Infection de mon ordinateur avec Tuto4PC
Fermé
narcotichappy
Messages postés
7
Date d'inscription
samedi 5 octobre 2013
Statut
Membre
Dernière intervention
14 décembre 2013
-
5 oct. 2013 à 12:55
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 6 oct. 2013 à 21:24
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 6 oct. 2013 à 21:24
A voir également:
- Infection de mon ordinateur avec Tuto4PC
- Mon ordinateur rame - Guide
- Réinitialiser ordinateur - Guide
- Retrouver ordinateur volé avec numéro de série - Guide
- Ordinateur ecran noir - Guide
- Mon ordinateur s'allume mais ne demarre pas windows - Guide
9 réponses
narcotichappy
Messages postés
7
Date d'inscription
samedi 5 octobre 2013
Statut
Membre
Dernière intervention
14 décembre 2013
5 oct. 2013 à 12:55
5 oct. 2013 à 12:55
narcotichappy
Messages postés
7
Date d'inscription
samedi 5 octobre 2013
Statut
Membre
Dernière intervention
14 décembre 2013
5 oct. 2013 à 12:55
5 oct. 2013 à 12:55
voici le rapport
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
5 oct. 2013 à 12:59
5 oct. 2013 à 12:59
Salut,
Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :
Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).
* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%windir%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
services.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
CREATERESTOREPOINT
nslookup https://www.google.fr/?gws_rd=ssl /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans une réponse.
Je répète : donne le lien du rapport pjjoint ici en réponse.
NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE
Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :
Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).
* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%windir%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
services.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
CREATERESTOREPOINT
nslookup https://www.google.fr/?gws_rd=ssl /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans une réponse.
Je répète : donne le lien du rapport pjjoint ici en réponse.
NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE
narcotichappy
Messages postés
7
Date d'inscription
samedi 5 octobre 2013
Statut
Membre
Dernière intervention
14 décembre 2013
5 oct. 2013 à 13:30
5 oct. 2013 à 13:30
narcotichappy
Messages postés
7
Date d'inscription
samedi 5 octobre 2013
Statut
Membre
Dernière intervention
14 décembre 2013
5 oct. 2013 à 14:07
5 oct. 2013 à 14:07
https://pjjoint.malekal.com/files.php?id=20131005_v9e7b6p5m5
je me suis trompée pour le rapport OTL
Merci de votre réponse très bien expliquée
je me suis trompée pour le rapport OTL
Merci de votre réponse très bien expliquée
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
5 oct. 2013 à 15:03
5 oct. 2013 à 15:03
Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:
:OTL
SRV - [2013/10/04 10:51:19 | 000,119,408 | ---- | M] (The Software Group) [On_Demand | Stopped] -- C:\Program Files\Software\Update\SoftwareUpdate.exe -- (Software_update_m)
SRV - [2013/10/04 10:51:19 | 000,119,408 | ---- | M] (The Software Group) [Auto | Stopped] -- C:\Program Files\Software\Update\SoftwareUpdate.exe -- (Software_update)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
CHR - plugin: Software Update (Enabled) = C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll
[2013/09/29 12:37:50 | 000,000,000 | ---D | M] (BonanzaDeals) -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
[2013/07/02 13:37:08 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\ffxtlbr@delta.com
[2013/07/12 10:09:43 | 000,000,000 | ---D | M] (Menu Contextuel Orange) -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\menu_contextuel_orange@orange.fr
[2013/07/02 13:37:09 | 000,000,000 | ---D | M] (WebCake) -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\plugin@getwebcake.com
[2013/06/30 18:05:13 | 000,000,000 | ---D | M] (Cool Smiley Bar for Facebook) -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks
[2013/07/02 13:33:15 | 000,006,505 | ---- | M] () -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\searchplugins\babylon.xml
[2013/07/02 13:34:26 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\searchplugins\delta.xml
O4 - HKLM..\Run: [upt4pc_fr_62.exe] C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_62\upt4pc_fr_62.exe ()
[2013/09/28 19:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive
[2013/10/01 15:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_68
[2013/10/05 13:10:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013/09/04 14:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephane\Application Data\PerformerSoft
[2013/09/30 20:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_62
:Commands
[emptytemp]
[emptyflash]
[resethosts]
[reboot]
* poste le rapport ici
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:
:OTL
SRV - [2013/10/04 10:51:19 | 000,119,408 | ---- | M] (The Software Group) [On_Demand | Stopped] -- C:\Program Files\Software\Update\SoftwareUpdate.exe -- (Software_update_m)
SRV - [2013/10/04 10:51:19 | 000,119,408 | ---- | M] (The Software Group) [Auto | Stopped] -- C:\Program Files\Software\Update\SoftwareUpdate.exe -- (Software_update)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
CHR - plugin: Software Update (Enabled) = C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll
[2013/09/29 12:37:50 | 000,000,000 | ---D | M] (BonanzaDeals) -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
[2013/07/02 13:37:08 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\ffxtlbr@delta.com
[2013/07/12 10:09:43 | 000,000,000 | ---D | M] (Menu Contextuel Orange) -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\menu_contextuel_orange@orange.fr
[2013/07/02 13:37:09 | 000,000,000 | ---D | M] (WebCake) -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\plugin@getwebcake.com
[2013/06/30 18:05:13 | 000,000,000 | ---D | M] (Cool Smiley Bar for Facebook) -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks
[2013/07/02 13:33:15 | 000,006,505 | ---- | M] () -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\searchplugins\babylon.xml
[2013/07/02 13:34:26 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\searchplugins\delta.xml
O4 - HKLM..\Run: [upt4pc_fr_62.exe] C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_62\upt4pc_fr_62.exe ()
[2013/09/28 19:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive
[2013/10/01 15:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_68
[2013/10/05 13:10:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013/09/04 14:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephane\Application Data\PerformerSoft
[2013/09/30 20:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_62
:Commands
[emptytemp]
[emptyflash]
[resethosts]
[reboot]
* poste le rapport ici
All processes killed
========== OTL ==========
Service Software_update_m stopped successfully!
Service Software_update_m deleted successfully!
C:\Program Files\Software\Update\SoftwareUpdate.exe moved successfully.
Service Software_update stopped successfully!
Service Software_update deleted successfully!
File C:\Program Files\Software\Update\SoftwareUpdate.exe not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\***@*** deleted successfully.
File C:\Program Files\Babylon\Babylon-Pro\Utils\***@*** not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\ not found.
File C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi not found.
File C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll not found.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}\defaults folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}\content\images folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}\content folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\META-INF folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\content\imgs folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\content folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@*** folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\content folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\chrome folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@*** folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\skin folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\META-INF folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\locale\en-US folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\locale folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\defaults\preferences folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\defaults folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\content folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@*** folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks\chrome\skin folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks\chrome\content\mz folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks\chrome\content folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks\chrome folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\searchplugins\babylon.xml moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\searchplugins\delta.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\upt4pc_fr_62.exe deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_62\upt4pc_fr_62.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive\Update\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive\Update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive folder moved successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_68\tuto4pc_fr_68\1.10 folder moved successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_68\tuto4pc_fr_68 folder moved successfully.
C:\WINDOWS\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job moved successfully.
C:\Documents and Settings\Stephane\Application Data\PerformerSoft folder moved successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_62\Download folder moved successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_62 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
User: Administrator
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
User: Hudson
User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 594807 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 800629 bytes
User: Stephane
->Temp folder emptied: 1581623 bytes
->Temporary Internet Files folder emptied: 7242130 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10847630 bytes
->Google Chrome cache emptied: 12221135 bytes
->Flash cache emptied: 59818 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1154048 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41470296 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 324430795 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34313 bytes
RecycleBin emptied: 233872 bytes
Total Files Cleaned = 382,00 mb
[EMPTYFLASH]
User: Administrateur
->Flash cache emptied: 0 bytes
User: Administrator
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Hudson
User: LocalService
User: NetworkService
User: Stephane
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10052013_150818
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
voilà, le registe et j'ai été dans msconfig puis dans démarrage et il semblerait qu'il n'y est plus
========== OTL ==========
Service Software_update_m stopped successfully!
Service Software_update_m deleted successfully!
C:\Program Files\Software\Update\SoftwareUpdate.exe moved successfully.
Service Software_update stopped successfully!
Service Software_update deleted successfully!
File C:\Program Files\Software\Update\SoftwareUpdate.exe not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\***@*** deleted successfully.
File C:\Program Files\Babylon\Babylon-Pro\Utils\***@*** not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\ not found.
File C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi not found.
File C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll not found.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}\defaults folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}\content\images folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}\content folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\META-INF folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\content\imgs folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\content folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@*** folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\content folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\chrome folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@*** folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\skin folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\META-INF folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\locale\en-US folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\locale folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\defaults\preferences folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\defaults folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@***\content folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\***@*** folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks\chrome\skin folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks\chrome\content\mz folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks\chrome\content folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks\chrome folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\extensions\pluswinks@PlusWinks folder moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\searchplugins\babylon.xml moved successfully.
C:\Documents and Settings\Stephane\Application Data\Mozilla\Firefox\Profiles\72t86lfb.default\searchplugins\delta.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\upt4pc_fr_62.exe deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_62\upt4pc_fr_62.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive\Update\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive\Update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive folder moved successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_68\tuto4pc_fr_68\1.10 folder moved successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_68\tuto4pc_fr_68 folder moved successfully.
C:\WINDOWS\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job moved successfully.
C:\Documents and Settings\Stephane\Application Data\PerformerSoft folder moved successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_62\Download folder moved successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\tuto4pc_fr_62 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
User: Administrator
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
User: Hudson
User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 594807 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 800629 bytes
User: Stephane
->Temp folder emptied: 1581623 bytes
->Temporary Internet Files folder emptied: 7242130 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10847630 bytes
->Google Chrome cache emptied: 12221135 bytes
->Flash cache emptied: 59818 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1154048 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41470296 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 324430795 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34313 bytes
RecycleBin emptied: 233872 bytes
Total Files Cleaned = 382,00 mb
[EMPTYFLASH]
User: Administrateur
->Flash cache emptied: 0 bytes
User: Administrator
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Hudson
User: LocalService
User: NetworkService
User: Stephane
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10052013_150818
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
voilà, le registe et j'ai été dans msconfig puis dans démarrage et il semblerait qu'il n'y est plus
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
5 oct. 2013 à 19:13
5 oct. 2013 à 19:13
Refais un scan OTL et donne le rapport, histoire de contrôler.
Je ne peux plus le faire car j'ai fait un malwarebyte, un avast et un ccleaner et je pense que ccleaner pas complètement viré OLT, mais en tout cas je ne rencontre plus aucun problème et les résultats de mes scans sont vides, merci beaucoup pour votre compétence. Bonne fin de journée à vous.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
6 oct. 2013 à 21:24
6 oct. 2013 à 21:24
ok comme tu veux :)
Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/
Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/
