Virus !!!

myssnette -  
 myssnette -
Bonjour,

voici le lien du rapport obtenu par ZHP Diag

http://www.cijoint.fr/cjlink.php?file=cj201006/cijztZ2t5C.txt

merci

10 réponses

  1. Utilisateur anonyme
     
    bonjour quel sont les problème avec ton PC ?

    tu a un rogue un faux logiciel de sécurité

    plus d'explication

    Fais sa Télécharge rkill
    https://download.bleepingcomputer.com/grinler/rkill.exe
    Enregistre-le sur ton Bureau
    Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)
    Un bref écran noir t'indiquera que le tool s'est correctement exécuter, s'il ne lance pas
    change de lien de téléchargement en utilisant le suivant à partir d'ici:
    http://download.bleepingcomputer.com/grinler/rkill.pif
    https://download.bleepingcomputer.com/grinler/rkill.scr
    https://download.bleepingcomputer.com/grinler/rkill.com

    une fois qu'il aura terminé

    Téléchargez MalwareByte's Anti-Malware

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    . Enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
    . Une fois la mise à jour terminé
    . Rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet (examen assez long)
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, clique sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . Rends toi dans l'onglet rapport/log
    . Tu cliques dessus pour l'afficher, une fois affiché
    . Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
    . Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    Si tu as besoin d'aide regarde ces tutoriels :
    Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
    1
  2. Utilisateur anonyme
     
    * Télécharge UsbFix sur ton bureau .

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe­

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe,carte SD etc...) susceptible d'avoir été infectées sans les ouvrir

    * Double clic sur "UsbFix.exe"

    * Choisis l'option Recherche sur le Panneau de contrôle .

    * Laisse travailler l'outil.

    * Ensuite poste le rapport UsbFix.txt qui apparaitra.

    * Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    tuto pour t'aidez http://pagesperso-orange.fr/NosTools/tuto_usbfix2.html

    * Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    1
  3. Utilisateur anonyme
     
    Suppression

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe......) susceptibles d'avoir été infectés sans les ouvrir

    (1) Double clic sur le raccourci UsbFix présent sur ton bureau

    (2) Choisi l'option Suppression

    UsbFix scannera ton pc , laisse travailler l outil.

    Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .

    Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    1
  4. myssnette
     
    bonjour et okiii merci le scan est en train de se dérouler !

    Mon problème était que j avais beaucoup de message qui me disai que j avai un virus qui infectait mon ordi .
    En effet je pense avoir des probleme car 1m30 de scan et deja 30 fichiers infectés detectés.

    Merci encore je vais suivre tes indications .
    0
    1. myssnette
       
      et je poste le rapport
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. myssnette
     
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4167

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    03/06/2010 21:25:45
    mbam-log-2010-06-03 (21-25-45).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 240956
    Temps écoulé: 51 minute(s), 16 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 95
    Valeur(s) du Registre infectée(s): 7
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 15
    Fichier(s) infecté(s): 55

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Users\RACHID\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{0729f461-8054-47dc-8d39-a31b61cc0119} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{40ca90f3-4098-4877-ae87-23eb612b18c7} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4c3b62af-ca25-4fba-8405-32e44f83bb6f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5a635a91-c303-45c9-8db9-f759d98a3b9d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7e335d04-2e6e-4d0e-a921-c3d9192e7121} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b20d7add-989c-4bc0-a797-f6fe7998efd7} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bfc20a15-b0ac-44cc-a25a-a7039014ba9f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f019aec4-4c95-46de-a107-e302473e3b9a} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2d00aa2a-69ef-487a-8a40-b3e27f07c91e} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{86c5840b-80c4-4c30-a655-37344a542009} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarweather.weathercontroller.1 (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{70880ce6-308c-4204-a89e-b266c3f7b7fa} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{148e1447-c728-48fd-beec-a7d06c5fff58} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8ee46f55-1ce1-4db9-811a-68938ec7f3dd} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a87dfd99-cf81-4241-85ce-881e0026b686} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c96b9fae-a032-4100-bb47-32ef05e28be4} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{14113b47-d59c-4f0f-9d10-ff1730265584} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a9c42a57-421c-4572-8b12-249c59183d1c} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8292078f-f6e9-412b-8eb1-360c05c5ece5} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2447e305-5e90-42a8-bd1e-0bc333b807e1} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{50d2fdcc-2707-49cb-8223-7fe0424909aa} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{878ce013-7ba9-4650-a78c-b2234c0c1648} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a5b6fa30-d317-41ca-9cb1-c898d3c7f34e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cc19a5f2-b4ad-41d5-a5c9-0680904c1483} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{76d54105-99eb-4ecb-95b2-a944f50cc566} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a3e67daa-da01-4da5-98be-3088b554a11e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a3e67daa-da01-4da5-98be-3088b554a11e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{03d7ff6e-9781-40b5-bb7f-94291a361604} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3ceb04ab-08af-45f4-81b4-70d13c1f7b85} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a7213d71-47e1-4832-92d7-d61dfe9f231f} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf82f350-e1c4-4916-ac12-ba73db60afb7} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c62a9e79-2b52-439b-af57-2e60bb06e86c} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{15fd8424-d12a-4c51-8c6c-d5d57b80f781} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{67b3becf-7b6f-42b2-99f0-f7656f89cffa} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{715ffd42-4e05-4eab-9513-c8daa5395ae2} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{759d6f7c-8d30-45b6-abea-fa51c190eed5} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{9a4a64a4-a2fb-48fa-9bba-1ac50267695d} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{62906e60-bce2-4e1b-9ed0-8b9042ee15e4} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f9bfa98d-9935-4ea4-a05a-72c7f0778f02} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{cdc73256-a88d-4642-844e-a8f20b76789c} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d1063603-f045-475f-afbc-8cba7d5797fb} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nxymugml (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfe8owijfisjhgs7ye39gjsoighsd7y3eu (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Users\RACHID\AppData\Local\thevsqxcf\otbatpatssd.exe (Trojan.Agent) -> Delete on reboot.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\CoreSrv.dll (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\firefox\extensions\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0U223RL8\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0U223RL8\kkemu[1].htm (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0U223RL8\oriqbjdp[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4BKKY42\rvqxfn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REKI187R\yptozgozmu[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\axr9i0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\ci9d0ja72te.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\drweb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\exaorcwnms.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\gmfrxpgv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\rknfl.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\wgvyd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\wxanrmsceo.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\VirtualStore\Windows\SysWOW64\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\Desktop\setup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\Desktop\setup(3).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\Hotbar\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\Hotbar\Weather\Weather_XML\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\Hotbar\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSA_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\CntntCntr.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\HotbarSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\HotbarSADF.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\HotbarSAHook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\HotbarUninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\Srv.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\Toolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\Weather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Hotbar\bin\11.0.175.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\RACHID\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

    VOILA LE RAPPORT ... Merci encore !
    0
  7. myssnette
     
    Ci joint rapport

    ############################## | Usbfix 7.004 | [Recherche]

    Utilisateur: RACHID (Administrateur) # RACHID-PC [ASUSTeK Computer Inc. K70IC]
    Mis à jour le 03/06/10 par El Desaparecido / C_XX
    Lancé à 21:40:06 | 03/06/2010
    Site Web: http://pagesperso-orange.fr/NosTools/index.html
    Contact: FindyKill.Contact@gmail.com

    CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
    CPU 2: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
    Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
    Internet Explorer 8.0.7600.16385

    Pare-feu Windows: Activé

    RAM -> 4095 Mo
    C:\ (%systemdrive%) -> Disque fixe # 116 Go (58 Go libre(s) - 49%) [OS] # NTFS
    D:\ -> Disque fixe # 335 Go (220 Go libre(s) - 66%) [DATA] # NTFS
    E:\ -> CD-ROM
    F:\ -> Disque amovible # 7 Go (7 Go libre(s) - 91%) [] # FAT32
    G:\ -> Disque amovible # 2 Go (988 Mo libre(s) - 53%) [BLACKBERRY] # FAT

    ################## | Éléments infectieux |

    Présent! C:\Users\RACHID\AppData\Local\Temp\a.dat
    Présent! C:\Users\RACHID\AppData\Local\Temp\Krv.exe
    Présent! C:\Windows\Temp\TS_45A7.tmp
    Présent! C:\Windows\Temp\TS_4EEC.tmp
    Présent! C:\Windows\Temp\TS_59D5.tmp
    Présent! C:\Windows\Temp\TS_5C75.tmp
    Présent! C:\Windows\Temp\TS_680A.tmp
    Présent! C:\Windows\Temp\TS_6A2D.tmp
    Présent! C:\Windows\Temp\TS_7E3A.tmp
    Présent! C:\Windows\Temp\TS_84B1.tmp
    Présent! C:\$Recycle.Bin\S-1-5-20
    Présent! C:\$Recycle.Bin\S-1-5-21-4080371051-1183795208-399852074-1000
    Présent! D:\$Recycle.Bin\S-1-5-21-4080371051-1183795208-399852074-1000
    Présent! D:\$Recycle.Bin\S-1-5-21-4080371051-1183795208-399852074-500

    ################## | Registre |

    ################## | Mountpoints2 |

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné!

    ################## | E.O.F |
    0
  8. myssnette
     
    HOHOOOOOOO ! probleme !

    je n'arrive pas a supprimer !

    Jai un message d erreur qui m indique que KILL.exe a cessé de fonctionné et que window va fermer ce programme .
    0
    1. Utilisateur anonyme
       
      redémarre est réessaye
      0
    2. myssnette
       
      Meme chose ... aie aie aie
      0
  9. Utilisateur anonyme
     
    On va utiliser une alternative à UsbFix :

    Télécharge l'outil Flash_Disinfector de sUBs et enregistre le sur ton bureau

    https://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

    Sous XP : Double clique sur Flash_Disinfector.exe pour l'exécuter.

    sous vista : Clic-droit sur Flash_Disinfector présent sur le bureau et choisis "Exécuter en tant qu'administrateur"

    Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra :

    Connecte au pc, clé USB, DD externes, susceptibles d'avoir été infectés.

    Puis clic sur Ok

    Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!]

    Appuie ensuite sur OK, pour faire réapparaître le bureau.
    0
    1. myssnette
       
      Cette fois ci ca me dis que le programme ne c'est pas installer correctement , essayer de retelecharger une deuxième fois, j ai retente plusieurs fois l opération mais rien n'y fait . je COMMENCE A CROIRE QUE MON PROBLÈME EST PLUS GRAVE :-(( est ce le cas ? En tout cas merci pour votre aide c'est vraiment très gentils
      0
  10. Utilisateur anonyme
     
    peux tu le faire en mode sans echec ?
    0
    1. myssnette
       
      heu ... comment on fait ?
      0
    2. myssnette
       
      Alors je l ai fait en mode sans echec avec USBFIX et cette fois ci cela a fonctionnerv
      seulement au moment de vouloire redemarrer l ordi , il n y avai rien d autre qu un ecran noir .
      j ai ete obligé de redemarrer manuellement et window a refuser de demmarrer . Cel ma mis plusieur chose en Anglais comme si une sécurité" window allais recuperer a un point de sauvegarde donné et ca a été le cas puisqu en se rallument je n ai plus rien de tous ce que j avais installe sur mon PC ..

      En bref je vais recommencer tous le descriptif du topic demain .
      0
    3. myssnette
       
      bonjour !!!
      alors aujourd hui g tout recommencer et apparament ca a fonctionner . Maintenant c'est mon Internet Explorer qui ne fonctionne plus! G essayé de telecharge une nouvelle version mais
      impossible . Ci joint diagn réseau de l ordi sur le problème avec explorer

      MERCI A VOUS


      Diagnostics réseau de Windows Détails de l'éditeur

      Problèmes trouvés
      Le périphérique ou la ressource distant n'accepte pas la connexion.Le périphérique ou la ressource distant n'accepte pas la connexion.
      Le périphérique ou la ressource (www.google.fr) n'est pas configuré pour accepter les connexions sur le port « Service Web (HTTP) ». Détecté
      Contactez votre administrateur réseau. Terminé


      Problèmes trouvés Détails de la détection

      5 Le périphérique ou la ressource distant n'accepte pas la connexion. Détecté

      Le périphérique ou la ressource (www.google.fr) n'est pas configuré pour accepter les connexions sur le port « Service Web (HTTP) ».
      Contactez votre administrateur réseau. Terminé

      L'ordinateur ou le périphérique que vous essayez d'atteindre est disponible, mais il ne prend pas en charge ce que vous essayez de réaliser. Il peut s'agir d'un problème de configuration ou d'une limitation du périphérique.


      Détails de la détection

      Journal de diagnostic réseau
      Nom de fichier: 64CD4436-11ED-499E-A09F-F693984A4BA0.Diagnose.0.etl

      Autres configurations et journaux réseau
      Nom de fichier: NetworkConfiguration.cab

      Informations sur la collecte des données
      Nom de l'ordinateur: RACHID-PC
      Version de Windows: 6.1
      Architecture: amd64
      Heure: vendredi 4 juin 2010 18:03:32

      Détails de l'éditeur

      Diagnostics réseau de Windows
      Détecte les problèmes de connectivité du réseau.
      Version de package: 1.0
      Éditeur: Microsoft Windows
      0
  11. Utilisateur anonyme
     
    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe......) susceptibles d'avoir été infectés sans les ouvrir

    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt
    -1
    1. myssnette
       
      Je suis vraiment desolé mais rien n'y fait :

      Ci joint message erreur

      ca me dit que combofix fonctionne uniquement avec window 2000 et XP
      0
    2. Utilisateur anonyme
       
      oups excuse moi ( fatigué )
      0
    3. myssnette
       
      pas grave
      0