Ukash virus belgique

https://pjjoint.malekal.com/files.php?id=OTL_20120709_k13p9c9x13m7

https://pjjoint.malekal.com/files.php?id=OTL_Extras_20120709_z7e7h12g12s6

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{4d51f677-2a0b-43e2-b444-a2b384d24b91} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d51f677-2a0b-43e2-b444-a2b384d24b91}\ deleted successfully.
C:\Program Files (x86)\SFT_France\prxtbSFT_.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-3318414300-1231084079-1697754230-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4d51f677-2a0b-43e2-b444-a2b384d24b91} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d51f677-2a0b-43e2-b444-a2b384d24b91}\ not found.
File C:\Program Files (x86)\SFT_France\prxtbSFT_.dll not found.
Registry key HKEY_USERS\S-1-5-21-3318414300-1231084079-1697754230-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d51f677-2a0b-43e2-b444-a2b384d24b91}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d51f677-2a0b-43e2-b444-a2b384d24b91}\ not found.
File C:\Program Files (x86)\SFT_France\prxtbSFT_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4d51f677-2a0b-43e2-b444-a2b384d24b91} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d51f677-2a0b-43e2-b444-a2b384d24b91}\ not found.
File C:\Program Files (x86)\SFT_France\prxtbSFT_.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\Temp:57D798E9 deleted successfully.
ADS C:\ProgramData\Temp:C085F80B deleted successfully.
ADS C:\ProgramData\Temp:A213D1FE deleted successfully.
ADS C:\ProgramData\Temp:AF9538BC deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
========== FILES ==========
C:\ProgramData\l_u0_0.pad moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: vesna
->Temp folder emptied: 117272 bytes
->Temporary Internet Files folder emptied: 1033757138 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 62339 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25654032 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85414 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.011,00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07102012_163643

Files\Folders moved on Reboot...
C:\Users\vesna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\vesna\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.07.10.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
vesna :: VESNA-HP [administrateur]

10/07/2012 20:45:39
mbam-log-2012-07-10 (20-45-39).txt

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 369068
Temps écoulé: 1 heure(s), 46 minute(s), 40 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 7
C:\Qoobox\Quarantine\C\Users\vesna\AppData\Roaming\cacaoweb\cacaoweb.exe.vir (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.
C:\Users\vesna\Downloads\cacaoweb (1).exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.
C:\Users\vesna\Downloads\cacaoweb.exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.
C:\Users\vesna\Downloads\SoftonicDownloader_pour_windows-live-messenger(1).exe (PUP.OfferBundler.ST) -> Mis en quarantaine et supprimé avec succès.
C:\Users\vesna\Downloads\SoftonicDownloader_pour_windows-live-messenger(2).exe (PUP.OfferBundler.ST) -> Mis en quarantaine et supprimé avec succès.
C:\Users\vesna\Downloads\SoftonicDownloader_pour_windows-live-messenger-msn-messenger.exe (PUP.OfferBundler.ST) -> Mis en quarantaine et supprimé avec succès.
C:\Users\vesna\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.

(fin)

voila donc quand j'ai fait l'analyse j'ai pas désactivé l'antivirus c'est juste ?

je me souviens pas avoir ete sur ce site mais je retiendrai :D
donc je vais réactiver mes protections que j'avais désactivé l'AVG et windows defender et après je supprime les programmes et les dossiers qu'on a créer et utiliser? style combofix, OTL exetera

je me suis trompé c'est pas "osvin" c'est moi qui ai envoyé le message

whyigotinfected a marché j'ai cliqué pour installer java, ca s'est téléchargé puis j'ai supprimé les anciennes versions avec JavaRa j'ai refais un scan avec wigi mais ça reste rouge

WhyIGotInfected v1.5.4(by Tigzy)
********************************

Run : 12/07/2012 00:25:00 [Normal Mode]
Machine : VESNA-HP (2 CPUs) [vesna : NOT ADMIN]
OS: Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (x64)

~~ Plugins check: ~~

UPTODATE [Microsoft Windows 7 Édition Familiale Premium ] Current : Service Pack 1 -- Latest : Service Pack 1
UPTODATE [Internet Explorer] Current : 9.0.8112.16421 -- Latest : 9.0.8112.16421
UPTODATE [Internet Explorer (x86)] Current : 9.0.8112.16421 -- Latest : 9.0.8112.16421
OUTDATED [Java] Current : 1.6.0_24 -- Latest : 1.7.0_05
UPTODATE [Java (x86)] Current : 1.7.0_05 -- Latest : 1.7.0_05
UPTODATE [Adobe Reader (x86)] Current : 10 -- Latest : 10
UPTODATE [Adobe Flash] Current : 11.3.300.257 -- Latest : 11.3.300.257
UPTODATE [Adobe Flash (x86)] Current : 11.3.300.257 -- Latest : 11.3.300.257
UPTODATE [Adobe Flash ActiveX] Current : 11.3.300.257 -- Latest : 11.3.300.257
UPTODATE [Adobe Flash ActiveX (x86)] Current : 11.3.300.257 -- Latest : 11.3.300.257


Finished
<C:\Users\vesna\Desktop\WIGIReport[0].txt>
WIGIReport[0].txt



avaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jul 12 00:28:01 2012

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

------------------------------------

Finished reporting.

en tout cas si je l'avais mal fait je l'ai bien fait cette fois-ci ( https://pjjoint.malekal.com/files.php?id=20120712_u14w14l86l6 ) mais ca reste toujours rouge

tu as bien uniquement la derniere version 7 update 5 de java d'installée ?

oui je viens d'aller sur le site qui est sur ton tutoriel pour savoir quelle version de java j'ai et c'est celle la.

WhyIGotInfected v1.5.4(by Tigzy)
********************************

Run : 12/07/2012 00:25:00 [Normal Mode]
Machine : VESNA-HP (2 CPUs) [vesna : NOT ADMIN]
OS: Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (x64)

~~ Plugins check: ~~

UPTODATE [Microsoft Windows 7 Édition Familiale Premium ] Current : Service Pack 1 -- Latest : Service Pack 1
UPTODATE [Internet Explorer] Current : 9.0.8112.16421 -- Latest : 9.0.8112.16421
UPTODATE [Internet Explorer (x86)] Current : 9.0.8112.16421 -- Latest : 9.0.8112.16421
OUTDATED [Java] Current : 1.6.0_24 -- Latest : 1.7.0_05
UPTODATE [Java (x86)] Current : 1.7.0_05 -- Latest : 1.7.0_05
UPTODATE [Adobe Reader (x86)] Current : 10 -- Latest : 10
UPTODATE [Adobe Flash] Current : 11.3.300.257 -- Latest : 11.3.300.257
UPTODATE [Adobe Flash (x86)] Current : 11.3.300.257 -- Latest : 11.3.300.257
UPTODATE [Adobe Flash ActiveX] Current : 11.3.300.257 -- Latest : 11.3.300.257
UPTODATE [Adobe Flash ActiveX (x86)] Current : 11.3.300.257 -- Latest : 11.3.300.257


Finished
<C:\Users\vesna\Desktop\WIGIReport[0].txt>
WIGIReport[0].txt

mmmm...je vais voir avec le concepteur

ok merci