Votre question

Impossible de se débarrasser de virus(RESOLU)

Tags :
  • Scan
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Août 2011 11:34:09

Bonjour,lorsque je lance un scan minutieux, avast me détecte un ou plusieurs virus (je crois que c'est un seul virus car ils ont le même nom) à des endroits différents.Je ne peux ni réparer,supprimer ou mettre en quarantaine.
Aidez moi s'il vous plait.

Autres pages sur : impossible debarrasser virus resolu

a c 614 8 Sécurité
8 Août 2011 14:42:25

Bonjour,

Fournis-nous le rapport de détection s'il te plait.

(Lancer un scan -> rapports de scans )
8 Août 2011 17:35:35

j'aimerai bien mais je n'arrive pas à le copier.Pourriez-vous me donner la marche à suivre.
Contenus similaires
a c 614 8 Sécurité
8 Août 2011 18:21:26

re,

Tu ouvres l'interface d'Avast!, tu cliques sur le menu de gauche "Lancer un scan", puis sur le sous-menu "Rapport de scans"

Tu sélectionnes dans la liste le rapports qui correspond à ton analyse minutieuse (regarde avec date et heure)

Tu double-clique pour l'ouvrir, tu copie-colles son contenu dans ta prochaine réponse
(sélectionne l'ensemble avec ta souris -> clic-droit "Copier", tu viens ici, tu ouvre une réponse, puis clic-droit -> coller)
8 Août 2011 18:50:26

c'est bien ce que je pensais mais lorsque je clic droit rien apparaît et je ne peux rien sélectionner.Y a t-il un autre moyen?
8 Août 2011 19:09:17

Essaie de faire:

Ctrl + A (tout selectionner) puis
Ctrl + C (copier)

ouvre une réponse sur le forum

et une fois dedans fait:

Ctrl + C (coller)

et envois ta réponse
8 Août 2011 19:53:05

ça ne fonctionne pas!
a c 614 8 Sécurité
8 Août 2011 23:00:57

Re,

Je n'ai pas utilisé Avast! sous la dernière version, je suis en train de regarder comment on affiche le rapport.

Effectivement on obtient pas un rapport utilisable tel quel ...
On va essayer de faire avec ...

Donc, tu ouvres l'interface d'Avast!, soit en double-cliquant sur l'icone de ton bureau, sois en double-cliquant sur l’icône à côté de l'horloge.
Une fois l'interface ouverte, tu dois bien aller sur le menu de gauche "Lancer un scan"
Puis clique sur le sous-menu "Rapports de scan"

Dans la fenêtre de droite, choisi dans la liste la ligne qui correspond au rapport que l'on souhaite en cliquant une fois dessus avec ta souris

En bas tu v voir un bouton "Afficher les résultats" qui devient actif, clique dessus
Une nouvelle fenêtre va s'ouvrir, elle contient les résultats détecté.

Ce qui m'intéresse c'est le chemin d'accès du ou des fichiers détecté, donc essaye de me l'écrire dans ta prochaine réponse.
(s'il est long, tu le verras apparaitre en laissant ta souris dessus, c'est une truc du genre : c:\windows\system32\drivers\fichier.sys )
9 Août 2011 09:58:11

bonjour, alors pour les chemins il y en a plusieurs car au dernier scan il m'a trouvé 6 virus.
c:/documents ant settings/all users/application data/reviver soft/registery reviver/install cache/et plien de chiffre et lettres.
c:/system volume information/_restore........
les 4 autres sont les mêmes que le précédent mais certains chiffres diffèrent.
J'espère répondre correctement à ta question.
a c 614 8 Sécurité
9 Août 2011 10:57:00

Re,

Disons qu'on va déjà avancer avec ça ;) 

registery reviver tu l'as installé volontairement ? Tu as utilisé un keygen ou un crack pour l'activer ?

Pour le reste, ce sont des traces dans la restauration système, on la purgera quand tu aura répondu à ma question.
9 Août 2011 11:23:55

je ne pense pas l'avoir installé volontairement et pour la deuxième question,je ne pourrais te répondre, je ne sais pas de quoi il s'agit.
9 Août 2011 19:39:27

je suis sous XP édition familiale , dans tout mes programmes et dans le panneau de configuration ajouter ou supprimer il n'y est pas non plus ou du moins pas sous ce nom.
a c 614 8 Sécurité
9 Août 2011 23:08:06

Re,

On va regarder vite fais alors :

Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Coche en haut la case devant "Tous les utilisateurs"
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    activex
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system64\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system64\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    SAVEMBR:0
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt.
  • Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu dans ta réponse.

    Note : Les rapports sont aussi enregistrés sur le bureau
    10 Août 2011 19:53:50

    Bonjour Hyunkel30, c'est fait,je viens de poster les rapports
    a c 614 8 Sécurité
    10 Août 2011 20:12:52

    Re,

    Heuuu oui mais ... où ? :lol: 

    c'est dans ta réponse qu'il faut me mettre les liens sinon moi je vois rien ;) 
    a c 614 8 Sécurité
    10 Août 2011 22:27:15

    Re,

    Tu ne serais pas du genre à installer tout ce que tu trouves sans regarder ? :ange: 

    à désinstaller :

    - Conduit Engine (adware : logiciel publicitaire)
    - Freecorder Toolbar (c'est lui qui a installé en sponsor l'adware au dessus)
    - Pop-Up Stopper Free Edition (inutile, IE8 possède un anti-pop-up, prend de la ressource pour rien)
    - Softonic_France Toolbar (sauf réelle utilité ...)
    - Notification de cadeaux MSN (logiciel publicitaire)
    - eBuyClub (fonctionnalité de traçage et logiciel publicitaire)
    - Advanced SystemCare 4 (inutile et potentiellement avec adware)

    Relance OTL.exe

  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Copie/colle ce qui suit dans le cadre Personnalisation en bas à gauche.
    :OTL
    IE - HKU\S-1-5-21-2111399845-633266621-3507548660-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.sweetim.com
    IE - HKU\S-1-5-21-2111399845-633266621-3507548660-1007\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2111399845-633266621-3507548660-1007\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q="
    [2011/04/27 13:51:56 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2011/04/27 13:51:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\engine@conduit.com
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATEUR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BBP8QTKE.DEFAULT\EXTENSIONS\EBCTB@PLEBICOM.XUL.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATEUR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BBP8QTKE.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (TBSB05488 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (eBuyClub) - {B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - C:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-2111399845-633266621-3507548660-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-2111399845-633266621-3507548660-1007\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O3 - HKU\S-1-5-21-2111399845-633266621-3507548660-1007\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\prxtbSof0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2111399845-633266621-3507548660-1007\..\Toolbar\WebBrowser: (eBuyClub) - {B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - C:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll ()
    O4 - Startup: C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)
    O9 - Extra Button: eBuyClub - {B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - C:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll ()
    O9 - Extra 'Tools' menuitem : eBuyClub - {B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - C:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll ()
    [2011/08/06 18:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\OpenCandy
    [2011/08/06 18:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Application Data\OpenCandy
    [2011/08/02 20:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Application Data\PriceGong
    [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2010/12/25 21:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2009/02/20 21:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
    [2010/02/02 14:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2010/06/24 18:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
    [2010/04/07 10:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2009/06/24 20:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
    [2010/12/13 18:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\AVG10
    [2010/07/25 10:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\FissaSearch
    [2010/07/25 10:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\OfferBox
    [2011/08/06 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\OpenCandy
    [2011/08/06 17:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\PriceGong
    [2011/03/15 20:31:57 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Application Data\inst.exe
    [2010/07/12 16:15:50 | 000,006,656 | ---- | M] (Aedgency) -- C:\Documents and Settings\HP_Administrateur\Application Data\FissaSearch\FissaUninstaller.exe
    [2011/08/05 20:27:47 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    [2011/06/13 20:55:52 | 005,845,440 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\HP_Administrateur\Application Data\OpenCandy\OpenCandy_DC2F055EA8DC415BAA8EB05C9FECEC0B\driverscanner (20).exe
    [2011/08/06 18:12:06 | 000,416,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Application Data\OpenCandy\OpenCandy_DC2F055EA8DC415BAA8EB05C9FECEC0B\LatestDLMgr.exe
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
    @Alternate Data Stream - 391 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB1FF819
    @Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94748630
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C0CBD4C
    @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AA80927
    @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DCF53BE
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74BB299D
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68C4BECC
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01699DD6
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E189EC1B
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3095BD69
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2F115B4
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E9D804
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B0F9E15
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD3F5AF4
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1FD226D
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49F896E9
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BC99E01
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB2A7E51
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52FE3CCD
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:023F0743
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F36615A
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34BCB6A9
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3007CCA7
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA42DF8E
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB5C6E8
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:926B6E7A
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62197B73
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:550179F5
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:933604B8
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BBD1F9A
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98C5DD9
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:953CB9E9
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5095D8B1
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2085D07D
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FBB88CF
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680086AB
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EB9A9EC
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EA9E41
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C8950EF
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C75E5BE
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4CB577E
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1198CD34
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D68C96C3
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E35A81F4
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76BE9842
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E17801
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E546C1
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0105A66F
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B894C266
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:389D51A1
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9176C0
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1361E51
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:797D7632
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A1A3CC5
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C9CF9A7
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486

    :Files
    C:\Program Files\ConduitEngine

    :Commands
    [emptytemp]
    [emptyflash]


  • Puis clique sur le bouton Correction en haut à gauche
  • Si le pc demande à redémarrer accepte.
  • Poste le rapport de suppression.

    Note : le rapport est enregistré sous format ".log", il convient de changer cette extension en ".txt" si tu veux le déposer sur des sites en ligne.
    10 Août 2011 23:08:37

    re, en effet je ne sais pas toujours ce que je fais;la preuve en est car je ne sais pas comment faire pour convertir un log en txt.Pourrais tu m'expliquer stp.
    11 Août 2011 08:57:35

    All processes killed
    J'espère ne pas faire de bêtise en le collant ici.

    ========== OTL ==========
    HKU\S-1-5-21-2111399845-633266621-3507548660-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-2111399845-633266621-3507548660-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2111399845-633266621-3507548660-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4daac69c-cba7-45e2-9bc8-1044483d3352} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
    File C:\Program Files\Softonic_France\prxtbSof0.dll not found.
    Prefs.js: "Freecorder Customized Web Search" removed from browser.search.defaultthis.engineName
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT106093...{searchTerms}" removed from browser.search.defaulturl
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT106093..." removed from keyword.URL
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\lib folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\engine@conduit.com\META-INF folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\engine@conduit.com\lib folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\engine@conduit.com\defaults folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\engine@conduit.com\components folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\engine@conduit.com\chrome folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\bbp8qtke.default\extensions\engine@conduit.com folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
    File C:\Program Files\Softonic_France\prxtbSof0.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
    File C:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4daac69c-cba7-45e2-9bc8-1044483d3352} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
    File C:\Program Files\Softonic_France\prxtbSof0.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6}\ not found.
    File C:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2111399845-633266621-3507548660-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2111399845-633266621-3507548660-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2111399845-633266621-3507548660-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}\ not found.
    File C:\Program Files\Softonic_France\prxtbSof0.dll not found.
    Registry value HKEY_USERS\S-1-5-21-2111399845-633266621-3507548660-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6}\ not found.
    File C:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll not found.
    File move failed. C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk scheduled to be moved on reboot.
    File C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6}\ not found.
    File C:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6}\ not found.
    File C:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll not found.
    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\OpenCandy folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\OpenCandy\OpenCandy_DC2F055EA8DC415BAA8EB05C9FECEC0B folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\OpenCandy folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\PriceGong\Data folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\PriceGong folder moved successfully.
    C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET10E.tmp deleted successfully.
    C:\WINDOWS\System32\SET110.tmp deleted successfully.
    C:\WINDOWS\System32\SET11C.tmp deleted successfully.
    C:\WINDOWS\System32\SET129.tmp deleted successfully.
    C:\WINDOWS\System32\SETC0.tmp deleted successfully.
    C:\WINDOWS\System32\SETC1.tmp deleted successfully.
    C:\WINDOWS\000001_.tmp deleted successfully.
    C:\WINDOWS\000002_.tmp deleted successfully.
    C:\WINDOWS\003018_.tmp deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\WINDOWS\~DF84C5.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\lsdb\prev folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\lsdb folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\bc40da7440da34bc folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\Chjw folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\BOONTY\The Count of Monte Cristo - fr folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\BOONTY folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\SecurityScanner\McUICnt folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\SecurityScanner folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McUICnt folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McCHSvc folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\McCHSvc folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\LOGS folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Backup folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\ReviverSoft folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Symantec folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\AVG10\cfgall folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\AVG10 folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\FissaSearch folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\OfferBox folder moved successfully.
    Folder C:\Documents and Settings\HP_Administrateur\Application Data\OpenCandy\ not found.
    Folder C:\Documents and Settings\HP_Administrateur\Application Data\PriceGong\ not found.
    C:\Documents and Settings\HP_Administrateur\Application Data\inst.exe moved successfully.
    File C:\Documents and Settings\HP_Administrateur\Application Data\FissaSearch\FissaUninstaller.exe not found.
    File C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe not found.
    File C:\Documents and Settings\HP_Administrateur\Application Data\OpenCandy\OpenCandy_DC2F055EA8DC415BAA8EB05C9FECEC0B\driverscanner (20).exe not found.
    File C:\Documents and Settings\HP_Administrateur\Application Data\OpenCandy\OpenCandy_DC2F055EA8DC415BAA8EB05C9FECEC0B\LatestDLMgr.exe not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:848CC150 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:AB1FF819 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D E6EED8B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:94748630 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C0CBD4C deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5AA80927 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DCF53BE deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:74BB299D deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:68C4BECC deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:01699DD6 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:E189EC1B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3095BD69 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:F2F115B4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8E9D804 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B0F9E15 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D D3F5AF4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D 1FD226D deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:49F896E9 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:1BC99E01 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB2A7E51 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:52FE3CCD deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:023F0743 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:9F36615A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:34BCB6A9 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3007CCA7 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A724744F deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:861A898F deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA42DF8E deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:EEB5C6E8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:B652B720 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:926B6E7A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:62197B73 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:550179F5 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:933604B8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BBD1F9A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:E98C5DD9 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:953CB9E9 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5095D8B1 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:2085D07D deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3FBB88CF deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:680086AB deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:9EB9A9EC deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:54997B77 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:51EA9E41 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C8950EF deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C75E5BE deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:C4CB577E deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:1198CD34 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D 68C96C3 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:E35A81F4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:76BE9842 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:69E17801 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:814B9485 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:72E546C1 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0105A66F deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:B894C266 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:389D51A1 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B9176C0 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D 1361E51 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:797D7632 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A1A3CC5 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C9CF9A7 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486 deleted successfully.
    ========== FILES ==========
    File\Folder C:\Program Files\ConduitEngine not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: HP_Administrateur
    ->Temp folder emptied: 25916025 bytes
    ->Temporary Internet Files folder emptied: 10289557 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 49960133 bytes
    ->Google Chrome cache emptied: 31765304 bytes
    ->Flash cache emptied: 4120 bytes

    User: LocalService
    ->Temp folder emptied: 115616 bytes
    ->Temporary Internet Files folder emptied: 19827149 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 434 bytes

    User: NetworkService
    ->Temp folder emptied: 574918 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6786659 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 211028804 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1596 bytes

    Total Files Cleaned = 340,00 mb


    [EMPTYFLASH]

    User: Administrateur

    User: All Users

    User: Default User

    User: HP_Administrateur
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.26.1 log created on 08102011_225553

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk not found!
    C:\WINDOWS\temp\_avast_\unp141321667.tmp moved successfully.
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    a c 614 8 Sécurité
    11 Août 2011 10:06:30

    Re,

    Pas grave ça ira pour celui-là il était pas trop grand.

    Tu as bien supprimé les programmes demandé ?


    Ensuite :

    Télécharge MalwareByte's Anti-Malware :

  • Installe le programme (aide ici)
  • Lance-le et met à jour la base de définition.

  • Choisi ensuite "Exécuter un examen complet" puis "Rechercher"
  • Sélectionne les disques dur et clique sur "Lancer l'examen"
  • Laisse l'analyse se faire (cela peut durer longtemps).
  • A la fin, vérifie que les éléments trouvés soient coché (dans "Résultat de l'examen).
  • Puis clique sur "Supprimer la sélection" en bas.
  • Un redémarrage peut être nécessaire.

  • Un rapport va s'afficher, enregistre-le sur ton bureau.
  • ou sinon, après le démarrage, il se trouvera dans "Rapports/logs"

    Poste-le dans ta prochaine réponse.
    11 Août 2011 18:01:14

    Je l'avais déjà installé et utilisé.Donc pas d'infection cette fois-ci et je n'ai donc rien eu à supprimer mais voici quand même le rapport.

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Version de la base de données: 7435

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/08/2011 17:55:31
    mbam-log-2011-08-11 (17-55-31).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 318424
    Temps écoulé: 1 heure(s), 33 minute(s), 23 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a c 614 8 Sécurité
    11 Août 2011 19:02:47

    Re,

    Ok tant mieux. On passe au ménage :


    1) Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Clique sur "Purge d'outils"
  • Valide l'avertissement par "ok" et laisse le pc redémarrer.

    Tu peux conserver Malwarebyte's pour des scans occasionnels, pense alors à le mettre à jour avant.

    2) Purge de la restauration système :

    Elle contient des restes de l'infection, suis ce tuto pour la purger :

    XP :
    http://www.inforumatique.fr/forum/la-restauration-du-sy...

    (Fin du tuto)


    Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :

  • Installer un parefeu en remplacement de celui de Windows XP :
    Le parefeu intégré de Windows XP n'est pas assez performant, il est intéressant de le remplacer par un parefeu plus complet, tel Zone Alarm ou Kerio par exemple ... /!\ comme les antivirus, un seul parefeu sur ton pc, pense donc à désactiver celui de Windows si tu en installes un autre !!!

  • Attention lors de l'installation de logiciel :
    Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou tout autre atteintes à la vie privée. Refuser les toolbars et autres addons proposés.

  • Utiliser un navigateur alternatif pour surfer de manière plus sécurisée :
    Firefox offre une meilleure sécurité par rapport à Internet Explorer, surtout si on le complète de quelques plugins très intéressant : Noscript et WOT par exemple.

  • Surfer sans les droits d'administration : En session limitée ou avec DropMyRight
    Cela diminue considérablement les risques d'infections, car certaines infection ne peuvent alors plus s'installer.

  • Maintenir ses logiciels et son système à jour :
    De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
    Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.

    Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
    A lire !


    Tu peux indiquer ton sujet "réglé" en cliquant sur le bouton "éditer" dans ton tout premier message.
    -> Ajoute ensuite "résolu" à coté de ton titre et valide.

    Tu peux aussi, si tu le souhaites, valider une "meilleure réponse", ton sujet sera alors automatiquement marqué comme "résolu"

    A bientôt sur les forums Tom's Guide
    [:_tom_:7]
    11 Août 2011 19:25:43

    Merci beaucoup,ton aide m'a été très précieuse,juste pour être sure est ce que google chrome est un moteur sur?car Firefox est très long.Une dernière chose,je ne sais pas se que sont les P2P et les cracks peux-tu m'expliquer?
    a c 614 8 Sécurité
    11 Août 2011 22:18:19

    Re,

    Oui Chrome est un navigateur sûr.

    Citation :
    Une dernière chose,je ne sais pas se que sont les P2P et les cracks peux-tu m'expliquer?

    C'est expliquer dans le lien en dessous :
    http://www.malekal.com/securiser_ordinateur.php

    Maintenant si tu connais pas, tant mieux, ça évitera les risques :lol: 

    P2P : partage de fichier sur Internet
    crack : système pour passer outre une limitation légale d'un logiciel
    11 Août 2011 22:27:50

    merci bien et sans te vexer j'espère pas à bientôt! :D  sauf si je peux apporter mon aide,ce qui est moins sur!
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS