on 26/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Borland\Interbase\bin\IbGuard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\Interbase\bin\IbServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\claude\Mes documents\My eBooks\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tropal.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{011FC59E-5411-4AFA-B733-0D9E7CBECEE9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS8\Services\Tcpip\..\{011FC59E-5411-4AFA-B733-0D9E7CBECEE9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS9\Services\Tcpip\..\{011FC59E-5411-4AFA-B733-0D9E7CBECEE9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS10\Services\Tcpip\..\{011FC59E-5411-4AFA-B733-0D9E7CBECEE9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS11\Services\Tcpip\..\{011FC59E-5411-4AFA-B733-0D9E7CBECEE9}: NameServer = 192.168.1.1
O23 - Service: Sweex Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\Program Files\Borland\Interbase\bin\IbGuard.exe
O23 - Service: InterBaseServer - Inprise Corporation - C:\Program Files\Borland\Interbase\bin\IbServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:
- Help! Plantage pc sans arrêt
- Reinitialiser pc - Guide
- Test performance pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Reinitialiser pc sans mdp - Guide
59 réponses
lu dans un forum que fallait surtout pas faire ça quand le pc était infecté...!
en mode sans echec les virus sont inactifs pour la plupart
tente l'option 2 en mode sans echec toujours
en mode sans echec les virus sont inactifs pour la plupart
tente l'option 2 en mode sans echec toujours
Yiiihaaa!
ça a marché en mode normal avec option 2.
voici le log:
############################## | FindyKill V5.020 |
# User : claude (Administrateurs) # PCGRISECIVE
# Update on 26/11/2009 by Chiquitine29
# Start at: 19:46:33 | 30/11/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : Antivirus BitDefender 12.0 [ (!) Disabled | (!) Outdated ]
# AV : avast! antivirus 4.8.1351 [VPS 091130-1] 4.8.1351 [ Enabled | Updated ]
# FW : Pare-feu BitDefender [ (!) Disabled ]12.0
# C:\ # Disque fixe local # 126,7 Go (69,09 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1,89 Go (549,41 Mo free) [FLASH DISK] # FAT32
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# K:\ # Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Borland\Interbase\bin\IbGuard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\Interbase\bin\IbServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\WINDOWS |
Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## | C:\WINDOWS\system32 |
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\claude\Application Data |
################## | Autres suppressions ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallOverride"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.020 ! |
ça a marché en mode normal avec option 2.
voici le log:
############################## | FindyKill V5.020 |
# User : claude (Administrateurs) # PCGRISECIVE
# Update on 26/11/2009 by Chiquitine29
# Start at: 19:46:33 | 30/11/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : Antivirus BitDefender 12.0 [ (!) Disabled | (!) Outdated ]
# AV : avast! antivirus 4.8.1351 [VPS 091130-1] 4.8.1351 [ Enabled | Updated ]
# FW : Pare-feu BitDefender [ (!) Disabled ]12.0
# C:\ # Disque fixe local # 126,7 Go (69,09 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1,89 Go (549,41 Mo free) [FLASH DISK] # FAT32
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# K:\ # Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Borland\Interbase\bin\IbGuard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\Interbase\bin\IbServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\WINDOWS |
Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## | C:\WINDOWS\system32 |
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\claude\Application Data |
################## | Autres suppressions ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallOverride"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.020 ! |
C:\WINDOWS\vbface.INI
peux-tu poster le contenu de ceci(ne double-clique pas dessus => clic droit / modifier) puis tu colles ici
peux-tu poster le contenu de ceci(ne double-clique pas dessus => clic droit / modifier) puis tu colles ici
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Il n'y a pas l'option modifier avec le clic droit.
Voici le copier/coller.
J'ai l'impression que ça va mieux (pas de plantage depuis 1/2h...
[RestoreIT!_Bar_State-Summary]
Bars=3
ScreenCX=1440
ScreenCY=900
[RestoreIT!_Bar_State-Bar0]
BarID=59392
XPos=-2
YPos=-2
Docking=1
MRUDockID=0
MRUDockLeftPos=-2
MRUDockTopPos=-2
MRUDockRightPos=378
MRUDockBottomPos=41
MRUFloatStyle=8196
MRUFloatXPos=-1
MRUFloatYPos=0
[RestoreIT!_Bar_State-Bar1]
BarID=59393
[RestoreIT!_Bar_State-Bar2]
BarID=59419
Bars=3
Bar#0=0
Bar#1=59392
Bar#2=0
Voici le copier/coller.
J'ai l'impression que ça va mieux (pas de plantage depuis 1/2h...
[RestoreIT!_Bar_State-Summary]
Bars=3
ScreenCX=1440
ScreenCY=900
[RestoreIT!_Bar_State-Bar0]
BarID=59392
XPos=-2
YPos=-2
Docking=1
MRUDockID=0
MRUDockLeftPos=-2
MRUDockTopPos=-2
MRUDockRightPos=378
MRUDockBottomPos=41
MRUFloatStyle=8196
MRUFloatXPos=-1
MRUFloatYPos=0
[RestoreIT!_Bar_State-Bar1]
BarID=59393
[RestoreIT!_Bar_State-Bar2]
BarID=59419
Bars=3
Bar#0=0
Bar#1=59392
Bar#2=0
c'est bon c'est un fichier qui va avec ta restauration du logiciel RestoreIt
on a debloqué des services
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
on a debloqué des services
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
Désolé, je ne suis pas allé jusqu'aun bout.
Voici le lien:http://www.cijoint.fr/cjlink.php?file=cj200912/cij7BsaEsF.txt
Voici le lien:http://www.cijoint.fr/cjlink.php?file=cj200912/cij7BsaEsF.txt
▶ Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau.
▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
▶- Coche la case devant : sites de confiance
▶- Ne coche aucune autre case
▶-Clique sur Restaurer
▶-Redémarre ton PC
ensuite :
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\system32\drivers\VVBackd5.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
ensuite :
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O4 - Startup: C:\Documents and Settings\virginie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Component Manager"=-
"HP Software Update"=-
:files
C:\Kill'em
C:\Documents and Settings\claude\Local Settings\Application Data\eSupport.com
C:\Documents and Settings\All Users\Application Data\McAfee
C:\Documents and Settings\claude\Bureau\List_Kill'em.exe
C:\Documents and Settings\claude\Bureau\Raccourci vers ComboFix.exe.lnk
C:\Documents and Settings\All Users\Application Data\118300.34
C:\Documents and Settings\All Users\Application Data\Ultima_T15
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
▶- Coche la case devant : sites de confiance
▶- Ne coche aucune autre case
▶-Clique sur Restaurer
▶-Redémarre ton PC
ensuite :
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\system32\drivers\VVBackd5.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
ensuite :
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O4 - Startup: C:\Documents and Settings\virginie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Component Manager"=-
"HP Software Update"=-
:files
C:\Kill'em
C:\Documents and Settings\claude\Local Settings\Application Data\eSupport.com
C:\Documents and Settings\All Users\Application Data\McAfee
C:\Documents and Settings\claude\Bureau\List_Kill'em.exe
C:\Documents and Settings\claude\Bureau\Raccourci vers ComboFix.exe.lnk
C:\Documents and Settings\All Users\Application Data\118300.34
C:\Documents and Settings\All Users\Application Data\Ultima_T15
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
Bonjour,
résultat du scan virustotal:
Fichier VVBackd5.sys reçu le 2009.12.02 13:05:44 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.02 -
AhnLab-V3 5.0.0.2 2009.12.02 -
AntiVir 7.9.1.92 2009.12.02 -
Antiy-AVL 2.0.3.7 2009.12.02 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.02 -
AVG 8.5.0.426 2009.12.02 -
BitDefender 7.2 2009.12.02 -
CAT-QuickHeal 10.00 2009.12.02 -
ClamAV 0.94.1 2009.12.02 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.02 -
eSafe 7.0.17.0 2009.12.01 -
eTrust-Vet 35.1.7152 2009.12.02 -
F-Prot 4.5.1.85 2009.12.02 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.12.02 -
GData 19 2009.12.02 -
Ikarus T3.1.1.74.0 2009.12.02 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.12.02 -
McAfee 5819 2009.12.01 -
McAfee+Artemis 5819 2009.12.01 -
McAfee-GW-Edition 6.8.5 2009.12.02 -
Microsoft 1.5302 2009.12.02 -
NOD32 4654 2009.12.02 -
Norman 6.03.02 2009.12.02 -
nProtect 2009.1.8.0 2009.12.02 -
Panda 10.0.2.2 2009.12.02 -
PCTools 7.0.3.5 2009.12.02 -
Prevx 3.0 2009.12.02 -
Rising 22.24.02.09 2009.12.02 -
Sophos 4.48.0 2009.12.02 -
Sunbelt 3.2.1858.2 2009.12.02 -
Symantec 1.4.4.12 2009.12.02 -
TheHacker 6.5.0.2.083 2009.12.01 -
TrendMicro 9.100.0.1001 2009.12.02 -
VBA32 3.12.12.0 2009.12.02 -
ViRobot 2009.12.2.2068 2009.12.02 -
VirusBuster 5.0.21.0 2009.12.01 -
Information additionnelle
File size: 179482 bytes
MD5...: 0f973c30146ebf2fce236abc541852c8
SHA1..: 149b86db4c3b56789448c56d0151827e36e06557
SHA256: 7ea443ec4067564bdf0dcb25fca74e2cd182eb34ea29a370b50b88f10a67bfeb
ssdeep: 1536:Qe6ft4iTxzMO0jAr0xHJ6QAHbNe9zH4BZZZZZ8ZZZZZJ4xm3+f:QPV4iTWO<br>080xp6QAHY9zixA+f<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x291e0<br>timedatestamp.....: 0x3ec1b660 (Wed May 14 03:22:08 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2a0 0x1081a 0x10820 6.50 4d774bbad61e8ecad3f4608cddda0706<br>.rdata 0x10ac0 0x188 0x1a0 3.79 b1f981c63814db099ae327f87aa11ed9<br>.data 0x10c60 0x17de0 0x17de0 0.02 a13c4d1bbc21bb538a8a90b7b38f45f3<br>PAGE 0x28a40 0x783 0x7a0 6.17 6e7a50847fef34a288d9d33956c040a8<br>INIT 0x291e0 0x7c0 0x7c0 5.65 95f25cc9b69b3281b8497e872277f8fe<br>.reloc 0x299a0 0x11ee 0x1200 6.46 4e549c84091da2eb1e8ed5ebf960c9b8<br><br>( 3 imports ) <br>> ntoskrnl.exe: _allmul, KeWaitForSingleObject, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoFreeIrp, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoAllocateIrp, KeCancelTimer, KeSetTimer, MmAllocateContiguousMemory, ExAllocatePoolWithTag, ExFreePool, ExSystemTimeToLocalTime, KeQuerySystemTime, _allrem, _alldiv, MmMapIoSpace, KeInitializeDpc, KeInitializeTimer, KeInitializeSpinLock, KeSetEvent, sprintf, IoBuildDeviceIoControlRequest, swprintf, ObfDereferenceObject, IoGetConfigurationInformation, RtlCopyUnicodeString, IoDeleteDevice, IoAttachDeviceToDeviceStack, KeNumberProcessors, IoCreateDevice, IofCompleteRequest, InterlockedDecrement, InterlockedIncrement, IoDetachDevice, InterlockedExchange, IoWMIRegistrationControl, PoCallDriver, PoStartNextPowerIrp, DbgPrint, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, strncmp, MmMapLockedPagesSpecifyCache, ObReferenceObjectByHandle, ExEventObjectType, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, RtlInitUnicodeString, ZwCreateFile, ZwWriteFile, ZwReadFile, ZwClose, KefReleaseSpinLockFromDpcLevel, IoGetDeviceObjectPointer, KefAcquireSpinLockAtDpcLevel<br>> HAL.dll: KeGetCurrentIrql, KeQueryPerformanceCounter, KfReleaseSpinLock, KfAcquireSpinLock<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.02 -
AhnLab-V3 5.0.0.2 2009.12.02 -
AntiVir 7.9.1.92 2009.12.02 -
Antiy-AVL 2.0.3.7 2009.12.02 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.02 -
AVG 8.5.0.426 2009.12.02 -
BitDefender 7.2 2009.12.02 -
CAT-QuickHeal 10.00 2009.12.02 -
ClamAV 0.94.1 2009.12.02 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.02 -
eSafe 7.0.17.0 2009.12.01 -
eTrust-Vet 35.1.7152 2009.12.02 -
F-Prot 4.5.1.85 2009.12.02 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.12.02 -
GData 19 2009.12.02 -
Ikarus T3.1.1.74.0 2009.12.02 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.12.02 -
McAfee 5819 2009.12.01 -
McAfee+Artemis 5819 2009.12.01 -
McAfee-GW-Edition 6.8.5 2009.12.02 -
Microsoft 1.5302 2009.12.02 -
NOD32 4654 2009.12.02 -
Norman 6.03.02 2009.12.02 -
nProtect 2009.1.8.0 2009.12.02 -
Panda 10.0.2.2 2009.12.02 -
PCTools 7.0.3.5 2009.12.02 -
Prevx 3.0 2009.12.02 -
Rising 22.24.02.09 2009.12.02 -
Sophos 4.48.0 2009.12.02 -
Sunbelt 3.2.1858.2 2009.12.02 -
Symantec 1.4.4.12 2009.12.02 -
TheHacker 6.5.0.2.083 2009.12.01 -
TrendMicro 9.100.0.1001 2009.12.02 -
VBA32 3.12.12.0 2009.12.02 -
ViRobot 2009.12.2.2068 2009.12.02 -
VirusBuster 5.0.21.0 2009.12.01 -
Information additionnelle
File size: 179482 bytes
MD5...: 0f973c30146ebf2fce236abc541852c8
SHA1..: 149b86db4c3b56789448c56d0151827e36e06557
SHA256: 7ea443ec4067564bdf0dcb25fca74e2cd182eb34ea29a370b50b88f10a67bfeb
ssdeep: 1536:Qe6ft4iTxzMO0jAr0xHJ6QAHbNe9zH4BZZZZZ8ZZZZZJ4xm3+f:QPV4iTWO<br>080xp6QAHY9zixA+f<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x291e0<br>timedatestamp.....: 0x3ec1b660 (Wed May 14 03:22:08 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2a0 0x1081a 0x10820 6.50 4d774bbad61e8ecad3f4608cddda0706<br>.rdata 0x10ac0 0x188 0x1a0 3.79 b1f981c63814db099ae327f87aa11ed9<br>.data 0x10c60 0x17de0 0x17de0 0.02 a13c4d1bbc21bb538a8a90b7b38f45f3<br>PAGE 0x28a40 0x783 0x7a0 6.17 6e7a50847fef34a288d9d33956c040a8<br>INIT 0x291e0 0x7c0 0x7c0 5.65 95f25cc9b69b3281b8497e872277f8fe<br>.reloc 0x299a0 0x11ee 0x1200 6.46 4e549c84091da2eb1e8ed5ebf960c9b8<br><br>( 3 imports ) <br>> ntoskrnl.exe: _allmul, KeWaitForSingleObject, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoFreeIrp, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoAllocateIrp, KeCancelTimer, KeSetTimer, MmAllocateContiguousMemory, ExAllocatePoolWithTag, ExFreePool, ExSystemTimeToLocalTime, KeQuerySystemTime, _allrem, _alldiv, MmMapIoSpace, KeInitializeDpc, KeInitializeTimer, KeInitializeSpinLock, KeSetEvent, sprintf, IoBuildDeviceIoControlRequest, swprintf, ObfDereferenceObject, IoGetConfigurationInformation, RtlCopyUnicodeString, IoDeleteDevice, IoAttachDeviceToDeviceStack, KeNumberProcessors, IoCreateDevice, IofCompleteRequest, InterlockedDecrement, InterlockedIncrement, IoDetachDevice, InterlockedExchange, IoWMIRegistrationControl, PoCallDriver, PoStartNextPowerIrp, DbgPrint, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, strncmp, MmMapLockedPagesSpecifyCache, ObReferenceObjectByHandle, ExEventObjectType, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, RtlInitUnicodeString, ZwCreateFile, ZwWriteFile, ZwReadFile, ZwClose, KefReleaseSpinLockFromDpcLevel, IoGetDeviceObjectPointer, KefAcquireSpinLockAtDpcLevel<br>> HAL.dll: KeGetCurrentIrql, KeQueryPerformanceCounter, KfReleaseSpinLock, KfAcquireSpinLock<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
résultat du scan virustotal:
Fichier VVBackd5.sys reçu le 2009.12.02 13:05:44 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.02 -
AhnLab-V3 5.0.0.2 2009.12.02 -
AntiVir 7.9.1.92 2009.12.02 -
Antiy-AVL 2.0.3.7 2009.12.02 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.02 -
AVG 8.5.0.426 2009.12.02 -
BitDefender 7.2 2009.12.02 -
CAT-QuickHeal 10.00 2009.12.02 -
ClamAV 0.94.1 2009.12.02 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.02 -
eSafe 7.0.17.0 2009.12.01 -
eTrust-Vet 35.1.7152 2009.12.02 -
F-Prot 4.5.1.85 2009.12.02 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.12.02 -
GData 19 2009.12.02 -
Ikarus T3.1.1.74.0 2009.12.02 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.12.02 -
McAfee 5819 2009.12.01 -
McAfee+Artemis 5819 2009.12.01 -
McAfee-GW-Edition 6.8.5 2009.12.02 -
Microsoft 1.5302 2009.12.02 -
NOD32 4654 2009.12.02 -
Norman 6.03.02 2009.12.02 -
nProtect 2009.1.8.0 2009.12.02 -
Panda 10.0.2.2 2009.12.02 -
PCTools 7.0.3.5 2009.12.02 -
Prevx 3.0 2009.12.02 -
Rising 22.24.02.09 2009.12.02 -
Sophos 4.48.0 2009.12.02 -
Sunbelt 3.2.1858.2 2009.12.02 -
Symantec 1.4.4.12 2009.12.02 -
TheHacker 6.5.0.2.083 2009.12.01 -
TrendMicro 9.100.0.1001 2009.12.02 -
VBA32 3.12.12.0 2009.12.02 -
ViRobot 2009.12.2.2068 2009.12.02 -
VirusBuster 5.0.21.0 2009.12.01 -
Information additionnelle
File size: 179482 bytes
MD5...: 0f973c30146ebf2fce236abc541852c8
SHA1..: 149b86db4c3b56789448c56d0151827e36e06557
SHA256: 7ea443ec4067564bdf0dcb25fca74e2cd182eb34ea29a370b50b88f10a67bfeb
ssdeep: 1536:Qe6ft4iTxzMO0jAr0xHJ6QAHbNe9zH4BZZZZZ8ZZZZZJ4xm3+f:QPV4iTWO<br>080xp6QAHY9zixA+f<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x291e0<br>timedatestamp.....: 0x3ec1b660 (Wed May 14 03:22:08 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2a0 0x1081a 0x10820 6.50 4d774bbad61e8ecad3f4608cddda0706<br>.rdata 0x10ac0 0x188 0x1a0 3.79 b1f981c63814db099ae327f87aa11ed9<br>.data 0x10c60 0x17de0 0x17de0 0.02 a13c4d1bbc21bb538a8a90b7b38f45f3<br>PAGE 0x28a40 0x783 0x7a0 6.17 6e7a50847fef34a288d9d33956c040a8<br>INIT 0x291e0 0x7c0 0x7c0 5.65 95f25cc9b69b3281b8497e872277f8fe<br>.reloc 0x299a0 0x11ee 0x1200 6.46 4e549c84091da2eb1e8ed5ebf960c9b8<br><br>( 3 imports ) <br>> ntoskrnl.exe: _allmul, KeWaitForSingleObject, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoFreeIrp, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoAllocateIrp, KeCancelTimer, KeSetTimer, MmAllocateContiguousMemory, ExAllocatePoolWithTag, ExFreePool, ExSystemTimeToLocalTime, KeQuerySystemTime, _allrem, _alldiv, MmMapIoSpace, KeInitializeDpc, KeInitializeTimer, KeInitializeSpinLock, KeSetEvent, sprintf, IoBuildDeviceIoControlRequest, swprintf, ObfDereferenceObject, IoGetConfigurationInformation, RtlCopyUnicodeString, IoDeleteDevice, IoAttachDeviceToDeviceStack, KeNumberProcessors, IoCreateDevice, IofCompleteRequest, InterlockedDecrement, InterlockedIncrement, IoDetachDevice, InterlockedExchange, IoWMIRegistrationControl, PoCallDriver, PoStartNextPowerIrp, DbgPrint, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, strncmp, MmMapLockedPagesSpecifyCache, ObReferenceObjectByHandle, ExEventObjectType, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, RtlInitUnicodeString, ZwCreateFile, ZwWriteFile, ZwReadFile, ZwClose, KefReleaseSpinLockFromDpcLevel, IoGetDeviceObjectPointer, KefAcquireSpinLockAtDpcLevel<br>> HAL.dll: KeGetCurrentIrql, KeQueryPerformanceCounter, KfReleaseSpinLock, KfAcquireSpinLock<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.02 -
AhnLab-V3 5.0.0.2 2009.12.02 -
AntiVir 7.9.1.92 2009.12.02 -
Antiy-AVL 2.0.3.7 2009.12.02 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.02 -
AVG 8.5.0.426 2009.12.02 -
BitDefender 7.2 2009.12.02 -
CAT-QuickHeal 10.00 2009.12.02 -
ClamAV 0.94.1 2009.12.02 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.02 -
eSafe 7.0.17.0 2009.12.01 -
eTrust-Vet 35.1.7152 2009.12.02 -
F-Prot 4.5.1.85 2009.12.02 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.12.02 -
GData 19 2009.12.02 -
Ikarus T3.1.1.74.0 2009.12.02 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.12.02 -
McAfee 5819 2009.12.01 -
McAfee+Artemis 5819 2009.12.01 -
McAfee-GW-Edition 6.8.5 2009.12.02 -
Microsoft 1.5302 2009.12.02 -
NOD32 4654 2009.12.02 -
Norman 6.03.02 2009.12.02 -
nProtect 2009.1.8.0 2009.12.02 -
Panda 10.0.2.2 2009.12.02 -
PCTools 7.0.3.5 2009.12.02 -
Prevx 3.0 2009.12.02 -
Rising 22.24.02.09 2009.12.02 -
Sophos 4.48.0 2009.12.02 -
Sunbelt 3.2.1858.2 2009.12.02 -
Symantec 1.4.4.12 2009.12.02 -
TheHacker 6.5.0.2.083 2009.12.01 -
TrendMicro 9.100.0.1001 2009.12.02 -
VBA32 3.12.12.0 2009.12.02 -
ViRobot 2009.12.2.2068 2009.12.02 -
VirusBuster 5.0.21.0 2009.12.01 -
Information additionnelle
File size: 179482 bytes
MD5...: 0f973c30146ebf2fce236abc541852c8
SHA1..: 149b86db4c3b56789448c56d0151827e36e06557
SHA256: 7ea443ec4067564bdf0dcb25fca74e2cd182eb34ea29a370b50b88f10a67bfeb
ssdeep: 1536:Qe6ft4iTxzMO0jAr0xHJ6QAHbNe9zH4BZZZZZ8ZZZZZJ4xm3+f:QPV4iTWO<br>080xp6QAHY9zixA+f<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x291e0<br>timedatestamp.....: 0x3ec1b660 (Wed May 14 03:22:08 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2a0 0x1081a 0x10820 6.50 4d774bbad61e8ecad3f4608cddda0706<br>.rdata 0x10ac0 0x188 0x1a0 3.79 b1f981c63814db099ae327f87aa11ed9<br>.data 0x10c60 0x17de0 0x17de0 0.02 a13c4d1bbc21bb538a8a90b7b38f45f3<br>PAGE 0x28a40 0x783 0x7a0 6.17 6e7a50847fef34a288d9d33956c040a8<br>INIT 0x291e0 0x7c0 0x7c0 5.65 95f25cc9b69b3281b8497e872277f8fe<br>.reloc 0x299a0 0x11ee 0x1200 6.46 4e549c84091da2eb1e8ed5ebf960c9b8<br><br>( 3 imports ) <br>> ntoskrnl.exe: _allmul, KeWaitForSingleObject, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoFreeIrp, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoAllocateIrp, KeCancelTimer, KeSetTimer, MmAllocateContiguousMemory, ExAllocatePoolWithTag, ExFreePool, ExSystemTimeToLocalTime, KeQuerySystemTime, _allrem, _alldiv, MmMapIoSpace, KeInitializeDpc, KeInitializeTimer, KeInitializeSpinLock, KeSetEvent, sprintf, IoBuildDeviceIoControlRequest, swprintf, ObfDereferenceObject, IoGetConfigurationInformation, RtlCopyUnicodeString, IoDeleteDevice, IoAttachDeviceToDeviceStack, KeNumberProcessors, IoCreateDevice, IofCompleteRequest, InterlockedDecrement, InterlockedIncrement, IoDetachDevice, InterlockedExchange, IoWMIRegistrationControl, PoCallDriver, PoStartNextPowerIrp, DbgPrint, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, strncmp, MmMapLockedPagesSpecifyCache, ObReferenceObjectByHandle, ExEventObjectType, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, RtlInitUnicodeString, ZwCreateFile, ZwWriteFile, ZwReadFile, ZwClose, KefReleaseSpinLockFromDpcLevel, IoGetDeviceObjectPointer, KefAcquireSpinLockAtDpcLevel<br>> HAL.dll: KeGetCurrentIrql, KeQueryPerformanceCounter, KfReleaseSpinLock, KfAcquireSpinLock<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
rapport OTL:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
C:\Documents and Settings\virginie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Component Manager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
========== FILES ==========
C:\Kill'em\Winsudate.Kill'em folder moved successfully.
C:\Kill'em folder moved successfully.
C:\Documents and Settings\claude\Local Settings\Application Data\eSupport.com folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee folder moved successfully.
C:\Documents and Settings\claude\Bureau\List_Kill'em.exe moved successfully.
C:\Documents and Settings\claude\Bureau\Raccourci vers ComboFix.exe.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\118300.34 moved successfully.
C:\Documents and Settings\All Users\Application Data\Ultima_T15 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 205815 bytes
User: All Users
User: claude
->Temp folder emptied: 19773030 bytes
->Temporary Internet Files folder emptied: 78013 bytes
->Java cache emptied: 10964 bytes
->FireFox cache emptied: 38838150 bytes
User: cléo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: saul
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: virginie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 928828 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 22484 bytes
Total Files Cleaned = 57,21 mb
OTL by OldTimer - Version 3.1.11.4 log created on 12022009_141331
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat not found!
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
C:\Documents and Settings\virginie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Component Manager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
========== FILES ==========
C:\Kill'em\Winsudate.Kill'em folder moved successfully.
C:\Kill'em folder moved successfully.
C:\Documents and Settings\claude\Local Settings\Application Data\eSupport.com folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee folder moved successfully.
C:\Documents and Settings\claude\Bureau\List_Kill'em.exe moved successfully.
C:\Documents and Settings\claude\Bureau\Raccourci vers ComboFix.exe.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\118300.34 moved successfully.
C:\Documents and Settings\All Users\Application Data\Ultima_T15 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 205815 bytes
User: All Users
User: claude
->Temp folder emptied: 19773030 bytes
->Temporary Internet Files folder emptied: 78013 bytes
->Java cache emptied: 10964 bytes
->FireFox cache emptied: 38838150 bytes
User: cléo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: saul
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: virginie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 928828 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 22484 bytes
Total Files Cleaned = 57,21 mb
OTL by OldTimer - Version 3.1.11.4 log created on 12022009_141331
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat not found!
Registry entries deleted on Reboot...
Il semblerait qu'il y ait un net mieux, mais:
En effet, j'ai pu lancer en même temps youtube,dailymotion,,adobe,wmp, outlook sans plantage... jusqu'au plantage!
Après, toujours pareil: reboot immédiat = lancement du bios, lancement phoenix puis page noire ou sous-éclairée.
J'ai attendu quelques minutes (3-4) pour pouvoir atteindre windows.
Bref, ça va mieux mais c'est pas encore ça.
PS: j'ai fait quelques modif sur firefox pour ménager la mémoire vive.
En effet, j'ai pu lancer en même temps youtube,dailymotion,,adobe,wmp, outlook sans plantage... jusqu'au plantage!
Après, toujours pareil: reboot immédiat = lancement du bios, lancement phoenix puis page noire ou sous-éclairée.
J'ai attendu quelques minutes (3-4) pour pouvoir atteindre windows.
Bref, ça va mieux mais c'est pas encore ça.
PS: j'ai fait quelques modif sur firefox pour ménager la mémoire vive.
Bonjour gen-hackman,
Mon problème n'est pas résolu.
Selon toi, sur le plan virus/sécurité, je voudrais savoir :
1/ mon pc était-il infecté et par quoi.?
2/y a-t-il autre chose à faire?
penses-tu que rajouter de la ram résoudra le pbm, sachant que, il 2 ou 3 semaines encore, je n'avais aucun pbm.
j'attends ta réponse et tes conseils sur ce point.
En tout cas, merci à Flo 91 et à toi pour votre aide.
bc47
Mon problème n'est pas résolu.
Selon toi, sur le plan virus/sécurité, je voudrais savoir :
1/ mon pc était-il infecté et par quoi.?
2/y a-t-il autre chose à faire?
penses-tu que rajouter de la ram résoudra le pbm, sachant que, il 2 ou 3 semaines encore, je n'avais aucun pbm.
j'attends ta réponse et tes conseils sur ce point.
En tout cas, merci à Flo 91 et à toi pour votre aide.
bc47