Plus possible de naviguer sur Internet

[bernard53]

Ne t'inquiètes pas fred987 on va l'avoir se zoneAlarm

 

fait ceci pour les restes.

 

Télécharge >>OTM<< (de Old_Timer) sur ton Bureau.

 

 

>> Pour VISTA : Clic-droit et choisis "Exécuter en tant qu'administrateur".

 

>> AVAST reconnait ce logiciel comme un intrus, donc le désactiver le temps des manipulations.

 

Double-clique sur OTM pour le lancer.

 

Copie la liste qui se trouve en citation ci-dessous:

:Reg

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\e8af00f9-a9cf-4f04-81ac-2d168bad87a1]

"AppPath"=-

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\e8af00f9-a9cf-4f04-81ac-2d168bad87a1]

"AppName"=-

[-HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar]

[HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi]

"Description"=-

[HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi]

"Product"=-

[HKLM\System\ControlSet001\Services\vsdatant\Parameters]

"InstallDirDevice"=-

[HKLM\System\ControlSet001\Services\vsdatant\Parameters]

"InstallDirDrive"=-

[HKLM\System\ControlSet003\Services\vsdatant\Parameters]

"InstallDirDevice"=-

[HKLM\System\ControlSet003\Services\vsdatant\Parameters]

"InstallDirDrive"=-

[HKLM\System\CurrentControlSet\Services\vsdatant\Parameters]

"InstallDirDevice"=-

[HKLM\System\CurrentControlSet\Services\vsdatant\Parameters]

"InstallDirDrive"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Search Assistant\ACMru\5603]

"000"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Search Assistant\ACMru\5603]

"001"=-

[-HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ZoneAlarm]

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\Documents and Settings\Alexandra\Bureau\zaSetup_92_091_000_fr.exe"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB7F.tmp"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\zauninst.exe"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB6.tmp"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\Documents and Settings\Alexandra\Bureau\zaSetup_92_105_000_fr.exe"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB26.tmp"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031111~1\ZAFFSE~1.EXE"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB48.tmp"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB4.tmp"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031111~2\ZAFFSE~1.EXE"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB10.tmp"=-

[HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031211~2\ZAFFSE~1.EXE"=-

[-HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Zone Labs\zonealarm]

:Files

C:\Documents and Settings\Alexandra\Cookies\alexandra@download.zonealarm

:Commands

[emptytemp]

 

et colle-la dans le cadre de gauche de OTM sous ceci:

 

 

Clique sur pour lancer la suppression.

attendre la fin du travail de l'outil puis fermer OTM

 

Le résultat apparaitra dans le cadre Results.

Clique sur Exit pour fermer.

Poste le rapport situé dans C:\_OTM\MovedFiles\06092009_130526.log "Exemple"

 

NB: Il te sera peut-être demandé de redémarrer le pc pour achever la suppression.

si c'est le cas accepte par Oui/Yes.

[fred987]

Bonjour Bernard53,

Merci pour votre aide et votre patience (la mienne commence à être à bout)

Voici le rapport OTM. Visiblement, ZA a disparu (en tout cas, je n'ai plus le message d'erreur qui apparaissait au démarrage de mon ordi. ). Ouf...Par curiosité, j'ai recommencé un rapport SEAF, des lignes avec ZA apparaissent toujours ?

Malheureusement, je n'arrive toujours pas à naviguer, la connexion semble se faire mais j'ai toujours l'erreur de chargement de page et délai d'attente dépassé. Qd je me déconnecte, j'ai le message d'une connectivité limitée...j'ai donc appelé mon FAI ….Après de multiples manipulations (winsock reset....), au moment d'aller sur mon panneau de configuration, j'ai eu un message d'erreur drwtsn32.exe. La personne de la FAI m'a alors indiqué qu'il s'agissait d'un virus ??????....Qu'en pensez-vous ? Que dois-je faire pour me débarrasser de ce « truc » ?

Merci par avance .

[bernard53]

Deux choses alors.

 

1-Mets moi ton nouveau rapport SEAF qui doit juste voir les lignes supprimer dans OTM je pense.

 

2-

j'ai eu un message d'erreur drwtsn32.exe. La personne de la FAI m'a alors indiqué qu'il s'agissait d'un virus ??????.

Pas de soucis cela n'est pas un virus mais un outil de diagnostique de Microsoft.

 

Dr Watson est un outil de diagnostic qui rassemble des informations concernant votre ordinateur lorsqu'un programme rencontre un problème. Par la suite vous pouvez consulter un rapport permettant d’identifier la cause du problème. Il peut être stoppé sans danger.

 

pour la connexion limité tu as du faire ceci je pense.

 

Windows XP SP2 - Connectivité limitée ou inexistante

 

 

vérifies ceci aussi.

 

Démarre IE--outils--options internet --onglet connexion. As tu ceci.

 

[fred987]

Re,

Gloups, je me rends compte que j'ai oublié de vous copier le rapport OTM ;-(....J'ajoute le rapport SEAF

 

Pour ma connexion limitée,oui, l'assistance technique m'a fait faire toutes les manips du lien qeue vous m'avez indiqué. La personne a bloqué qd je lui ai parlé du « Dr watson » qu'elle m' a présenté comme un virus qui bloque ma navigation...?! après une dernière manip (je crois que c'était la commande ping ), elle m' a proposé de passer sur une assistance payante pour supprimer ce « virus ». Comme j'avais un doute 'suite à toutes les manips que vous m'aviez fait faire, je lui ai dit que j'allais me renseigner.... elle m'a répondu qu'il fallait supprimer ce virus puis faire un reset usin de la box...il me recontacte vendredi pour me proposer leur aide à distance (payante)

3/ oui pour IE, Options internet, j'ai bien la même fenêtre qu'indiquée (l'assistance technique m' a fait supprimer une connexion par défaut qui existait alors)

 

Rapport OTM

 

All processes killed

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ZoneAlarm\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Zone Labs\zonealarm]:Files C:\Documents and Settings\Alexandra\Cookies\alexandra@download.zonealar\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Alexandra

->Temp folder emptied: 130336747 bytes

->Temporary Internet Files folder emptied: 2061194 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 53248042 bytes

->Flash cache emptied: 2721603 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 2180136 bytes

->Temporary Internet Files folder emptied: 65670 bytes

 

User: NetworkService

->Temp folder emptied: 2110808 bytes

->Temporary Internet Files folder emptied: 40068064 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 39097 bytes

%systemroot%\System32 .tmp files removed: 1849040 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 41428933 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 25627564 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 64475 bytes

RecycleBin emptied: 227318360 bytes

 

Total Files Cleaned = 505,00 mb

 

 

OTM by OldTimer - Version 3.1.17.2 log created on 03152011_113709

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

/////////////////////////

rapport SEAF

1. ========================= SEAF 1.0.1.0 - C_XX

2.

3. Commencé à: 16:31:35 le 16/03/2011

4.

5. Valeur(s) recherchée(s):

6. zonealarm

7.

8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès

9.

10. (!) --- Recherche registre

11.

12. ====== Fichier(s) ======

13.

14.

15. "C:\Documents and Settings\Alexandra\Cookies\alexandra@download.zonealarm[1].txt" [ NOT_CONTENT_INDEXED|ARCHIVE | 281 o ]

16. TC: 05/03/2011,10:07:58 | TM: 05/03/2011,10:07:58 | DA: 05/03/2011,10:07:58

17.

18.

19. =========================

20.

21.

22. "C:\Documents and Settings\Alexandra\Cookies\alexandra@www.zonealarm[1].txt" [ NOT_CONTENT_INDEXED|ARCHIVE | 77 o ]

23. TC: 01/01/2011,13:14:24 | TM: 01/01/2011,13:14:24 | DA: 02/01/2011,12:22:17

24.

25.

26. =========================

27.

28.

29. "C:\Documents and Settings\Alexandra\Cookies\alexandra@zonealarm[1].txt" [ NOT_CONTENT_INDEXED|ARCHIVE | 325 o ]

30. TC: 04/01/2011,11:27:37 | TM: 04/01/2011,11:27:37 | DA: 13/03/2011,10:40:34

31.

32.

33. =========================

34.

35.

36.

37. ====== Entrée(s) du registre ======

38.

39.

40. [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\e8af00f9-a9cf-4f04-81ac-2d168bad87a1]

41. "AppPath"="C:\Program Files\Protection_ZoneAlarm" (REG_SZ)

42.

43. [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\e8af00f9-a9cf-4f04-81ac-2d168bad87a1]

44. "AppName"="Protection_ZoneAlarmToolbarHelper.exe" (REG_SZ)

45.

46. [HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi]

47. "Description"="ZoneAlarm Toolbar Api" (REG_SZ)

48.

49. [HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi]

50. "Product"="ZoneAlarm Toolbar" (REG_SZ)

51.

52. [HKLM\System\ControlSet001\Services\vsdatant\Parameters]

53. "InstallDirDevice"="\Device\HarddiskVolume2\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

54.

55. [HKLM\System\ControlSet001\Services\vsdatant\Parameters]

56. "InstallDirDrive"="C:\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

57.

58. [HKLM\System\ControlSet003\Services\vsdatant\Parameters]

59. "InstallDirDevice"="\Device\HarddiskVolume2\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

60.

61. [HKLM\System\ControlSet003\Services\vsdatant\Parameters]

62. "InstallDirDrive"="C:\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

63.

64. [HKLM\System\CurrentControlSet\Services\vsdatant\Parameters]

65. "InstallDirDevice"="\Device\HarddiskVolume2\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

66.

67. [HKLM\System\CurrentControlSet\Services\vsdatant\Parameters]

68. "InstallDirDrive"="C:\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

69.

70. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Search Assistant\ACMru\5603]

71. "000"="zonealarm" (REG_SZ)

72.

73. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Search Assistant\ACMru\5603]

74. "001"="zonealarm.exe" (REG_SZ)

75.

76. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

77. "C:\Documents and Settings\Alexandra\Bureau\zaSetup_92_091_000_fr.exe"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

78.

79. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

80. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB7F.tmp"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

81.

82. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

83. "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"="ZoneAlarm Client" (REG_SZ)

84.

85. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

86. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\zauninst.exe"="ZoneAlarm Uninstaller" (REG_SZ)

87.

88. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

89. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB6.tmp"="ZoneAlarm Uninstaller" (REG_SZ)

90.

91. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

92. "C:\Documents and Settings\Alexandra\Bureau\zaSetup_92_105_000_fr.exe"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

93.

94. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

95. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB26.tmp"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

96.

97. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

98. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031111~1\ZAFFSE~1.EXE"="ZoneAlarm Toolbar installation package" (REG_SZ)

99.

100. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

101. "C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe"="ZoneAlarm Client" (REG_SZ)

102.

103. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

104. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB48.tmp"="ZoneAlarm Uninstaller" (REG_SZ)

105.

106. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

107. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB4.tmp"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

108.

109. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

110. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031111~2\ZAFFSE~1.EXE"="ZoneAlarm Toolbar installation package" (REG_SZ)

111.

112. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

113. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB10.tmp"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

114.

115. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

116. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031211~2\ZAFFSE~1.EXE"="ZoneAlarm Toolbar installation package" (REG_SZ)

117.

118. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Zone Labs\zonealarm]

119. DA: 01/01/2011 13:04:25

120.

121. =========================

122.

123. Fin à: 16:33:42 le 16/03/2011

124. 251521 Éléments analysés

125.

126. =========================

127. E.O.F

[bernard53]

Très bizarre ton nouveau rapport SEAF car il est identique a la première fois.

donc supprimes s.t.p le dossier OTM puis vide la poubelle et repasse SEAF

[fred987]

Bonjour Bernard53,

 

J'obtiens la même chose après avoir supprimé OTM ? Bizarre...J'ai peut-être mal fait la manip dans OTM ?

 

 

 

 

 

 

1. ========================= SEAF 1.0.1.0 - C_XX

2.

3. Commencé à: 18:37:45 le 16/03/2011

4.

5. Valeur(s) recherchée(s):

6. zonealarm

7.

8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès

9.

10. (!) --- Recherche registre

11.

12. ====== Fichier(s) ======

13.

14.

15. "C:\Documents and Settings\Alexandra\Cookies\alexandra@download.zonealarm[1].txt" [ NOT_CONTENT_INDEXED|ARCHIVE | 281 o ]

16. TC: 05/03/2011,10:07:58 | TM: 05/03/2011,10:07:58 | DA: 05/03/2011,10:07:58

17.

18.

19. =========================

20.

21.

22. "C:\Documents and Settings\Alexandra\Cookies\alexandra@www.zonealarm[1].txt" [ NOT_CONTENT_INDEXED|ARCHIVE | 77 o ]

23. TC: 01/01/2011,13:14:24 | TM: 01/01/2011,13:14:24 | DA: 02/01/2011,12:22:17

24.

25.

26. =========================

27.

28.

29. "C:\Documents and Settings\Alexandra\Cookies\alexandra@zonealarm[1].txt" [ NOT_CONTENT_INDEXED|ARCHIVE | 325 o ]

30. TC: 04/01/2011,11:27:37 | TM: 04/01/2011,11:27:37 | DA: 13/03/2011,10:40:34

31.

32.

33. =========================

34.

35.

36.

37. ====== Entrée(s) du registre ======

38.

39.

40. [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\e8af00f9-a9cf-4f04-81ac-2d168bad87a1]

41. "AppPath"="C:\Program Files\Protection_ZoneAlarm" (REG_SZ)

42.

43. [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\e8af00f9-a9cf-4f04-81ac-2d168bad87a1]

44. "AppName"="Protection_ZoneAlarmToolbarHelper.exe" (REG_SZ)

45.

46. [HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi]

47. "Description"="ZoneAlarm Toolbar Api" (REG_SZ)

48.

49. [HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi]

50. "Product"="ZoneAlarm Toolbar" (REG_SZ)

51.

52. [HKLM\System\ControlSet001\Services\vsdatant\Parameters]

53. "InstallDirDevice"="\Device\HarddiskVolume2\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

54.

55. [HKLM\System\ControlSet001\Services\vsdatant\Parameters]

56. "InstallDirDrive"="C:\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

57.

58. [HKLM\System\ControlSet003\Services\vsdatant\Parameters]

59. "InstallDirDevice"="\Device\HarddiskVolume2\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

60.

61. [HKLM\System\ControlSet003\Services\vsdatant\Parameters]

62. "InstallDirDrive"="C:\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

63.

64. [HKLM\System\CurrentControlSet\Services\vsdatant\Parameters]

65. "InstallDirDevice"="\Device\HarddiskVolume2\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

66.

67. [HKLM\System\CurrentControlSet\Services\vsdatant\Parameters]

68. "InstallDirDrive"="C:\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

69.

70. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Search Assistant\ACMru\5603]

71. "000"="zonealarm" (REG_SZ)

72.

73. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Search Assistant\ACMru\5603]

74. "001"="zonealarm.exe" (REG_SZ)

75.

76. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

77. "C:\Documents and Settings\Alexandra\Bureau\zaSetup_92_091_000_fr.exe"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

78.

79. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

80. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB7F.tmp"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

81.

82. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

83. "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"="ZoneAlarm Client" (REG_SZ)

84.

85. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

86. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\zauninst.exe"="ZoneAlarm Uninstaller" (REG_SZ)

87.

88. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

89. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB6.tmp"="ZoneAlarm Uninstaller" (REG_SZ)

90.

91. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

92. "C:\Documents and Settings\Alexandra\Bureau\zaSetup_92_105_000_fr.exe"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

93.

94. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

95. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB26.tmp"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

96.

97. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

98. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031111~1\ZAFFSE~1.EXE"="ZoneAlarm Toolbar installation package" (REG_SZ)

99.

100. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

101. "C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe"="ZoneAlarm Client" (REG_SZ)

102.

103. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

104. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB48.tmp"="ZoneAlarm Uninstaller" (REG_SZ)

105.

106. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

107. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB4.tmp"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

108.

109. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

110. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031111~2\ZAFFSE~1.EXE"="ZoneAlarm Toolbar installation package" (REG_SZ)

111.

112. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

113. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB10.tmp"="ZoneAlarm [Regular]-1001-French" (REG_SZ)

114.

115. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

116. "C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031211~2\ZAFFSE~1.EXE"="ZoneAlarm Toolbar installation package" (REG_SZ)

117.

118. [HKU\S-1-5-21-2637629164-410540185-311879888-1007\Software\Zone Labs\zonealarm]

119. DA: 01/01/2011 13:04:25

120.

121. =========================

122.

123. Fin à: 18:42:34 le 16/03/2011

124. 251560 Éléments analysés

125.

126. =========================

127. E.O.F

[bernard53]

oui bizarre refait la manip OTM

[fred987]

Re,

J'ai donc refait la mani^p, j'avais sans doute mal aligner les lignes. Sorry...Rapport OTM et SEAF

Il reste des lignes dans SEAF (?), j'ai refait 2 fois la manip dans OTM en faisant attention à ces lignes, j'obtiens ces résultats....Cela pose t'il un pb selon vous ?

 

 

All processes killed

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\e8af00f9-a9cf-4f04-81ac-2d168bad87a1\\AppPath deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\e8af00f9-a9cf-4f04-81ac-2d168bad87a1\\AppName deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\\Description deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\\Product deleted successfully.

Registry delete failed. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant\Parameters\\InstallDirDevice scheduled to be deleted on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant\Parameters\\InstallDirDrive scheduled to be deleted on reboot.

Registry value HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant\Parameters\\InstallDirDevice deleted successfully.

Registry value HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant\Parameters\\InstallDirDrive deleted successfully.

Registry delete failed. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant\Parameters\\InstallDirDevice scheduled to be deleted on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant\Parameters\\InstallDirDrive scheduled to be deleted on reboot.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Search Assistant\ACMru\5603\\000 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Search Assistant\ACMru\5603\\001 deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ZoneAlarm\ not found.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Documents and Settings\Alexandra\Bureau\zaSetup_92_091_000_fr.exe deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB7F.tmp deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\zauninst.exe deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB6.tmp deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Documents and Settings\Alexandra\Bureau\zaSetup_92_105_000_fr.exe deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB26.tmp deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031111~1\ZAFFSE~1.EXE deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB48.tmp deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB4.tmp deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031111~2\ZAFFSE~1.EXE deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\GLB10.tmp deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ALEXAN~1\LOCALS~1\temp\031211~2\ZAFFSE~1.EXE deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2637629164-410540185-311879888-1007\Software\Zone Labs\zonealarm\ deleted successfully.

========== FILES ==========

File/Folder C:\Documents and Settings\Alexandra\Cookies\alexandra@download.zonealarm not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Alexandra

->Temp folder emptied: 423424 bytes

->Temporary Internet Files folder emptied: 96668 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 3412163 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16384 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 4,00 mb

 

 

OTM by OldTimer - Version 3.1.17.2 log created on 03172011_144305

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant\Parameters\\InstallDirDevice scheduled to be deleted on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant\Parameters\\InstallDirDrive scheduled to be deleted on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant\Parameters\\InstallDirDevice scheduled to be deleted on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant\Parameters\\InstallDirDrive scheduled to be deleted on reboot.

 

 

************

 

 

 

 

1. ========================= SEAF 1.0.1.0 - C_XX

2.

3. Commencé à: 14:48:09 le 17/03/2011

4.

5. Valeur(s) recherchée(s):

6. zonealarm

7.

8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès

9.

10. (!) --- Recherche registre

11.

12. ====== Fichier(s) ======

13.

14.

15. "C:\Documents and Settings\Alexandra\Cookies\alexandra@download.zonealarm[1].txt" [ NOT_CONTENT_INDEXED|ARCHIVE | 281 o ]

16. TC: 05/03/2011,10:07:58 | TM: 05/03/2011,10:07:58 | DA: 05/03/2011,10:07:58

17.

18.

19. =========================

20.

21.

22. "C:\Documents and Settings\Alexandra\Cookies\alexandra@www.zonealarm[1].txt" [ NOT_CONTENT_INDEXED|ARCHIVE | 77 o ]

23. TC: 01/01/2011,13:14:24 | TM: 01/01/2011,13:14:24 | DA: 02/01/2011,12:22:17

24.

25.

26. =========================

27.

28.

29. "C:\Documents and Settings\Alexandra\Cookies\alexandra@zonealarm[1].txt" [ NOT_CONTENT_INDEXED|ARCHIVE | 325 o ]

30. TC: 04/01/2011,11:27:37 | TM: 04/01/2011,11:27:37 | DA: 13/03/2011,10:40:34

31.

32.

33. =========================

34.

35.

36.

37. ====== Entrée(s) du registre ======

38.

39.

40. [HKLM\System\ControlSet001\Services\vsdatant\Parameters]

41. "InstallDirDevice"="\Device\HarddiskVolume2\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

42.

43. [HKLM\System\ControlSet001\Services\vsdatant\Parameters]

44. "InstallDirDrive"="C:\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

45.

46. [HKLM\System\ControlSet003\Services\vsdatant\Parameters]

47. "InstallDirDevice"="\Device\HarddiskVolume2\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

48.

49. [HKLM\System\ControlSet003\Services\vsdatant\Parameters]

50. "InstallDirDrive"="C:\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

51.

52. [HKLM\System\CurrentControlSet\Services\vsdatant\Parameters]

53. "InstallDirDevice"="\Device\HarddiskVolume2\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

54.

55. [HKLM\System\CurrentControlSet\Services\vsdatant\Parameters]

56. "InstallDirDrive"="C:\Program Files\Zone Labs\ZoneAlarm" (REG_SZ)

57.

58. =========================

59.

60. Fin à: 14:53:24 le 17/03/2011

61. 251579 Éléments analysés

62.

63. =========================

64. E.O.F

[bernard53]

Ok cette fois c'est beaucoup mieux

 

juste encore un chouïa

 

relance OTM puis.

 

 

 

Copie la liste qui se trouve en citation ci-dessous:

:Reg

[HKLM\System\ControlSet001\Services\vsdatant\Parameters]

"InstallDirDevice"=-

[HKLM\System\ControlSet001\Services\vsdatant\Parameters]

"InstallDirDrive"=-

[HKLM\System\ControlSet003\Services\vsdatant\Parameters]

"InstallDirDevice"=-

[HKLM\System\ControlSet003\Services\vsdatant\Parameters]

"InstallDirDrive"=-

[HKLM\System\CurrentControlSet\Services\vsdatant\Parameters]

"InstallDirDevice"=-

[HKLM\System\CurrentControlSet\Services\vsdatant\Parameters]

"InstallDirDrive"=-

:Files

C:\Documents and Settings\Alexandra\Cookies\alexandra@download.zonealarm[1].txt

C:\Documents and Settings\Alexandra\Cookies\alexandra@www.zonealarm[1].txt

C:\Documents and Settings\Alexandra\Cookies\alexandra@zonealarm[1].txt

:Commands

 

et colle-la dans le cadre de gauche de OTM sous ceci:

 

 

Clique sur pour lancer la suppression.

attendre la fin du travail de l'outil puis fermer OTM

 

Le résultat apparaitra dans le cadre Results.

Clique sur Exit pour fermer.

Poste le rapport situé dans C:\_OTM\MovedFiles\06092009_130526.log "Exemple"

 

NB: Il te sera peut-être demandé de redémarrer le pc pour achever la suppression.

si c'est le cas accepte par Oui/Yes.

[bernard53]

en plus on va vérifier quand même qu'un "Rootkit" n'est pas en cause pour ta connexion.

 

Télécharge load_tdsskiller de Loup Blanc sur ton Bureau

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

 

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

 

Lance load_tdsskiller en double-cliquant dessus. Clic droit et exécuter en tant qu'administrateur avec Vista/Seven

 

A cette fenêtre lance le scan.

 

 

Tu peux récupérer le rapport en validant Report

 

Si une détection est faite valide Cure puis

 

 

redémarres le pc pour confirmer la suppression de celle-ci.

 

 

INFO::

 

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?