TR/Dropper.Gen

[maxspeed]

Comme beaucoup j'ai eut ce trojan, Antivir me la détecté il y a une heure environ, il affiche des page publicitaire non souhaité et ralentit mon ordi et ma connexion (je crois) qui est déjà vraiment aps térrible.
Bref en suivant les explication de divers forum comme le votre j'ai installé "Malwarebytes" et effectué un,e recherche rapide qui a repéré un peu plus d'une vingtaine de fichier contaminée. J'ai donc supprimer ces fichier et voici le rapport :
(a oui avant ca j'ai supp tt le dossier TEMP dans le C:.)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6320

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/04/2011 00:10:03
mbam-log-2011-04-10 (00-10-03).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 153633
Temps écoulé: 1 minute(s), 44 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
c:\WINDOWS\Dxebya.exe (Trojan.Downloader) -> 2608 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\vefcon.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\system32\jghcgwcm.dll (IPH.GenericBHO) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{8DAFDC90-E303-400D-11E6-EF862110AC0F} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Hdrughmh (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DAFDC90-E303-400D-11E6-EF862110AC0F} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DAFDC90-E303-400D-11E6-EF862110AC0F} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rvajali (Trojan.Hiloti) -> Value: Rvajali -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GAGEZ8R8ZB (Trojan.Downloader) -> Value: GAGEZ8R8ZB -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NtWqIVLZEWZU (Trojan.FakeAlert) -> Value: NtWqIVLZEWZU -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\vefcon.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\Dxebya.exe (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\system32\jghcgwcm.dll (IPH.GenericBHO) -> Delete on reboot.
c:\documents and settings\Maxspeed\local settings\Temp\ditef.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Maxspeed\local settings\Temp\jjjj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\Dvb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\Dvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\Dvd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\Dve.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.









Suis-je sortis d'affaire ? En tout cas on dirait qu'il n'y a plus de pub et de ralentissements !

[maxspeed]

Antivirus me détecte cette fois-ci "TR/Crypt.ZPACK.Gen" Déja 2 fois en très peu de temps,
j'ai donc refait une recherche rapide avec MalwareBytes mais il n'a rien trouvé , voici le rapport :



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6320

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/04/2011 00:29:28
mbam-log-2011-04-10 (00-29-28).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 153780
Temps écoulé: 3 minute(s), 19 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

[bernard53]

bonjour

fait ceci pour voir plus.


* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
vstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Mets le rapport ici car il prend bien de la place.

http://www.cijoint.fr/index.php

[maxspeed]

Voila avec OTL

Extrat.txt
http://www.cijoint.fr/cjlink.php?file=c ... vScvUa.txt

OTL.txt
http://www.cijoint.fr/cjlink.php?file=c ... uWrxzq.txt

[maxspeed]

J'ai plus les page pub qui viennent depuis le malwarebyte mais il y a encore des sons (type windows) qui retentissent environ tte les 30 min je dirais mais rien n'apparait... bref un truc bizarre, j'attends votre reponse pour le rapport d'OTL .
Merci d'avance

[bernard53]

ok fait ceci s.t.p



* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
PRC - C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services Limited)
SRV - (rtlmxqvs) -- File not found
SRV - (HidServ) -- File not found
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.24
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:2.1.3714.137
FF - HKLM\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2011/04/09 22:19:05 | 000,000,000 | ---D | M]
[2011/02/22 00:54:42 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com
[2011/02/14 20:30:13 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\yyginstantplay@yoyogames.com
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\searchplugins\askcom.xml
[2011/04/09 22:19:05 | 000,000,000 | ---D | M] (OfferBox) -- C:\PROGRAM FILES\OFFERBOX\OFFERBOXFFX@OFFERBOX.COM
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM\..\Run: [] File not found
O4 - HKLM\..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKCU\..\Run: [CY08W456F0] File not found
[2011/04/09 22:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\OfferBox
[2011/04/09 22:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxspeed\Application Data\OfferBox
:Commands
[emptytemp]

* Cliques sur l'icône Correction (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport s'ouvrir "OTL.log"
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Mets le rapport ici car il prend bien de la place.
http://www.cijoint.fr/index.php

[maxspeed]

Dsl je n'ai pas pu cette fois ci, de me servir de "cIJOINT.FR" .

Voilà le rapport :

All processes killed
========== OTL ==========
No active process named OfferBox.exe was found!
Service rtlmxqvs stopped successfully!
Service rtlmxqvs deleted successfully!
File File not found not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File File not found not found.
Prefs.js: yyginstantplay@yoyogames.com:1.1.0.24 removed from extensions.enabledItems
Prefs.js: ffxtlbr@babylon.com:1.1.3 removed from extensions.enabledItems
Prefs.js: offerboxffx@offerbox.com:2.1.3714.137 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com deleted successfully.
C:\Program Files\OfferBox\offerboxffx@offerbox.com\components folder moved successfully.
C:\Program Files\OfferBox\offerboxffx@offerbox.com\chrome\content folder moved successfully.
C:\Program Files\OfferBox\offerboxffx@offerbox.com\chrome folder moved successfully.
C:\Program Files\OfferBox\offerboxffx@offerbox.com folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\.svn\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\.svn\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults\.svn folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\.svn\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content\.svn folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\.svn\tmp folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\.svn\text-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\.svn\props folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com\.svn folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\yyginstantplay@yoyogames.com\plugins folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\yyginstantplay@yoyogames.com\META-INF folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\extensions\yyginstantplay@yoyogames.com folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\Mozilla\Firefox\Profiles\s0frxwk2.default\searchplugins\askcom.xml moved successfully.
Folder C:\PROGRAM FILES\OFFERBOX\OFFERBOXFFX@OFFERBOX.COM\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}\ deleted successfully.
C:\Program Files\OfferBox\OfferBoxBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe moved successfully.
Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Program Files\OfferBox\res folder moved successfully.
C:\Program Files\OfferBox folder moved successfully.
C:\Documents and Settings\Maxspeed\Application Data\OfferBox folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 73909 bytes

User: Maxspeed
->Temp folder emptied: 1256364 bytes
->Temporary Internet Files folder emptied: 23342901 bytes
->Java cache emptied: 582182 bytes
->FireFox cache emptied: 70756249 bytes
->Google Chrome cache emptied: 72488200 bytes
->Flash cache emptied: 110131 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26680493 bytes
->Flash cache emptied: 1432 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2334286 bytes
%systemroot%\System32 .tmp files removed: 3590656 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2224556 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 78040962 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34313 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 269,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04102011_152830

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Maxspeed\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5DBL3GH\1%2526num_editeur%253D21140%2526num_site%253D3%2526num_emplacement%253D2%2526num_campagne%253D4816%2526num_publicite%253D112%2526num_periode%253D5%2526strat%253D4%2526delim%253D not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_670.dat not found!

Registry entries deleted on Reboot...

[maxspeed]

Depuis toute a l'heure antivir me détecte de nombreux virus :
(avant et après la manip d'OTL)

Dans le fichier 'C:\WINDOWS\Temp\ievi\setup.exe'
un virus ou un programme indésirable 'ADWARE/BHO.shi' [adware] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\WINDOWS\Temp\gfwf\setup.exe'
un virus ou un programme indésirable 'ADWARE/BHO.shi' [adware] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\WINDOWS\Temp\kust\setup.exe'
un virus ou un programme indésirable 'ADWARE/BHO.shi' [adware] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\WINDOWS\Temp\eodg\setup.exe'
un virus ou un programme indésirable 'ADWARE/BHO.shi' [adware] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\WINDOWS\Temp\sjvr\setup.exe'
un virus ou un programme indésirable 'ADWARE/BHO.shi' [adware] a été détecté.
Action exécutée : Autoriser l'accès


Et ainsi de suite....

[bernard53]

bizarre car rien n’étais la avant. fait ceci.


[*]Cliquer ICI,descendre jusqu'à PureRa et cliquer sur Download Windows Binary pour télécharger le fichier (.zip) sur le Bureau.

[*]Cliquer-droit sur le nouveau fichier => "Extraire ici".

[*]Fermer toutes les fenêtres et applications ouvertes et double-cliquer sur PureRa.exe (Vista et Windows 7, cliquer-droit dessus => "Exécuter en tant qu'administrateur") puis cliquer sur Next.

[*]Cocher la case Check All et cliquer sur le bouton Clean

Un rapport sera créé. Inutile de le poster sur le forum

Dis moi si tu as encore des alertes après ce passage.

[maxspeed]

Ok merci pour ton aide vraiment !

Je crois que ca va être bon , sinon pour bien vérifier j'ai fait un scan complet avec antivir et il n'a rien trouvé, alors je comprends plus rien , pourquoi m'envoyait-il des alertes ? enfin bref .. je cherche plus, j'ai plus des pub qui surgissent c'est le principal !

[bernard53]

Super

Dans un premier temps fait ceci.


Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.

Télécharge << DelFix >> de Xplode pour supprimer les logiciels qui ont servis a cette désinfection.


* Lance-le.

* A l'invite, [Suppression] ()

* Un rapport va s'ouvrir à la fin, colle le dans la réponse

Ensuite pour le désinstaller ; tu relances et tu passes à l'option [Désinstallation]


Puis si pour toi tout va toujours bien.


Maintenant on va mettre la restauration du système propre.

Cliquez avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système

Sélectionnez Désactiver la Restauration du système sur tous les lecteurs.

Cliquez sur Appliquer puis OUI dans la fenêtre suivante.

Attendre quelques instants puis :

activer la restauration du système de nouveau. en décochant la case que vous venez de cocher puis valider par Appliquer et OK

Maintenant on crée un nouveau point de restauration.

Démarrer—Exécuter—ou touche "Windows+R" et tapes:

%SystemRoot%\System32\restore\rstrui.exe

Puis coche " Créer un point de restauration" que tu nommes PC- Clean. Valide.

Vous pouvez maintenant fermer toutes les fenêtres.

et signale si on peux valider ton post en résolu

Bonne soirée