> Tous les forums > Forum Sécurité
 Ecran bleu lors de l'intallation de win Xp
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
sebecebe
  Posté le 14/07/2011 @ 07:52 
Aller en bas de la page 
Petit astucien

Bonjour,

Un laptop d'un ami a refuse de démarrer suit aux virus. J'ai voulu reinstaller mais a la premiere etape du verification de disque, c'est l'ecran bleu qui s'affiche. J'ai pri le disque dur et je l'ai scanné pour enlever les virus, mais le probleme est reste le même. J'ai ensuite utiliser mab et usbfix dont voici les log. Si quelqu'un peut m'indiquer comment je peu faire pour restaurer.

Le rapport mab

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 7112

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

13/07/2011 15:22:03
mbam-log-2011-07-13 (15-22-03).txt

Type d'examen: Examen complet (F:\|G:\|)
Elément(s) analysé(s): 216130
Temps écoulé: 20 minute(s), 18 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 63
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 24
Fichier(s) infecté(s): 36

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAx.Info (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAx.Info.1 (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBLiteSA (Adware.Hotbar) -> Value: HBLiteSA -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790675B7765A5334A190 (Malware.Trace) -> Value: SRS_IT_E8790675B7765A5334A190 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\application data\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\application data\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.384.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.384.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.384.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.384.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096} (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences (Adware.QuestScan) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\program files\HBLite\bin\11.0.384.0\HBLiteSA.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\questscan\questscan151.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
g:\documents and settings\R\Bureau\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
g:\system volume information\_restore{d0d4c289-1775-4e84-b8f1-e8133151edaf}\RP74\A0179905.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\questscan\questscan.dll (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\questscan\questscan.exe (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npclntax_hblitesa.dll (Adware.HotBar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.384.0\hblitesaax.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.384.0\hblitesahook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.384.0\hbliteuninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.384.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.384.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.384.0\firefox\extensions\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\install.rdf (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome\questscan.jar (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Quarantined and deleted successfully.

Voici le rapport Usbfix

############################## | UsbFix 7.049 | [Research]

User: Administrator (Administrator) # INFORMATIQUE [ ]
Updated 12/07/2011 by TeamXscript
Started at 07:29:33 | 14/07/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 2: Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 7.0.5730.13

Windows Firewall: Enabled
Antivirus: Sophos Anti-Virus 9.5.5 [(!) Disabled | Updated]
RAM -> 503 Mb
C:\ (%systemdrive%) -> Fixed drive # 42 Gb (5 Mb free - 12%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 33 Gb (7 Mb free - 21%) [BACKUP] # NTFS
F:\ -> Fixed drive # 98 Gb (91 Mb free - 94%) [] # NTFS
G:\ -> Fixed drive # 135 Gb (128 Mb free - 94%) [] # NTFS

################## | Files # Infected Folders |

Found ! C:\kayira.bat
Found ! C:\log.txt
Found ! F:\Faisal

################## | Registry |Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

Publicité
mipierre
 Posté le 14/07/2011 à 08:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Maître astucien

Bonjour !

C'est sur le forum Sécurité que ton sujet devrait se trouver !

Clique sur le petit triangle jaune devant toi et demande au modérateur de transférer ton sujet sur le forum SECURITE.

Ensuite, pour gagner de temps, tu peux déjà faire ceci et poster les rapports :

https://forum.pcastuces.com/aide_au_diagnostic_un_pc_infecte_pcastuces-f25s17490.htm

Un helper du Groupe Sécurité viendra t'aider !

Bon courage



Modifié par mipierre le 14/07/2011 11:18
Constance
 Posté le 14/07/2011 à 09:30 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Salut .o/

Si tu parles de réinstaller Windows, alors il est plus sûr de formater avant. Inutile de perdre du temps à chercher des virus, sinon dans les données que tu sauvegarderas avant formatage, si applicable.

À partir de là, si tu t'assures que ton disque d'installation de Windows contienne bien les pilotes pour le contrôleur (je suppose que c'est du SATA ?) du disque dur, ça devrait bien se passer.

pcastuces
 Posté le 14/07/2011 à 11:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Equipe PC Astuces
Bonjour,

Le sujet a été déplacé par la modération dans un forum plus adéquat.

Vous pouvez continuer la discussion à la suite.

A bientôt.
sebecebe
 Posté le 14/07/2011 à 12:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Fichier joint : ZHPDiag.txt

cosmao
 Posté le 14/07/2011 à 14:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour,

Hello Sebecebe,

infection qui nécessite effectivement l'intervention d'un helper !!!

Cependant, en attendant le passage d'un de ces braves et remarquables bénévoles de PCAstuces, pour un diagnostic et la délivrance d'une ordonnance ...

tu devrais publier, comme prévu, en copier-coller, un nouveau scan de Malwarebytes, car une bonne partie du premier rapport a été "labellisée" en quarantaine et suppression réussie ,

Bon courage

Evasion60
 Posté le 14/07/2011 à 15:51 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour

Bcps d'infections ciblées + P2P
OS pas à jour du tout => Grosses failles en Sécurité !

  • Télécharge Ad Remover d'El Desaparecido , C_XX & Chimay8 sur ton Bureau. Autre lien de téléchargement possible.
  • Double-clique sur l'outil pour l'exécuter (Sous Vista ou windows 7, il faut faire un clic droit et l'exécuter en tant qu'administrateur),
  • Lance la recherche et édite le rapport généré par l'outil dans ta prochaine réponse.

  • Double-clique sur Ad Remover pour exécuter l'outil (ou clic droit>Exécuter en tant qu'administrateur sous Vista et windows 7),
  • Lance le nettoyage et édite le rapport généré par l'outil dans ta prochaine réponse.

Tu as deux rapports à publier // Bonne réception



Modifié par Evasion60 le 14/07/2011 15:53
sebecebe
 Posté le 14/07/2011 à 18:21 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonjour, Voici le rapport Mbam

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 7135

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

14/07/2011 17:21:12
mbam-log-2011-07-14 (17-21-12).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 161873
Temps écoulé: 14 minute(s), 24 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Evasion60
 Posté le 14/07/2011 à 18:29 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Salut

... J'attends la suite demandée

A te lire

sebecebe
 Posté le 14/07/2011 à 18:46 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Voici le rapport AD-REMOVER

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 18:43:35 on 14/07/2011, Normal boot

Microsoft Windows XP Professionnel Service Pack 2 (X86)
Administrator@INFORMATIQUE ( )

============== SEARCH ==============


Folder found: C:\Documents and Settings\Administrator\Application Data\ItsLabel

Key found: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key found: HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Key found: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key found: HKLM\Software\Classes\Interface\{03C390E8-B836-4B82-8D56-1BFDDC06AE8A}
Key found: HKLM\Software\Classes\Interface\{2C4470A2-E099-4B9E-ABFE-BBA56D046AFD}
Key found: HKLM\Software\Classes\Interface\{391769AE-D8EC-45EC-967D-F5120456E514}
Key found: HKLM\Software\Classes\Interface\{39AEF150-C270-4690-AE7D-955E51BC8960}
Key found: HKLM\Software\Classes\Interface\{7C7B253C-967B-4385-901B-06873371B3CF}
Key found: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Key found: HKLM\Software\Classes\Interface\{9F598C4D-E2FB-455C-9486-6AD3405620F2}
Key found: HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Key found: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Key found: HKLM\Software\Classes\Interface\{CD73B1AB-3403-4E47-B196-517C57BE76A2}
Key found: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Key found: HKLM\Software\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Key found: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Key found: HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Key found: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Key found: HKLM\Software\Classes\SearchSettings.BHO
Key found: HKLM\Software\Classes\SearchSettings.BHO.1
Key found: HKLM\Software\ItsLabel
Key found: HKCU\Software\Dealio
Key found: HKCU\Software\ItsLabel
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dealio
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EoRezo
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ItsLabel
Key found: HKLM\Software\Classes\Installer\Products\81337C0DA4B761D40A4CB3380F57AE88
Key found: HKLM\Software\Classes\Installer\Products\C8465016C3C0D184C811F194256DBF35
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\C8465016C3C0D184C811F194256DBF35
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95779DE6-DDEF-479F-BBDD-580C15847694}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6105648C-0C3C-481D-8C11-1F4952D6FB53}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}

Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.6.18 (fr)] ****

Plugins\npdivx32.dll (DivX,Inc.)
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
Plugins\npmozax.dll (?)
HKLM_MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 (x)
HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x)
Components\nsAxSecurityPolicy.js

-- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\7sjm72cj.default --
Extensions\{B13721C7-F507-4982-B2E5-502A71474FED} (Skype extension for Firefox )
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrator\\My Documents\\NAS
Prefs.js - browser.search.selectedEngine, Yahoo
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.18
Prefs.js - keyword.URL, hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=

========================================

**** Internet Explorer Version [7.0.5730.13] ****

HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://www.yahoo.fr/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://www.msn.com/
HKCU_SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} - "QuestScan" (hxxp://www.questscan.com/?prt=QstscanPB&keywords={searchTerms})
HKCU_SearchScopes\{95779DE6-DDEF-479F-BBDD-580C15847694} - "Dealio" (hxxp://www.dealio.com/products.html?kwd={searchTerms})
HKCU_Toolbar\ShellBrowser|{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (x)
HKCU_Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} (C:\Program Files\Dealio\kb127\Dealio.dll) (x)
HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Program Files\Internet Download Manager\IEMonitor.exe (x)
HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (x)
HKLM_ElevationPolicy\{769EC764-9863-4baf-B009-B568A7345832} - C:\Program Files\HP\HP UT\hppusg.exe (x)
HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (x)
HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "Create Mobile Favorite" (C:\PROGRA~1\MICROS~3\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - "Sophos Web Content Scanner" (C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll)
BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)

C:\Ad-Report-SCAN[1].txt - 14/07/2011 18:43:56 (5935 Byte(s))

End at: 18:45:34, 14/07/2011

============== E.O.F ==============

Evasion60
 Posté le 14/07/2011 à 19:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re

... Bien la suite maintenant avec AD-Remover => " Nettoyage "
Poste son rapport / STP

A te lire

sebecebe
 Posté le 15/07/2011 à 07:51 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien
Voici l'aure rapport de AD-REMOVER Clean ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 07:23:51 on 15/07/2011, Normal boot Microsoft Windows XP Professionnel Service Pack 2 (X86) Administrator@INFORMATIQUE ( ) ============== ACTION(S) ============== Folder deleted: C:\Documents and Settings\Administrator\Application Data\ItsLabel (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb} Key deleted: HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082} Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff} Key deleted: HKLM\Software\Classes\Interface\{03C390E8-B836-4B82-8D56-1BFDDC06AE8A} Key deleted: HKLM\Software\Classes\Interface\{2C4470A2-E099-4B9E-ABFE-BBA56D046AFD} Key deleted: HKLM\Software\Classes\Interface\{391769AE-D8EC-45EC-967D-F5120456E514} Key deleted: HKLM\Software\Classes\Interface\{39AEF150-C270-4690-AE7D-955E51BC8960} Key deleted: HKLM\Software\Classes\Interface\{7C7B253C-967B-4385-901B-06873371B3CF} Key deleted: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3} Key deleted: HKLM\Software\Classes\Interface\{9F598C4D-E2FB-455C-9486-6AD3405620F2} Key deleted: HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A} Key deleted: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110} Key deleted: HKLM\Software\Classes\Interface\{CD73B1AB-3403-4E47-B196-517C57BE76A2} Key deleted: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} Key deleted: HKLM\Software\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} Key deleted: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A} Key deleted: HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F} Key deleted: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} Key deleted: HKLM\Software\Classes\SearchSettings.BHO Key deleted: HKLM\Software\Classes\SearchSettings.BHO.1 Key deleted: HKLM\Software\ItsLabel Key deleted: HKCU\Software\Dealio Key deleted: HKCU\Software\ItsLabel Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dealio Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EoRezo Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ItsLabel Key deleted: HKLM\Software\Classes\Installer\Products\81337C0DA4B761D40A4CB3380F57AE88 Key deleted: HKLM\Software\Classes\Installer\Products\C8465016C3C0D184C811F194256DBF35 Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88 Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\C8465016C3C0D184C811F194256DBF35 Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95779DE6-DDEF-479F-BBDD-580C15847694} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6105648C-0C3C-481D-8C11-1F4952D6FB53} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.18 (fr)] **** Plugins\npdivx32.dll (DivX,Inc.) Plugins\npDivxPlayerPlugin.dll (DivX, Inc) Plugins\npmozax.dll (?) HKLM_MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 (x) HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x) Components\nsAxSecurityPolicy.js -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\7sjm72cj.default -- Extensions\{B13721C7-F507-4982-B2E5-502A71474FED} (Skype extension for Firefox ) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrator\\My Documents\\NAS Prefs.js - browser.search.selectedEngine, Yahoo Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.18 Prefs.js - keyword.URL, hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords= ======================================== **** Internet Explorer Version [7.0.5730.13] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} - "QuestScan" (hxxp://www.questscan.com/?prt=QstscanPB&keywords={searchTerms}) HKCU_Toolbar\ShellBrowser|{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (x) HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Program Files\Internet Download Manager\IEMonitor.exe (x) HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (x) HKLM_ElevationPolicy\{769EC764-9863-4baf-B009-B568A7345832} - C:\Program Files\HP\HP UT\hppusg.exe (x) HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (x) HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?) HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "Create Mobile Favorite" (C:\PROGRA~1\MICROS~3\INetRepl.dll,210) HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?) HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - "Sophos Web Content Scanner" (C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll) BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 1 File(s) C:\Program Files\Ad-Remover\Backup: 14 File(s) C:\Ad-Report-CLEAN[1].txt - 15/07/2011 07:24:11 (6071 Byte(s)) C:\Ad-Report-SCAN[1].txt - 14/07/2011 18:43:56 (6851 Byte(s)) End at: 07:25:41, 15/07/2011 ============== E.O.F ==============
sebecebe
 Posté le 15/07/2011 à 07:53 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 07:23:51 on 15/07/2011, Normal boot Microsoft Windows XP Professionnel Service Pack 2 (X86) Administrator@INFORMATIQUE ( ) ============== ACTION(S) ============== Folder deleted: C:\Documents and Settings\Administrator\Application Data\ItsLabel (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb} Key deleted: HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082} Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff} Key deleted: HKLM\Software\Classes\Interface\{03C390E8-B836-4B82-8D56-1BFDDC06AE8A} Key deleted: HKLM\Software\Classes\Interface\{2C4470A2-E099-4B9E-ABFE-BBA56D046AFD} Key deleted: HKLM\Software\Classes\Interface\{391769AE-D8EC-45EC-967D-F5120456E514} Key deleted: HKLM\Software\Classes\Interface\{39AEF150-C270-4690-AE7D-955E51BC8960} Key deleted: HKLM\Software\Classes\Interface\{7C7B253C-967B-4385-901B-06873371B3CF} Key deleted: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3} Key deleted: HKLM\Software\Classes\Interface\{9F598C4D-E2FB-455C-9486-6AD3405620F2} Key deleted: HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A} Key deleted: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110} Key deleted: HKLM\Software\Classes\Interface\{CD73B1AB-3403-4E47-B196-517C57BE76A2} Key deleted: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} Key deleted: HKLM\Software\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} Key deleted: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A} Key deleted: HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F} Key deleted: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} Key deleted: HKLM\Software\Classes\SearchSettings.BHO Key deleted: HKLM\Software\Classes\SearchSettings.BHO.1 Key deleted: HKLM\Software\ItsLabel Key deleted: HKCU\Software\Dealio Key deleted: HKCU\Software\ItsLabel Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dealio Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EoRezo Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ItsLabel Key deleted: HKLM\Software\Classes\Installer\Products\81337C0DA4B761D40A4CB3380F57AE88 Key deleted: HKLM\Software\Classes\Installer\Products\C8465016C3C0D184C811F194256DBF35 Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88 Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\C8465016C3C0D184C811F194256DBF35 Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95779DE6-DDEF-479F-BBDD-580C15847694} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6105648C-0C3C-481D-8C11-1F4952D6FB53} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.18 (fr)] **** Plugins\npdivx32.dll (DivX,Inc.) Plugins\npDivxPlayerPlugin.dll (DivX, Inc) Plugins\npmozax.dll (?) HKLM_MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 (x) HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x) Components\nsAxSecurityPolicy.js -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\7sjm72cj.default -- Extensions\{B13721C7-F507-4982-B2E5-502A71474FED} (Skype extension for Firefox ) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrator\\My Documents\\NAS Prefs.js - browser.search.selectedEngine, Yahoo Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.18 Prefs.js - keyword.URL, hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords= ======================================== **** Internet Explorer Version [7.0.5730.13] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} - "QuestScan" (hxxp://www.questscan.com/?prt=QstscanPB&keywords={searchTerms}) HKCU_Toolbar\ShellBrowser|{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (x) HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Program Files\Internet Download Manager\IEMonitor.exe (x) HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (x) HKLM_ElevationPolicy\{769EC764-9863-4baf-B009-B568A7345832} - C:\Program Files\HP\HP UT\hppusg.exe (x) HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (x) HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?) HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "Create Mobile Favorite" (C:\PROGRA~1\MICROS~3\INetRepl.dll,210) HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?) HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - "Sophos Web Content Scanner" (C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll) BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 1 File(s) C:\Program Files\Ad-Remover\Backup: 14 File(s) C:\Ad-Report-CLEAN[1].txt - 15/07/2011 07:24:11 (6071 Byte(s)) C:\Ad-Report-SCAN[1].txt - 14/07/2011 18:43:56 (6851 Byte(s)) End at: 07:25:41, 15/07/2011 ============== E.O.F ==============
Evasion60
 Posté le 15/07/2011 à 12:25 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour

Recommence à publier le rapport du nettoyage de AD-R, car celui que tu mets en ligne n'est pas visible

C:\Program Files\Ad-Remover\main.exe (CLEAN [1])

@+

sebecebe
 Posté le 15/07/2011 à 12:35 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 12:31:47 on 15/07/2011, Normal boot Microsoft Windows XP Professionnel Service Pack 2 (X86) Administrator@INFORMATIQUE ( ) ============== ACTION(S) ============== (!) -- Temporary files deleted. ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.18 (fr)] **** Plugins\npdivx32.dll (DivX,Inc.) Plugins\npDivxPlayerPlugin.dll (DivX, Inc) Plugins\npmozax.dll (?) HKLM_MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 (x) HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x) Components\nsAxSecurityPolicy.js -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\7sjm72cj.default -- Extensions\{B13721C7-F507-4982-B2E5-502A71474FED} (Skype extension for Firefox ) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrator\\My Documents\\NAS Prefs.js - browser.search.selectedEngine, Yahoo Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.18 Prefs.js - keyword.URL, hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords= ======================================== **** Internet Explorer Version [7.0.5730.13] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} - "QuestScan" (hxxp://www.questscan.com/?prt=QstscanPB&keywords={searchTerms}) HKCU_Toolbar\ShellBrowser|{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (x) HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Program Files\Internet Download Manager\IEMonitor.exe (x) HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (x) HKLM_ElevationPolicy\{769EC764-9863-4baf-B009-B568A7345832} - C:\Program Files\HP\HP UT\hppusg.exe (x) HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (x) HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?) HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "Create Mobile Favorite" (C:\PROGRA~1\MICROS~3\INetRepl.dll,210) HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?) HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - "Sophos Web Content Scanner" (C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll) BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 1 File(s) C:\Program Files\Ad-Remover\Backup: 15 File(s) C:\Ad-Report-CLEAN[1].txt - 15/07/2011 07:24:11 (7053 Byte(s)) C:\Ad-Report-CLEAN[2].txt - 15/07/2011 12:31:57 (2823 Byte(s)) C:\Ad-Report-SCAN[1].txt - 14/07/2011 18:43:56 (6851 Byte(s)) End at: 12:33:18, 15/07/2011 ============== E.O.F ==============
Evasion60
 Posté le 15/07/2011 à 12:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re

Tu vois bien que je ne peux rien lire

Relance ZHPDiag et héberge son rapport / STP

@+

Page : [1] 
Page 1 sur 1

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
42,99 €Disque dur Seagate BarraCuda 2 To à 42,99 €
Valable jusqu'au 02 Décembre

Cdiscount propose actuellement le disque dur Seagate BarraCuda - 2 To (ST2000DM008) à 42,99 €. On le trouve ailleurs autour de 60 €. Ce disque dur 3.5 pouces SATA III tourne à 7200tr/min et possède 64Mo de cache. 


> Voir l'offre
74,99 €Kit de 16 Go (2x8 Go) de mémoire DDR4 Corsair Vengeance RGB RS 3600 MHz à 74,99 €
Valable jusqu'au 02 Décembre

Cdiscount fait une promotion sur le kit de 16 Go (2x8 Go) de mémoire DDR4 Corsair Vengeance RGB RS 3600 MT/s CL18 à 74,99 € alors qu'on le trouve ailleurs autour de 110 €. Vous pourrez personnaliser la palette de couleurs directement depuis le logiciel Corsair iCU.


> Voir l'offre
78,99 €Kit de 16 Go (2x8Go) de mémoire DDR4 Crucial Ballistix 3600 MHz RGB à 78,99 €
Valable jusqu'au 02 Décembre

Amazon fait une promotion sur le kit de 16 Go (2x8 Go) de mémoire DDR4 Crucial Ballistix 3600 MT/s CL16 à 78,99 € alors qu'on le trouve ailleurs à partir de 100 €. Vous pourrez personnaliser la palette de couleurs de votre ordinateur avec 16 LED RGB dans 8 zones sur chaque module. Disponible aussi en blanc.


> Voir l'offre

Sujets relatifs
ecran bleu lors de WOT : Rapport ZHPDiag&Mbam
Infection Pc Ecran bleu lors du lancement internet
ecran bleu lors d'un scan
Ecran bleu/redémarrage lors de la connexion à MSN
Ecran Bleu
Ecran bleu
Crash écran bleu
Crash Dump écran bleu
Ecran bleu des que j'ouvre une video.
Ecran bleu intempestif
Plus de sujets relatifs à Ecran bleu lors de l''intallation de win Xp
 > Tous les forums > Forum Sécurité