Infecté par fakewarn[tri] : Besoin d'aide svp :-( • page 2

[masterblaster]

Bonjour Bernard et merci pour ton aide,

j'ai fait ce que tu m'as dit il me reste seulement l examen de malwarebyte

voici en attendant le rapport OTL

Code: Tout sélectionner

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ deleted successfully.
C:\Program Files\Softonic_France\tbSoft.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ deleted successfully.
C:\Program Files\Hotspot_Shield\tbHots.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
C:\Program Files\BS_Player\tbBS_P.dll moved successfully.
HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
File C:\Program Files\Softonic_France\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Program Files\Hotspot_Shield\tbHots.dll not found.
Registry value HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\SearchSettings.dll moved successfully.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: http://search.conduit.com/?ctid=CT17505 ... hSource=13 removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
File C:\Program Files\Softonic_France\tbSoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Program Files\Hotspot_Shield\tbHots.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ deleted successfully.
C:\Program Files\Windows Live\Toolbar\wltcore.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\pdfforge Toolbar\SearchSettings.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
C:\Program Files\Hotspot Shield\hssie\HssIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File C:\Program Files\BS_Player\tbBS_P.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ deleted successfully.
File C:\Program Files\Windows Live\Toolbar\wltcore.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
File C:\Program Files\Softonic_France\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Program Files\Hotspot_Shield\tbHots.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File C:\Program Files\BS_Player\tbBS_P.dll not found.
Registry value HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
File C:\Program Files\Windows Live\Toolbar\wltcore.dll not found.
Registry value HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}\ not found.
File C:\Program Files\Softonic_France\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found.
File C:\Program Files\Hotspot_Shield\tbHots.dll not found.
Registry value HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}\ not found.
File C:\Program Files\BS_Player\tbBS_P.dll not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Program Files\pdfforge Toolbar\SearchSettings.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\eyeBeam SIP Client deleted successfully.
========== FILES ==========
C:\Users\BFS\AppData\Roaming\Mozilla\Firefox\Profiles\eizd7vzr.default\searchplugins\conduit.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale\EN-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\chrome\LOCALE\EN-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\chrome\LOCALE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\chrome\CONTENT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com folder moved successfully.
File\Folder C:\Users\BFS\AppData\Local\syssvc.exe not found.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: BFS
->Temp folder emptied: 4339846862 bytes
->Temporary Internet Files folder emptied: 67279334 bytes
->Java cache emptied: 150382065 bytes
->FireFox cache emptied: 76142654 bytes
->Google Chrome cache emptied: 35900530 bytes
->Flash cache emptied: 5094148 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3177330209 bytes
RecycleBin emptied: 7346616116 bytes
 
Total Files Cleaned = 14.495,00 mb
 
 
OTL by OldTimer - Version 3.2.20.5 log created on 01252011_144027

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Merci beaucoup, je reviens pour poster le rapport de malwarebytes

[masterblaster]

Re,

et ba ca a été plutôt long avec malwarebytes, 13 fichiers infectés et voici le rapport

Code: Tout sélectionner

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5594

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

25/01/2011 17:23:11
mbam-log-2011-01-25 (17-23-11).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 367618
Temps écoulé: 1 heure(s), 22 minute(s), 38 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e312764e-7706-43f1-8dab-fcdd2b1e416d} (PUP.Dealio) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\_OTL\MovedFiles\01252011_144027\C_Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll (PUP.Dealio) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\01252011_144027\C_Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\01252011_144027\C_Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (PUP.Dealio) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\01252011_144027\C_Program Files\pdfforge Toolbar\SearchSettings.dll (PUP.Dealio) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\01252011_144027\C_Program Files\pdfforge Toolbar\SearchSettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\01252011_144027\C_Program Files\pdfforge Toolbar\SearchSettingsRes409.dll (PUP.Dealio) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\01252011_144027\C_Program Files\pdfforge Toolbar\WidgiHelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.
C:\Users\BFS\AppData\Roaming\020000006285a282579C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\BFS\AppData\Roaming\020000006285a282579O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\BFS\AppData\Roaming\020000006285a282579P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\BFS\AppData\Roaming\020000006285a282579S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\BFS\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

Maintenant que dois-je faire ? Merci encore pour votre aide

[bernard53]

bonjour

tu as regardé pour les proxy?

[masterblaster]

bonjour

tu as regardé pour les proxy?

Bonjour Bernard, non je n'avais pas regardé, car je n'avais pas moi même paramétré de proxy. Comme je le disais, plus haut en faisant une restauration du système, j'ai pu "neutraliser" momentanément le virus, ce qui m'a permis d'aller de nouveau sur internet et de pouvoir suivre vos préconisations.

Mon PC semble fonctionner normalement (et pour ça je vous dois un fier merci), j'ai posté le dernier rapport, mais je n'ai toujours pas eu de réponse claire pour me dire si j'étais complètement débarrassé de cette saloperie ou si elle se cache encore quelque part.

A très beintôt

[bernard53]

bonsoir

a part ma demande pour le proxy le pc est propre.

Vérifies donc quand même ma demande s.t.p car se n'est pas toi qui a installé ces proxy mais les virus.