INTERPOL

[pdufranc]

Bonjour
J'ai cette jolie page interpol sur mon pc.
Voici le rapport OTL.

OTL.txt

Merci pour votre aide

[angelique]

essaie:

Relançe OTLPE

o sous Custom Scan box copie_colle le contenu du cadre ci dessous

[en commençant bien à :OTL ,les: inclus devant OTL et cette fois ci clic RUNFIX]

:OTL
O4 - HKU\.DEFAULT..\RunOnce: [d3f1] C:\Documents and Settings\All Users\Application Data\vhuyim\vrks.exe (Zone Labs, LLC)
O4 - HKU\David_ON_C..\RunOnce: [d3f1] C:\Documents and Settings\All Users\Application Data\vhuyim\vrks.exe (Zone Labs, LLC)
O4 - HKU\LocalService_ON_C..\RunOnce: [d3f1] C:\Documents and Settings\All Users\Application Data\vhuyim\vrks.exe (Zone Labs, LLC)
O4 - HKU\NetworkService_ON_C..\RunOnce: [d3f1] C:\Documents and Settings\All Users\Application Data\vhuyim\vrks.exe (Zone Labs, LLC)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\All Users\Application Data\jxlgy\oxrqej.exe) - C:\Documents and Settings\All Users\Application Data\jxlgy\oxrqej.exe (Zone Labs, LLC)
O20 - HKU\David_ON_C Winlogon: Shell - (C:\Documents and Settings\All Users\Application Data\jxlgy\oxrqej.exe) - C:\Documents and Settings\All Users\Application Data\jxlgy\oxrqej.exe (Zone Labs, LLC)
O20 - HKU\LocalService_ON_C Winlogon: Shell - (C:\Documents and Settings\All Users\Application Data\jxlgy\oxrqej.exe) - C:\Documents and Settings\All Users\Application Data\jxlgy\oxrqej.exe (Zone Labs, LLC)
O20 - HKU\NetworkService_ON_C Winlogon: Shell - (C:\Documents and Settings\All Users\Application Data\jxlgy\oxrqej.exe) - C:\Documents and Settings\All Users\Application Data\jxlgy\oxrqej.exe (Zone Labs, LLC)
O33 - MountPoints2\{2e3d57ef-d756-11de-83f8-000e50532a29}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{2e3d57ef-d756-11de-83f8-000e50532a29}\Shell\Open(0)\command - "" = J:\Recycled\ctfmon.exe
O33 - MountPoints2\{43c449a8-f6b8-11dc-b638-0013d3049f34}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{b47a44da-d9d5-11dd-8833-000e50532a29}\Shell\Auto\command - "" = wvephlpgh.exe
O33 - MountPoints2\{b47a44da-d9d5-11dd-8833-000e50532a29}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wvephlpgh.exe
[2014/01/29 09:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mvaobcf
[2014/01/28 13:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\yfbhfk
[2014/01/28 13:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vhuyim
[2014/01/28 13:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\qyhv
[2014/01/28 13:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\qtvwh
[2014/01/28 13:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jxlgy
[2014/01/28 13:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\lsdwx
[2014/01/26 11:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\YmPack
[2014/01/28 13:47:55 | 000,001,155 | ---- | C] () -- C:\WINDOWS\fjm.gtn
[2014/01/28 13:46:45 | 000,000,660 | ---- | C] () -- C:\WINDOWS\divb.sxl
[2014/01/28 13:43:24 | 000,001,212 | ---- | C] () -- C:\WINDOWS\gmtz.ois
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
:files
C:\Documents and Settings\All Users\Application Data\vhuyim
C:\Documents and Settings\All Users\Application Data\jxlgy
C:\sqmdata*.sqm
C:\sqmnoopt*.sqm
:reg
[HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
[HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\Explorer]
"AlwaysUnloadDll"=dword:00000001

Une fois terminé, le rapport de suppression est sauvegardé sur ton disque dur C:\_OTL\ sous la forme date_heure.txt.


===> redemarre windows, ça marche ??