Sujet Précédent Sujet Suivant

Nettoyage de mon pc

Résolu/Fermé
jg1986 - 18 sept. 2010 à 09:47
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 - 27 sept. 2010 à 17:43
Bonjour, je viens de faire une analyse hyjackthis, pouvez-vous m'aider à nettoyer mon pc ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:58, on 18/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Documents and Settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\directprof\directprof.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jean-Gabriel GANTET\Application Data\IMVUClient\IMVUQualityAgent.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\Jean-Gabriel GANTET\Application Data\IMVUClient\IMVUClient.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: iGraalBHO - {CF3C5900-BEC0-470E-AEE8-CE277C60667C} - C:\Program Files\iGraal\BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - (no file)
O3 - Toolbar: iGraal Toolbar - {D01B1F7D-9D7F-46C3-8DB9-5A55819E2A7F} - C:\Program Files\iGraal\Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [DLADiag] C:\WINDOWS\DLADiag.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [directProf] C:\Program Files\directprof\directprof.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Documents and Settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\JuicyAccess Toolbar\4.2.4.23050\stbapp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-21-28540140-2528877174-3643389466-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'ENERGYMAX')
O4 - HKUS\S-1-5-21-28540140-2528877174-3643389466-1010\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'ENERGYMAX')
O4 - HKUS\S-1-5-21-28540140-2528877174-3643389466-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'ENERGYMAX')
O4 - HKUS\S-1-5-21-28540140-2528877174-3643389466-1010\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'ENERGYMAX')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-28540140-2528877174-3643389466-1010 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'ENERGYMAX')
O4 - S-1-5-21-28540140-2528877174-3643389466-1010 User Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'ENERGYMAX')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\Jean-Gabriel GANTET\Application Data\IMVUClient\IMVUQualityAgent.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: iGraal - {32893F3D-2B10-4B09-BA6A-8F20E7D33925} - C:\Program Files\iGraal\Button.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jean-Gabriel GANTET\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://www.ocsinventory-ng.org - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Documents and Settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMEService.exe
A voir également:

15 réponses

Réponse 1 / 15
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
Modifié par kalimusic le 18/09/2010 à 10:04
Bonjour et Bienvenue sur CCM

Une petite infection est visible et beaucoup de lignes inutiles, on commence par nettoyer ce qui est visible et ensuite on fait un diagnostic plus poussée.

Durant la désinfection, il est préférable de ne pas :

1. Ajouter de programmes à ton PC
2. Utiliser d'outil de désinfection de ta propre initiative
3. Suivre d'autres conseils afin de ne pas interférer sur la procédure en cours

Il est préférable de terminer la procédure même si ton PC semble aller mieux.

N'hésite pas à me faire part d'éventuelles difficultés dans les manipulations demandées.

Désinstalle Spybot S&D, logiciel obsolète et qui risque de gêner le désinfection :

1. Désactive le module Tea Timer
2. Dé-vaccine
3. Désinstalle

Et par la même occasion Ad-Adware
https://www.commentcamarche.net/faq/7382-desinstaller-ad-aware-se

infos : https://forum.malekal.com/viewtopic.php?t=8046&start=

******************************************************************

1. Télécharge AD-Remover (C_XX) sur le bureau

Désactive la protection résidente de ton anti-virus pour ne pas gêner le travail de l'outil

* Lance Ad-R
- Sous XP double-clic sur l'icône pour lancer l'outil.
* Clique sur "Oui" dans la boite de dialogue
* Dans l'interface principale, clique sur le bouton Nettoyer puis confirme l'action en cliquant sur "Oui"
* Patiente le temps du scan (le bureau peut disparaitre), le rapport doit s'ouvrir spontanément à la fin.
* Clique sur Quitter

Copie/colle le rapport dans ton prochain message.

Si le rapport ne s'ouvre pas spontanément, il se trouve à la racine du disque C:\Ad-report-CLEAN

"Process.exe" est détecté par certains antivirus comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus

2. Relance HijackThis
* Dans la fenêtre principale "Main Menu" clique sur le bouton "None of the above, just start the program"
* Clique sur le bouton Scan (dans le sous-menu Scan & fix stuff)
* Après le balayage, coche les cases des lignes indiquées si toujours présentes : 

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)  
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)  
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)  
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)     
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)  
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)  
O3 - Toolbar: (no name) - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - (no file)  
O3 - Toolbar: (no name) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - (no file)  
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k  
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\JuicyAccess Toolbar\4.2.4.23050\stbapp.exe      
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll  
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll  
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

* ! Ferme toutes les applications en cours et surtout le navigateur Internet !
* Clique ensuite sur le bouton Fix checked (dans le sous-menu Scan & fix stuff)
* Répond "Oui" dans la fenêtre d'avertissement, referme le programme après la suppression.

3. Télécharge OTL (de OldTimer) sur ton Bureau.

Ferme toutes tes applications en cours

* Lance OTL.exe
- Sous XP double-clic sur l'icône pour lancer l'outil.
* L'interface principale s'ouvre :
* Dans la section Rapport en haut à droite de la fenêtre, coche Rapport minimal
* Coche également les cases Recherche LOP et Recherche Purity
* Laisse tous les autres paramètres par défaut (âge du fichier 30 jours)
* Clique sur le bouton Analyse, patiente pendant le balayage du système.
* 2 rapports vont s'ouvrir au format bloc-note : OTL.txt (qui sera affiché) ainsi que de Extras.txt (réduit dans la barre des tâches)
* Ne les poste pas sur le forum, ils seraient trop long
* Héberge les sur http://www.cijoint.fr/
* Tu obtiendras 2 liens de ce type http://www.cijoint.fr/cjlink.php?file=cj200906/XcijvLjYL5L.txt que tu me donneras dans ton prochain message.

A +

«La raison et la logique ne peuvent rien contre l'entêtement et la sottise.»
0
jg1986
18 sept. 2010 à 11:13
Voici le rapport de Ad remover :

======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 21.12.2009 à 22:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 10:28:01, 18/09/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP(TM) Service Pack 3 v5.1.2600

.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.


(!) -- Fichiers temporaires supprimés.

.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SmileyApp
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.6.10 [fr] *
.
Nom du profil: r4tlzqkg.default
.
(JEAN-G~1, prefs.js) Browser.search.defaultenginename, Google
(JEAN-G~1, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(JEAN-G~1, prefs.js) Browser.search.selectedEngine, Google
(JEAN-G~1, prefs.js) Browser.startup.homepage, hxxp://www.theprizeday.com/today.php|hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official\n
(JEAN-G~1, prefs.js) Extensions.enabledItems, {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20100830W,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0,searchrecs@veoh.com:1.5.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10
.
.
.
* Internet Explorer Version 7.0.5730.11 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Use Search Asst: no
Use Custom Search URL: 1 (0x1)
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4761 Octet(s) - C:\Ad-Report-CLEAN[1].log
2796 Octet(s) - C:\Ad-Report-CLEAN[2].log
4800 Octet(s) - C:\Ad-Report-SCAN[1].log
.
3 Fichier(s) - C:\DOCUME~1\JEAN-G~1\LOCALS~1\Temp
1 Fichier(s) - C:\WINDOWS\Temp
8 Fichier(s) - C:\WINDOWS\Prefetch
.
35 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
499 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 10:35:12 | 18/09/2010 - CLEAN[2]
.
============== E.O.F ==============

Voici les deux rapports pour OTL :

http://www.cijoint.fr/cjlink.php?file=cj201009/cijzXp9MvA.txt
http://www.cijoint.fr/cjlink.php?file=cj201009/cijqCayzHG.txt

Merci de ton aide
.
0
Réponse 2 / 15
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
18 sept. 2010 à 12:06
jg1986,

1. Tu as utilisé ComboFix, si tu as toujours le rapport, je veux bien le lire ( => ne relance pas l'outil)

2. Rends toi sur le site Virus Total

* Clique sur la case "Parcourir"
* Une nouvelle fenêtre s'ouvre te permettant de naviguer sur le disque dur
* Parcoure l'arborescence de ton disque dur dans ce répertoire : C:\WINDOWS\System32\drivers\ pour sélectionner ce fichier CSIIDecoder_kern_i386.sys
* Clique sur le fichier puis sur "Ouvrir" en bas de la fenêtre
* Clique maintenant sur le bouton "Send files"

Si un message te dit que le fichier à déjà été analysé, ré-analyse le

Le fichier est mis en attente puis le scan débute, à la fin de l'analyse copie l'URL et colle la dans ta réponse, cela doit ressembler à ceci : http://www.virustotal.com/fr/analisis/4ad23c3e409a3845815fcc6d0c977fbeb90ba8d1bcdf6d41b22993907a7944aa-1270983527

Recommence l'opération pour => C:\WINDOWS\System32\drivers\cieksgsg.sys et donne le lien.
Si le fichier ne se montre pas coopératif, je soupçonne un rootkit, passe à la suite ;)

Note : Si des fichiers ne sont pas visibles, tu devras modifier ce paramètre afin de pouvoir y accéder

Dans le Menu Démarrer de la barre des taches

* Clique sur Rechercher
* Dans la fenêtre qui s'ouvre, va dans le menu déroulant Outils puis choisit Options des dossiers
* Dans la boîte de dialogue, Sélectionne l'onglet Affichage
* Coche Afficher les fichiers et dossiers cachés

Clique maintenant sur le bouton Appliquer puis OK

Change les paramètres d'affichage des fichiers en décochant la case Afficher les fichiers et dossiers cachés, si tu as eu besoin de les modifier.

******************************************************************
3. Rends-toi sur le site de GMER

Attention lit attentivement les instructions, cet outil est à manier avec précautions

* Clique sur le bouton Download EXE pour télécharger l'outil avec un nom aléatoire afin que les malwares ne bloquent pas son exécution
* Enregistre ce fichier sur le bureau

! Désactive les logiciels de protection (anti-virus, anti-spyware, etc) et les défenses résidentes !

- Sous XP double-clic sur l'icône pour lancer l'outil.

* Si aucun rootkit n'est détecté

* Clique sur le bouton Copy puis OK et colle le rapport dans ton prochain message.

* Si un rootkit est détecté au démarrage du programme, une boite de dialogue s'ouvre :
WARNING, GMER has found rootkit activity, Do you want to fully scan your system ?
* Clique sur "YES"

Une fois le scan terminé clique sur le bouton Copy puis OK et colle le rapport dans ton prochain message.

A +
0
jg1986
18 sept. 2010 à 13:44
Voila le travail :

Analyse pour le fichier CSIIDecoder_kern_i386.sys :

http://www.virustotal.com/file-scan/report.html?id=9ffa6dbc858a1664534403c3900cedb7c7a87fb58722ca272053d4ef6e076728-1284809391

En effet le fichier ci cieksgsg.sys ne veux pas être analysé on me renvoie sur la page de départ.

Voila le rapport de GMER :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-18 13:43:20
Windows 5.1.2600 Service Pack 3
Running: 8cc58c0r.exe; Driver: C:\DOCUME~1\JEAN-G~1\LOCALS~1\Temp\kwriipob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)

---- EOF - GMER 1.0.15 ----
0
Réponse 3 / 15
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
18 sept. 2010 à 13:58
jg1986,

Télécharge The Avenger (by Swandog46)

* Dezippe le sur le Bureau,
* Ferme toutes tes applications et déconnecte toi du net
* Double clique sur son icône pour le lancer.
* Clique sur OK dans la fenêtre d'avertissement
* Copie/colle le texte en citation dans la fenêtre sous Input Script here 

drivers to disable:  
cieksgsg

drivers to delete:  
cieksgsg

Files to Delete:  
C:\WINDOWS\System32\drivers\cieksgsg.sys
C:\Documents and Settings\LocalService\Application Data\jasltw.dat
C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
C:\Documents and Settings\Jean-Gabriel GANTET\Application Data\avdrn.dat

* Clique sur le bouton "Execute"
* Valide son exécution et accepte le reboot en cliquant successivement sur "Oui"
* Après le re-démarrage, le rapport indiquant les actions réalisées par The Avenger doit s'ouvrir spontanément ! attention si le script contient "Drivers to disable", The Avenger re-démarrera 2 fois !
* Copie/colle le dans ton prochain message

Tu peux le retrouver le fichier à la racine du disque : C:\avenger.txt

A +
0
Réponse 4 / 15
jg1986
18 sept. 2010 à 15:18
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "cieksgsg" disabled successfully.
Driver "cieksgsg" deleted successfully.
File "C:\WINDOWS\System32\drivers\cieksgsg.sys" deleted successfully.
File "C:\Documents and Settings\LocalService\Application Data\jasltw.dat" deleted successfully.
File "C:\Documents and Settings\NetworkService\Application Data\jasltw.dat" deleted successfully.
File "C:\Documents and Settings\Jean-Gabriel GANTET\Application Data\avdrn.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
18 sept. 2010 à 15:28
re,

Télécharge et enregistre List_Kill'em (de gen-hackman) sur le Bureau.

!! Important => Désactive ton antivirus !!

* Lance l'installation
* Laisse toi guider en cliquant à chaque fois sur suivant
* Clique enfin sur "Terminer" et le programme va se lancer
* Choisis l'option "Search"
* Patiente pendant le travail de l'outil qui peut prendre plusieurs minutes
* A l'apparition d'une fenêtre blanche, même si c'est long, c'est normal, le programme n'est pas bloqué.
* Un rapport "catchme" apparait sur le bureau, ignore-le, il disparaitra en fin de scan
* Le rapport s'ouvre spontanément après 100 % du scan à l'ecran "COMPLETED"
* Héberge le rapport sur http://www.cijoint.fr

A +
0
Réponse 6 / 15
jg1986
18 sept. 2010 à 16:10
Merci de ton aide

J'ai une fenêtre qui apparais "SigChek License Agreement" je sais pas ce que sa veux dire il me propose soit print soit accept soit decline. Qd j'appuie sur declinde 2 seconde après la même fenêtre revient indéfiniment. Que dois-je faire ?

cordialement
0
Réponse 7 / 15
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
18 sept. 2010 à 16:21
Tu dois accepter, c'est un module de l'outil qui vérifie la legitimité des fichiers Windows grâce à leur empreinte numérique.

A +
0
Réponse 8 / 15
jg1986
18 sept. 2010 à 17:41
Voila pour le rapport de List'em :

http://www.cijoint.fr/cjlink.php?file=cj201009/cijmjSCtr8.txt

cordialement
0
Réponse 9 / 15
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
18 sept. 2010 à 18:08
jg1986,


1. Relance List_Kill'em avec le raccourci blanc créé sur ton bureau.

* Choisis l'Option Clean
* Une boite de dialogue t'indique que le PC va redémarrer
* Patiente pendant le travail de l'outil qui peut prendre plusieurs minutes
* Lorsque le scan est fini, la fenêtre se ferme et un rapport va se créer
* Héberge le rapport sur http://www.cijoint.fr


2. Télécharge et installe UsbFix (par C_XX & El Desaparecido) sur le Bureau
! ! Branche tous tes supports amovibles (Clés USB, DD externes, etc...) sans les ouvrir !!

!! Ferme toutes tes applications en cours et désactive la protection résidente de ton anti-virus !!

* lance UsbFix
- Sous XP double-clic sur l'icône pour lancer l'outil.
* Clique sur le bouton "Suppression"
* UsbFix scanne ton pc, laisse travailler l'outil (le bureau peut disparaitre)
* A la fin du nettoyage, clique sur OK dans la boite de dialogue
* Upload le dossier zip demandé
* Le rapport doit s'ouvrir spontanément, copie/colle le dans le prochain message

Il est recommandé de redémarrer le pc après cette opération

Le rapport est sauvegardé à la racine du disque C:\Usbfix.txt

"Process.exe" est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Le mieux étant de désactiver temporairement ton antivirus

Pour faire le point, on refait un diagnostic comme ceci :

3. Relance OTL
* Dans la section Rapport en haut à droite de la fenêtre, coche Rapport minimal
* Laisse tous les autres paramètres par défaut
* Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
* Après le balayage, le rapport OTL.txt va s'ouvrir au format bloc-note
* Héberge le sur http://www.cijoint.fr/ comme la 1er fois


A +
0
Réponse 10 / 15
jg1986
18 sept. 2010 à 21:04
Voici le rapport pour kill'em :

http://www.cijoint.fr/cjlink.php?file=cj201009/cijr4SSwIo.txt

Voici le rapport de UsbFix :
############################## | UsbFix 7.025 | [Suppression]

Utilisateur: Jean-Gabriel GANTET (Administrateur) # JEAN-GABRIEL [ ]
Mis à jour le 15/09/10 par El Desaparecido / C_XX
Lancé à 19:40:47 | 18/09/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: Genuine Intel(R) CPU T2250 @ 1.73GHz
CPU 2: Genuine Intel(R) CPU T2250 @ 1.73GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 7.0.5730.11

Pare-feu Windows: Activé
Antivirus: Avira AntiVir PersonalEdition 8.0.1.18 [(!) Disabled | (!) Outdated]
RAM -> 1022 Mo
C:\ (%systemdrive%) -> Disque fixe # 93 Go (55 Go libre(s) - 59%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 480 Mo (477 Mo libre(s) - 99%) [] # FAT
F:\ -> Disque amovible # 2 Go (827 Mo libre(s) - 43%) [] # FAT
G:\ -> Disque amovible # 4 Go (11 Mo libre(s) - 0%) [USB DISK] # FAT32

################## | Éléments infectieux |


Supprimé! C:\WINDOWS\mdll.dll
Supprimé! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Supprimé! F:\iuvvl9f3.exe
Supprimé! F:\mi9al8rs.exe
Supprimé! G:\msvcr71.dll

################## | Registre |

Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{d68d6f47-d202-11dd-876c-00a0d14c0203}

################## | Listing |

[23/08/2009 - 18:55:28 | D ] C:\a6540315ea068514276e60103a48d6
[23/12/2009 - 10:32:38 | A | 4761] C:\Ad-Report-CLEAN[1].log
[18/09/2010 - 10:35:12 | A | 3208] C:\Ad-Report-CLEAN[2].log
[22/12/2009 - 17:35:35 | A | 4800] C:\Ad-Report-SCAN[1].log
[02/12/2007 - 18:03:16 | A | 17788920] C:\antivir_workstation_win7u_en_h.exe
[18/09/2010 - 18:33:52 | A | 4] C:\AUTOEXEC.BAT
[27/03/2010 - 19:45:38 | RASHD ] C:\autorun.inf
[18/09/2010 - 15:13:54 | D ] C:\Avenger
[18/09/2010 - 15:13:10 | A | 1792] C:\avenger.txt
[19/10/2006 - 18:45:21 | A | 216] C:\Boot.bak
[19/12/2009 - 00:01:36 | RASH | 286] C:\boot.ini
[05/08/2004 - 13:00:00 | RASH | 4952] C:\Bootfont.bin
[18/05/2010 - 16:39:33 | A | 1143] C:\cleannavi.txt
[19/12/2009 - 00:01:36 | RASHD ] C:\cmdcons
[04/08/2004 - 00:00:08 | A | 263488] C:\cmldr
[21/12/2009 - 11:57:08 | A | 17523] C:\ComboFix.txt
[18/09/2010 - 10:22:21 | D ] C:\Config.Msi
[16/01/2006 - 18:37:23 | A | 0] C:\CONFIG.SYS
[19/11/2006 - 16:23:13 | D ] C:\ddbb5710cbbc59c5c481cd91849e
[17/09/2010 - 10:25:18 | D ] C:\Documents and Settings
[20/01/2010 - 14:59:54 | D ] C:\Downloads
[25/01/2010 - 13:14:05 | A | 1048576] C:\EZPHOTO1.TMP
[18/09/2010 - 15:13:30 | ASH | 1071697920] C:\hiberfil.sys
[22/04/2006 - 03:21:56 | D ] C:\I386
[06/01/2010 - 16:55:11 | D ] C:\images
[16/01/2006 - 18:37:23 | RASH | 0] C:\IO.SYS
[18/09/2010 - 18:16:47 | D ] C:\Kill'em
[25/01/2010 - 13:09:31 | D ] C:\KPCMS
[18/09/2010 - 17:06:20 | A | 43562] C:\List'em.txt
[21/10/2006 - 23:31:05 | AD ] C:\MATLAB6p5
[25/11/2009 - 17:37:28 | D ] C:\Mes Sites Web
[16/01/2006 - 18:37:23 | RASH | 0] C:\MSDOS.SYS
[22/04/2006 - 03:21:56 | RD ] C:\MSOCache
[18/05/2010 - 16:46:04 | AD ] C:\Navilog1
[05/08/2004 - 13:00:00 | RASH | 47564] C:\NTDETECT.COM
[19/10/2008 - 14:36:51 | RASH | 252240] C:\ntldr
[29/02/2004 - 17:44:34 | A | 52576] C:\orange.bmp
[18/09/2010 - 15:13:29 | ASH | 2145386496] C:\pagefile.sys
[18/09/2010 - 15:32:38 | RD ] C:\Program Files
[25/01/2010 - 13:11:49 | D ] C:\PSFONTS
[21/12/2009 - 11:57:12 | D ] C:\Qoobox
[17/09/2010 - 11:06:48 | SHD ] C:\RECYCLER
[18/12/2009 - 18:17:29 | D ] C:\rsit
[28/10/2008 - 00:40:44 | D ] C:\SIERRA
[01/04/2010 - 21:41:49 | D ] C:\Simsol2.0
[29/10/2009 - 20:38:13 | D ] C:\SUPPORT
[04/04/2006 - 23:43:53 | AH | 388] C:\SWSTAMP.TXT
[19/10/2006 - 18:45:27 | SHD ] C:\System Volume Information
[27/03/2010 - 19:44:31 | D ] C:\TOOLSCD
[18/09/2010 - 19:43:11 | D ] C:\UsbFix
[18/09/2010 - 19:43:15 | A | 1188] C:\UsbFix.txt
[18/05/2010 - 20:08:19 | A | 742660] C:\UsbFix_Upload_Me_JEAN-GABRIEL.zip
[18/11/2006 - 16:02:09 | D ] C:\VALUEADD
[17/01/2008 - 19:25:35 | A | 32] C:\WFCNAME.INI
[18/09/2010 - 19:43:10 | D ] C:\WINDOWS
[18/12/2009 - 12:57:26 | D ] C:\_OTM
[29/04/2008 - 13:03:00 | SHD ] E:\FOUND.000
[05/11/2009 - 08:49:02 | A | 4370] E:\BOOTEX.LOG
[20/03/2002 - 15:54:32 | A | 29184] E:\lettre à Alex 300909.doc
[14/04/2008 - 10:24:22 | SHD ] E:\FOUND.001
[20/11/2009 - 16:00:24 | A | 119808] E:\cv1.doc
[09/12/2008 - 12:02:04 | AH | 4096] E:\._.Trashes
[22/10/2009 - 19:41:40 | A | 93184] E:\pb peugeot 206.doc
[02/05/2002 - 00:11:14 | A | 25088] E:\GRL LM.doc
[22/01/2009 - 21:40:42 | AH | 15364] E:\.DS_Store
[16/11/2009 - 20:53:24 | A | 26624] E:\GRL LM-1.doc
[09/12/2008 - 12:02:04 | HD ] E:\.Trashes
[29/10/2009 - 10:32:58 | A | 67072] E:\lettre pôle emploi remboursement billet de train.pub
[29/10/2009 - 10:36:06 | A | 65536] E:\convocation ANOTECH ENERGY.pub
[29/10/2009 - 10:36:28 | A | 74240] E:\convocation ALTEN.pub
[23/08/2010 - 10:03:34 | A | 28672] E:\CV JG.doc
[26/03/2008 - 17:00:18 | AH | 82] E:\._TP pompe a chaleur revu par P.doc
[29/10/2009 - 13:08:40 | A | 22528] E:\lettre pôle emploi remboursement billet de train.doc
[29/10/2009 - 13:09:12 | A | 30208] E:\convocation ALTEN.doc
[29/10/2009 - 13:09:52 | A | 21504] E:\convocation ANOTECH ENERGY.doc
[23/08/2010 - 09:56:42 | A | 69627] E:\96637_sujet-these2010-JeromePauly.pdf
[23/08/2010 - 09:57:08 | A | 814502] E:\11257_plan_de_pau-2.pdf
[23/08/2010 - 09:57:50 | A | 1119035] E:\These UPPA.eml
[23/08/2010 - 10:04:18 | A | 146432] E:\Dossier Technique Energie strathom.doc
[10/01/2002 - 07:02:48 | AH | 296] E:\WMPInfo.xml
[22/01/2009 - 21:40:42 | AH | 82] E:\._Oral_Pjc_22-01_final.ppt
[10/01/2002 - 07:02:48 | AH | 296] E:\WMPINFO.XM0
[10/01/2002 - 07:02:48 | AH | 296] E:\WMPINFO.XM1
[10/01/2002 - 07:02:48 | AH | 296] E:\WMPINFO.XM2
[05/02/2010 - 19:02:58 | A | 85343] F:\2010%20-%20Dossier%20candidat-%20r%C3%A8glement%20-%20coupon%20r%C3%A9ponse.pdf
[27/03/2010 - 18:45:40 | D ] F:\autorun.inf
[18/12/2009 - 18:16:46 | A | 781909] F:\RSIT.exe
[24/02/2010 - 14:04:00 | A | 13225] F:\LM pôle emploi 506039A LAVAL.docx
[24/02/2010 - 14:04:16 | A | 15716] F:\CV JG.docx
[14/01/2009 - 17:11:26 | A | 1273488] F:\mbam.exe
[19/03/2010 - 09:34:34 | A | 54272] F:\almanach evangelique 1912.doc
[07/06/2010 - 19:37:56 | A | 25600] F:\CV JG.doc
[19/03/2010 - 09:36:14 | A | 24576] F:\LM pôle emploi 002174Y Kunheim.doc
[19/03/2010 - 09:36:38 | A | 29696] F:\CV JG anotech Pau.doc
[19/03/2010 - 09:37:04 | A | 24576] F:\LM pôle emploi 506039A LAVAL.doc
[19/03/2010 - 09:37:36 | A | 24064] F:\LM pôle emploi 927314C dans le rhône.doc
[22/03/2010 - 12:02:26 | A | 6705664] F:\liste noms entreprises iol and gas.doc
[05/04/2010 - 10:11:04 | A | 108467] F:\RyanairBoardingPass.pdf
[15/10/2008 - 10:06:04 | D ] F:\JLG
[05/04/2010 - 10:16:52 | A | 113239] F:\RyanairBoardingPass-1.pdf
[27/03/2010 - 15:35:12 | A | 231559] F:\Navilog1(2).exe
[19/12/2008 - 20:28:02 | A | 1434864] F:\CCleaner.exe
[20/10/2008 - 10:31:28 | A | 6542] F:\Re_ Job Offer - IDC Business Group.eml
[03/05/2010 - 23:13:14 | A | 570880] F:\OTL.exe
[20/10/2008 - 10:35:22 | A | 58206] F:\Message IDC.doc
[03/06/2010 - 12:19:48 | A | 189709] F:\Dossier_LP_Énergie_et_Géne_Climatique.pdf
[03/05/2010 - 17:32:02 | A | 6973] F:\hijackthis.log
[03/05/2010 - 18:30:08 | A | 1778732] F:\UsbFix.exe
[20/10/2008 - 14:12:46 | A | 3028739] F:\Document TURBOMECA.doc
[03/05/2010 - 19:34:42 | A | 1503] F:\UsbFix.txt
[20/10/2008 - 16:04:56 | A | 382976] F:\Présentation IDC.doc
[03/11/2008 - 12:03:36 | A | 30720] F:\IDC.doc
[04/05/2010 - 08:56:08 | A | 1336924] F:\OTL.Txt
[04/05/2010 - 08:56:20 | A | 29082] F:\Extras.Txt
[05/05/2010 - 17:07:48 | A | 1800674] F:\OTL1.Txt
[07/11/2008 - 09:59:10 | A | 25088] F:\RUGBY.doc
[05/05/2010 - 19:01:12 | A | 2521220] F:\List_Killem_Install.exe
[07/05/2010 - 17:20:38 | A | 2571930] F:\List_Killem_Install1.exe
[07/05/2010 - 17:21:28 | A | 2571930] F:\List_Killem_Install2.exe
[08/05/2010 - 17:45:46 | D ] F:\Orthez - Begaar_fichiers
[08/05/2010 - 17:45:52 | A | 104651] F:\Orthez - Begaar.htm
[04/06/2010 - 14:00:32 | A | 320968] F:\relevé-JG-GANTET.pdf
[26/11/2008 - 11:24:20 | A | 70656] F:\Présentation Poste (anglais).ppt
[26/11/2008 - 13:32:30 | A | 50688] F:\IDC business group.doc
[26/11/2008 - 13:33:42 | A | 125952] F:\AGREEMENT[2].doc
[26/11/2008 - 15:02:06 | A | 210972] F:\scan2.pdf
[26/11/2008 - 15:10:46 | A | 68808] F:\scan3.pdf
[27/11/2008 - 08:55:32 | RSHD ] F:\RECYCLER
[02/07/2010 - 00:10:22 | A | 77824] F:\Dossier Technique top.doc
[03/12/2008 - 17:03:38 | A | 21504] F:\IDC.xls
[18/12/2008 - 23:08:24 | A | 243183] F:\ifsi croix rouge.pdf
[10/10/2009 - 17:18:22 | A | 307104] F:\chop_op10_3.pdf
[12/10/2009 - 09:20:30 | A | 6111] F:\Invoice_307030425.pdf
[27/03/2002 - 20:07:20 | A | 57344] F:\cv.doc
[27/03/2002 - 20:07:28 | A | 25088] F:\LM GRL.doc
[05/12/2009 - 10:53:38 | A | 1094656] F:\Fichier bribes.shs
[20/05/2002 - 17:05:48 | A | 162816] F:\FICHE ENTRETIEN.xls
[04/05/2010 - 03:57:48 | A | 4830] F:\BOOTEX.LOG
[31/12/2009 - 12:34:46 | A | 64640] F:\offre.pdf
[06/01/2010 - 17:55:30 | A | 29184] F:\AJILON ENGINEERING.doc
[22/06/2002 - 00:03:14 | D ] F:\lettres
[07/01/2010 - 13:34:10 | A | 26112] F:\ABENGOA BIOENERGY FRANCE.doc
[07/01/2010 - 13:37:28 | A | 87552] F:\cv-candidature spontannée.doc
[15/01/2010 - 12:06:54 | A | 701440] F:\MOTEUR EW10J4.doc
[19/01/2010 - 10:42:06 | D ] F:\JG
[26/01/2010 - 17:57:04 | A | 1930752] F:\Almanach Evangélique 1908.doc
[19/05/2010 - 12:48:14 | D ] G:\divers
[21/06/2010 - 13:59:28 | RSHD ] G:\RECYCLER
[08/09/2009 - 23:23:32 | D ] G:\N7

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_JEAN-GABRIEL.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.

################## | E.O.F |

Voici le rapport pour OTL :
http://www.cijoint.fr/cjlink.php?file=cj201009/cijYa7TCrV.txt

Merci pour votre aide

cordialement
0
Réponse 11 / 15
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
18 sept. 2010 à 23:14
jg1986,

1. Relance OTL
- Sous XP double-clic sur l'icône pour lancer l'outil.
* L'interface principale s'ouvre :
* Dans la partie du bas "Personnalisation", copie/colle la liste en citation : 

:OTL
SRV - (Planificateur LiveUpdate automatique) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found     
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File not found     
DRV - (catchme) -- C:\DOCUME~1\JEAN-G~1\LOCALS~1\Temp\catchme.sys File not found     
FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|https://start.mozilla.org/fr/\n" 
FF - prefs.js..network.proxy.no_proxies_on: "*.local" 
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.     
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.     
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.     
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.     
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.     
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)     
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found     
O4 - HKCU\..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found     
O4 - HKCU\..\Run: [WooCnxMon] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0     
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) 
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) 
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[3 C:\Documents and Settings\Jean-Gabriel GANTET\Bureau\*.tmp files -> C:\Documents and Settings\Jean-Gabriel GANTET\Bureau\*.tmp -> ] 
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[1 C:\*.tmp files -> C:\*.tmp -> ] 

:Commands 
[emptyflash]
[emptytemp]

* Clique sur le bouton Correction, patiente pendant le travail de l'outil, il va redémarrer le PC.
* Accepte en cliquant sur OK
* Le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément
* Copie/colle le dans ton prochain message

Tu peux le retrouver le fichier à la racine du disque : C:\_OTL\MovedFiles (Vérifie la date si besoin : jjmmaaaa_xxxxxxxx.log)

2. On va utiliser un logiciel déjà présent sur ton ordinateur Malwarebytes' Anti-Malware

! Effectue la mise à jour !

* Choisis "Exécuter un examen complet"
* Choisis de scanner tous tes disques durs

A la fin de l'analyse, si MBAM n'a rien trouvé :

* Clique sur OK, le rapport s'ouvre spontanément

Si des menaces ont été détectées :

* Clique sur OK puis "Afficher les résultats"
* Choisis l'option "Supprimer la sélection"
* Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
* Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
* Sinon le rapport s'ouvre automatiquement après la suppression

Quelque soit le résultat, copie/colle le rapport dans le prochain message


3. Comment se comporte le pc maintenant ?


A +
0
Réponse 12 / 15
jg1986
22 sept. 2010 à 19:07
Rapport de Malwarebytes :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4672

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

22/09/2010 18:55:24
mbam-log-2010-09-22 (18-55-24).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 300441
Temps écoulé: 1 heure(s), 10 minute(s), 20 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 85

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Sukoku\sukoku125.exe.vir (Adware.Ziniky) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Sukoku\sukoku.exe.vir (Adware.Ziniky) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Sukoku\uninstall.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\System Search Dispatcher\1.4.1.1010\ssd.dll.vir (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winhelper86.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon86.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate86.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\E\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.UsbFix.vir (Worm.Conficker) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\F\iuvvl9f3.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\G\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.vir (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-214441.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-214525.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-214623.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-214849.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-215022.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-215045.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-215347.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-220058.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-153107.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-154139.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090928-193552.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091008-184359.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091020-193905.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091020-193932.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091020-194021.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091024-120921.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091107-171330.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091107-172457.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091107-184604.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091107-184612.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091107-184708.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091107-185127.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091116-182847.788.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091116-182847.804.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091121-142622.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091121-145109.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091126-175650.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091201-190934.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091202-203458.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091202-211519.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091203-195921.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091205-113245.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091205-140418.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091212-144149.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091212-180201.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091212-181019.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-214441.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-214525.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-214623.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-214849.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-215022.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-215045.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-215347.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-220058.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-153106.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-154139.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090928-193552.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091008-184358.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091020-193903.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091020-193932.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091020-194021.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091024-120921.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091107-171329.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091107-172457.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091107-184604.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091107-184612.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091107-184708.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091107-185127.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091116-182847.320.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091121-142622.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091121-145109.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091126-175649.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091201-190933.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091202-203458.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091202-211518.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091203-195920.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091205-113245.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091205-140418.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091212-144149.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091212-180201.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091212-181019.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\IEXPLORE.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\wintybrd.jpg (Malware.Trace) -> Quarantined and deleted successfully.

Rapport de OTL :

All processes killed
========== OTL ==========
Service Planificateur LiveUpdate automatique stopped successfully!
Service Planificateur LiveUpdate automatique deleted successfully!
File C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found not found.
Error: No service named idsvc was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idsvc deleted successfully.
File c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\JEAN-G~1\LOCALS~1\Temp\catchme.sys File not found not found.
Prefs.js: "http://www.theprizeday.com/today.php|https://start.mozilla.org/fr/\n" removed from browser.startup.homepage
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe moved successfully.
Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
File/Folder C:\Documents and Settings\Jean-Gabriel GANTET\Bureau\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\EZPHOTO1.TMP deleted successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: ENERGYMAX
->Flash cache emptied: 2400 bytes

User: Invité
->Flash cache emptied: 12974 bytes

User: Jean-Gabriel GANTET
->Flash cache emptied: 65519 bytes

User: LocalService

User: NetworkService

User: Propriétaire

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: ENERGYMAX
->Temp folder emptied: 93071893 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 67887495 bytes
->Flash cache emptied: 0 bytes

User: Invité
->Temp folder emptied: 338044234 bytes
->Temporary Internet Files folder emptied: 303005478 bytes
->Java cache emptied: 4138341 bytes
->FireFox cache emptied: 36951483 bytes
->Flash cache emptied: 0 bytes

User: Jean-Gabriel GANTET
->Temp folder emptied: 55635815 bytes
->Temporary Internet Files folder emptied: 3022758 bytes
->Java cache emptied: 411541 bytes
->FireFox cache emptied: 97534204 bytes
->Google Chrome cache emptied: 19804678 bytes
->Apple Safari cache emptied: 83581952 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 766492 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Propriétaire
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33432 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 53618566 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2497808 bytes

Total Files Cleaned = 1 106,00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09222010_162543

Merci de ton aide en effet l'ordinateur va mieux mais je pense qu'il va pas encore aussi vite qu'au début

merci dsl pour l'attente de ma réponse
0
Réponse 13 / 15
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
22 sept. 2010 à 19:16
Bonjour,

Effectue un scan en ligne en suivant ce tutoriel :
Scanner en ligne avec Kaspersky
Utilise le lien alternatif de téléchargement et sauvegarde le rapport au format texte que tu hébergeras ici : http://www.cijoint.fr/

note : attention, ce scan est généralement assez long à réaliser

ou Scan en ligne avec BitDefender

A +
0
Réponse 14 / 15
jg1986
27 sept. 2010 à 08:11
Bonjour,

Je n'arrive pas a obtenir le rapport au format texte pour l'analyse en ligne avec Kaspersky

cordialement
0
Réponse 15 / 15
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
Modifié par kalimusic le 27/09/2010 à 17:45
Bonjour,

Une fois le scan terminé :

* Clique sur le bouton "enregistrer rapport" (en bas au milieu)
* une fenêtre "enregistrer" s'ouvre.
* Sauvegarde le rapport sur le Bureau en choisissant
* nom : kasperskyscan et format : fichier texte
* Clique sur Enregistrer.

A +
«La raison et la logique ne peuvent rien contre l'entêtement et la sottise.»
0