[Résolu] Virus coriace

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

Répondre
actus
Amateur
Amateur
Messages : 102
Inscription : 15 mai 2011 22:31

[Résolu] Virus coriace

Message par actus » 15 mai 2011 22:35

Bonjour,

J'ai scanné mon PC qui a trouvé des virus, ayant des popups suspects; Avira les a mis en quarantaire mais je continue a avoir les mêmes popup qui ont l'aspect de messages de windows. Par exemple:

http://imageshack.us/photo/my-images/718/popup1c.jpg/

Je tourne sur XP et ai sygate comme firewall.

Merci par avance pour votre aide.

A+




actus
Amateur
Amateur
Messages : 102
Inscription : 15 mai 2011 22:31

Re: Virus coriace

Message par actus » 15 mai 2011 23:32

Re-bonjour,

A priori j'ai réussi à me débarrasser de ces popups grâce à Malwarebyte's Anti-Malware après avoir utilisé Rkill.

Cependant mon PC est toujours très lent (XP pro / CPU 3 GHz /RAM 3GB)et j'ai encore une "icon" qui m'inquiète car je ne peux pas déterminer s'il s'agit vraiment de "Windows Security Alerts" ou bien encore d'un malware.

Image

Comment vérifier cela? Comment nettoyer mon PC afin de l'accélérer, si ce n'est pas dû au malware?

Merci par avance.

A +.

actus
Dernière édition par actus le 18 mai 2011 09:38, édité 1 fois.

Avatar de l’utilisateur
hackinginterdit
Geek à longue barbe
Geek à longue barbe
Messages : 2411
Inscription : 10 mai 2008 13:45
Localisation : NANCY
Contact :

Re: Virus coriace

Message par hackinginterdit » 16 mai 2011 09:07

Salut,
Bienvenue.
Tu dis Cependant mon PC est toujours très lent Regarde ceci
https://www.malekal.com/ordinateur_lent.php

On va regarder s'il y a des restes de véroles
Voici la procédure à suivre.
Prière de lire attentivement les instructions pour les suivre correctement.
Bien poster les rapports comme demandés afin de pouvoir les analyser.

Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.
TOUS LES UTILITAIRES doivent être lancés depuis le Bureau (sauf indication spécifique). Aussi, il est demandé de les télécharger et enregistrer DIRECTEMENT sur le Bureau ou les déplacer (tout de suite après par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller".
Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau.


ETAPE 1 :
Passe un coup de TDSSKiller : tdsskiller-kaspersky-t28637.html
Poste le rapport ici.

ETAPE 2 :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/2010/11/12/tutorial-otl/

* Télécharge http://oldtimer.geekstogo.com/OTL.exe sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

* Lance OTL
* Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
SAVEMBR:0
%systemroot%\system32\*.dll /lockedfiles
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
iexplore.exe
wuauclt.exe
/md5stop

* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.

actus
Amateur
Amateur
Messages : 102
Inscription : 15 mai 2011 22:31

Re: Virus coriace

Message par actus » 18 mai 2011 09:37


Avatar de l’utilisateur
hackinginterdit
Geek à longue barbe
Geek à longue barbe
Messages : 2411
Inscription : 10 mai 2008 13:45
Localisation : NANCY
Contact :

Re: Virus coriace

Message par hackinginterdit » 18 mai 2011 10:21

Bonjour

Supprimes TDSkiller

Fais ce qui suit au sujet des proxy:
https://www.malekal.com/2010/11/14/desac ... teurs-web/


Relance OTL.exe.

Sous l'onglet Personnalisation en bas de la fenêtre, Copies et colles le contenu de cette citation ci dessous depuis Ras
RAS
:Files
C:\Documents and Settings\Pascal Morin\Desktop\tdsskiller.exe
C:\Documents and Settings\All Users\Application Data\bhdoh6r4m3d0v5p
C:\Documents and Settings\Pascal Morin\Local Settings\Application Data\bhdoh6r4m3d0v5p
C:\Documents and Settings\Pascal Morin\Local Settings\Application Data\bhdoh6r4m3d0v5p
C:\Documents and Settings\All Users\Application Data\bhdoh6r4m3d0v5p
C:\Documents and Settings\All Users\Application Data\118300.34
C:\TDSSKiller.2.4.17.0_10.02.2011_11.15.50_log.txt
C:\TDSSKiller.2.4.17.0_15.05.2011_08.52.50_log.txt
C:\TDSSKiller.2.5.1.0_15.05.2011_08.53.14_log.txt
C:\TDSSKiller.2.5.1.0_18.05.2011_08.27.39_log.txt
C:\Temp
ipconfig /flushdns /c
C:\*.sqm
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

:Services
HidServ

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: %µ£ProxyServer%µ£ = http=
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 1
O8 - Extra context menu item: &D&ownload &with BitComet - d:\BitComet\BitComet.exe (http://www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - d:\BitComet\BitComet.exe (http://www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - d:\BitComet\BitComet.exe (http://www.BitComet.com)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://ca.moneycentral.msn.com/cabs/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by13fd.bay13.hotmail.msn.com/res ... nPUpld.cab (Reg Error: Key error.)
O33 - MountPoints2\{13a57059-bb47-11de-b09c-001a4d4c43ce}\Shell\AutoRun\command - %µ£%µ£ = K:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{5763b866-69fb-11dd-ae1e-001a4d4c43ce}\Shell\AutoRun\command - %µ£%µ£ = K:\wubi.exe --cdmenu
[28 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Pascal Morin\*.tmp files -> C:\Documents and Settings\Pascal Morin\*.tmp -> ]

:reg
[HKEY_CURRENT_USER\Control Panel\Desktop]
"MenuShowDelay"="100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"AlwaysUnloadDll"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"link"=hex:00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"EnableBalloonTips"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify]
"IconStreams"=-
"PastIconsStream"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
"SetCommand"=dword:00000001
"SecurityLevel"=dword:00000001

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler sans te servir du PC!!!!!
  • Copie et colle le rapport dans ta réponse stp
Ensuite

Télécharge sur ton Bureau http://malwarebytes.org/products/malwarebytes_free

Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
!!! Malwarebyte doit être à jour avant de faire le scan !!!


actus
Amateur
Amateur
Messages : 102
Inscription : 15 mai 2011 22:31

Re: Virus coriace

Message par actus » 22 mai 2011 20:50

Bonsoir,

Voici les log:
All processes killed
Error: Unable to interpret <RAS> in the current context!
========== FILES ==========
File\Folder C:\Documents and Settings\Pascal Morin\Desktop\tdsskiller.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\bhdoh6r4m3d0v5p not found.
File\Folder C:\Documents and Settings\Pascal Morin\Local Settings\Application Data\bhdoh6r4m3d0v5p not found.
File\Folder C:\Documents and Settings\Pascal Morin\Local Settings\Application Data\bhdoh6r4m3d0v5p not found.
File\Folder C:\Documents and Settings\All Users\Application Data\bhdoh6r4m3d0v5p not found.
File\Folder C:\Documents and Settings\All Users\Application Data\118300.34 not found.
File\Folder C:\TDSSKiller.2.4.17.0_10.02.2011_11.15.50_log.txt not found.
File\Folder C:\TDSSKiller.2.4.17.0_15.05.2011_08.52.50_log.txt not found.
File\Folder C:\TDSSKiller.2.5.1.0_15.05.2011_08.53.14_log.txt not found.
File\Folder C:\TDSSKiller.2.5.1.0_18.05.2011_08.27.39_log.txt not found.
File\Folder C:\Temp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Pascal Morin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Pascal Morin\Desktop\cmd.txt deleted successfully.
File\Folder C:\*.sqm not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 .
========== SERVICES/DRIVERS ==========
Error: No service named HidServ was found to stop!
Service\Driver key HidServ not found.
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LockTaskbar not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ deleted successfully.
File d:\BitComet\BitComet.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all video with BitComet\ deleted successfully.
File d:\BitComet\BitComet.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ deleted successfully.
File d:\BitComet\BitComet.exe not found.
Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Starting removal of ActiveX control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a57059-bb47-11de-b09c-001a4d4c43ce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13a57059-bb47-11de-b09c-001a4d4c43ce}\ not found.
File K:\WD_Windows_Tools\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5763b866-69fb-11dd-ae1e-001a4d4c43ce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5763b866-69fb-11dd-ae1e-001a4d4c43ce}\ not found.
File K:\wubi.exe --cdmenu not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Documents and Settings\Pascal Morin\*.tmp not found.
========== REGISTRY ==========
HKEY_CURRENT_USER\Control Panel\Desktop\\"MenuShowDelay"|"100" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\\"AlwaysUnloadDll"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\"link"|hex:00,00,00,00 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"EnableBalloonTips"|dword:00000000 /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\\IconStreams deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\\PastIconsStream deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SetCommand"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SecurityLevel"|dword:00000001 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Actus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: freenet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: FxTrading

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Pascal Morin
->Temp folder emptied: 8080225 bytes
->Temporary Internet Files folder emptied: 4650424 bytes
->Java cache emptied: 13364168 bytes
->FireFox cache emptied: 92211400 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 12506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 161335 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2586552345 bytes

Total Files Cleaned = 2,580.00 mb


[EMPTYFLASH]

User: Actus
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User

User: freenet

User: FxTrading

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Pascal Morin
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05222011_150223

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6640

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/05/2011 16:39:12
mbam-log-2011-05-22 (16-39-12).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 331098
Time elapsed: 1 hour(s), 13 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Merci!

A+

Avatar de l’utilisateur
hackinginterdit
Geek à longue barbe
Geek à longue barbe
Messages : 2411
Inscription : 10 mai 2008 13:45
Localisation : NANCY
Contact :

Re: Virus coriace

Message par hackinginterdit » 22 mai 2011 21:42

Bonsoir
Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Faire un clic droit sur l'icône Avira Antivir dans la SysBarre (à coté de l'horloge)
Décocher Activer Antivir Guard

Refais voir la manip de correction en ayant désactivé ton antivirus

actus
Amateur
Amateur
Messages : 102
Inscription : 15 mai 2011 22:31

Re: Virus coriace

Message par actus » 23 mai 2011 20:12

Bonjour,

Voici le résultat de la manip après désactivation de l'antivirus (firewall non-désactivé):
All processes killed
Error: Unable to interpret <RAS> in the current context!
========== FILES ==========
File\Folder C:\Documents and Settings\Pascal Morin\Desktop\tdsskiller.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\bhdoh6r4m3d0v5p not found.
File\Folder C:\Documents and Settings\Pascal Morin\Local Settings\Application Data\bhdoh6r4m3d0v5p not found.
File\Folder C:\Documents and Settings\Pascal Morin\Local Settings\Application Data\bhdoh6r4m3d0v5p not found.
File\Folder C:\Documents and Settings\All Users\Application Data\bhdoh6r4m3d0v5p not found.
File\Folder C:\Documents and Settings\All Users\Application Data\118300.34 not found.
File\Folder C:\TDSSKiller.2.4.17.0_10.02.2011_11.15.50_log.txt not found.
File\Folder C:\TDSSKiller.2.4.17.0_15.05.2011_08.52.50_log.txt not found.
File\Folder C:\TDSSKiller.2.5.1.0_15.05.2011_08.53.14_log.txt not found.
File\Folder C:\TDSSKiller.2.5.1.0_18.05.2011_08.27.39_log.txt not found.
File\Folder C:\Temp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Pascal Morin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Pascal Morin\Desktop\cmd.txt deleted successfully.
File\Folder C:\*.sqm not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 .
========== SERVICES/DRIVERS ==========
Error: No service named HidServ was found to stop!
Service\Driver key HidServ not found.
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LockTaskbar not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ not found.
File d:\BitComet\BitComet.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all video with BitComet\ not found.
File d:\BitComet\BitComet.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ not found.
File d:\BitComet\BitComet.exe not found.
Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Starting removal of ActiveX control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a57059-bb47-11de-b09c-001a4d4c43ce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13a57059-bb47-11de-b09c-001a4d4c43ce}\ not found.
File K:\WD_Windows_Tools\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5763b866-69fb-11dd-ae1e-001a4d4c43ce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5763b866-69fb-11dd-ae1e-001a4d4c43ce}\ not found.
File K:\wubi.exe --cdmenu not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Documents and Settings\Pascal Morin\*.tmp not found.
========== REGISTRY ==========
HKEY_CURRENT_USER\Control Panel\Desktop\\"MenuShowDelay"|"100" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\\"AlwaysUnloadDll"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\"link"|hex:00,00,00,00 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"EnableBalloonTips"|dword:00000000 /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\\IconStreams deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\\PastIconsStream deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SetCommand"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SecurityLevel"|dword:00000001 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Actus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: freenet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: FxTrading

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Pascal Morin
->Temp folder emptied: 2835075 bytes
->Temporary Internet Files folder emptied: 2992384 bytes
->Java cache emptied: 13364016 bytes
->FireFox cache emptied: 100713423 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1594 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47196 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3692105336 bytes

Total Files Cleaned = 3,636.00 mb


[EMPTYFLASH]

User: Actus
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User

User: freenet

User: FxTrading

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Pascal Morin
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05232011_191047

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6654

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/05/2011 19:25:09
mbam-log-2011-05-23 (19-25-09).txt

Scan type: Quick scan
Objects scanned: 192102
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Voilà!

A+

Actus

actus
Amateur
Amateur
Messages : 102
Inscription : 15 mai 2011 22:31

Re: Virus coriace

Message par actus » 28 mai 2011 13:08

Bonjour,

Outre les copies de log de l'e-mail précédent, j'ai remarqué depuis quelques jours (j'ai l'impression depuis que j'ai fait les les manipulations demandées) que Firefox(V.3.6.17)est hyper, mais hyper lent (par exemple quand je clique sur tools ou bookmarks, par exemple, le menu ne se déroule pas immédiatment.

J'ai essayé en mode sans échec et pas vraiment de différence. J'ai également vidé le cache et pas de changement.

Je n'ai pas le souvenir d'avoir ajouté un add-on ou script pour greasemonkey.

J'ai vérifié la vitesse de la connexion internet qui paraît normale (varie entre 6 et 8 MB en voie descendante).

Je tourne sous XP 2002 service pack 3, CPU 3 GHz, 3GB de RAM (a priori ça ne vient donc pas d'un manque de puissance du PC).

Merci pour votre aide.

A+

actus
Amateur
Amateur
Messages : 102
Inscription : 15 mai 2011 22:31

Re: Virus coriace

Message par actus » 31 mai 2011 10:04

Bonjour,

Si dans les logs de mon avant-dernier message, il n'y a rien d'anormal, je me demande si ça ne vient pas de firefox qui ralentit l'ensemble (lui-même étant extrèment lent - fenêtre qui se fige pendant quelques secondes ou dizaines de secondes, voire 2-3 minutes); mon dernier message avait constaté une lenteur anormle de firefox.

Merci pour votre aide.

@+

Avatar de l’utilisateur
hackinginterdit
Geek à longue barbe
Geek à longue barbe
Messages : 2411
Inscription : 10 mai 2008 13:45
Localisation : NANCY
Contact :

Re: Virus coriace

Message par hackinginterdit » 31 mai 2011 10:29

Bonjour

Supprimes ton Firefox avec revo-uninstaller

http://aidealadsinfectiondunpc.blogspot ... aller.html

Télécharges et installes la dernière version

http://www.mozilla-europe.org/fr/

Dis moi s'il y a du changement ?

actus
Amateur
Amateur
Messages : 102
Inscription : 15 mai 2011 22:31

Re: Virus coriace

Message par actus » 01 juin 2011 07:38

Bonjour,

J'ai pas de bookmarks et des add-ons: comment faire pour els sauvegarder et être certain de les retrouver après avoir désistallé la version que j'ai et installer la nouvelle?

A+


actus
Amateur
Amateur
Messages : 102
Inscription : 15 mai 2011 22:31

Re: Virus coriace

Message par actus » 03 juin 2011 12:51

Bonjour,

FF 3.6.17 désisntallé, bookmarks sauvés, FF 4 installé, bookmarks à leur place ET vitesse normale!!

Encore mille merci.

Le sujet peut-être clos.

A+
Dernière édition par actus le 05 juin 2011 08:47, édité 1 fois.

Avatar de l’utilisateur
hackinginterdit
Geek à longue barbe
Geek à longue barbe
Messages : 2411
Inscription : 10 mai 2008 13:45
Localisation : NANCY
Contact :

Re: Virus coriace

Message par hackinginterdit » 03 juin 2011 13:46

Salut actus

OK Bon week end ! PDT_008


Répondre

Revenir vers « VIRUS : Supprimer/Desinfecter (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »