A voir également:
- Probleme lenteur PC
- Lenteur pc - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Test performance pc - Guide
- Double ecran pc - Guide
47 réponses
Bonjour a toi , voila le rapport "ZHPFix"
Rapport de ZHPFix 1.12.3273 par Nicolas Coolman, Update du 03/04/2011
Fichier d'export Registre :
Run by Administrateur at 05/04/2011 10:59:04
Windows XP Professional Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Dossier(s) ==========
Dossiers temporaires Windows supprimés: 12
========== Fichier(s) ==========
Fichiers temporaires Windows supprimés : 116
========== Récapitulatif ==========
1 : Dossier(s)
1 : Fichier(s)
End of the scan
Rapport de ZHPFix 1.12.3273 par Nicolas Coolman, Update du 03/04/2011
Fichier d'export Registre :
Run by Administrateur at 05/04/2011 10:59:04
Windows XP Professional Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Dossier(s) ==========
Dossiers temporaires Windows supprimés: 12
========== Fichier(s) ==========
Fichiers temporaires Windows supprimés : 116
========== Récapitulatif ==========
1 : Dossier(s)
1 : Fichier(s)
End of the scan
Dit moi quand on aura terminer avec ça , j'ai un autre probleme les mise a jour revinne sans cesse en fait il me fait reinstalle toujour les memes mise a jour ..
Bonjour ce sera fini aujourd'hui, :) il y a eu une petite erreur de frappe dans le script, là c'est réglé
[*] Télécharge OTM (OtmoveIT de Old_Timer) sur ton Bureau
[*] Double-clique sur OTM.exe pour le lancer.
[*] Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste Instructions for Items to be Moved".
-----------------------------
:services
SSHNAS
:Commands
[emptytemp]
-----------------------------
[*] clique sur MoveIt! puis ferme OTM.
[*] Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
[*] Accepte en cliquant sur "YES".
[*] Poste le rapport situé dans C:\_OTM\MovedFiles.
[*] Le nom du rapport correspond au moment de sa création : date_heure.log
[*] Télécharge OTM (OtmoveIT de Old_Timer) sur ton Bureau
[*] Double-clique sur OTM.exe pour le lancer.
[*] Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste Instructions for Items to be Moved".
-----------------------------
:services
SSHNAS
:Commands
[emptytemp]
-----------------------------
[*] clique sur MoveIt! puis ferme OTM.
[*] Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
[*] Accepte en cliquant sur "YES".
[*] Poste le rapport situé dans C:\_OTM\MovedFiles.
[*] Le nom du rapport correspond au moment de sa création : date_heure.log
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici le rapport "OTM"
All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named SSHNAS was found to stop!
Service\Driver key SSHNAS not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 81470441 bytes
->Temporary Internet Files folder emptied: 33392078 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38862574 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 2345 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3148238 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34282 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3017965 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92725 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 3383640412 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 526 bytes
Total Files Cleaned = 3 380,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 04052011_164759
Files moved on Reboot...
File C:\windows\temp\kls65DE.tmp not found!
Registry entries deleted on Reboot...
All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named SSHNAS was found to stop!
Service\Driver key SSHNAS not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 81470441 bytes
->Temporary Internet Files folder emptied: 33392078 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38862574 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 2345 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3148238 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34282 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3017965 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92725 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 3383640412 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 526 bytes
Total Files Cleaned = 3 380,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 04052011_164759
Files moved on Reboot...
File C:\windows\temp\kls65DE.tmp not found!
Registry entries deleted on Reboot...
Bonjour , j'attend la suite s'y tu est la ..
Pour le probleme de la mise a jour peut tu m'aide , car la mise a jour avec Windows Udapte se fait sans cesse.
les mise a jour concerne le SP1 et Sp2 , alors qu'il est en SP3 ..
Pour le probleme de la mise a jour peut tu m'aide , car la mise a jour avec Windows Udapte se fait sans cesse.
les mise a jour concerne le SP1 et Sp2 , alors qu'il est en SP3 ..
bonjour j'ai été appelé en renfort
en va repartir de zéro :
Telecharge ici : PureRa (par l'editeur de JavaRa)
Lance-le (clic droit "executer en tant qu'administrateur" pour Vista/7)
=> Configuration
clique sur "Clean"
L'outil va faire son scan puis son nettoyage
à la fin du rapport tu auras une ligne comme ca :
Total space cleaned: 8140878 bytes
transmets juste cette ligne , le reste importe peu
__________________________________________________
▶ Télécharge DelFix sur ton bureau.
▶ Lance le, tape suppression puis valide
Patiente pendant le scan jusqu'à l'ouverture du rapport.
▶ Copie/Colle le contenu du rapport dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\DelFix.txt
tu peux le desinstaller
___________________________________________________
desactive tes protections puis enregistre ceci sur ton bureau
Pre_Scan
une fois telechargé lance-le , laisse faire le scan puis colle le contenu de " rapport.txt" qui apparaitra à son terme , sur le bureau.
en va repartir de zéro :
Telecharge ici : PureRa (par l'editeur de JavaRa)
Lance-le (clic droit "executer en tant qu'administrateur" pour Vista/7)
=> Configuration
clique sur "Clean"
L'outil va faire son scan puis son nettoyage
à la fin du rapport tu auras une ligne comme ca :
Total space cleaned: 8140878 bytes
transmets juste cette ligne , le reste importe peu
__________________________________________________
▶ Télécharge DelFix sur ton bureau.
▶ Lance le, tape suppression puis valide
Patiente pendant le scan jusqu'à l'ouverture du rapport.
▶ Copie/Colle le contenu du rapport dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\DelFix.txt
tu peux le desinstaller
___________________________________________________
desactive tes protections puis enregistre ceci sur ton bureau
Pre_Scan
une fois telechargé lance-le , laisse faire le scan puis colle le contenu de " rapport.txt" qui apparaitra à son terme , sur le bureau.
voici le rapport "DelFix "
# DelFix v7.6 - Rapport créé le 06/04/2011 à 21:35
# Mis à jour le 31/03/11 à 16h par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
# Nom d'utilisateur : Administrateur - PATOCHE (Administrateur)
# Exécuté depuis : C:\Documents and Settings\Administrateur\Bureau\DelFix.exe
# Option [Suppression]
~~~~~~ Dossier(s) ~~~~~~
-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Qoobox
Supprimé : C:\_OTM
Supprimé : C:\Program Files\Ad-Remover
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\Program Files\trend micro\Hijackthis
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\Ad-Report-CLEAN[3].txt
Supprimé : C:\ZHPExportRegistry-04-04-2011-19-29-56.txt
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\windows\grep.exe
Supprimé : C:\windows\PEV.exe
Supprimé : C:\windows\NIRCMD.exe
Supprimé : C:\windows\MBR.exe
Supprimé : C:\windows\sed.exe
Supprimé : C:\windows\SWREG.exe
Supprimé : C:\windows\SWSC.exe
Supprimé : C:\windows\SWXCACLS.exe
Supprimé : C:\windows\zip.exe
Supprimé : C:\Documents and Settings\Administrateur\Bureau\OTM.exe
Supprimé : C:\Documents and Settings\Administrateur\Bureau\PC Astuces - Astuces Windows XP.url
Supprimé : C:\Documents and Settings\Administrateur\Bureau\MBRCheck_04.04.11_18.25.32.txt
Supprimé : C:\Documents and Settings\Administrateur\Bureau\AD-R.lnk
Supprimé : C:\Documents and Settings\Administrateur\Bureau\ZHPDiag.txt
Supprimé : C:\Documents and Settings\Administrateur\Bureau\ZHPDiag2.exe
Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
Supprimé : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\SOFTWARE\Ad-Remover
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\OldTimer Tools
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
~~~~~~ Autre ~~~~~~
-> Prefetch vidé
########## EOF - "C:\DelFixSuppr.txt" - [2724 octets] ##########
# DelFix v7.6 - Rapport créé le 06/04/2011 à 21:35
# Mis à jour le 31/03/11 à 16h par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
# Nom d'utilisateur : Administrateur - PATOCHE (Administrateur)
# Exécuté depuis : C:\Documents and Settings\Administrateur\Bureau\DelFix.exe
# Option [Suppression]
~~~~~~ Dossier(s) ~~~~~~
-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Qoobox
Supprimé : C:\_OTM
Supprimé : C:\Program Files\Ad-Remover
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\Program Files\trend micro\Hijackthis
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\Ad-Report-CLEAN[3].txt
Supprimé : C:\ZHPExportRegistry-04-04-2011-19-29-56.txt
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\windows\grep.exe
Supprimé : C:\windows\PEV.exe
Supprimé : C:\windows\NIRCMD.exe
Supprimé : C:\windows\MBR.exe
Supprimé : C:\windows\sed.exe
Supprimé : C:\windows\SWREG.exe
Supprimé : C:\windows\SWSC.exe
Supprimé : C:\windows\SWXCACLS.exe
Supprimé : C:\windows\zip.exe
Supprimé : C:\Documents and Settings\Administrateur\Bureau\OTM.exe
Supprimé : C:\Documents and Settings\Administrateur\Bureau\PC Astuces - Astuces Windows XP.url
Supprimé : C:\Documents and Settings\Administrateur\Bureau\MBRCheck_04.04.11_18.25.32.txt
Supprimé : C:\Documents and Settings\Administrateur\Bureau\AD-R.lnk
Supprimé : C:\Documents and Settings\Administrateur\Bureau\ZHPDiag.txt
Supprimé : C:\Documents and Settings\Administrateur\Bureau\ZHPDiag2.exe
Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
Supprimé : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\SOFTWARE\Ad-Remover
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\OldTimer Tools
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
~~~~~~ Autre ~~~~~~
-> Prefetch vidé
########## EOF - "C:\DelFixSuppr.txt" - [2724 octets] ##########
voici le rapport "Pre_Scan "
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan by g3n-h@ckm@n 1.0.0.12 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤ XP | Vista | Seven - 32/64 ¤
Mis à jour le 06/04/2011 | 15.40 par g3n-h@ckm@n
Utilisateur : Administrateur (Administrateurs)
Ordinateur : PATOCHE
Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 8.0.6001.18702
Mozilla Firefox : 3.0.10 (fr)
Scan : 21:38:21 | 06/04/2011
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKLM\..\..\Winlogon] | Shell -> Aucune modification : Explorer.exe -> Explorer.exe
[HKLM\..\..\Winlogon] | AutoRestartShell -> Aucune modification : 1 -> 1
[HKLM\..\..\Winlogon] | userinit -> Aucune modification : C:\windows\system32\userinit.exe, -> C:\windows\system32\userinit.exe,
[HKLM\..\..\Winlogon] | PowerDownAfterShutdown -> Aucune modification : 1 -> 1
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Associations ¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[exefile | command] : "%1" %*
[comfile | command] : "%1" %*
[scrfile | command] : "%1" /S
[batfile | command] : "%1" %*
[piffile | command] : "%1" %*
[Firefox | Command] | @ -> Modification apportée : C:\Program Files\Mozilla Firefox\firefox.exe -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ -> Aucune modification : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode -> "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ -> Aucune modification : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
[Ndisuio] | Start -> Aucune modification : 3 -> 3
[ERSvc] | Start -> Modification apportée : 3 -> 2
[Bits] | Start -> Modification apportée : 3 -> 2
[EapHost] | Start -> Modification apportée : 3 -> 2
[SharedAccess] | Start -> Aucune modification : 2 -> 2
[wuauserv] | Start -> Aucune modification : 2 -> 2
[wscsvc] | Start -> Aucune modification : 2 -> 2
[wzcsvc] | Start -> Aucune modification : 2 -> 2
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKCU | Main] | Start Page -> Modification apportée : https://www.google.fr/?gws_rd=ssl -> https://www.google.com/?gws_rd=ssl
[HKCU | Main] | Local Page -> Aucune Modification : C:\windows\system32\blank.htm -> C:\windows\system32\blank.htm
[HKCU | Main] | Search Page -> Modification apportée : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKLM | Main] | Start Page -> Modification apportée : https://www.msn.com/fr-fr -> https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page -> Aucune Modification : C:\windows\system32\blank.htm -> C:\windows\system32\blank.htm
[HKLM | Main] | Default_Search_URL -> Modification apportée : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL -> Modification apportée : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF -> https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page -> Modification apportée : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
vsnpstd3.exe -> Processus stoppé
¤¤¤¤¤¤¤¤¤¤ Clés supprimées et Fichier mis en quarantaine ¤¤¤¤¤¤¤¤¤¤
Clé supprimée : [HKLM\..\..\Run] | snpstd3 -> C:\windows\vsnpstd3.exe
Mis en quarantaine : C:\windows\vsnpstd3.exe
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
Supprimé : [apitrap.dll] ->
Supprimé : [AVSTE.dll] ->
Supprimé : [cqw32.exe] ->
Supprimé : [divxdec.ax] ->
Supprimé : [DRMINST.dll] ->
Supprimé : [EncodeDivXExt.dll] ->
Supprimé : [front.exe] ->
Supprimé : [GBROWSER.DLL] ->
Supprimé : [htmlmm.ocx] ->
Supprimé : [ishscan.dll] ->
Supprimé : [javai.dll] ->
Supprimé : [jvm_g.dll] ->
Supprimé : [mngreg32.exe] ->
Supprimé : [mscoree.dll] ->
Supprimé : [mscorwks.dll] ->
Supprimé : [mso.dll] ->
Supprimé : [NeVideoFX.dll] ->
Supprimé : [NSWSTE.dll] ->
Supprimé : [PMSTE.dll] ->
Supprimé : [printhse.EXE] ->
Supprimé : [ps80.EXE] ->
Supprimé : [qfinder.EXE] ->
Supprimé : [salwrap.dll] ->
Supprimé : [setup32.dll] ->
Supprimé : [symlcnet.dll] ->
Supprimé : [tcore_ebook.dll] ->
Supprimé : [ua80.EXE] ->
Supprimé : [ums.dll] ->
Supprimé : [vbe6.dll] ->
Supprimé : [xlmlEN.dll] ->
Supprimé : [_INSTPGM.EXE] ->
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
scanning jobs ...
scanning processes ...
scanning threads ...
scanning modules in svchost.exe...
scanning modules in services.exe...
scanning modules in explorer.exe...
restoring services BITS, wuauserv, ERSvc, WerSvc
Service BITS autorun restored
Service wuauserv autorun restored
Service ERSvc autorun restored
Service ERSvc started
restoring show hidden and system files
restoring SafeBoot registry node
Restoring safe/network boot registry branches for windows XP
scanning C:\windows\system32 ...
scanning C:\Program Files\Internet Explorer\ ...
scanning C:\Program Files\Movie Maker\ ...
scanning C:\Program Files\Windows Media Player\ ...
scanning C:\Program Files\Windows NT\ ...
scanning C:\Documents and Settings\Administrateur\Application Data ...
scanning C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ ...
scanning C:\ ...
scanning F:\ ...
completed
Infected jobs: 0
Infected files: 0
Infected threads: 0
Splices functions: 0
Cured files: 0
Fixed registry keys: 0
Fin : 22:06:49
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan by g3n-h@ckm@n 1.0.0.12 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤ XP | Vista | Seven - 32/64 ¤
Mis à jour le 06/04/2011 | 15.40 par g3n-h@ckm@n
Utilisateur : Administrateur (Administrateurs)
Ordinateur : PATOCHE
Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 8.0.6001.18702
Mozilla Firefox : 3.0.10 (fr)
Scan : 21:38:21 | 06/04/2011
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKLM\..\..\Winlogon] | Shell -> Aucune modification : Explorer.exe -> Explorer.exe
[HKLM\..\..\Winlogon] | AutoRestartShell -> Aucune modification : 1 -> 1
[HKLM\..\..\Winlogon] | userinit -> Aucune modification : C:\windows\system32\userinit.exe, -> C:\windows\system32\userinit.exe,
[HKLM\..\..\Winlogon] | PowerDownAfterShutdown -> Aucune modification : 1 -> 1
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Associations ¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[exefile | command] : "%1" %*
[comfile | command] : "%1" %*
[scrfile | command] : "%1" /S
[batfile | command] : "%1" %*
[piffile | command] : "%1" %*
[Firefox | Command] | @ -> Modification apportée : C:\Program Files\Mozilla Firefox\firefox.exe -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ -> Aucune modification : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode -> "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ -> Aucune modification : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
[Ndisuio] | Start -> Aucune modification : 3 -> 3
[ERSvc] | Start -> Modification apportée : 3 -> 2
[Bits] | Start -> Modification apportée : 3 -> 2
[EapHost] | Start -> Modification apportée : 3 -> 2
[SharedAccess] | Start -> Aucune modification : 2 -> 2
[wuauserv] | Start -> Aucune modification : 2 -> 2
[wscsvc] | Start -> Aucune modification : 2 -> 2
[wzcsvc] | Start -> Aucune modification : 2 -> 2
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKCU | Main] | Start Page -> Modification apportée : https://www.google.fr/?gws_rd=ssl -> https://www.google.com/?gws_rd=ssl
[HKCU | Main] | Local Page -> Aucune Modification : C:\windows\system32\blank.htm -> C:\windows\system32\blank.htm
[HKCU | Main] | Search Page -> Modification apportée : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKLM | Main] | Start Page -> Modification apportée : https://www.msn.com/fr-fr -> https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page -> Aucune Modification : C:\windows\system32\blank.htm -> C:\windows\system32\blank.htm
[HKLM | Main] | Default_Search_URL -> Modification apportée : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL -> Modification apportée : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF -> https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page -> Modification apportée : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
vsnpstd3.exe -> Processus stoppé
¤¤¤¤¤¤¤¤¤¤ Clés supprimées et Fichier mis en quarantaine ¤¤¤¤¤¤¤¤¤¤
Clé supprimée : [HKLM\..\..\Run] | snpstd3 -> C:\windows\vsnpstd3.exe
Mis en quarantaine : C:\windows\vsnpstd3.exe
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
Supprimé : [apitrap.dll] ->
Supprimé : [AVSTE.dll] ->
Supprimé : [cqw32.exe] ->
Supprimé : [divxdec.ax] ->
Supprimé : [DRMINST.dll] ->
Supprimé : [EncodeDivXExt.dll] ->
Supprimé : [front.exe] ->
Supprimé : [GBROWSER.DLL] ->
Supprimé : [htmlmm.ocx] ->
Supprimé : [ishscan.dll] ->
Supprimé : [javai.dll] ->
Supprimé : [jvm_g.dll] ->
Supprimé : [mngreg32.exe] ->
Supprimé : [mscoree.dll] ->
Supprimé : [mscorwks.dll] ->
Supprimé : [mso.dll] ->
Supprimé : [NeVideoFX.dll] ->
Supprimé : [NSWSTE.dll] ->
Supprimé : [PMSTE.dll] ->
Supprimé : [printhse.EXE] ->
Supprimé : [ps80.EXE] ->
Supprimé : [qfinder.EXE] ->
Supprimé : [salwrap.dll] ->
Supprimé : [setup32.dll] ->
Supprimé : [symlcnet.dll] ->
Supprimé : [tcore_ebook.dll] ->
Supprimé : [ua80.EXE] ->
Supprimé : [ums.dll] ->
Supprimé : [vbe6.dll] ->
Supprimé : [xlmlEN.dll] ->
Supprimé : [_INSTPGM.EXE] ->
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
scanning jobs ...
scanning processes ...
scanning threads ...
scanning modules in svchost.exe...
scanning modules in services.exe...
scanning modules in explorer.exe...
restoring services BITS, wuauserv, ERSvc, WerSvc
Service BITS autorun restored
Service wuauserv autorun restored
Service ERSvc autorun restored
Service ERSvc started
restoring show hidden and system files
restoring SafeBoot registry node
Restoring safe/network boot registry branches for windows XP
scanning C:\windows\system32 ...
scanning C:\Program Files\Internet Explorer\ ...
scanning C:\Program Files\Movie Maker\ ...
scanning C:\Program Files\Windows Media Player\ ...
scanning C:\Program Files\Windows NT\ ...
scanning C:\Documents and Settings\Administrateur\Application Data ...
scanning C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ ...
scanning C:\ ...
scanning F:\ ...
completed
Infected jobs: 0
Infected files: 0
Infected threads: 0
Splices functions: 0
Cured files: 0
Fixed registry keys: 0
Fin : 22:06:49
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Configuration
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Configuration
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
voici le rapport "OTL"
http://www.cijoint.fr/cjlink.php?file=cj201104/cijmWiFTBs.txt
voici le rapport "EXTRAS"
http://www.cijoint.fr/cjlink.php?file=cj201104/cijU7NKlGi.txt
Un peut l'on desole,en attente de la suite Merci a Toi..
http://www.cijoint.fr/cjlink.php?file=cj201104/cijmWiFTBs.txt
voici le rapport "EXTRAS"
http://www.cijoint.fr/cjlink.php?file=cj201104/cijU7NKlGi.txt
Un peut l'on desole,en attente de la suite Merci a Toi..
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\windows\System32\glut.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
========================================
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
[2009/08/19 14:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5hyko60.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}
O7 - HKU\S-1-5-21-507921405-413027322-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
[2011/03/26 13:25:23 | 000,002,850 | ---- | M] () -- C:\Documents and Settings\Administrateur\log.html
[2011/04/06 21:38:01 | 000,753,837 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Pre_scan.exe
[2011/01/18 13:30:48 | 000,000,418 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\prefsdb.dat
[2010/11/25 22:25:41 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\chrtmp
[2010/06/20 12:36:10 | 000,032,680 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\slot1.mm1
[2010/03/12 19:42:12 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\0ynqobivnepmsz24yfqlpd9vjaumiwmw41773660gl0ynqo
[2009/11/07 16:59:24 | 000,003,646 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\log.html
[2009/11/07 16:59:24 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\soundlog.html
[2009/11/07 16:59:24 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\game.ini
[2009/05/01 13:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\blg
[2011/02/17 15:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\LiveCAD3
[2009/11/23 19:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MA
[2011/01/17 12:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MA2
[2011/02/17 15:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\UNDEFINED
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:500F73A8
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:270A3983
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD9109D4
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FA4CB99
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1195DD
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2832349A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAFEC4B9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35FAD15D
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23834E1E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D186293
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48977386
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C528C86
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50636E35
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0441DB7A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED796303
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BFB769D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8917A3FD
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\windows\System32\glut.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
========================================
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
[2009/08/19 14:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5hyko60.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}
O7 - HKU\S-1-5-21-507921405-413027322-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
[2011/03/26 13:25:23 | 000,002,850 | ---- | M] () -- C:\Documents and Settings\Administrateur\log.html
[2011/04/06 21:38:01 | 000,753,837 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Pre_scan.exe
[2011/01/18 13:30:48 | 000,000,418 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\prefsdb.dat
[2010/11/25 22:25:41 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\chrtmp
[2010/06/20 12:36:10 | 000,032,680 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\slot1.mm1
[2010/03/12 19:42:12 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\0ynqobivnepmsz24yfqlpd9vjaumiwmw41773660gl0ynqo
[2009/11/07 16:59:24 | 000,003,646 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\log.html
[2009/11/07 16:59:24 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\soundlog.html
[2009/11/07 16:59:24 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\game.ini
[2009/05/01 13:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\blg
[2011/02/17 15:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\LiveCAD3
[2009/11/23 19:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MA
[2011/01/17 12:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MA2
[2011/02/17 15:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\UNDEFINED
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:500F73A8
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:270A3983
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD9109D4
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FA4CB99
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1195DD
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2832349A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAFEC4B9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35FAD15D
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23834E1E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D186293
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48977386
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C528C86
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50636E35
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0441DB7A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED796303
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BFB769D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8917A3FD
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
Bonjour , dit moi je ne comprend pas pour "Virustotal"
je doit allez dans >>C:\windows\System32\glut.dll
est a la fin ya un rapport qui doit s'affiche c'est bien ça ?
je doit allez dans >>C:\windows\System32\glut.dll
est a la fin ya un rapport qui doit s'affiche c'est bien ça ?
voici le Rapport "OTL"
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18 removed from extensions.enabledItems
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5hyko60.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-413027322-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
C:\Documents and Settings\Administrateur\log.html moved successfully.
C:\Documents and Settings\Administrateur\Bureau\Pre_scan.exe moved successfully.
C:\Documents and Settings\Administrateur\Application Data\prefsdb.dat moved successfully.
C:\Documents and Settings\Administrateur\Application Data\chrtmp moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\slot1.mm1 moved successfully.
C:\Documents and Settings\Administrateur\Application Data\0ynqobivnepmsz24yfqlpd9vjaumiwmw41773660gl0ynqo moved successfully.
C:\Documents and Settings\Administrateur\Application Data\log.html moved successfully.
C:\Documents and Settings\Administrateur\Application Data\soundlog.html moved successfully.
C:\Documents and Settings\Administrateur\Application Data\game.ini moved successfully.
C:\Documents and Settings\Administrateur\Application Data\blg\eldorado folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\blg folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\LiveCAD3 folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\MA folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\MA2 folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\UNDEFINED\UNDEFINED\5 But_5 folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\UNDEFINED\UNDEFINED folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:500F73A8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:870649A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:270A3983 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6444B424 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CD9109D4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8944C195 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5FA4CB99 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B1195DD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2832349A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FAFEC4B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:35FAD15D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A82570 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:23834E1E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6017A808 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:177313FB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D186293 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48977386 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55818279 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4C528C86 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:50636E35 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0441DB7A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED796303 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9BFB769D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8917A3FD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 228561 bytes
->Temporary Internet Files folder emptied: 6494170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 546 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4718 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92725 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 329324 bytes
Total Files Cleaned = 7,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04082011_180945
Files\Folders moved on Reboot...
C:\windows\temp\kls3B1F.tmp moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18 removed from extensions.enabledItems
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5hyko60.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-413027322-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
C:\Documents and Settings\Administrateur\log.html moved successfully.
C:\Documents and Settings\Administrateur\Bureau\Pre_scan.exe moved successfully.
C:\Documents and Settings\Administrateur\Application Data\prefsdb.dat moved successfully.
C:\Documents and Settings\Administrateur\Application Data\chrtmp moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\slot1.mm1 moved successfully.
C:\Documents and Settings\Administrateur\Application Data\0ynqobivnepmsz24yfqlpd9vjaumiwmw41773660gl0ynqo moved successfully.
C:\Documents and Settings\Administrateur\Application Data\log.html moved successfully.
C:\Documents and Settings\Administrateur\Application Data\soundlog.html moved successfully.
C:\Documents and Settings\Administrateur\Application Data\game.ini moved successfully.
C:\Documents and Settings\Administrateur\Application Data\blg\eldorado folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\blg folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\LiveCAD3 folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\MA folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\MA2 folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\UNDEFINED\UNDEFINED\5 But_5 folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\UNDEFINED\UNDEFINED folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:500F73A8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:870649A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:270A3983 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6444B424 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CD9109D4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8944C195 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5FA4CB99 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B1195DD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2832349A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FAFEC4B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:35FAD15D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A82570 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:23834E1E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6017A808 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:177313FB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D186293 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48977386 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55818279 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4C528C86 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:50636E35 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0441DB7A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED796303 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9BFB769D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8917A3FD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 228561 bytes
->Temporary Internet Files folder emptied: 6494170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 546 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4718 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92725 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 329324 bytes
Total Files Cleaned = 7,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04082011_180945
Files\Folders moved on Reboot...
C:\windows\temp\kls3B1F.tmp moved successfully.
Registry entries deleted on Reboot...
oui tu cherches le fichier avec parcourir de virus total sinon , puis tu le selectionnes puis clic sur "Send File"
a la fin de l analyse tu me donnes le lien de la page dans la barre d'adresse en haut
a la fin de l analyse tu me donnes le lien de la page dans la barre d'adresse en haut
je viens de refaire un essai avec "Virustotal"
Mais ya un message d'erreur que voie s'y >>>>>>
Erreur du serveur!
Le serveur a èté victime d'une erreur interne et n'a pas été capable de faire aboutir votre requête. Soit le server est surchargé soit il s'agit d'une erreur dans le script CGI.
Si vous pensez qu'il s'agit d'une erreur du serveur, veuillez contacter le <a href='mailto:webmaster@localhost>gestionnaire du site.
Error 500
Fri Apr 8 18:24:39 2011 https://www.virustotal.com/gui/
Mais ya un message d'erreur que voie s'y >>>>>>
Erreur du serveur!
Le serveur a èté victime d'une erreur interne et n'a pas été capable de faire aboutir votre requête. Soit le server est surchargé soit il s'agit d'une erreur dans le script CGI.
Si vous pensez qu'il s'agit d'une erreur du serveur, veuillez contacter le <a href='mailto:webmaster@localhost>gestionnaire du site.
Error 500
Fri Apr 8 18:24:39 2011 https://www.virustotal.com/gui/
