Declic pc perso

http://pjjoint.malekal.com/files.php?id=20120414_b9k10z14w5w14

je pense que cest plutot cela le bon extra^^

desinstalle sohtonic france toolbar

====================

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
IE - HKLM\..\URLSearchHook: {c41be492-d9e6-4262-a0bd-e8cf6dc4208d} - C:\Program Files\Softonic.France\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1700073893-396293525-2276983436-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://jerecherche.org/
IE - HKU\S-1-5-21-1700073893-396293525-2276983436-1000\..\URLSearchHook: {c41be492-d9e6-4262-a0bd-e8cf6dc4208d} - C:\Program Files\Softonic.France\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1700073893-396293525-2276983436-1000\..\SearchScopes\{7810e050-5bae-4a21-a2b1-e47b12524cc2}: "URL" = http://www.searcheo.fr/pratique?search&q={searchTerms}
IE - HKU\S-1-5-21-1700073893-396293525-2276983436-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box
IE - HKU\S-1-5-21-1700073893-396293525-2276983436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;localhost
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
O2 - BHO: (Softonic.France Toolbar) - {c41be492-d9e6-4262-a0bd-e8cf6dc4208d} - C:\Program Files\Softonic.France\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic.France Toolbar) - {c41be492-d9e6-4262-a0bd-e8cf6dc4208d} - C:\Program Files\Softonic.France\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1700073893-396293525-2276983436-1000\..\Toolbar\WebBrowser: (Softonic.France Toolbar) - {C41BE492-D9E6-4262-A0BD-E8CF6DC4208D} - C:\Program Files\Softonic.France\tbSoft.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-1700073893-396293525-2276983436-1000\..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1700073893-396293525-2276983436-1000\..\Run: [Facemoi] C:\Facemoi\facemoi.exe File not found
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"=-

:Files
C:\Program Files\Softonic.France
C:\Users\Rosa\AppData\Local\*}
C:\Users\Rosa\AppData\Roaming\yysyw4h8d3vguofi.dat
C:\Users\Rosa\AppData\Roaming\fbbc151e
C:\ProgramData\164932a6
C:\Users\Rosa\AppData\Local\a7dc8d46
C:\Windows\system32\Tasks\RegistryBooster

:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur "Correction" pour lancer la suppression.


▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

ok je commence a desinstaller sohotonic....mais apres je refait ce que tu mas dit a mon retour car pff il faut que je lise tranquillement sourire,
merci g3n et a bientot
cordialement

(partir pour mieux revenir....) sourire

hello g3n me revoilà apres quelques jours de vacances sur mon Ile...

donc je viens de faire ce que tu m'a demander et voilà le rapport(je men sors pas trop mal heing?? ) sourire
je fais quoi maintenant??
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c41be492-d9e6-4262-a0bd-e8cf6dc4208d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c41be492-d9e6-4262-a0bd-e8cf6dc4208d}\ not found.
File C:\Program Files\Softonic.France\tbSoft.dll not found.
HKU\S-1-5-21-1700073893-396293525-2276983436-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1700073893-396293525-2276983436-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c41be492-d9e6-4262-a0bd-e8cf6dc4208d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c41be492-d9e6-4262-a0bd-e8cf6dc4208d}\ not found.
File C:\Program Files\Softonic.France\tbSoft.dll not found.
Registry key HKEY_USERS\S-1-5-21-1700073893-396293525-2276983436-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7810e050-5bae-4a21-a2b1-e47b12524cc2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7810e050-5bae-4a21-a2b1-e47b12524cc2}\ not found.
Registry key HKEY_USERS\S-1-5-21-1700073893-396293525-2276983436-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKU\S-1-5-21-1700073893-396293525-2276983436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "localhost" removed from network.proxy.no_proxies_on
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41be492-d9e6-4262-a0bd-e8cf6dc4208d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c41be492-d9e6-4262-a0bd-e8cf6dc4208d}\ not found.
File C:\Program Files\Softonic.France\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c41be492-d9e6-4262-a0bd-e8cf6dc4208d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c41be492-d9e6-4262-a0bd-e8cf6dc4208d}\ not found.
File C:\Program Files\Softonic.France\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-1700073893-396293525-2276983436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C41BE492-D9E6-4262-A0BD-E8CF6DC4208D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41BE492-D9E6-4262-A0BD-E8CF6DC4208D}\ not found.
File C:\Program Files\Softonic.France\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-1700073893-396293525-2276983436-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry value HKEY_USERS\S-1-5-21-1700073893-396293525-2276983436-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\Facemoi not found.
File/Folder C:\Windows\System32\*.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wireless Console 3 not found.
========== FILES ==========
File\Folder C:\Program Files\Softonic.France not found.
C:\Users\Rosa\AppData\Local\{01826482-E4F1-4484-9D75-0F05933F5831} folder moved successfully.
C:\Users\Rosa\AppData\Local\{08ABDCCE-4AB4-465E-A75C-6D9FFB35C961} folder moved successfully.
C:\Users\Rosa\AppData\Local\{35CCB57C-471D-48B3-AA27-E31485CDEAC1} folder moved successfully.
C:\Users\Rosa\AppData\Local\{3A84AE49-981F-45D9-8643-82DFF3D213D3} folder moved successfully.
C:\Users\Rosa\AppData\Local\{65BF76C2-556C-4223-A6F3-D908E6C26D5B} folder moved successfully.
C:\Users\Rosa\AppData\Local\{A2AFFB6B-182B-4EE5-A876-7687F220C73C} folder moved successfully.
C:\Users\Rosa\AppData\Local\{B355F11E-568C-418F-8BBE-51DCC2E841E3} folder moved successfully.
C:\Users\Rosa\AppData\Local\{E2A0342E-391F-4985-9342-2603876F1EEA} folder moved successfully.
C:\Users\Rosa\AppData\Local\{FD19CD9F-8E97-4319-89DE-4C91760A7511} folder moved successfully.
File\Folder C:\Users\Rosa\AppData\Roaming\yysyw4h8d3vguofi.dat not found.
File\Folder C:\Users\Rosa\AppData\Roaming\fbbc151e not found.
File\Folder C:\ProgramData\164932a6 not found.
File\Folder C:\Users\Rosa\AppData\Local\a7dc8d46 not found.
File\Folder C:\Windows\system32\Tasks\RegistryBooster not found.
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Public

User: Rosa
->Temp folder emptied: 137942 bytes
->Temporary Internet Files folder emptied: 2807334 bytes
->Java cache emptied: 183015 bytes
->FireFox cache emptied: 85952079 bytes
->Flash cache emptied: 3131003 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19881636 bytes
RecycleBin emptied: 12622 bytes

Total Files Cleaned = 107,00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04202012_162826

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000000EDCF751A0C115F007 not found!

Registry entries deleted on Reboot...

tu l'as fait plusieurs fois ?

arff tu vois tout... je l avais fait avant de partir mais,il a eteinds mais jamais redemarrer,et donc pas de rapport a l allumage fait par moi.....

y'a un truc qui me chagrine....il y est encore ce dossier ?

c:\windows\$ntuninstallkb23388$
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_Scan_Concept_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

il est dans la liste en premier dans windows,en bleu 0 octets
pourquoi cela te chagrine??
Bon ,je n ai pas envie mais vais bosser ,je regarderai a mon retour(15h)
bon reveil!!sourire

ok tu regarderas si tu y as accès...

merci :)

bé j ai regarder et non je ne suis pas autorisee......

utilise ceci :

http://forums-fec.be/gen-hackman/Opener.exe

colle ca dedans :

c:\windows\$ntuninstallkb23388$

le dossier va s'ouvrir , fais une capture d'ecran de ce qu il contient

==

Note :

Attention , cet outil supprime toutes les sécurités des dossiers inaccessibles via windows pour l'être par la suite !

===

tiens-moi au jus :)

malgres cela il refuse de me louvrir,une fenetre me dit" pour acceder a ce dossier vous devez ouvrir l onglet de securité" et là.. que dois je cocher??? je prefere attendre ta repon,se

bizarre ca , j'arrive à puvrir la restauration systeme avec.....;

bizarre vous avez dit bizarre.....euhhh tu comprends que moi je suis depasser totalement ,sourire suis blonde mais j ai fait comme tu as dit et ...impossible d y acceder ,c'est quoi ce dossier dis moi??

le dossier où y'avait l'infection....

ah oui...c est embetant de ne pas pouvoir l ouvrir alors??
as tu d autres fleches dans ton arc ou on laisse comme cela??
tu es quand meme super balaise suis vraiment bluffer par ton savoir sur l informatique et je uis tes aides et pffff suis bluffee...

▶ Télécharge : Gmer (by Przemyslaw Gmerek) clique sur "Download EXE" et enregistre-le sur ton bureau

Desactive toutes tes protections le temps du scan de gMer

Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."

▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

bon... j ai fait ce que tu as dit et,le programme a cesser de fonctionner ,quand j ai fermer la fenetre l ordi a fait ecran bleu et a redemarrer ,j ai recommencer et rebelote "le programme a cesser de fonctionner" j ai regarder a partir ou il en etait et
DEVIco\HACDDISK Volume shadow Copy1

ok recommence en mode sans echec......

levoici cela a ete long a scanner ;donc je vais me coucher demain 5h debout....


merci pour tout



bonGMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-22 01:04:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005f Hitachi_ rev.FB4O
Running: jwg77nk6.exe; Driver: C:\Users\Rosa\AppData\Local\Temp\kwrdakob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/ASUSTek Computer Inc)

Device \FileSystem\fastfat \Fat 9A6B1A7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\FVXSCSI\Parameters\PnpInterface@0 1
Reg HKLM\SYSTEM\ControlSet003\Services\FVXSCSI\Parameters\PnpInterface@0 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB967723_client_2~31bf3856ad364e35~x86~~6.0.1.7 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_181_for_KB967723~31bf3856ad364e35~x86~~6.0.1.7 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB970653~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB970653_client_2~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_190_for_KB970653~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB976098~31bf3856ad364e35~x86~~6.0.1.1 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB976098_client_2~31bf3856ad364e35~x86~~6.0.1.1 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_190_for_KB976098~31bf3856ad364e35~x86~~6.0.1.1 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB979306~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB979306_client_2~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_190_for_KB979306~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB981793~31bf3856ad364e35~x86~~6.0.1.1 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB981793_client_2~31bf3856ad364e35~x86~~6.0.1.1 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_190_for_KB981793~31bf3856ad364e35~x86~~6.0.1.1 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB2158563~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB2158563_client_2~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_190_for_KB2158563~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB2443685~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB2443685_client_2~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_190_for_KB2443685~31bf3856ad364e35~x86~~6.0.1.0 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB2570791~31bf3856ad364e35~x86~~6.0.1.1 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_for_KB2570791_client_2~31bf3856ad364e35~x86~~6.0.1.1 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Package_133_for_KB948465^J:
@Package_38_for_KB2570791~31bf3856ad364e35~x86~~6.0.1.1 2

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Windows\$NtUninstallKB23388$\2148856129 0 bytes
File C:\Windows\$NtUninstallKB23388$\489506417 0 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\@ 2048 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\bckfg.tmp 860 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\cfg.ini 184 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\keywords 189 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\L 0 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\L\qnbwvoto 273408 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\U 0 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB23388$\489506417\U\80000032.@ 77312 bytes

---- EOF - GMER 1.0.15 ----