Votre question

Virus facebook envoie des messages et de liens intempestifs

Tags :
  • Facebook
  • Virus
  • liens
  • messages
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Mai 2012 22:40:01

Autres pages sur : virus facebook envoie messages liens intempestifs

a c 614 8 Sécurité
a c 127 Ç Facebook
10 Mai 2012 09:50:04

Bonjour ?
12 Mai 2012 08:56:49

Bonjour, sur facebook a chaque fois que je me connecte cela envoie des message a quasiment tout mes amis avec un lien en prime.
pouvez vous m'aider a résoudre ce probleme ?
J'ai vu qu'il fallait telecharger OTL et envoyé le lien
Contenus similaires
a c 614 8 Sécurité
a c 127 Ç Facebook
12 Mai 2012 11:01:36

Re,

Voilà, avec un peu de politesse c'est mieux non ? ;) 

Tu es effectivement pas mal infecté. On va traiter cela.

1) Désinstalle les programmes suivants via "ajout/suppression des programmes (si présents) :

- SweetIM/Sweetpacks Communicator (adware : logiciel publicitaire)


2) Relance OTL.exe

  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.

    /!\ Attention, utilisateur d'Avast!, ne lancez pas OTL en mode sandbox /!\

  • Copie-colle l'ensemble du texte ci-dessous dans le cadre Personnalisation d'OTL en bas à gauche.



    :OTL
    MOD - [2012/05/09 09:44:43 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\1D1.exe
    MOD - [2012/05/09 09:44:39 | 000,290,816 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\1D0.exe
    MOD - [2012/04/26 21:25:54 | 000,290,816 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\7.exe
    IE - HKU\S-1-5-21-556162516-2023360214-871907280-5984\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108988&tt=290312_bexdll&babsrc=SP_ss&mntrId=3cda260b00000000000054bd94eb6009
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=108988&tt=290312_bexdll&babsrc=adbartrp&mntrId=3cda260b00000000000054bd94eb6009&q="
    [2012/04/01 17:02:20 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\lgachein\Application Data\Mozilla\Firefox\Profiles\kbguga0v.default\extensions\ffxtlbr@babylon.com
    [2012/04/01 00:37:49 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-556162516-2023360214-871907280-5984\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
    O4 - HKLM..\Run: [NEE4MEQ1OEFFMDFDM0NDND] C:\Documents and Settings\All Users\dgkbevki.exe ()
    O4 - HKLM..\Run: [PService] C:\Documents and Settings\lgachein\Application Data\1D0.exe ()
    O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
    O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
    O4 - HKU\S-1-5-21-556162516-2023360214-871907280-5984..\Run: [Hpkikp] C:\Documents and Settings\lgachein\Application Data\Hpkikp.exe File not found
    O4 - HKU\S-1-5-21-556162516-2023360214-871907280-5984..\Run: [Kujytuo] C:\Documents and Settings\lgachein\Application Data\kujytuo\kujytuo.exe ()
    O4 - HKU\S-1-5-21-556162516-2023360214-871907280-5984..\Run: [PService] C:\Documents and Settings\lgachein\Application Data\1D0.exe ()
    O4 - HKU\S-1-5-21-556162516-2023360214-871907280-5984..\Run: [Qokiky] C:\Documents and Settings\lgachein\Application Data\Qokiky.exe File not found
    O4 - HKU\S-1-5-21-556162516-2023360214-871907280-5984..\Run: [Rokikz] C:\Documents and Settings\lgachein\Application Data\Rokikz.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OfferBox.lnk = File not found
    O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    [2012/05/05 10:15:47 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lgachein\Application Data\134.exe
    [2012/05/05 10:15:42 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lgachein\Application Data\133.exe
    [2012/05/03 13:37:01 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lgachein\Application Data\A3.exe
    [2012/05/02 13:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
    [2012/05/02 13:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SweetIM
    [2012/05/02 13:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lgachein\Application Data\OfferBox
    [2012/03/15 08:08:49 | 000,299,008 | ---- | C] (Simon Tatham) -- C:\Documents and Settings\lgachein\Application Data\5C.exe
    [2012/03/14 21:33:30 | 000,299,008 | ---- | C] (Simon Tatham) -- C:\Documents and Settings\lgachein\Application Data\437.exe
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [18 C:\Documents and Settings\lgachein\Application Data\*.tmp files -> C:\Documents and Settings\lgachein\Application Data\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2012/05/09 09:44:43 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\1D1.exe
    [2012/05/09 09:44:39 | 000,290,816 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\1D0.exe
    [2012/05/07 22:35:50 | 000,048,095 | -H-- | M] () -- C:\Documents and Settings\lgachein\nee4meq.exe
    [2012/05/07 22:35:50 | 000,048,095 | -H-- | M] () -- C:\Documents and Settings\All Users\dgkbevki.exe
    [2012/05/07 22:35:50 | 000,048,095 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\1B3.exe
    [2012/05/06 10:26:07 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\14A.exe
    [2012/05/06 02:20:50 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\142.exe
    [2012/05/05 14:30:33 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\136.exe
    [2012/05/05 10:15:49 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\135.exe
    [2012/05/05 10:15:47 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lgachein\Application Data\134.exe
    [2012/05/05 10:15:42 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lgachein\Application Data\133.exe
    [2012/05/03 13:37:01 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lgachein\Application Data\A3.exe
    [2012/05/02 21:23:36 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\76.exe
    [2012/05/02 21:10:28 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\7F.exe
    [2012/05/02 15:08:00 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\63.exe
    [2012/05/02 13:30:21 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OfferBox.lnk
    [2012/05/01 19:20:53 | 000,116,736 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\12D.exe
    [2012/04/29 00:58:33 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\CF.exe
    [2012/04/27 16:34:38 | 000,116,736 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\B3.exe
    [2012/04/26 21:25:54 | 000,290,816 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\7.exe
    [2012/04/25 20:01:17 | 000,116,736 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\42B.exe
    [2012/04/22 09:03:57 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\6F.exe
    [2012/04/22 08:22:38 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\75.exe
    [2012/04/22 08:22:23 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\72.exe
    [2012/04/22 08:05:08 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\8CA.exe
    [2012/03/20 15:40:59 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\A2.exe
    [2012/03/20 15:24:55 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\A1.exe
    [2012/03/20 13:36:06 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\9A.exe
    [2012/03/20 13:22:54 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\99.exe
    [2012/03/20 12:46:55 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\89.exe
    [2012/03/20 12:23:57 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\86.exe
    [2012/03/20 11:57:19 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\85.exe
    [2012/03/20 11:50:39 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\80.exe
    [2012/03/20 11:41:26 | 000,208,896 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\7F.exe
    [2012/03/20 10:07:52 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\79.exe
    [2012/03/20 09:21:31 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\77.exe
    [2012/03/18 20:03:59 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\68.exe
    [2012/03/18 19:45:16 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\60.exe
    [2012/03/18 19:23:18 | 000,440,832 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\147.exe
    [2012/03/15 18:33:30 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\B6.exe
    [2012/03/05 08:21:46 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\2B1.exe
    [2012/03/05 08:21:37 | 000,112,128 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\2B0.exe
    [2012/02/27 13:09:49 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\46D.exe
    [2012/02/21 14:16:00 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\lgachein\Application Data\4B.exe
    [2012/04/01 00:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2012/05/06 10:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
    [2012/04/01 00:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lgachein\Application Data\Babylon
    [2012/05/06 10:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lgachein\Application Data\kujytuo
    [2012/05/02 14:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lgachein\Application Data\OfferBox
    [2012/05/01 19:20:53 | 000,116,736 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\12D.exe
    [2012/05/05 10:15:42 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lgachein\Application Data\133.exe
    [2012/05/05 10:15:47 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lgachein\Application Data\134.exe
    [2012/05/05 10:15:49 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\135.exe
    [2012/05/05 14:30:33 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\136.exe
    [2012/05/06 02:20:50 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\142.exe
    [2012/03/18 19:23:18 | 000,440,832 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\147.exe
    [2012/05/06 10:26:07 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\14A.exe
    [2012/05/07 22:35:50 | 000,048,095 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\1B3.exe
    [2012/05/09 09:44:39 | 000,290,816 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\1D0.exe
    [2012/05/09 09:44:43 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\1D1.exe
    [2012/03/05 08:21:37 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\2B0.exe
    [2012/03/05 08:21:46 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\2B1.exe
    [2012/04/25 20:01:17 | 000,116,736 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\42B.exe
    [2012/03/14 21:33:30 | 000,299,008 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\lgachein\Application Data\437.exe
    [2012/02/27 13:09:49 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\46D.exe
    [2012/02/21 14:16:00 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\4B.exe
    [2012/03/15 08:08:49 | 000,299,008 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\lgachein\Application Data\5C.exe
    [2012/03/18 19:45:16 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\60.exe
    [2012/05/02 15:08:00 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\63.exe
    [2012/03/18 20:03:59 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\68.exe
    [2012/04/22 09:03:57 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\6F.exe
    [2012/04/26 21:25:54 | 000,290,816 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\7.exe
    [2012/04/22 08:22:23 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\72.exe
    [2012/04/22 08:22:38 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\75.exe
    [2012/05/02 21:23:36 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\76.exe
    [2012/03/20 09:21:31 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\77.exe
    [2012/03/20 10:07:52 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\79.exe
    [2012/05/02 21:10:28 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\7F.exe
    [2012/03/20 11:50:39 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\80.exe
    [2012/03/20 11:57:19 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\85.exe
    [2012/03/20 12:23:57 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\86.exe
    [2012/03/20 12:46:55 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\89.exe
    [2012/04/22 08:05:08 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\8CA.exe
    [2012/03/20 13:22:54 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\99.exe
    [2012/03/20 13:36:06 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\9A.exe
    [2012/03/20 15:24:55 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\A1.exe
    [2012/03/20 15:40:59 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\A2.exe
    [2012/05/03 13:37:01 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lgachein\Application Data\A3.exe
    [2012/04/27 16:34:38 | 000,116,736 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\B3.exe
    [2012/03/15 18:33:30 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\B6.exe
    [2012/04/29 00:58:33 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\lgachein\Application Data\CF.exe
    [18 C:\Documents and Settings\lgachein\Application Data\*.tmp files -> C:\Documents and Settings\lgachein\Application Data\*.tmp -> ]

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]


  • Puis clique sur le bouton Correction en haut à gauche
  • Le pc va redémarrer. (si ce n'est pas le cas, fais-le manuellement)
  • Poste le rapport de suppression s'il apparait.

    Note : le rapport est enregistré sous format ".log", il convient de changer cette extension en ".txt" si tu veux le déposer sur des sites en ligne. S'il n'apparait pas, il se trouve ici : C:\_OTL, sous la forme xxxxxxxx_xxxx.log où x sont la date et l'heure

    /!\ Ce script est exclusivement réservé à l'utilisateur actuel du sujet, vous ne devez en aucun cas l'utiliser de votre propre chef sur un autre pc, sous risque d'endommager le système /!\
    13 Mai 2012 10:41:14

    bonjour, voici le rapport, je vais voir à l'utilisation si c'est resolu, merci pour ton aide !

    All processes killed
    ========== OTL ==========
    Registry key HKEY_USERS\S-1-5-21-556162516-2023360214-871907280-5984\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
    Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
    Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
    Prefs.js: "http://search.babylon.com/?AF=108988&tt=290312_bexdll&b..." removed from keyword.URL
    C:\Documents and Settings\lgachein\Application Data\Mozilla\Firefox\Profiles\kbguga0v.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\Mozilla\Firefox\Profiles\kbguga0v.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\Mozilla\Firefox\Profiles\kbguga0v.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\Mozilla\Firefox\Profiles\kbguga0v.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\Mozilla\Firefox\Profiles\kbguga0v.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\Mozilla\Firefox\Profiles\kbguga0v.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\Mozilla\Firefox\Profiles\kbguga0v.default\extensions\ffxtlbr@babylon.com folder moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\S-1-5-21-556162516-2023360214-871907280-5984\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NEE4MEQ1OEFFMDFDM0NDND deleted successfully.
    C:\Documents and Settings\All Users\dgkbevki.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PService deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\1D0.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snp2uvc deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
    C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
    Registry value HKEY_USERS\S-1-5-21-556162516-2023360214-871907280-5984\Software\Microsoft\Windows\CurrentVersion\Run\\Hpkikp deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-556162516-2023360214-871907280-5984\Software\Microsoft\Windows\CurrentVersion\Run\\Kujytuo deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\kujytuo\kujytuo.exe moved successfully.
    Registry value HKEY_USERS\S-1-5-21-556162516-2023360214-871907280-5984\Software\Microsoft\Windows\CurrentVersion\Run\\PService deleted successfully.
    File C:\Documents and Settings\lgachein\Application Data\1D0.exe not found.
    Registry value HKEY_USERS\S-1-5-21-556162516-2023360214-871907280-5984\Software\Microsoft\Windows\CurrentVersion\Run\\Qokiky deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-556162516-2023360214-871907280-5984\Software\Microsoft\Windows\CurrentVersion\Run\\Rokikz deleted successfully.
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OfferBox.lnk moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Rechercher sur le Web\ deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\134.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\133.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\A3.exe moved successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer folder moved successfully.
    C:\Program Files\SweetIM\Toolbars folder moved successfully.
    C:\Program Files\SweetIM\Communicator\resources\sqlite folder moved successfully.
    C:\Program Files\SweetIM\Communicator\resources folder moved successfully.
    C:\Program Files\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
    C:\Program Files\SweetIM\Communicator folder moved successfully.
    C:\Program Files\SweetIM folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\SweetIM\Communicator\Logs folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\SweetIM\Communicator\conf folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\SweetIM\Communicator folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\SweetIM folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\OfferBox\http_app.offerbox.com\sdch folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\OfferBox\http_app.offerbox.com folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\OfferBox folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\5C.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\437.exe moved successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET37.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\132.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\28E.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\355.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\397.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\3FA.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\408.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\42D.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\44D.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\51.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\5D.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\79.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\7E.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\8A1.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\8E.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\B52.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\BA.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\BE6.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\DD.tmp deleted successfully.
    C:\WINDOWS\000001_.tmp deleted successfully.
    C:\Documents and Settings\lgachein\Application Data\1D1.exe moved successfully.
    File C:\Documents and Settings\lgachein\Application Data\1D0.exe not found.
    C:\Documents and Settings\lgachein\nee4meq.exe moved successfully.
    File C:\Documents and Settings\All Users\dgkbevki.exe not found.
    C:\Documents and Settings\lgachein\Application Data\1B3.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\14A.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\142.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\136.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\135.exe moved successfully.
    File C:\Documents and Settings\lgachein\Application Data\134.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\133.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\A3.exe not found.
    C:\Documents and Settings\lgachein\Application Data\76.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\7F.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\63.exe moved successfully.
    File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OfferBox.lnk not found.
    C:\Documents and Settings\lgachein\Application Data\12D.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\CF.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\B3.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\7.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\42B.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\6F.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\75.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\72.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\8CA.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\A2.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\A1.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\9A.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\99.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\89.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\86.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\85.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\80.exe moved successfully.
    File C:\Documents and Settings\lgachein\Application Data\7F.exe not found.
    C:\Documents and Settings\lgachein\Application Data\79.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\77.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\68.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\60.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\147.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\B6.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\2B1.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\2B0.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\46D.exe moved successfully.
    C:\Documents and Settings\lgachein\Application Data\4B.exe moved successfully.
    C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
    Folder C:\Documents and Settings\All Users\Application Data\SweetIM\ not found.
    C:\Documents and Settings\lgachein\Application Data\Babylon folder moved successfully.
    C:\Documents and Settings\lgachein\Application Data\kujytuo folder moved successfully.
    Folder C:\Documents and Settings\lgachein\Application Data\OfferBox\ not found.
    File C:\Documents and Settings\lgachein\Application Data\12D.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\133.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\134.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\135.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\136.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\142.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\147.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\14A.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\1B3.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\1D0.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\1D1.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\2B0.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\2B1.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\42B.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\437.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\46D.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\4B.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\5C.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\60.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\63.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\68.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\6F.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\7.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\72.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\75.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\76.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\77.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\79.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\7F.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\80.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\85.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\86.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\89.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\8CA.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\99.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\9A.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\A1.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\A2.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\A3.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\B3.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\B6.exe not found.
    File C:\Documents and Settings\lgachein\Application Data\CF.exe not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    No captured output from command...
    D:\Mes documents\Téléchargements\cmd.bat deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 799878 bytes
    ->Temporary Internet Files folder emptied: 106973 bytes

    User: adminlea
    ->Temp folder emptied: 1946202 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes

    User: lgachein
    ->Temp folder emptied: 1344715979 bytes
    ->Temporary Internet Files folder emptied: 126271573 bytes
    ->Java cache emptied: 22600 bytes
    ->FireFox cache emptied: 86941386 bytes
    ->Flash cache emptied: 44745 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: SupportInformatique
    ->Temp folder emptied: 125447175 bytes
    ->Temporary Internet Files folder emptied: 33753195 bytes

    User: systemprofile

    User: TEMP
    ->Temp folder emptied: 901652 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 189653328 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 52311012 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 390707 bytes

    Total Files Cleaned = 1 873.00 mb


    OTL by OldTimer - Version 3.2.42.3 log created on 05132012_103157

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    a c 614 8 Sécurité
    a c 127 Ç Facebook
    13 Mai 2012 10:45:30

    Re,

    Ok, à suivre quand même :

    Télécharge MalwareByte's Anti-Malware :

  • Installe le programme (aide ici)
  • Lance-le et met à jour la base de définition.

  • Choisi ensuite "Exécuter un examen complet" puis "Rechercher"
  • Sélectionne les disques dur et clique sur "Lancer l'examen"
  • Laisse l'analyse se faire (cela peut durer longtemps).
  • A la fin, vérifie que les éléments trouvés soient coché (dans "Résultat de l'examen).
  • Puis clique sur "Supprimer la sélection" en bas.
  • Un redémarrage peut être nécessaire.

  • Un rapport va s'afficher, enregistre-le sur ton bureau.
  • ou sinon, après le démarrage, il se trouvera dans "Rapports/logs"


    Pense aussi à modifier tes mots de passes et autres questions secrètes sur Facebook et réseaux sociaux/logiciels de messagerie, car il y avait surement des fonction de keylogger (voleur de données)

    Regarde si encore des soucis ensuite.
    14 Mai 2012 18:46:48

    re, voilà le resultat, avant ce lancement cela n'avait rien changé, j'avais toujours les liens dans fb...

    Malwarebytes Anti-Malware (Essai) 1.61.0.1400
    www.malwarebytes.org

    Version de la base de données: v2012.05.14.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    LGACHEIN :: LN04031104 [administrateur]

    Protection: Activé

    14/05/2012 17:29:12
    mbam-log-2012-05-14 (18-28-48).txt

    Type d'examen: Examen complet
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 338232
    Temps écoulé: 58 minute(s), 16 seconde(s)

    Processus mémoire détecté(s): 1
    C:\Documents and Settings\lgachein\Application Data\71.exe (Trojan.Banker) -> 508 -> Aucune action effectuée.

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 15
    HKCR\CrossriderApp0004982.BHO (PUP.CrossFire.Gen) -> Aucune action effectuée.
    HKCR\CrossriderApp0004982.BHO.1 (PUP.CrossFire.Gen) -> Aucune action effectuée.
    HKCR\CrossriderApp0004982.FBApi (PUP.CrossFire.Gen) -> Aucune action effectuée.
    HKCR\CrossriderApp0004982.FBApi.1 (PUP.CrossFire.Gen) -> Aucune action effectuée.
    HKCR\CrossriderApp0004982.Sandbox (PUP.CrossFire.Gen) -> Aucune action effectuée.
    HKCR\CrossriderApp0004982.Sandbox.1 (PUP.CrossFire.Gen) -> Aucune action effectuée.
    HKCU\Software\Cr_Installer\4982 (Adware.GamePlayLab) -> Aucune action effectuée.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Aucune action effectuée.
    HKCR\CLSID\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Aucune action effectuée.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044494482} (PUP.GamePlayLab) -> Aucune action effectuée.
    HKCR\Interface\{55555555-5555-5555-5555-550055495582} (PUP.GamePlayLab) -> Aucune action effectuée.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Aucune action effectuée.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Aucune action effectuée.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Aucune action effectuée.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Aucune action effectuée.

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 1
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Aucune action effectuée.

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 58
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0023640.exe (Trojan.Obfuscated) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0023703.exe (Trojan.Inject) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0023813.exe (Trojan.Inject) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0024009.exe (Trojan.Agent) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0024011.exe (Trojan.Agent.H) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0024116.exe (Backdoor.Bot.WPMH) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0024137.exe (Backdoor.Bot.WPMH) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0024375.exe (Backdoor.Bot.WPMH) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0024529.exe (Trojan.Agent) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0024316.exe (Backdoor.Bot.WPMH) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0024642.exe (Trojan.Zbot) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP124\A0026505.exe (Trojan.Zbot) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP126\A0027044.exe (Trojan.Backdoor) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP126\A0028351.exe (Backdoor.Bot.WPMH) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP126\A0028352.exe (Trojan.Zbot) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP126\A0028581.exe (Backdoor.Bot.WPMH) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP126\A0028592.exe (Trojan.Obfuscated) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP127\A0029420.exe (Backdoor.Bot.WPMH) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP129\A0029589.exe (Trojan.Agent) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP129\A0029783.exe (Backdoor.Bot.WPMH) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030167.exe (Trojan.Insomnia) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030168.exe (Trojan.Birele) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030170.exe (Affiliate.Downloader.AI) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030184.exe (Trojan.Obfuscated) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030185.exe (Trojan.Obfuscated) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030186.exe (Trojan.Birele) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030187.exe (Trojan.Insomnia) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030188.exe (Trojan.Insomnia) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030190.exe (Backdoor.Bot) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030196.exe (Trojan.Agent) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030198.exe (Trojan.Agent) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030199.exe (Trojan.Agent) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030200.exe (Trojan.Agent) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030217.exe (Trojan.Backdoor) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030219.exe (Backdoor.Bot) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030220.exe (Trojan.Downloader) -> Aucune action effectuée.
    C:\System Volume Information\_restore{0CFBDABE-5D58-479F-9F6F-9B962EDEDEB3}\RP135\A0030222.exe (Backdoor.Bot) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\All Users\dgkbevki.exe (Trojan.Insomnia) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\nee4meq.exe (Trojan.Insomnia) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\12D.exe (Trojan.Agent) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\142.exe (Backdoor.Bot) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\147.exe (Trojan.Backdoor) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\1B3.exe (Trojan.Insomnia) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\1D0.exe (Trojan.Birele) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\1D1.exe (Trojan.Birele) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\2B0.exe (Trojan.Downloader) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\2B1.exe (Backdoor.Bot) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\42B.exe (Trojan.Agent) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\437.exe (Trojan.Obfuscated) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\4B.exe (Backdoor.Bot) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\5C.exe (Trojan.Obfuscated) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\7.exe (Trojan.Agent) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\B3.exe (Trojan.Agent) -> Aucune action effectuée.
    D:\_OTL\MovedFiles\05132012_103157\C_Documents and Settings\lgachein\Application Data\kujytuo\kujytuo.exe (Affiliate.Downloader.AI) -> Aucune action effectuée.
    C:\Documents and Settings\lgachein\Application Data\10.exe (Trojan.Banker) -> Aucune action effectuée.
    C:\Documents and Settings\lgachein\Application Data\71.exe (Trojan.Banker) -> Aucune action effectuée.
    C:\Documents and Settings\lgachein\Application Data\64.exe (Trojan.Banker) -> Aucune action effectuée.
    C:\Program Files\Balkan Marketing Ads App\Balkan Marketing Ads App.dll (PUP.GamePlayLab) -> Aucune action effectuée.

    (fin)
    14 Mai 2012 18:49:47

    j'ai l'impression qu'il n'y a aucune action d'effectué nullepart ! :( 
    a b 8 Sécurité
    14 Mai 2012 18:51:28

    Bonjour,


    Citation :
    HKCR\CrossriderApp0004982.BHO (PUP.CrossFire.Gen) -> Aucune action effectuée.

    Tu as bien supprimé les infections comme demandé par hyunkel ?

    Citation :
    A la fin, vérifie que les éléments trouvés soient coché (dans "Résultat de l'examen).
    Puis clique sur "Supprimer la sélection" en bas.
    14 Mai 2012 18:56:58

    oui tout etait bien coché et j'ai fait supprimé et ca a redemaré
    14 Mai 2012 19:09:30

    voilà le nouveau rapport :
    Malwarebytes Anti-Malware (Essai) 1.61.0.1400
    www.malwarebytes.org

    Version de la base de données: v2012.05.14.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    LGACHEIN :: LN04031104 [administrateur]

    Protection: Activé

    14/05/2012 18:58:31
    mbam-log-2012-05-14 (18-58-31).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 272648
    Temps écoulé: 10 minute(s), 21 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 14
    HKCR\CrossriderApp0004982.BHO (PUP.CrossFire.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKCR\CrossriderApp0004982.BHO.1 (PUP.CrossFire.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKCR\CrossriderApp0004982.FBApi (PUP.CrossFire.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKCR\CrossriderApp0004982.FBApi.1 (PUP.CrossFire.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKCR\CrossriderApp0004982.Sandbox (PUP.CrossFire.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKCR\CrossriderApp0004982.Sandbox.1 (PUP.CrossFire.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
    HKCR\CLSID\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044494482} (PUP.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
    HKCR\Interface\{55555555-5555-5555-5555-550055495582} (PUP.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011491182} (PUP.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 1
    C:\Program Files\Balkan Marketing Ads App\Balkan Marketing Ads App.dll (PUP.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.

    (fin)
    14 Mai 2012 19:23:27

    et donc faut faire autre chose ?
    14 Mai 2012 19:25:08

    en tout cas le virus est toujours present parceque les liens sont toujours là dans fb !!!
    a c 614 8 Sécurité
    a c 127 Ç Facebook
    14 Mai 2012 20:22:08

    Re,

    Tu avais été réinfecté en cours de route surtout on dirait.

    Maintenant cela a l'air clean, donc va modifier ton mot de passe et question secrète sur facebook, le mieux serait d'ailleurs de le faire d'un autre pc que celui-ci !

    Je répète si je ne l'ai pas dis, c'était un voleur de données, donc potentiellement tous les mot de passes et identifiant que tu as utilisé tant que tu étais infecté ont pu être volé et utilisé !
    Il faut changer tous tes mots de passes utilisé pendant cette période (réseaux sociaux, mail, banque, etc ...)

    Dis-moi après avoir changer le mot de passe sur facebook si tu as encore les liens qui apparaissent.

    :jap: 
    15 Mai 2012 19:05:13

    j'ai changé le mot de passe mais avec le meme ordi donc en fait cela n'a rien changé, je te tiens au courant des que je l'ai fait depuis un autre pc
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS