Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par El Desaparecido
#33534
Re,

Rien de ce coté là  non plus.

Voila ce que je vais faire, demain je relis ton sujet de A à  Z et je vais essayer de comprendre ce qu'il se passe avec cet écran noir.

@ demain donc ;)
Avatar du membre
par g3n-h@ckm@n
#33725
hello
  • Copie le script ci dessous :
    Code : Tout sélectionner
    HKCU\Software
    HKLM\Software
    HKCU\Software\Microsoft\Command Processor /s
    HKLM\Software\Microsoft\Command Processor /s
    %Homedrive%\*
    %Homedrive%\*.
    %Userprofile%\*
    %Userprofile%\*.
    %Allusersprofile%\*
    %Allusersprofile%\*.
    %LocalAppData%\*
    %LocalAppData%\*.
    %Userprofile%\Local Settings\Application Data\*
    %Userprofile%\Local Settings\Application Data\*.
    %programFiles%\*
    %programfiles%\Google\Desktop\Install /s
    %programFiles%\*.
    %Systemroot%\Installer\*.
    %Systemroot%\Temp\*.exe /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\system32\*.in*
    %systemroot%\Tasks\*
    %systemroot%\Tasks\*.
    %systemroot%\system32\Tasks\*
    %systemroot%\system32\Tasks\*.
    %systemroot%\system32\drivers\*.sy* /lockedfiles
    %systemroot%\system32\config\*.exe /s
    %Systemroot%\ServiceProfiles\*.exe /s
    %systemroot%\system32\*.sys
    dir %Homedrive%\* /S /A:L /C
    msconfig
    activex
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    volsnap.sys
    atapi.sys
    ndis.sys
    cdrom.sys
    i8042prt.sys
    iastor.sys
    tdx.sys
    netbt.sys
    afd.sys
    /md5stop
    netsvcs
    safebootminimal
    safebootnetwork
    CREATERESTOREPOINT
  • Lance OTL, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Coche/Sélectionne les cases comme l'image ci dessous
  • Colle le Script copié plus haut dans la partie inférieure d'OTL "Personnalisation"
  • Clique sur Analyse

    Image
  • Une fois le scan terminé 1 ou 2 rapports vont s'ouvrir OTL.txt et Extras.txt.
  • Héberge les rapports OTL.txt et Extras.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    Note : Au cas oà¹, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

    En cas de problème avec SOSUpload, utiliser Cjoint
Avatar du membre
par g3n-h@ckm@n
#36679
tu n'as pas suivi les indications de configuration :)
Avatar du membre
par g3n-h@ckm@n
#37208
regarde bien l'image :)
Avatar du membre
par g3n-h@ckm@n
#37349
désinstalle Antivir via le panneau de configuration
désinstalle Java 6 Update 11
désinstalle Avira SearchFree Toolbar si encore present
désinstalle Adobe Reader 9.5.5
desinstalle Adobe Flash Player 11
==

utilise ceci pour virer les restes :

http://www.avira.com/fr/download-start/ ... trycleaner" onclick="window.open(this.href);return false;

==

si OTL est encore ouvert , ferme-le puis réouvre-le.

sélectionne et copie tout le texte ci-dessous :
Code : Tout sélectionner
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
SRV - [2013/12/20 22:02:25 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)     
IE - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\URLSearchHook: {3f1fbbdd-1444-4838-b1b7-726d9bcf32ab} - No CLSID value found
IE - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\SearchScopes\{56C66321-CEC8-48DE-8F82-CBCAC73304DA}: "URL" = http://search.avg.com/?d=4d791b5d&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1 
IE - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}     
FF - prefs.js..network.proxy.no_proxies_on: "*.local" 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)     
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\gigi\Program Files\DNA\plugins\npbtdna.dll File not found
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\gigi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll     
CHR - plugin: Interest Recognizer for Widestream6 (Enabled) = C:\Users\gigi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioliciekajfgilkenamlbghbpgpipdm\3.0.1474.124_0\widestream6_air_chrome.dll 
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll     
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\gigi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm\30.1_0\ 
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) 
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) 
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\Toolbar\WebBrowser: (no name) - {3F1FBBDD-1444-4838-B1B7-726D9BCF32AB} - No CLSID value found.
O3 - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM\..\Run: [Acer Tour]  File not found
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) 
O4 - HKLM\..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)     
O4 - HKLM\..\Run: [VNT] C:\Program Files\VNT\vntldr.exe (APN LLC.) 
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\Run: [Acer Tour Reminder]  File not found
O4 - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\Run: [ie9installer] C:\Users\gigi\AppData\Local\Temp\iesetup-vista-x86.exe /restart /noshortcut File not found
O4 - HKU\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18\..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-21-3042588619-2045359741-2402997920-1000\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://www.funlabo.com/moto/jeu-de-motocross.htm" File not found
O4 - Startup: C:\Users\gigi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk =  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)     
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)     
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)     
O33 - MountPoints2\{233820db-3f03-11df-b976-001d923fb511}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\launcher.exe 
O33 - MountPoints2\{70972822-0573-11df-9063-001d923fb511}\Shell\Auto\command - "" = AdobeR.exe e 
O33 - MountPoints2\{70972822-0573-11df-9063-001d923fb511}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\ 
O33 - MountPoints2\{70972fb6-0573-11df-9063-001d923fb511}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\copy.exe 
O33 - MountPoints2\{7cbffe47-274b-11e2-a05b-001d923fb511}\Shell\Auto\command - "" = Start.exe 
O33 - MountPoints2\{7cbffe47-274b-11e2-a05b-001d923fb511}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\ 
O33 - MountPoints2\{a526c8b4-bccb-11df-891a-001d923fb511}\Shell - "" = AutoRun 
O33 - MountPoints2\{a526c8b4-bccb-11df-891a-001d923fb511}\Shell\AutoRun\command - "" = K:\USBAutoRun.exe     
O33 - MountPoints2\{d2862c1f-12ba-11e1-b0ec-001d923fb511}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Icône AOL.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.)     
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station N.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^gigi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk -  - File not found
MsConfig - StartUpReg: [b]Acer Empowering Technology Monitor[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]hztugab[/b] - hkey= - key= -  File not found
[2014/01/16 23:31:17 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% 
[2014/01/16 15:48:27 | 000,000,000 | ---D | C] -- C:\Users\gigi\AppData\Local\VNT     
[2014/01/16 15:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\VNT     
[2014/01/16 15:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork     
[2014/01/16 15:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork     
[2014/01/16 15:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\APN     
[2014/01/16 11:48:38 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat 
[2014/01/16 11:48:38 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat 
[2012/12/29 20:16:47 | 102,315,992 | ---- | C] () -- C:\Program Files\avast_free_antivirus_setup.exe 
O4 - HKU\S-1-5-18..\Run: [msnmsgr] C:\Program Files\Windsenger\msnmsgr.exe (Microsoft Corporation)
[2012/02/07 03:49:20 | 000,000,237 | ---- | M] () -- C:\user.js     
[2009/08/31 07:46:29 | 000,000,000 | ---D | M] -- C:\2aeeb3bd135c61694a4285 
[2009/06/28 09:58:58 | 000,000,000 | ---D | M] -- C:\b3ca4590d221f3e5381e38aa 
[2013/04/16 16:56:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy 
[2011/07/11 18:42:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\{9CD61942-8DA1-4781-925C-4FE1471E0820}     
[2014/01/21 10:22:12 | 000,000,000 | ---D | M] -- C:\Users\gigi\AppData\Local\messengerdusexe     
[2014/01/21 10:22:15 | 000,000,000 | ---D | M] -- C:\Users\gigi\AppData\Local\VNT     
[2010/07/27 01:15:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1CD4D45E-4851-496D-840F-2C2E752ECFB7}     
[2010/03/14 21:35:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}     
[2010/03/14 21:36:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{38470B46-9BF1-40AE-A588-F6AD6D1C2D42}     
[2010/07/27 01:16:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{835525BE-63BD-4EC4-9425-00CEAD4849C2}     
[2010/07/27 01:15:24 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DA95E878-B181-4366-A433-6145592707A8}     
[2008/01/03 15:10:51 | 000,506,817 | ---- | M] () -- C:\Windows\system32\autorun.inf 
[2014/01/16 13:50:56 | 000,003,596 | ---- | M] () -- C:\Windows\system32\Tasks\Ad-Aware Update (Weekly) 
[2009/08/04 16:28:37 | 000,003,368 | ---- | M] () -- C:\Windows\system32\Tasks\RunAsStdUser Task for VeohWebPlayer 
DRV - [2013/11/08 17:48:39 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)     
DRV - [2013/10/23 05:56:03 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)     
DRV - [2013/10/23 05:56:03 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)     
DRV - [2013/10/23 05:56:03 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)     
DRV - [2013/10/23 05:56:03 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)     
DRV - [2013/10/23 05:56:03 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)     
DRV - [2013/10/23 05:56:03 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)     
DRV - [2013/10/23 05:56:03 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)     
DRV - [2013/08/30 08:48:11 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)     

:reg
[-HKEY_CURRENT_USER\Software\AskPartnerNetwork]     
[-HKEY_CURRENT_USER\Software\Messengerdusexe]     
[-HKEY_CURRENT_USER\Software\VNT]     
[-HKEY_LOCAL_MACHINE\Software\56283125] 
[-HKEY_LOCAL_MACHINE\Software\AskPartnerNetwork]     
[-HKEY_LOCAL_MACHINE\Software\AVAST Software]     
[-HKEY_LOCAL_MACHINE\Software\AVG]     
[-HKEY_LOCAL_MACHINE\Software\Avira] 
[-HKEY_LOCAL_MACHINE\Software\McAfee.com] 
[-HKEY_LOCAL_MACHINE\Software\Safer Networking Limited]     
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 
"DisableMonitoring"=DWORD:0  
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] 
"EnableFirewall"=DWORD:0

:Files
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\*
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:15024E60 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A724744F 

:commands
[emptytemp]

colle-le sous "personnalisation" dans OTL et clique sur correction , puis poste le rapport
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)