Création
d'entreprise
Posez votre question Signaler

Virus sur Facebook [Résolu]

pndi - Dernière réponse le 28 mai 2011 à 14:28
Bonsoir,
Depuis hier soir je ne peux plus accéder à Facebook, qui me renvoie à une page au nom "FaceBook" dont l'adresse est "https://www.facebook.com/home.php?secureverification". Sur cette page, j'ai droit à ce message We detected some unusually behavior in your account, for your security in order to can access your account please send us all requried informations, the credit card number must be yours or a member of your family. We won't save the credit card in our datebase and won't make any charges. We ask only for verification purpose. ainsi qu'un formulaire qui consiste à demander mon numéro de carte bancaire... du grand n'importe quoi ! Ca m'a tout l'air d'être un virus et c'est pour cette raison que j'appelle à votre aide, je vous remercie d'avance ! :)
Lire la suite 

Virus sur Facebook »

Suggestions
Plus
32 réponses
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 2 mai 2011 à 02:15
re

▶ Télécharge ici : USBFIX sur ton bureau

branche tous tes periphériques sans les ouvrir

/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :

▶ choisi l option Suppression

▶ UsbFix scannera ton pc , laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pndi 2 mai 2011 à 02:36
Rebonsoir,

voici le rapport UsbFix (j'ai du enlevé la ligne Contact contenant l'email pour pouvoir poster)




############################## | UsbFix 7.044 | [Suppression]

Utilisateur: Flo & Alex (Administrateur) # KLEIN-64DE5BBD8 [ ]
Mis à jour le 25/04/2011 par TeamXscript
Lancé à 02:20:22 | 02/05/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php

CPU: AMD Sempron(tm) Processor 2800+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: AntiVir Desktop 10.0.1.58 [(!) Disabled | Updated]
RAM -> 1023 Mo
C:\ (%systemdrive%) -> Disque fixe # 78 Go (24 Go libre(s) - 31%) [] # NTFS
D:\ -> Disque fixe # 75 Go (6 Go libre(s) - 8%) [Disque local] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Disque amovible # 4 Go (977 Mo libre(s) - 26%) [] # FAT32

################## | Éléments infectieux |


Supprimé! C:\Recycler\S-1-5-21-790525478-746137067-682003330-1005
Supprimé! D:\Recycler\S-1-5-21-1060284298-706699826-682003330-1004
Supprimé! D:\Recycler\S-1-5-21-1060284298-706699826-682003330-1005
Supprimé! D:\Recycler\S-1-5-21-1085031214-1343024091-1417001333-1004
Supprimé! D:\Recycler\S-1-5-21-1085031214-1343024091-1417001333-1005
Supprimé! D:\Recycler\S-1-5-21-790525478-746137067-682003330-1004
Supprimé! D:\Recycler\S-1-5-21-790525478-746137067-682003330-1005

################## | Registre |

Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Listing |

[22/04/2011 - 12:46:52 | D ] C:\49a5f1263b3fd0669ea0
[29/12/2009 - 17:10:53 | D ] C:\a944a51405a2ca0e13a7
[01/05/2011 - 18:56:00 | N | 17747] C:\Ad-Report-CLEAN[1].txt
[01/05/2011 - 18:33:48 | N | 18293] C:\Ad-Report-SCAN[1].txt
[21/12/2009 - 17:06:58 | N | 9354] C:\Ask & Record Toolbar Setup Log.txt
[21/12/2009 - 14:57:01 | N | 0] C:\AUTOEXEC.BAT
[01/05/2011 - 18:18:00 | N | 228] C:\Boot.bak
[01/05/2011 - 19:34:55 | RASH | 344] C:\boot.ini
[05/08/2004 - 14:00:00 | N | 4952] C:\Bootfont.bin
[01/05/2011 - 19:34:54 | D ] C:\cmdcons
[03/08/2004 - 23:00:08 | N | 263488] C:\cmldr
[01/05/2011 - 19:58:39 | N | 21146] C:\ComboFix.txt
[28/04/2011 - 21:53:17 | D ] C:\Config.Msi
[21/12/2009 - 14:57:01 | N | 0] C:\CONFIG.SYS
[02/05/2011 - 01:25:40 | D ] C:\Directory
[27/04/2011 - 12:14:33 | D ] C:\Documents and Settings
[01/05/2011 - 22:51:54 | ASH | 1073270784] C:\hiberfil.sys
[28/03/2010 - 13:50:56 | N | 1120] C:\INSTALL.LOG
[21/12/2009 - 14:57:01 | N | 0] C:\IO.SYS
[21/12/2009 - 14:57:01 | N | 0] C:\MSDOS.SYS
[05/08/2004 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[30/12/2009 - 13:56:17 | N | 252240] C:\ntldr
[23/12/2009 - 16:14:54 | D ] C:\NVIDIA
[01/05/2011 - 22:51:53 | ASH | 3221225472] C:\pagefile.sys
[01/05/2011 - 18:59:35 | N | 512] C:\PhysicalDisk0_MBR.bin
[01/05/2011 - 18:57:05 | D ] C:\Program Files
[01/05/2011 - 19:58:46 | D ] C:\Qoobox
[02/05/2011 - 02:25:07 | SHD ] C:\RECYCLER
[09/04/2011 - 13:09:56 | D ] C:\sauvegarde
[28/04/2011 - 20:01:06 | SHD ] C:\System Volume Information
[02/05/2011 - 02:01:35 | D ] C:\TDSSKiller
[24/05/2001 - 12:59:30 | N | 162304] C:\UNWISE.EXE
[02/05/2011 - 02:25:07 | D ] C:\UsbFix
[02/05/2011 - 02:26:01 | A | 1676] C:\UsbFix.txt
[01/05/2011 - 19:58:44 | D ] C:\WINDOWS
[24/06/2009 - 22:31:55 | D ] D:\841c1a3a87aa81d1f743f116b1
[12/08/2008 - 09:53:30 | N | 2670] D:\AlbumArtSmall.jpg
[12/08/2008 - 09:53:30 | N | 9825] D:\AlbumArt_{9CB9C2AF-A86B-4AE4-BA88-19DCAFC6367B}_Large.jpg
[12/08/2008 - 09:53:30 | N | 2670] D:\AlbumArt_{9CB9C2AF-A86B-4AE4-BA88-19DCAFC6367B}_Small.jpg
[21/11/2010 - 16:21:00 | D ] D:\Alexandre
[10/11/2009 - 22:12:12 | RAD ] D:\autorun.inf
[12/08/2008 - 09:53:31 | SH | 328] D:\desktop.ini
[02/08/2010 - 12:45:59 | D ] D:\fceaa429ab1fae0488fbb1ffa3
[12/08/2008 - 09:53:30 | N | 9825] D:\Folder.jpg
[27/08/2010 - 23:28:53 | D ] D:\Guitar Pro 4
[17/04/2011 - 19:15:34 | D ] D:\Hip-Hop & R'n'B
[02/05/2011 - 01:39:46 | D ] D:\Musique de Alex
[02/05/2011 - 02:25:07 | SHD ] D:\RECYCLER
[02/05/2011 - 00:51:54 | D ] D:\Steam
[28/04/2011 - 21:48:09 | SHD ] D:\System Volume Information
[25/03/2009 - 23:49:32 | ASH | 86528] D:\Thumbs.db
[03/04/2011 - 01:43:54 | D ] D:\Visual kei
[01/05/2010 - 13:41:48 | D ] H:\Private
[01/05/2010 - 20:11:02 | D ] H:\Activenotes
[02/04/2011 - 15:39:04 | D ] H:\Music
[03/04/2010 - 21:14:34 | D ] H:\Videos
[03/04/2010 - 21:14:34 | D ] H:\system
[01/05/2010 - 07:01:58 | D ] H:\Images
[01/05/2010 - 07:01:58 | D ] H:\Others
[01/05/2010 - 07:01:58 | D ] H:\Sounds
[15/04/2011 - 11:57:30 | D ] H:\Attachments
[03/04/2010 - 18:44:58 | D ] H:\data
[03/04/2010 - 18:44:58 | D ] H:\My Videos
[30/04/2011 - 07:54:36 | D ] H:\download

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
H:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_KLEIN-64DE5BBD8.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 2 mai 2011 à 02:49
▶ Télécharge ici : Ad-remover sur ton bureau :


▶ Déconnecte toi et ferme toutes applications en cours !

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pndi 2 mai 2011 à 12:08
Bonjour,


Juste pour préciser, je viens de remarquer l'apparition d'un processus louche nommé svsh0sted.exe, qu'est ce que c'est ?
Voici le rapport Ad-Remover

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 11:38:43 le 02/05/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Flo & Alex@KLEIN-64DE5BBD8 ( )

============== ACTION(S) ==============


Dossier supprimé: C:\Documents and Settings\Flo & Alex\Application Data\Mozilla\FireFox\Profiles\pj3z67cx.default\conduit

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\Flo & Alex\Application Data\Mozilla\FireFox\Profiles\pj3z67cx.default\Prefs.js --
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/FR", "\"0\"");
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/maxi.gi...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play_mi...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif...
Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "CT1060933");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 01 2011 20:07:33 GMT+02...
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun May 01 2011 22:54:54 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun May 01 2011 20:07:31 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "f50dd08a-6da5-4384-bac5-a6847ee947f3");
Ligne supprimée: user_pref("CommunityToolbar.globalUserId", "40e463c0-0924-4531-9db8-96ec18405be4");
Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
-- Fichier Fermé --





============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.5.19 (en-US)] ****

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 2 mai 2011 à 12:10
desactive tes protections puis enregistre ceci sur ton bureau

Pre_Scan

Avertissement: Il y aura une extinction courte du bureau --> pas de panique.

une fois telechargé lance-le , laisse faire le scan puis colle le contenu de "Pre_scan.txt" qui apparaitra à son terme , sur le bureau.

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

si l'outil semble ne pas avoir fonctionné clique plusieurs fois très rapidement dessus ou renomme-le winlogon , ou change son extension en .com ou .scr

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pndi 2 mai 2011 à 13:26
J'ai essayé de scanner mais le logiciel semble se figer sur un fichier .jpg et se met à clignoter... normal ?

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 2 mai 2011 à 14:15
il a pas fini ??????

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pndi 2 mai 2011 à 14:36
Après une plus d'une demi-heure de scan non... l'ordinateur semble s'être figé sur le fond d'écran lorsque qu'il s'est mis en veille alors j'ai du le redémarrer pour pouvoir reposter.

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 2 mai 2011 à 14:36
le raport est sur le bureau ?

si oui poste le contenu sinon il est dans C

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pndi 2 mai 2011 à 14:42
Voilà le scan trouvé dans C:

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.0.43 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 ¤¤¤¤¤

Mis à jour le 01/05/2011 | 23.30 par g3n-h@ckm@n
Utilisateur : Flo & Alex (Administrateurs)
Ordinateur : KLEIN-64DE5BBD8

Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 8.0.6001.18702
Mozilla Firefox : 3.5.19 (en-US)

Scan : 14:11:37 | 02/05/2011

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKCU\..\..\Winlogon] | Shell -> Aucune modification : explorer.exe -> explorer.exe

¤

[HKLM\..\..\Winlogon] | Shell -> Aucune modification : Explorer.exe -> Explorer.exe
[HKLM\..\..\Winlogon] | AutoRestartShell -> Aucune modification : 1 -> 1
[HKLM\..\..\Winlogon] | userinit -> Aucune modification : C:\WINDOWS\system32\Userinit.exe, -> C:\WINDOWS\system32\Userinit.exe,
[HKLM\..\..\Winlogon] | PowerDownAfterShutdown -> Aucune modification : 1 -> 1
[HKLM\..\..\Winlogon] | System -> Aucune modification : ->

¤¤¤¤¤¤¤¤¤¤ Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : ComFile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*

¤

[Firefox | Command] | @ -> Aucune modification : "C:\Program Files\Mozilla Firefox\Firefox.exe" -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ -> Aucune modification : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode -> "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ -> Aucune modification : "C:\Program Files\Internet Explorer\iexplore.exe" -> "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ -> Aucune modification : "C:\Program Files\Internet Explorer\iexplore.exe" %1 -> "C:\Program Files\Internet Explorer\iexplore.exe" %1
[Opera | Command] | @ -> Aucune modification : "C:\Program Files\Opera\Opera.exe" -> "C:\Program Files\Opera\Opera.exe"

¤

[Assoc | Applications] | @ -> Aucune modification : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤


¤¤¤¤¤¤¤¤¤¤ Services

[Ndisuio] | Start -> Aucune modification : 3 -> 3
[lmhosts] | Start -> Aucune modification : 2 -> 2 : Service Actif
[LanmanWorkstation] | Start -> Aucune modification : 2 -> 2 : Service Actif
[LanmanServer] | Start -> Aucune modification : 2 -> 2 : Service Actif
[Audiosrv] | Start -> Aucune modification : 2 -> 2 : Service Actif
[ERSvc] | Start -> Aucune modification : 2 -> 2 : Service Actif
[Bits] | Start -> Aucune modification : 2 -> 2 : Service Actif
[CryptSvc] | Start -> Aucune modification : 2 -> 2 : Service Actif
[EapHost] | Start -> Aucune modification : 2 -> 2 : Service Actif
[SharedAccess] | Start -> Aucune modification : 2 -> 2 : Service Actif
[wuauserv] | Start -> Aucune modification : 2 -> 2 : Service Actif
[wscsvc] | Start -> Aucune modification : 2 -> 2 : Service Actif
[wzcsvc] | Start -> Aucune modification : 2 -> 2 : Service Actif

¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKCU | Main] | Start Page -> Modification apportée : https://www.facebook.com -> http://www.google.com/
[HKCU | Main] | Local Page -> Aucune Modification : C:\WINDOWS\system32\blank.htm -> C:\WINDOWS\system32\blank.htm
[HKCU | Main] | Search Page -> Aucune Modification : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Main] | Start Page -> Aucune Modification : http://go.microsoft.com/fwlink/?LinkId=69157 -> http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main] | Local Page -> Aucune Modification : C:\WINDOWS\system32\blank.htm -> C:\WINDOWS\system32\blank.htm
[HKLM | Main] | Default_Search_URL -> Aucune Modification : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM | Main] | Default_Page_URL -> Aucune Modification : http://go.microsoft.com/fwlink/?LinkId=69157 -> http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main] | Search Page -> Aucune Modification : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://go.microsoft.com/fwlink/?LinkId=54896

¤¤¤¤¤¤¤¤¤¤ Processus

C:\WINDOWS\explorer.exe -> Processus stoppé
C:\WINDOWS\explorer.exe -> Processus stoppé
C:\WINDOWS\explorer.exe -> Processus stoppé
C:\WINDOWS\explorer.exe -> Processus stoppé
C:\WINDOWS\explorer.exe -> Processus stoppé
C:\WINDOWS\soundman.exe -> Processus stoppé
C:\Documents and Settings\Flo & Alex\Application Data\Directory\zs.exe -> Processus stoppé
\WINDOWS\explorer.exe -> Processus stoppé
C:\WINDOWS\explorer.exe -> Processus stoppé

¤¤¤¤¤¤¤¤¤¤ Clés supprimées et Fichier mis en quarantaine

Clé supprimée : [HKCU\..\..\Run] | ishigo -> C:\Documents and Settings\Flo & Alex\Application Data\Directory\zs.exe
Mis en quarantaine : C:\Documents and Settings\Flo & Alex\Application Data\Directory\zs.exe

¤¤¤¤¤¤¤¤¤¤ IFEO


¤¤¤¤¤¤¤¤¤¤ Mountpoints2

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 2 mai 2011 à 14:44
▶ Télécharge ici : USBFIX sur ton bureau

branche tous tes periphériques sans les ouvrir

/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :

▶ choisi l option Suppression

▶ UsbFix scannera ton pc , laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pndi 2 mai 2011 à 15:31
Revoici le scan de UsbFix

############################## | UsbFix 7.044 | [Suppression]

Utilisateur: Flo & Alex (Administrateur) # KLEIN-64DE5BBD8 [ ]
Mis à jour le 25/04/2011 par TeamXscript
Lancé à 14:47:25 | 02/05/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php


CPU: AMD Sempron(tm) Processor 2800+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: AntiVir Desktop 10.0.1.58 [(!) Disabled | Updated]
RAM -> 1023 Mo
C:\ (%systemdrive%) -> Disque fixe # 78 Go (24 Go libre(s) - 31%) [] # NTFS
D:\ -> Disque fixe # 75 Go (6 Go libre(s) - 8%) [Disque local] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (5 Mo libre(s) - 0%) [] # FAT32

################## | Éléments infectieux |


Supprimé! C:\Recycler\S-1-5-21-790525478-746137067-682003330-1005
Supprimé! D:\Recycler\S-1-5-21-790525478-746137067-682003330-1005
Supprimé! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
Supprimé! G:\autorun.inf
Supprimé! G:\cold

################## | Registre |


################## | Mountpoints2 |


################## | Listing |

[22/04/2011 - 12:46:52 | D ] C:\49a5f1263b3fd0669ea0
[29/12/2009 - 17:10:53 | D ] C:\a944a51405a2ca0e13a7
[01/05/2011 - 18:56:00 | N | 17747] C:\Ad-Report-CLEAN[1].txt
[02/05/2011 - 11:39:49 | N | 9962] C:\Ad-Report-CLEAN[2].txt
[01/05/2011 - 18:33:48 | N | 18293] C:\Ad-Report-SCAN[1].txt
[21/12/2009 - 17:06:58 | N | 9354] C:\Ask & Record Toolbar Setup Log.txt
[21/12/2009 - 14:57:01 | N | 0] C:\AUTOEXEC.BAT
[02/05/2011 - 02:26:03 | RASHD ] C:\Autorun.inf
[01/05/2011 - 18:18:00 | N | 228] C:\Boot.bak
[01/05/2011 - 19:34:55 | RASH | 344] C:\boot.ini
[05/08/2004 - 14:00:00 | N | 4952] C:\Bootfont.bin
[01/05/2011 - 19:34:54 | D ] C:\cmdcons
[03/08/2004 - 23:00:08 | N | 263488] C:\cmldr
[01/05/2011 - 19:58:39 | N | 21146] C:\ComboFix.txt
[28/04/2011 - 21:53:17 | D ] C:\Config.Msi
[21/12/2009 - 14:57:01 | N | 0] C:\CONFIG.SYS
[02/05/2011 - 01:25:40 | D ] C:\Directory
[27/04/2011 - 12:14:33 | D ] C:\Documents and Settings
[02/05/2011 - 14:31:10 | ASH | 1073270784] C:\hiberfil.sys
[28/03/2010 - 13:50:56 | N | 1120] C:\INSTALL.LOG
[21/12/2009 - 14:57:01 | N | 0] C:\IO.SYS
[02/05/2011 - 12:12:30 | D ] C:\Kill'em
[21/12/2009 - 14:57:01 | N | 0] C:\MSDOS.SYS
[05/08/2004 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[30/12/2009 - 13:56:17 | N | 252240] C:\ntldr
[23/12/2009 - 16:14:54 | D ] C:\NVIDIA
[02/05/2011 - 14:31:09 | ASH | 3221225472] C:\pagefile.sys
[01/05/2011 - 18:59:35 | N | 512] C:\PhysicalDisk0_MBR.bin
[02/05/2011 - 14:11:37 | N | 5158] C:\Pre_Scan.txt
[01/05/2011 - 18:57:05 | D ] C:\Program Files
[01/05/2011 - 19:58:46 | D ] C:\Qoobox
[02/05/2011 - 14:53:20 | SHD ] C:\RECYCLER
[09/04/2011 - 13:09:56 | D ] C:\sauvegarde
[28/04/2011 - 20:01:06 | SHD ] C:\System Volume Information
[02/05/2011 - 02:01:35 | D ] C:\TDSSKiller
[02/05/2011 - 14:11:36 | N | 270] C:\txt
[24/05/2001 - 12:59:30 | N | 162304] C:\UNWISE.EXE
[02/05/2011 - 14:53:50 | D ] C:\UsbFix
[02/05/2011 - 14:53:51 | A | 1179] C:\UsbFix.txt
[02/05/2011 - 02:26:05 | N | 5911] C:\UsbFix_Upload_Me_KLEIN-64DE5BBD8.zip
[01/05/2011 - 19:58:44 | D ] C:\WINDOWS
[24/06/2009 - 22:31:55 | D ] D:\841c1a3a87aa81d1f743f116b1
[12/08/2008 - 09:53:30 | N | 2670] D:\AlbumArtSmall.jpg
[12/08/2008 - 09:53:30 | N | 9825] D:\AlbumArt_{9CB9C2AF-A86B-4AE4-BA88-19DCAFC6367B}_Large.jpg
[12/08/2008 - 09:53:30 | N | 2670] D:\AlbumArt_{9CB9C2AF-A86B-4AE4-BA88-19DCAFC6367B}_Small.jpg
[21/11/2010 - 16:21:00 | D ] D:\Alexandre
[02/05/2011 - 02:26:03 | RASHD ] D:\Autorun.inf
[12/08/2008 - 09:53:31 | SH | 328] D:\desktop.ini
[02/08/2010 - 12:45:59 | D ] D:\fceaa429ab1fae0488fbb1ffa3
[12/08/2008 - 09:53:30 | N | 9825] D:\Folder.jpg
[27/08/2010 - 23:28:53 | D ] D:\Guitar Pro 4
[17/04/2011 - 19:15:34 | D ] D:\Hip-Hop & R'n'B
[02/05/2011 - 01:39:46 | D ] D:\Musique de Alex
[02/05/2011 - 14:53:20 | SHD ] D:\RECYCLER
[02/05/2011 - 14:31:23 | D ] D:\Steam
[28/04/2011 - 21:48:09 | SHD ] D:\System Volume Information
[25/03/2009 - 23:49:32 | ASH | 86528] D:\Thumbs.db
[03/04/2011 - 01:43:54 | D ] D:\Visual kei
[09/02/2008 - 21:20:58 | D ] G:\Kagrra
[23/12/2010 - 18:07:56 | N | 8296] G:\BOOTEX.LOG
[10/09/2008 - 22:33:16 | D ] G:\Dir En Grey
[15/10/2008 - 15:24:00 | D ] G:\Black Stone Cherry
[26/04/2009 - 18:35:30 | RSHD ] G:\RECYCLER
[15/04/2008 - 15:36:36 | N | 1773286] G:\121 Galaxy Plant(1).mp3
[15/04/2008 - 15:22:58 | N | 1717947] G:\01_-_main_menu(1).mp3
[15/04/2008 - 15:24:54 | N | 3197566] G:\03._theme_from_battery(1).mp3
[15/04/2008 - 15:36:56 | N | 1473902] G:\203 To the Gateway(1).mp3
[13/06/2008 - 21:59:22 | D ] G:\Saosin
[03/02/2008 - 17:40:10 | D ] G:\Alice In Chains
[11/02/2008 - 22:28:26 | D ] G:\Rise Against
[29/09/2010 - 20:43:30 | D ] G:\FOUND.000
[03/02/2008 - 17:49:54 | D ] G:\Lostprophets
[12/10/2008 - 00:37:06 | D ] G:\Gallows
[03/02/2008 - 18:02:06 | D ] G:\The Blackout
[29/02/2008 - 22:19:36 | D ] G:\The New Regime
[03/02/2008 - 18:03:24 | D ] G:\Enter Shikari
[25/09/2008 - 20:49:50 | D ] G:\The Killers
[15/04/2008 - 15:37:20 | N | 1423790] G:\206 Astronomy Dome(1).mp3
[03/02/2008 - 18:06:34 | D ] G:\Girugamesh
[07/12/2008 - 22:36:38 | N | 2533966] G:\The Kooks - Ooh Laa(1).mp3
[03/02/2008 - 22:20:02 | D ] G:\Seether
[03/02/2008 - 22:20:08 | D ] G:\30 Seconds To Mars
[15/03/2009 - 23:59:44 | N | 2261836] G:\tbsnewagain.amv
[05/12/2009 - 13:40:58 | D ] G:\He Is Legend
[04/04/2008 - 22:24:50 | D ] G:\Attack! Attack!
[17/10/2008 - 21:24:04 | D ] G:\Gojira
[07/08/2008 - 00:01:10 | D ] G:\My Own Private Alaska
[04/02/2008 - 22:54:30 | D ] G:\Unearth
[14/08/2008 - 18:19:42 | D ] G:\Avenged Sevenfold
[04/02/2008 - 22:56:04 | D ] G:\Goldfinger
[04/02/2008 - 23:06:44 | D ] G:\Emanuel
[04/04/2008 - 22:23:44 | D ] G:\The Unsung
[15/04/2008 - 14:25:06 | D ] G:\Comeback Kid
[15/02/2008 - 22:18:18 | N | 13443167] G:\Lostprophets - Part 1 A Town Called Hypocrisy + Ride.amv
[15/04/2008 - 15:37:28 | N | 536037] G:\234 Inside the Drainpipe(1).mp3
[15/04/2008 - 15:37:42 | N | 1003879] G:\253 Family(1).mp3
[12/12/2008 - 14:31:44 | D ] G:\Story Of The Year
[14/06/2008 - 13:48:24 | D ] G:\Taking Back Sunday
[07/02/2008 - 23:03:32 | D ] G:\Thursday
[29/02/2008 - 23:39:04 | N | 2149774] G:\Empyr - New Day.mp3
[08/02/2008 - 22:05:50 | D ] G:\Thrice
[06/09/2008 - 18:48:12 | D ] G:\Emery
[29/11/2008 - 11:24:28 | N | 2806980] G:\10 GENTLE LIE.mp3
[18/11/2009 - 15:08:00 | D ] G:\From First To Last
[17/11/2008 - 23:23:24 | D ] G:\The Used
[08/02/2008 - 22:13:40 | D ] G:\P.O.D
[16/05/2010 - 22:32:30 | D ] G:\Slipknot
[15/02/2008 - 22:34:48 | N | 12610330] G:\Lostprophets - Part 2 The New Transmission + Interview part 1 + Everybody Screaming!!.amv
[15/02/2008 - 22:46:24 | N | 9395311] G:\Lostprophets - Part 3 The Fake Sound Of Progress + Intro To Last Summer.amv
[02/07/2008 - 21:15:14 | D ] G:\Memphis May Fire
[16/12/2008 - 23:31:36 | D ] G:\The Automatic
[15/02/2008 - 23:02:16 | N | 10895306] G:\Lostprophets - Part 4 Last Summer + 4AM Forever.amv
[15/02/2008 - 23:12:10 | N | 9989430] G:\Lostprophets - Part 5 Interview part 2 + Rooftops.amv
[15/02/2008 - 23:20:48 | N | 13037917] G:\Lostprophets - Part 6 Lps Families + Last Train Home + Interview part 3.amv
[15/04/2008 - 15:17:46 | N | 2929272] G:\Vanilla Sky - Umbrella(1).mp3
[28/08/2008 - 18:17:42 | D ] G:\Midasuno
[15/02/2008 - 23:28:28 | N | 10166373] G:\Lostprophets - Part 7 National + Burn Burn.amv
[15/04/2008 - 15:20:30 | N | 2842836] G:\Clutch - Mice & Gods(1).mp3
[18/10/2008 - 19:33:00 | D ] G:\The Gazette
[15/04/2008 - 15:32:58 | N | 2274367] G:\The Fall of Troy - 09 - Ex-Creations(1).mp3
[26/06/2008 - 18:54:14 | D ] G:\Norma Jean
[11/12/2008 - 16:54:38 | D ] G:\Chasing Victory
[23/02/2008 - 19:28:06 | N | 6107267] G:\Lostprophets - in the studio, week 2 (24-07-07).amv
[23/02/2008 - 19:50:26 | N | 6460127] G:\Lostprophets - in the studio, week 3 (01-08-07).amv
[23/02/2008 - 20:05:24 | N | 7237226] G:\Lostprophets - in the studio, weeks 4 & 5 (20-08-07).amv
[23/02/2008 - 20:14:54 | N | 5058342] G:\Lostprophets - in the studio, week 5 (31-08-07).amv
[23/02/2008 - 20:25:44 | N | 4533629] G:\Lostprophets - in the studio, week 6 (07-09-07).amv
[23/02/2008 - 20:37:28 | N | 5201474] G:\Lostprophets - in the studio, week 7 (17-09-07).amv
[23/02/2008 - 20:55:48 | N | 6561726] G:\Lostprophets - in the studio, weeks 8 & 9 (29-09-07).amv
[23/02/2008 - 21:00:20 | N | 5331326] G:\Lostprophets - in the studio, weeks 10 & 11 (04-10-07).amv
[11/12/2008 - 17:01:58 | N | 2708484] G:\American Hi-Fi - Fight Of Frequency(1).mp3
[25/02/2008 - 22:38:00 | D ] G:\Protest The Hero
[29/02/2008 - 23:39:28 | N | 3912725] G:\Empyr - Water Lily.mp3
[29/02/2008 - 23:08:54 | D ] G:\Ashes Divide
[15/04/2008 - 15:34:42 | N | 2819525] G:\The Starting Line - Direction (Punk Clock v3)(1).mp3
[15/04/2008 - 15:35:36 | N | 3017364] G:\Uncommonmenfrommars - Falling Back Line(1).mp3
[14/09/2008 - 21:07:48 | D ] G:\Eternal Tango
[22/04/2008 - 20:03:16 | D ] G:\Circa Survive
[17/09/2008 - 21:41:00 | D ] G:\Scars On Broadway
[22/04/2008 - 22:19:14 | D ] G:\The Almost
[06/09/2008 - 18:49:20 | N | 3226090] G:\12 No Smiles on Christmas(1).mp3
[02/09/2008 - 00:29:22 | N | 3183684] G:\Dagoba - Back From Life(1).mp3
[17/09/2008 - 22:07:02 | D ] G:\The Haunted
[21/09/2008 - 20:48:56 | D ] G:\Admirals Arms
[11/12/2008 - 17:02:30 | N | 2253588] G:\American_Hi-Fi_-_Keep_It_Like_A_Secret(1).mp3
[17/12/2008 - 23:10:58 | D ] G:\Dance Gavin Dance
[01/05/2008 - 22:29:58 | N | 2734885] G:\Will Haven - Carpe Diem(1).mp3
[16/03/2009 - 00:15:30 | N | 13361131] G:\thenewregimeorderrestoredlive.amv
[16/03/2009 - 00:16:42 | N | 12114061] G:\thenewregimetakecontrollive.amv
[01/05/2008 - 22:35:26 | N | 3812705] G:\Silverchair - Without You(1).mp3
[03/05/2008 - 13:47:28 | D ] G:\I Am Ghost
[19/03/2009 - 22:53:06 | N | 17221037] G:\thenewregimethecollapselive.amv
[03/05/2008 - 14:40:14 | D ] G:\Finch
[16/05/2008 - 23:28:24 | D ] G:\Idiot Pilot
[24/03/2009 - 23:05:52 | N | 12604509] G:\thenewregimethiswartimelive.amv
[02/04/2009 - 23:40:20 | N | 12783395] G:\thenewregimehauntmymindlive.amv
[31/03/2009 - 23:17:48 | N | 21476397] G:\lostprophetsstudioblog1partlostprophetsmyspacevido.amv
[03/06/2008 - 22:32:28 | D ] G:\Deftones
[31/03/2009 - 23:20:18 | N | 15404301] G:\lostprophetsstudioblog2partlostprophetsmyspacevido.amv
[02/04/2009 - 22:44:06 | N | 19489974] G:\newstudiofootageparthechariotmyspacevido.amv
[07/06/2008 - 21:57:24 | D ] G:\Funeral For A Friend
[09/12/2009 - 14:43:52 | N | 15734943] G:\lostprophets _quot;You_quot; new song.mp4
[07/06/2008 - 21:58:32 | N | 1026276] G:\improvisationpersodedeepinfinity(1).mp3
[13/06/2008 - 21:32:00 | D ] G:\Hopesfall
[01/04/2011 - 00:09:02 | N | 2411875] G:\CantKeepMy_TUNESPILLdotCOM(1).mp3
[01/04/2011 - 06:59:30 | D ] G:\Vessels - Helioscope (2011)
[29/03/2011 - 23:27:30 | N | 2227851] G:\01-lower_than_atlantis-(motor)_way_of_life(1).mp3

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_KLEIN-64DE5BBD8.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 2 mai 2011 à 18:22
Télécharge ici :OTL

enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

=> Configuration

▶Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pndi 2 mai 2011 à 20:06
Le rapport OTL :

http://www.cijoint.fr/cjlink.php?file=cj201105/cijJznX9Rl.txt

Extras :

http://www.cijoint.fr/cjlink.php?file=cj201105/cijwj68JCj.txt

;)

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 2 mai 2011 à 20:32
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:Services
Bonjour Service
epjjoelz

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
[2009/12/26 09:49:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009/12/29 18:07:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010/01/18 00:04:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/12/26 09:49:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/27 14:52:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/07/31 00:33:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
O3 - HKU\S-1-5-21-790525478-746137067-682003330-1005\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O4 - HKU\.DEFAULT\..\Run: [ishigo] File not found
O4 - HKU\S-1-5-21-790525478-746137067-682003330-1005\..\Run: [0x017] File not found
O4 - HKLM\..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\expug.exe (xiudctyzqgoefxtjowjiv)
O4 - Startup: C:\Documents and Settings\Flo & Alex\Menu Démarrer\Programmes\Démarrage\arfe.exe (xiudctyzqgoefxtjowjiv)
O4 - Startup: C:\Documents and Settings\klein\Menu Démarrer\Programmes\Démarrage\ahmu.exe (xiudctyzqgoefxtjowjiv)
O4 - Startup: C:\Documents and Settings\klein\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = File not found
O4 - Startup: C:\Documents and Settings\klein\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
[2011/05/02 14:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Ygro
[2011/05/02 14:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Attyic
[2011/05/02 14:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Urudig
[2011/05/02 14:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Epabec
[2011/05/02 12:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Iwma
[2011/05/02 12:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Advi
[2011/05/02 11:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Watid
[2011/05/02 11:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Ihyg
[2011/05/02 01:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Ozfuov
[2011/05/02 01:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Egaxz
[2011/05/02 01:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flo & Alex\Application Data\Directory
[2011/05/02 01:25:39 | 000,328,192 | ---- | C] (xiudctyzqgoefxtjowjiv) -- C:\Documents and Settings\Flo & Alex\Menu Démarrer\Programmes\Démarrage\arfe.exe
[2011/04/29 13:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine
[2004/08/05 14:00:00 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\ejducwud.dat
[2004/08/05 14:00:00 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\bjzxgxyw.dat
[2004/08/05 14:00:00 | 000,038,656 | ---- | C] () -- C:\WINDOWS\System32\jqgrgjwx.dat
[2004/08/05 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\hzmeenpk.dat
[2004/08/05 14:00:00 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\ortuavhh.dat
[2004/08/05 14:00:00 | 000,030,464 | ---- | C] () -- C:\WINDOWS\System32\wteplnup.dat



:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-

:Files
C:\txt
C:\Documents and Settings\Flo & Alex\Local Settings\Application Data\l6ph1ph34eg63568oyhc273060uu18ck6
C:\Documents and Settings\All Users\Application Data\l6ph1ph34eg63568oyhc273060uu18ck6
C:\WINDOWS\System32\swvcmujt.dat
C:\WINDOWS\System32\iyvlwsiz.dat

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur "Correction" pour lancer la suppression.


▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pndi 2 mai 2011 à 20:44
Rapport d'OTL :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
Service epjjoelz stopped successfully!
Service epjjoelz deleted successfully!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-746137067-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ deleted successfully.
C:\Program Files\Freecorder\prxtbFre0.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\\Software\Microsoft\Windows\CurrentVersion\Run\\ishigo deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-746137067-682003330-1005\\Software\Microsoft\Windows\CurrentVersion\Run\\0x017 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\expug.exe moved successfully.
C:\Documents and Settings\Flo & Alex\Menu Démarrer\Programmes\Démarrage\arfe.exe moved successfully.
C:\Documents and Settings\klein\Menu Démarrer\Programmes\Démarrage\ahmu.exe moved successfully.
C:\Documents and Settings\klein\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk moved successfully.
C:\Documents and Settings\klein\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Flo & Alex\Application Data\Ygro folder moved successfully.
C:\Documents and Settings\Flo & Alex\Application Data\Attyic folder moved successfully.
C:\Documents and Settings\Flo & Alex\Application Data\Urudig folder moved successfully.
C:\Documents and Settings\Flo & Alex\Application Data\Epabec folder moved successfully.
C:\Documents and Settings\Flo & Alex\Application Data\Iwma folder moved successfully.
C:\Documents and Settings\Flo & Alex\Application Data\Advi folder moved successfully.
C:\Documents and Settings\Flo & Alex\Application Data\Watid folder moved successfully.
C:\Documents and Settings\Flo & Alex\Application Data\Ihyg folder moved successfully.
C:\Documents and Settings\Flo & Alex\Application Data\Ozfuov folder moved successfully.
C:\Documents and Settings\Flo & Alex\Application Data\Egaxz folder moved successfully.
C:\Documents and Settings\Flo & Alex\Application Data\Directory folder moved successfully.
File C:\Documents and Settings\Flo & Alex\Menu Démarrer\Programmes\Démarrage\arfe.exe not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Logs folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine folder moved successfully.
C:\WINDOWS\system32\ejducwud.dat moved successfully.
C:\WINDOWS\system32\bjzxgxyw.dat moved successfully.
C:\WINDOWS\system32\jqgrgjwx.dat moved successfully.
C:\WINDOWS\system32\hzmeenpk.dat moved successfully.
C:\WINDOWS\system32\ortuavhh.dat moved successfully.
C:\WINDOWS\system32\wteplnup.dat moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
========== FILES ==========
C:\txt moved successfully.
C:\Documents and Settings\Flo & Alex\Local Settings\Application Data\l6ph1ph34eg63568oyhc273060uu18ck6 moved successfully.
C:\Documents and Settings\All Users\Application Data\l6ph1ph34eg63568oyhc273060uu18ck6 moved successfully.
C:\WINDOWS\System32\swvcmujt.dat moved successfully.
C:\WINDOWS\System32\iyvlwsiz.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 2870 bytes

User: Administrateur.KLEIN-64DE5BBD8
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 2870 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Flo & Alex
->Temp folder emptied: 80769634 bytes
->Temporary Internet Files folder emptied: 358277 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 106056986 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 76888 bytes

User: klein
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 154332990 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2376 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 622618 bytes
->Flash cache emptied: 1126 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14406532 bytes
->Flash cache emptied: 3594 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2609302 bytes
%systemroot%\System32 .tmp files removed: 2776064 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 328955 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 346,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05022011_203649

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 2 mai 2011 à 20:49
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


▶ Télécharge ici :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)


Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pndi 2 mai 2011 à 23:54
Rapport de Malwarebytes (le pc a eu du mal à redémarrer n'empêche ^^') :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6492

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/05/2011 23:21:44
mbam-log-2011-05-02 (23-21-44).txt

Type d'examen: Examen complet (C:\|D:\|G:\|)
Elément(s) analysé(s): 369444
Temps écoulé: 1 heure(s), 27 minute(s), 42 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{A5AD07CE-C523-4268-AAA4-C975482B8D48} (Trojan.ZbotR.Gen) -> Value: {A5AD07CE-C523-4268-AAA4-C975482B8D48} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ishigo (Trojan.Agent) -> Value: ishigo -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\system volume information\_restore{ea47e9d8-5413-4329-aec1-e5756de2591a}\RP463\A0142607.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\cold\hott\updater.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05022011_203649\c_documents and settings\default user\menu démarrer\programmes\démarrage\expug.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05022011_203649\c_documents and settings\flo & alex\application data\Advi\omebf.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05022011_203649\c_documents and settings\flo & alex\application data\Attyic\asixt.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05022011_203649\c_documents and settings\flo & alex\application data\directory\zs.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05022011_203649\c_documents and settings\flo & alex\application data\Epabec\odhe.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05022011_203649\c_documents and settings\flo & alex\application data\Ozfuov\lyit.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05022011_203649\c_documents and settings\flo & alex\application data\Watid\ruop.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05022011_203649\c_documents and settings\flo & alex\menu démarrer\programmes\démarrage\arfe.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05022011_203649\c_documents and settings\klein\menu démarrer\programmes\démarrage\ahmu.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 3 mai 2011 à 00:05
refais un scan OTL stp

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pndi 3 mai 2011 à 00:16
OTL.txt

http://www.cijoint.fr/cjlink.php?file=cj201105/cijhRFod8U.txt

Extras.txt

http://www.cijoint.fr/cjlink.php?file=cj201105/cijQkqXKSV.txt

;)

 Ajouter un commentaire
Ajouter un commentaire
1 2 Suivant
Posez votre question
Ce document intitulé « Virus sur Facebook » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.
Dossier à la une
Passage au tout numérique : quel coût pour les particuliers ?
Virus sur Facebook - page 2