Analyser rapport zhpdiag
Fermé
Olivier
-
Modifié par Olivier le 8/03/2011 à 19:33
Valuu Messages postés 2163 Date d'inscription lundi 4 octobre 2010 Statut Contributeur Dernière intervention 12 avril 2015 - 8 mars 2011 à 21:06
Valuu Messages postés 2163 Date d'inscription lundi 4 octobre 2010 Statut Contributeur Dernière intervention 12 avril 2015 - 8 mars 2011 à 21:06
A voir également:
- Analyser rapport zhpdiag
- Zhpdiag - Télécharger - Informations & Diagnostic
- Plan rapport de stage - Guide
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant - Forum Bureautique
- Analyser et réparer disque dur externe - Guide
- Tableau croisé dynamique ✓ - Forum Excel
3 réponses
Valuu
Messages postés
2163
Date d'inscription
lundi 4 octobre 2010
Statut
Contributeur
Dernière intervention
12 avril 2015
201
8 mars 2011 à 19:43
8 mars 2011 à 19:43
Bonjour,
* Télécharge AD-Remover(de la TeamXscript) sur ton Bureau.
Déconnecte toi et ferme toutes les applications en cours
* Double-clique sur l'icône AD-Remover
* Au menu principal, clique sur Nettoyer
* Confirme le lancement de l'analyse et laisse l'outil travailler
* Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )
* Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau. Si ton antivirus affiche une alerte, ignore le et désactive le temporairement.
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
* Double clique sur le raccourci UsbFix sur ton Bureau, l'installation se fera automatiquement
* Clique sur "Recherche"
* Laisse travailler l'outil
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
Aide en images : Tutoriel "Recherche"
* Télécharge AD-Remover(de la TeamXscript) sur ton Bureau.
Déconnecte toi et ferme toutes les applications en cours
* Double-clique sur l'icône AD-Remover
* Au menu principal, clique sur Nettoyer
* Confirme le lancement de l'analyse et laisse l'outil travailler
* Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )
* Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau. Si ton antivirus affiche une alerte, ignore le et désactive le temporairement.
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
* Double clique sur le raccourci UsbFix sur ton Bureau, l'installation se fera automatiquement
* Clique sur "Recherche"
* Laisse travailler l'outil
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
Aide en images : Tutoriel "Recherche"
Merci, voici mes rapports
rapport adr
======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 20:06:38 on 09/03/2011, Normal boot
Microsoft Windows XP Home Edition Service Pack 3 (X86)
virginie et olivier@HINANO ( )
============== ACTION(S) ==============
Service: "BarDiscover Service" Service stopped and deleted
File deleted: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File deleted: C:\Documents and Settings\All Users\Start Menu\Programs\Navigateur OfferBox.lnk
File deleted: C:\WINDOWS\system32\ConduitEngine.tmp
Folder deleted: C:\Documents and Settings\virginie et olivier\Application Data\Mozilla\FireFox\Profiles\y58dthqd.default\conduit
File deleted: C:\Documents and Settings\virginie et olivier\Application Data\Mozilla\FireFox\Profiles\y58dthqd.default\searchplugins\conduit.xml
Folder deleted: C:\Documents and Settings\All Users\Application Data\bardiscover
Folder deleted: C:\Documents and Settings\virginie et olivier\Application Data\PriceGong
Folder deleted: C:\Documents and Settings\virginie et olivier\Application Data\ShoppingReport
Folder deleted: C:\Program Files\ShoppingReport
Folder deleted: C:\Documents and Settings\virginie et olivier\Application Data\ShoppingReport2
Folder deleted: C:\Program Files\ShoppingReport2
Folder deleted: C:\Documents and Settings\virginie et olivier\Application Data\OfferBox
Folder deleted: C:\Program Files\OfferBox
(!) -- Temporary files deleted.
-- File opened: C:\Documents and Settings\virginie et olivier\Application Data\Mozilla\FireFox\Profiles\y58dthqd.default\Prefs.js --
Line deleted: user_pref("CT2297721.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
Line deleted: user_pref("CT2297721.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT229...
Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2297721");
Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2297721");
Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2297721");
Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2297721&Sea...
Line deleted: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2297721&q=");
-- File closed --
Key deleted: HKLM\Software\Classes\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key deleted: HKLM\Software\Classes\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80}
Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Key deleted: HKLM\Software\Classes\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key deleted: HKLM\Software\Classes\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26}
Key deleted: HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKLM\Software\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key deleted: HKLM\Software\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key deleted: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Key deleted: HKLM\Software\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key deleted: HKLM\Software\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6}
Key deleted: HKLM\Software\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}
Key deleted: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Key deleted: HKLM\Software\Classes\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA}
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\OfferBox.OfferBoxServer
Key deleted: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Key deleted: HKLM\Software\Classes\ShoppingReport2.HbAx
Key deleted: HKLM\Software\Classes\ShoppingReport2.HbAx.1
Key deleted: HKLM\Software\Classes\ShoppingReport2.HbInfoBand
Key deleted: HKLM\Software\Classes\ShoppingReport2.HbInfoBand.1
Key deleted: HKLM\Software\Classes\ShoppingReport2.IEButton
Key deleted: HKLM\Software\Classes\ShoppingReport2.IEButton.1
Key deleted: HKLM\Software\Classes\ShoppingReport2.IEButtonA
Key deleted: HKLM\Software\Classes\ShoppingReport2.IEButtonA.1
Key deleted: HKLM\Software\Classes\ShoppingReport2.RprtCtrl
Key deleted: HKLM\Software\Classes\ShoppingReport2.RprtCtrl.1
Key deleted: HKLM\Software\Classes\Toolbar.CT2297721
Key deleted: HKLM\Software\OfferBox
Key deleted: HKLM\Software\bardiscover
Key deleted: HKLM\Software\ClickPotatoLite
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\ShoppingReport
Key deleted: HKLM\Software\ShoppingReport2
Key deleted: HKCU\Software\OfferBox
Key deleted: HKCU\Software\Spointer
Key deleted: HKCU\Software\Conduit
Key deleted: HKCU\Software\PriceGong
Key deleted: HKCU\Software\ShoppingReport
Key deleted: HKCU\Software\ShoppingReport2
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6}
Key deleted: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6}
Value deleted: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [3.6.14 (fr)] ****
-- C:\Documents and Settings\virginie et olivier\Application Data\Mozilla\FireFox\Profiles\y58dthqd.default --
Extensions\{d5b75883-e809-4120-bfeb-8d707d5dfbe3} (Discover France Toolbar)
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.14
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{f3d17ef2-8118-4fa3-afea-bb2e18a69054} - "iadah" (hxxp://www.iadah.com/search-E-4?search&q={searchTerms})
HKCU_ElevationPolicy\{D3DE705E-0BB6-47E6-AB61-6FF78BE040A0} - C:\Program Files\Internet Explorer\minftnet.exe (Synersoft)
HKLM_ElevationPolicy\068935bf-dc0a-4685-accc-180492486a98 - C:\Program Files\Discover_France\Discover_FranceToolbarHelper.exe (x)
HKLM_ElevationPolicy\{442E3CEB-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (?)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@btrez.dll,-4015" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 72 File(s)
C:\Program Files\Ad-Remover\Backup: 14 File(s)
C:\Ad-Report-CLEAN[1].txt - 09/03/2011 20:06:45 (10286 Byte(s))
End at: 20:08:12, 09/03/2011
============== E.O.F ==============
Rapport usbfix
############################## | UsbFix 7.041 | [Research]
User: virginie et olivier (Administrator) # HINANO [ ]
Updated 24/02/2011 by TeamXscript
Started at 20:22:27 | 09/03/2011
Website: http://www.teamxscript.org
Submit your sample : http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
CPU 2: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Disabled /!\
Antivirus: avast! Antivirus 5.0.100664296 [(!) Disabled | Updated]
Firewall: avast! Antivirus 5.0.83952505 [(!) Disabled]
RAM -> 1014 Mb
C:\ (%systemdrive%) -> Fixed drive # 142 Gb (29 Mb free - 20%) [ACER] # NTFS
D:\ -> Fixed drive # 63 Gb (4 Mb free - 7%) [STOCK] # NTFS
E:\ -> Fixed drive # 49 Gb (2 Mb free - 4%) [Disque Dur systeme ancien PC] # NTFS
F:\ -> Fixed drive # 298 Gb (37 Mb free - 13%) [OLIV DISK DUR] # NTFS
################## | Files # Infected Folders |
Found ! F:\autorun.inf
################## | Registry |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\E
Shell\AutoRun\Command = p0crvg.exe
Shell\open\Command = p0crvg.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{15347ecc-a4af-11de-bf1d-00235aea22f9}
Shell\AutoRun\Command = p0crvg.exe
Shell\open\Command = p0crvg.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{35a55544-2e54-11df-8055-00235aea22f9}
Shell\AutoRun\Command = cjftlv.exe
Shell\explore\Command = cjftlv.exe
Shell\open\Command = cjftlv.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{35a55546-2e54-11df-8055-00235aea22f9}
Shell\AutoRun\Command = BOOTEX\thumbcache_131.exe
Shell\explore\Command = BOOTEX/thumbcache_131.exe
Shell\open\Command = .////BOOTEX/thumbcache_131.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{4fe01454-4613-11df-8087-00235aea22f9}
Shell\AutoRun\Command = "D:\WD SmartWare.exe" autoplay=true
HKCU\.\.\.\.\Explorer\MountPoints2\{99a63bdc-87e8-11df-80fc-00235aea22f9}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nATHAN.EXE
HKCU\.\.\.\.\Explorer\MountPoints2\{ed959e36-156b-11df-8028-00235aea22f9}
Shell\AutoRun\Command = D:\WDSetup.exe
################## | Vaccin |
F:\Autorun.inf -> Vaccine created by Panda USB Vaccine
################## | E.O.F |
rapport adr
======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 20:06:38 on 09/03/2011, Normal boot
Microsoft Windows XP Home Edition Service Pack 3 (X86)
virginie et olivier@HINANO ( )
============== ACTION(S) ==============
Service: "BarDiscover Service" Service stopped and deleted
File deleted: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File deleted: C:\Documents and Settings\All Users\Start Menu\Programs\Navigateur OfferBox.lnk
File deleted: C:\WINDOWS\system32\ConduitEngine.tmp
Folder deleted: C:\Documents and Settings\virginie et olivier\Application Data\Mozilla\FireFox\Profiles\y58dthqd.default\conduit
File deleted: C:\Documents and Settings\virginie et olivier\Application Data\Mozilla\FireFox\Profiles\y58dthqd.default\searchplugins\conduit.xml
Folder deleted: C:\Documents and Settings\All Users\Application Data\bardiscover
Folder deleted: C:\Documents and Settings\virginie et olivier\Application Data\PriceGong
Folder deleted: C:\Documents and Settings\virginie et olivier\Application Data\ShoppingReport
Folder deleted: C:\Program Files\ShoppingReport
Folder deleted: C:\Documents and Settings\virginie et olivier\Application Data\ShoppingReport2
Folder deleted: C:\Program Files\ShoppingReport2
Folder deleted: C:\Documents and Settings\virginie et olivier\Application Data\OfferBox
Folder deleted: C:\Program Files\OfferBox
(!) -- Temporary files deleted.
-- File opened: C:\Documents and Settings\virginie et olivier\Application Data\Mozilla\FireFox\Profiles\y58dthqd.default\Prefs.js --
Line deleted: user_pref("CT2297721.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
Line deleted: user_pref("CT2297721.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT229...
Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2297721");
Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2297721");
Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2297721");
Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2297721&Sea...
Line deleted: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2297721&q=");
-- File closed --
Key deleted: HKLM\Software\Classes\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key deleted: HKLM\Software\Classes\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80}
Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Key deleted: HKLM\Software\Classes\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key deleted: HKLM\Software\Classes\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26}
Key deleted: HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKLM\Software\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key deleted: HKLM\Software\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key deleted: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Key deleted: HKLM\Software\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key deleted: HKLM\Software\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6}
Key deleted: HKLM\Software\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}
Key deleted: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Key deleted: HKLM\Software\Classes\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA}
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\OfferBox.OfferBoxServer
Key deleted: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Key deleted: HKLM\Software\Classes\ShoppingReport2.HbAx
Key deleted: HKLM\Software\Classes\ShoppingReport2.HbAx.1
Key deleted: HKLM\Software\Classes\ShoppingReport2.HbInfoBand
Key deleted: HKLM\Software\Classes\ShoppingReport2.HbInfoBand.1
Key deleted: HKLM\Software\Classes\ShoppingReport2.IEButton
Key deleted: HKLM\Software\Classes\ShoppingReport2.IEButton.1
Key deleted: HKLM\Software\Classes\ShoppingReport2.IEButtonA
Key deleted: HKLM\Software\Classes\ShoppingReport2.IEButtonA.1
Key deleted: HKLM\Software\Classes\ShoppingReport2.RprtCtrl
Key deleted: HKLM\Software\Classes\ShoppingReport2.RprtCtrl.1
Key deleted: HKLM\Software\Classes\Toolbar.CT2297721
Key deleted: HKLM\Software\OfferBox
Key deleted: HKLM\Software\bardiscover
Key deleted: HKLM\Software\ClickPotatoLite
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\ShoppingReport
Key deleted: HKLM\Software\ShoppingReport2
Key deleted: HKCU\Software\OfferBox
Key deleted: HKCU\Software\Spointer
Key deleted: HKCU\Software\Conduit
Key deleted: HKCU\Software\PriceGong
Key deleted: HKCU\Software\ShoppingReport
Key deleted: HKCU\Software\ShoppingReport2
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6}
Key deleted: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6}
Value deleted: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [3.6.14 (fr)] ****
-- C:\Documents and Settings\virginie et olivier\Application Data\Mozilla\FireFox\Profiles\y58dthqd.default --
Extensions\{d5b75883-e809-4120-bfeb-8d707d5dfbe3} (Discover France Toolbar)
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.14
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{f3d17ef2-8118-4fa3-afea-bb2e18a69054} - "iadah" (hxxp://www.iadah.com/search-E-4?search&q={searchTerms})
HKCU_ElevationPolicy\{D3DE705E-0BB6-47E6-AB61-6FF78BE040A0} - C:\Program Files\Internet Explorer\minftnet.exe (Synersoft)
HKLM_ElevationPolicy\068935bf-dc0a-4685-accc-180492486a98 - C:\Program Files\Discover_France\Discover_FranceToolbarHelper.exe (x)
HKLM_ElevationPolicy\{442E3CEB-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (?)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@btrez.dll,-4015" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 72 File(s)
C:\Program Files\Ad-Remover\Backup: 14 File(s)
C:\Ad-Report-CLEAN[1].txt - 09/03/2011 20:06:45 (10286 Byte(s))
End at: 20:08:12, 09/03/2011
============== E.O.F ==============
Rapport usbfix
############################## | UsbFix 7.041 | [Research]
User: virginie et olivier (Administrator) # HINANO [ ]
Updated 24/02/2011 by TeamXscript
Started at 20:22:27 | 09/03/2011
Website: http://www.teamxscript.org
Submit your sample : http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
CPU 2: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Disabled /!\
Antivirus: avast! Antivirus 5.0.100664296 [(!) Disabled | Updated]
Firewall: avast! Antivirus 5.0.83952505 [(!) Disabled]
RAM -> 1014 Mb
C:\ (%systemdrive%) -> Fixed drive # 142 Gb (29 Mb free - 20%) [ACER] # NTFS
D:\ -> Fixed drive # 63 Gb (4 Mb free - 7%) [STOCK] # NTFS
E:\ -> Fixed drive # 49 Gb (2 Mb free - 4%) [Disque Dur systeme ancien PC] # NTFS
F:\ -> Fixed drive # 298 Gb (37 Mb free - 13%) [OLIV DISK DUR] # NTFS
################## | Files # Infected Folders |
Found ! F:\autorun.inf
################## | Registry |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\E
Shell\AutoRun\Command = p0crvg.exe
Shell\open\Command = p0crvg.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{15347ecc-a4af-11de-bf1d-00235aea22f9}
Shell\AutoRun\Command = p0crvg.exe
Shell\open\Command = p0crvg.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{35a55544-2e54-11df-8055-00235aea22f9}
Shell\AutoRun\Command = cjftlv.exe
Shell\explore\Command = cjftlv.exe
Shell\open\Command = cjftlv.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{35a55546-2e54-11df-8055-00235aea22f9}
Shell\AutoRun\Command = BOOTEX\thumbcache_131.exe
Shell\explore\Command = BOOTEX/thumbcache_131.exe
Shell\open\Command = .////BOOTEX/thumbcache_131.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{4fe01454-4613-11df-8087-00235aea22f9}
Shell\AutoRun\Command = "D:\WD SmartWare.exe" autoplay=true
HKCU\.\.\.\.\Explorer\MountPoints2\{99a63bdc-87e8-11df-80fc-00235aea22f9}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nATHAN.EXE
HKCU\.\.\.\.\Explorer\MountPoints2\{ed959e36-156b-11df-8028-00235aea22f9}
Shell\AutoRun\Command = D:\WDSetup.exe
################## | Vaccin |
F:\Autorun.inf -> Vaccine created by Panda USB Vaccine
################## | E.O.F |
Valuu
Messages postés
2163
Date d'inscription
lundi 4 octobre 2010
Statut
Contributeur
Dernière intervention
12 avril 2015
201
8 mars 2011 à 21:06
8 mars 2011 à 21:06
Bien,
Normal que ton ordi soit en anglais ?
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
* Double clique sur le raccourci UsbFix sur ton Bureau
* Clique sur "Suppression"
* Laisse travailler l'outil
* Ton Bureau va disparaitre puis l'ordinateur va redémarrer : c'est normal
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
:!: UsbFix te proposera d'envoyer un dossier compressé à cette adresse. Ce dossier a été créé par UsbFix sur ton Bureau. Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches. Une fois sur le site, il faut sélectionner "UsbFix" dans le menu déroulant. Merci d'avance pour ta contribution !
Aide en images : Tutoriel "Nettoyage"
Normal que ton ordi soit en anglais ?
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
* Double clique sur le raccourci UsbFix sur ton Bureau
* Clique sur "Suppression"
* Laisse travailler l'outil
* Ton Bureau va disparaitre puis l'ordinateur va redémarrer : c'est normal
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
:!: UsbFix te proposera d'envoyer un dossier compressé à cette adresse. Ce dossier a été créé par UsbFix sur ton Bureau. Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches. Une fois sur le site, il faut sélectionner "UsbFix" dans le menu déroulant. Merci d'avance pour ta contribution !
Aide en images : Tutoriel "Nettoyage"