Besoin d'aide pour nettoyer ordinateur Résolu/Fermé

Question

Bonjour, 
Depuis 2 jours mon ordi est infesté de virus, dès que j'ouvre une page il y en a plusieurs qui s'ouvrent également. Après nettoyage avec adwcleaner, QV06 a disparu mais je crois qu'il y en a d'autres.
J'ai vraiment besoin d'aide.
Merci
Marie

g3n-h@ckm@n · Answer

salut

 Télécharge et enregistre (lien direct) ADWCleaner sur ton bureau :

Ne clique pas sur Download , attends que la fenetre de confirmation de telechargement arrive

Lance le,(Pour vista/7/8 => clic droit "executer en tant qu'administrateur")

clique sur suppression et poste C:\Adwcleaner[Sx].txt 

=========

execute ceci :

http://security-helpzone.com/gen-hackman/tutos-canneds/junkware-removal-tool/

=========

execute ceci :

https://www.security-helpzone.com/2013/04/17/malwarebytes-anti-malware-mbam-detecteur-generaliste-de-menaces/

==========

execute ceci :

http://security-helpzone.com/gen-hackman/tutos-canneds/otl-2/

=========

J'attends donc 5 rapports dont deux hebergés sur cjoint.com

marie57412 · Answer

AdwCleaner v2.306 - Rapport créé le 17/08/2013 à 09:31:56
# Mis à jour le 19/07/2013 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : L'utilisateur - PC-DE-LUTILISAT
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\L'utilisateur\Downloads\AdwCleaner (3).exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Supprimé au redémarrage : C:\ProgramData\eSafe

***** [Registre] *****

Clé Supprimée : HKLM\Software\eSafeSecControl

***** [Navigateurs] *****

-\ Internet Explorer v9.0.8112.16502

[OK] Le registre ne contient aucune entrée illégitime.

-\ Mozilla Firefox v22.0 (fr)

Fichier : C:\Users\L'utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\w37esb0o.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\ Google Chrome v28.0.1500.95

Fichier : C:\Users\L'utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée [l.22] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Supprimée [l.25] : keyword = "delta-search.com",
Supprimée [l.29] : search_url = "hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B4CD00197E3AB[...]

*************************

AdwCleaner[S1].txt - [1285 octets] - [17/08/2013 09:31:56]

########## EOF - C:\AdwCleaner[S1].txt - [1345 octets] ##########

marie57412 · Answer

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.7 (08.17.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by L'utilisateur on 17/08/2013 at  9:39:23,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] webcakeupdater 
Successfully stopped: [Service] wsyssvc 
Successfully deleted: [Service] wsyssvc 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ntredirect
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software	orch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrics_fan
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software	orch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}



~~~ Files

marie57412 · Answer

rebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.08.15.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
L'utilisateur :: PC-DE-LUTILISAT [administrateur]

17/08/2013 09:53:26
mbam-log-2013-08-17 (09-53-26).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 353027
Temps écoulé: 1 heure(s), 18 minute(s), 7 seconde(s)

Processus mémoire détecté(s): 1
C:\Program Files\Tepfel\WebCakeDesktop.Updater.exe (PUP.Optional.WebCake.A) -> 6688 -> Suppression au redémarrage.

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKLM\SYSTEM\CurrentControlSet\Services\WebCakeUpdater (PUP.Optional.WebCake.A) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 2
HKCU\SOFTWARE\Mozilla\Firefox\Extensions\{B1C0A2B6-46CB-44D3-86E0-BF5D8B1848D3} (PUP.LyricsAd) -> Données:  -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Mozilla\Firefox\Extensions|{B1C0A2B6-46CB-44D3-86E0-BF5D8B1848D3} (PUP.LyricsAd) -> Données: C:\Program Files\Lyrics_Fan\127.xpi -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 9
C:\Program Files\Tepfel\WebCakeDesktop.Updater.exe (PUP.Optional.WebCake.A) -> Suppression au redémarrage.
C:\Users\L'utilisateur\AppData\Local\Temp\is1412836710\14456763_Setup.EXE (PUP.Optional.OneInstaller) -> Mis en quarantaine et supprimé avec succès.
C:\Users\L'utilisateur\AppData\Local\Temp\is1412836710\14456792_Setup.EXE (PUP.Optional.LyricsAd) -> Mis en quarantaine et supprimé avec succès.
C:\Users\L'utilisateur\AppData\Local\Temp\is1412836710\16990922_Setup.EXE (PUP.Optional.OneInstaller) -> Mis en quarantaine et supprimé avec succès.
C:\Users\L'utilisateur\Downloads\WiseConvert_1.5.exe (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès.
C:\Users\L'utilisateur\Downloads\IncrediMail-2.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\L'utilisateur\Downloads\rcpsetup_majorgeeks_majorgeeks_300_250.exe (PUP.Optional.RegCleanerPro) -> Mis en quarantaine et supprimé avec succès.
C:\Users\L'utilisateur\Downloads\Flash Player 12(1).exe (PUP.Optional.AirInstaller) -> Mis en quarantaine et supprimé avec succès.
C:\Users\L'utilisateur\Downloads\Flash Player 12.exe (PUP.Optional.AirInstaller) -> Mis en quarantaine et supprimé avec succès.

(fin)

marie57412 · Answer

Voilà déja les 3 premiers, les autres je les enverrai cet après midi.
Bonne journée et merci
Marie

g3n-h@ckm@n · Answer

le rapport JRT n'est pas complet

marie57412 · Answer

unkware Removal Tool (JRT) by Thisisu
Version: 5.4.7 (08.17.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by L'utilisateur on 17/08/2013 at  9:39:23,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] webcakeupdater 
Successfully stopped: [Service] wsyssvc 
Successfully deleted: [Service] wsyssvc 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ntredirect
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software	orch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrics_fan
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software	orch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Lyrics-Fan Update
Successfully deleted: [File] C:\Windows\System32\Tasks\browserdefendert
Successfully deleted: [File] C:\Windows\System32\Tasks\epupdater
Successfully deleted: [File] C:\Windows\Tasks\Lyrics-Fan Update.job
Successfully deleted: [File] C:\Windows\prefetch\PACKAGE_BABYLON_OFFER_MULTILA-3EDFB017.pf
Successfully deleted: [File] C:\Windows\prefetch\PACKAGE_BABYLON_OFFER_MULTILA-542630A2.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\Users\L'utilisateur\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\L'utilisateur\AppData\Roaming	epfel"
Successfully deleted: [Folder] "C:\Users\L'utilisateur\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\L'utilisateur\appdata\local	orch"
Successfully deleted: [Folder] "C:\Program Files\lyrics_fan"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"
Successfully deleted: [Folder] "C:\Program Files\pc speed maximizer"
Failed to delete: [Folder] "C:\Program Files	epfel"



~~~ FireFox

Emptied folder: C:\Users\L'utilisateur\AppData\Roaming\mozilla\firefox\profiles\w37esb0o.default\minidumps [700 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/08/2013 at  9:43:03,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

marie57412 · Answer

Désolée

g3n-h@ckm@n · Answer

bien , dans l attente des deux liens OTL :)

marie57412 · Answer

http://cjoint.com/?CHroqFHaRxD


Je n'arrive pas à retrouver le deuxième

marie57412 · Answer

https://www.cjoint.com/c/CHroAZAGOvX


J'espère que c'est le bon

g3n-h@ckm@n · Answer

ok

desinstalle ca : FrameFox Extensions 1.0.6.0     
désinstalle ca : Lyrics-Fan 

============

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !! 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1087621487-4098392791-2421953955-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-1087621487-4098392791-2421953955-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20     
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21     
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22     
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.2.5.2     
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23     
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318
pMcAfeeMss.dll File not found
[2013/08/15 13:27:03 | 000,000,000 | ---D | M] (FrameFox) -- C:\Program Files\Mozilla Firefox\Extensions\{D6F4FFAF-E3C9-4f3d-AD5B-F78CD969D7BF}     
[2013/08/15 13:27:03 | 000,000,000 | ---D | M] (FrameFox) -- C:\Program Files\Mozilla Firefox\browser\extensions\{D6F4FFAF-E3C9-4f3d-AD5B-F78CD969D7BF}     
CHR - default_search_provider: Delta Search (Enabled) 
CHR - default_search_provider: search_url = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B4CD00197E3AB04C&affID=119357&tsp=4975 
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O3 - HKU\S-1-5-21-1087621487-4098392791-2421953955-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-1087621487-4098392791-2421953955-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
[2013/08/15 13:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Tepfel 
[2013/07/21 22:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan 
[2013/08/17 13:39:56 | 000,000,364 | ---- | M] () -- C:\Windows	asks\Lyrics-Fan Update.job 
[2013/08/17 09:32:17 | 000,000,310 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat     
[2013/07/19 13:45:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy 
[2013/07/20 09:43:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}     
[2013/04/28 17:22:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}     
[2010/12/03 10:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft(22) 
[2012/10/21 09:50:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox(108) 
[2012/10/25 12:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox(114) 
[2013/07/19 13:45:06 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy 
[2012/05/17 13:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\Toolbar Cleaner     
[2012/07/05 08:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Trojan Remover     
[2010/04/29 09:36:02 | 000,003,190 | ---- | M] () -- C:\Windows\system32\Tasks\CreateChoiceProcessTask 

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"PlayMovie"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=-
"KiesAirMessage"=-
"TomTomHOME.exe"=-
[-HKEY_CURRENT_USER\Software\C:]     
[-HKEY_CURRENT_USER\Software\Duuqu]     
[HKLM\Software]
"Order"=-
[-HKEY_LOCAL_MACHINE\Software\BrowserChoice]     
[-HKEY_LOCAL_MACHINE\Software\Duuqu]     
[-HKEY_LOCAL_MACHINE\Software\TUTO_4PC]     
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] 
"EnableFirewall"=DWORD:0

:Files
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\*

:commands
[RESETHOSTS]
[emptytemp]

&#9654 Clique sur "Correction" pour lancer la suppression.


&#9654 Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

marie57412 · Answer

C'est quoi que je dois désinstaller, je ne connais pas.
le reste je peux faire

g3n-h@ckm@n · Answer

ben dans la liste des programmes installés , via le panneau de configuration/Programmes et fonctionnalités , tu desinstalles les deux programmes sus-cités

marie57412 · Answer

ok j'ai désinstallé
pour OTL est ce que je dois cocher les mêmes cases que pour l'analyse ou je laisse comme c'est?

g3n-h@ckm@n · Answer

non tu colles juste et tu cliques correction :) 
 
¤¤¤¤¤¤¤¤¤¤_Pre_Scan_Concept_¤¤¤¤¤¤¤¤¤¤
Bientôt désinscrit de Commentcamarche...

marie57412 · Answer

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
File C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-1087621487-4098392791-2421953955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page| /E : value set successfully!
HKU\S-1-5-21-1087621487-4098392791-2421953955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\StartPageCache| /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin\ deleted successfully.
Folder C:\Program Files\Mozilla Firefox\Extensions\{D6F4FFAF-E3C9-4f3d-AD5B-F78CD969D7BF}\ not found.
Folder C:\Program Files\Mozilla Firefox\browser\extensions\{D6F4FFAF-E3C9-4f3d-AD5B-F78CD969D7BF}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1087621487-4098392791-2421953955-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
Registry value HKEY_USERS\S-1-5-21-1087621487-4098392791-2421953955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
C:\Program Files\Tepfel folder moved successfully.
C:\ProgramData\McAfee Security Scan folder moved successfully.
C:\Windows\Tasks\Lyrics-Fan Update.job moved successfully.
C:\Windows\DeleteOnReboot.bat moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs\ulpCRTx86 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs\ulpATLx86 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs\ulCRTx86 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs\ulATLx86 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs\Policies\dlpCRTx86 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs\Policies\dlpATLx86 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs\Policies folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs\Manifests folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs\dlCRTx86 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs\dlATLx86 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\winsxs folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows\system32 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\Windows folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\mIDEFunc.dll folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\mDown.dll folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\C_\Program Files\Microsoft.NET\Primary Interop Assemblies folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\C_\Program Files\Microsoft.NET folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\C_\Program Files folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\C_\Build.Desktop\Installer\bin\win32\IMBooster folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\C_\Build.Desktop\Installer\bin\win32 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\C_\Build.Desktop\Installer\bin folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\C_\Build.Desktop\Installer folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\C_\Build.Desktop folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\C_ folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\4C95C880\578CC1D3 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline\4C95C880 folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}\offline folder moved successfully.
C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764} folder moved successfully.
C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} folder moved successfully.
C:\Program Files\Microsoft(22) folder moved successfully.
C:\Program Files\Mozilla Firefox(108)\webapprt\components folder moved successfully.
C:\Program Files\Mozilla Firefox(108)\webapprt folder moved successfully.
C:\Program Files\Mozilla Firefox(108)\uninstall folder moved successfully.
C:\Program Files\Mozilla Firefox(108)\searchplugins folder moved successfully.
C:\Program Files\Mozilla Firefox(108)\plugins folder moved successfully.
C:\Program Files\Mozilla Firefox(108)\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox(108)\extensions folder moved successfully.
C:\Program Files\Mozilla Firefox(108)\dictionaries folder moved successfully.
C:\Program Files\Mozilla Firefox(108) folder moved successfully.
C:\Program Files\Mozilla Firefox(114)\searchplugins folder moved successfully.
C:\Program Files\Mozilla Firefox(114)\dictionaries folder moved successfully.
C:\Program Files\Mozilla Firefox(114) folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
C:\Program Files\Toolbar Cleaner folder moved successfully.
C:\Program Files\Trojan Remover folder moved successfully.
C:\Windows\System32\Tasks\CreateChoiceProcessTask moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PlayMovie deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ISUSPM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\KiesAirMessage deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TomTomHOME.exe deleted successfully.
Registry key HKEY_CURRENT_USER\Software\C:\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Duuqu\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Order deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\BrowserChoice\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Duuqu\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\TUTO_4PC\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\"EnableFirewall"|DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\"EnableFirewall"|DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\"EnableFirewall"|DWORD:0 /E : value set successfully!
========== FILES ==========
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JIPT11A folder moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLJ3MXR0 folder moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZKOXVF3 folder moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZH9KJRKM folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: L'utilisateur
->Temp folder emptied: 246286282 bytes
->Temporary Internet Files folder emptied: 11440136 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 130514401 bytes
->Google Chrome cache emptied: 31417370 bytes
->Flash cache emptied: 9160 bytes
 
User: LUTIL~1
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5193294 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 405,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08172013_160647

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

g3n-h@ckm@n · Answer

bien des soucis persistent ?

marie57412 · Answer

Non, je pense que tout est bien à part internet explorer qui a disparu et je ne sais pas où.
Je voulais aussi te demander si tu connais le site fifostream.tv, c'est en ouvrant celui ci que j'ai chopé les virus je pense. Il y avait un fenêtre qui disait que je dois telecherger FLV player et bêtement j'ai cliqué et voilà!

g3n-h@ckm@n · Answer

ben s'il est installé desinstalle-le

==

les sites de streaming en général regorgent de scripts pourris sur les pages

fais ce grand menage final :

http://security-helpzone.com/gen-hackman/nettoyage-en-fin-de-desinfection/

marie57412 · Answer

4
# Mis à jour le 19/07/2013 par Xplode
# Nom d'utilisateur : L'utilisateur - PC-DE-LUTILISAT
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...

Supprimé : C:\_OTL
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\AdwCleaner[S1].txt
Supprimé : C:\Users\L'utilisateur\Desktop\JRT.txt
Supprimé : C:\Users\L'utilisateur\Downloads\adwcleaner (1).exe
Supprimé : C:\Users\L'utilisateur\Downloads\adwcleaner (2).exe
Supprimé : C:\Users\L'utilisateur\Downloads\AdwCleaner (3).exe
Supprimé : C:\Users\L'utilisateur\Downloads\adwcleaner.exe
Supprimé : C:\Users\L'utilisateur\Downloads\Extras.Txt
Supprimé : C:\Users\L'utilisateur\Downloads\JRT.exe
Supprimé : C:\Users\L'utilisateur\Downloads\OTL.Txt
Supprimé : C:\Users\L'utilisateur\Downloads\OTL.exe
Supprimée : HKLM\SOFTWARE\OldTimer Tools
Supprimée : HKLM\SOFTWARE\AdwCleaner

~ Sauvegarde de la base de registre ... OK

~ Purge de la restauration système ...

Supprimé : RP #1090 [Point de contrôle planifié | 08/03/2013 07:08:15]
Supprimé : RP #1091 [Sauvegarde Windows | 08/04/2013 17:08:24]
Supprimé : RP #1092 [Point de contrôle planifié | 08/07/2013 07:54:17]
Supprimé : RP #1093 [Point de contrôle planifié | 08/09/2013 13:22:08]
Supprimé : RP #1094 [Sauvegarde Windows | 08/11/2013 20:54:30]
Supprimé : RP #1095 [Sauvegarde Windows | 08/13/2013 07:40:02]
Supprimé : RP #1096 [Windows Update | 08/15/2013 06:42:39]
Supprimé : RP #1097 [Opération de restauration | 08/15/2013 13:33:45]
Supprimé : RP #1098 [avant installation FVL player | 08/15/2013 13:57:11]
Supprimé : RP #1099 [avant installation FVL player | 08/15/2013 14:01:55]
Supprimé : RP #1100 [Opération de restauration | 08/15/2013 14:03:01]
Supprimé : RP #1101 [OTL Restore Point - 16/08/2013 07:48:55 | 08/16/2013 05:48:55]
Supprimé : RP #1102 [OTL Restore Point - 16/08/2013 08:27:04 | 08/16/2013 06:27:04]
Supprimé : RP #1103 [OTL Restore Point - 16/08/2013 13:16:18 | 08/16/2013 11:16:18]
Supprimé : RP #1104 [OTL Restore Point - 16/08/2013 19:34:06 | 08/16/2013 17:34:06]
Supprimé : RP #1105 [OTL Restore Point - 17/08/2013 13:52:18 | 08/17/2013 11:52:18]
Supprimé : RP #1106 [Removed FrameFox Extensions 1.0.6.0 | 08/17/2013 14:01:56]

Nouveau point de restauration créé !

~ Réinitialisation des paramètres système ... OK

marie57412 · Answer

et pour  internet explorer je fais quoi?

g3n-h@ckm@n · Answer

finis tout le menage ensuite on avise

marie57412 · Answer

ok je pense que j'ai tout fait

g3n-h@ckm@n · Answer

ok explique ce qui te fait dire que internet explorer a disparu

marie57412 · Answer

eh ben le E n'est plus dans la barre et je n'arrive pas à retrouver explorer. je m'y prends peut être mal mais.....

g3n-h@ckm@n · Answer

c:\programmes\internet explorer\iexplore.exe

marie57412 · Answer

Merci j'ai trouvé. merci pour ton aide précieuse. heureusement qu'il y a des gens comme toi pour aider les "ignares" comme moi.
Bon week end, bonne soirée et encore merci.
Marie

g3n-h@ckm@n · Answer

fais clic droit , envoyer vers , le bureau et sur le bureau tu le renommes en internet explorer et le tour est joué mais je te conseille vivement d'utiliser mozilla beaucoup plus sur , stable.

marie57412 · Answer

Je l'ai déjà mis sur le bureau, j'utilise mozilla la plupart du temps mais des fois j'ai besoin de explorer.

g3n-h@ckm@n · Answer

ok j'espère que tu n'as pas copié le fichier ni déplacé et que tu as bien fait "envoyer vers"

marie57412 · Answer

mdr, je ne suis quand même pas si nulle.

g3n-h@ckm@n · Answer

si tu savais ce que j'ai vu des fois.....^^ 

une fois je depannais quelqu'un , je lui dit : mets-toi sur le bureau , elle 'a répondu :

mais t'es fou je vais le casser!!....:/
 
¤¤¤¤¤¤¤¤¤¤_Pre_Scan_Concept_¤¤¤¤¤¤¤¤¤¤
Bientôt désinscrit de Commentcamarche...

marie57412 · Answer

ça je n'en doute pas, mais ça doit être des débutants. ou des qui comprennent rin. moi ça va, faut des fois m'expliquer longtemps, mais à mon âge.....

g3n-h@ckm@n · Answer

il n'y a pas d'age pour apprendre , le tout c'est de le vouloir :)

marie57412 · Answer

c'est vrai et en plus j'adore.
Bon, je vais aller à la télé pour déstresser maintenant que mon ordi est "comme neuf".
J'ai mis "résolu" pour que  tout le monde sache.
Bonne soirée et au plaisir.
Encore une fois un grand merci.
Marie

g3n-h@ckm@n · Answer

de rien bonne continuation :)

Pascal.