Virus !

legolas27 Messages postés 831 Statut Membre -  
legolas27 Messages postés 831 Statut Membre -
Bonjour,

je crois avoir chopper le virus msn, qui envoi un lien avec un message, j'essaye de l'enlever avec antivir, mais hier on m'a proposé de supprimer un trojan, ensuite mon ordinateur à planté et le problème avait disparu et se matin il réapparait, faut-il terminer le scan pour qu'il soit vraiment supprimé ?

Peut-ile détruire mon Ordi ? merci
A voir également:

49 réponses

Précédent
Réponse 21 / 49
Utilisateur anonyme
 
autant pour moi je voulais dire refais un scan comme precedement expliqué
0
Réponse 22 / 49
legolas27 Messages postés 831 Statut Membre 29
 
Voici le Old :

http://www.cijoint.fr/cjlink.php?file=cj201004/cijz1mV2l7.txt



Extras :

http://www.cijoint.fr/cjlink.php?file=cj201004/cijhTbfCQK.txt
0
Réponse 23 / 49
Utilisateur anonyme
 
▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
IE - HKLM\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2778378746-2705960229-3684179918-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Gdark
IE - HKU\S-1-5-21-2778378746-2705960229-3684179918-1000\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2778378746-2705960229-3684179918-1000\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "Gdark"
FF - prefs.js..browser.search.defaulturl: "http://fr.gdark.com/..."
FF - prefs.js..browser.search.selectedEngine: "Gdark"
O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-21-2778378746-2705960229-3684179918-1000..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe File not found
O4 - HKU\S-1-5-21-2778378746-2705960229-3684179918-1000..\Run: [????r] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:1493A0EF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1940DBE8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"=-
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"=-
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"=-

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.
0
Réponse 24 / 49
legolas27 Messages postés 831 Statut Membre 29
 
je l'ai en français, runfix vaut dire Correction ?

désolée pour mon faible niveau d'anglais, mais je croyai que Run voulait dire "course"
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 49
Utilisateur anonyme
 
oui pardon c'est moi , c'est mon truc qu'est pas à jour ^^
0
Réponse 26 / 49
legolas27 Messages postés 831 Statut Membre 29
 
arf,^^ oui, je dois avoir la récente =)

Voila le rapport après correction :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{59994074-c06d-4a75-9768-49e5a8c21264} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ deleted successfully.
C:\Program Files\Messenger_Plus_Live_France\tbMess.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9b339f6e-ddcd-401b-8764-230adbd01761} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b339f6e-ddcd-401b-8764-230adbd01761}\ deleted successfully.
C:\Program Files\Messenger_Plus_Live\tbMess.dll moved successfully.
Unable to set value : HKU\S-1-5-21-2778378746-2705960229-3684179918-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E!
Registry value HKEY_USERS\S-1-5-21-2778378746-2705960229-3684179918-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{59994074-c06d-4a75-9768-49e5a8c21264} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
File C:\Program Files\Messenger_Plus_Live_France\tbMess.dll not found.
Registry value HKEY_USERS\S-1-5-21-2778378746-2705960229-3684179918-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9b339f6e-ddcd-401b-8764-230adbd01761} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b339f6e-ddcd-401b-8764-230adbd01761}\ not found.
File C:\Program Files\Messenger_Plus_Live\tbMess.dll not found.
Prefs.js: "Gdark" removed from browser.search.defaultenginename
Prefs.js: "http://fr.gdark.com/" removed from browser.search.defaulturl
Prefs.js: "Gdark" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59994074-c06d-4a75-9768-49e5a8c21264}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
File C:\Program Files\Messenger_Plus_Live_France\tbMess.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b339f6e-ddcd-401b-8764-230adbd01761}\ not found.
File C:\Program Files\Messenger_Plus_Live\tbMess.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{59994074-c06d-4a75-9768-49e5a8c21264} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
File C:\Program Files\Messenger_Plus_Live_France\tbMess.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9b339f6e-ddcd-401b-8764-230adbd01761} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b339f6e-ddcd-401b-8764-230adbd01761}\ not found.
File C:\Program Files\Messenger_Plus_Live\tbMess.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2778378746-2705960229-3684179918-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BitComet deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2778378746-2705960229-3684179918-1000\Software\Microsoft\Windows\CurrentVersion\Run\\????r not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:1493A0EF deleted successfully.
ADS C:\ProgramData\TEMP:1940DBE8 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"HonorAutoRunSetting"|1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|1 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Acer\Empowering Technology\eDataSecurity\encryption.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Acer\Empowering Technology\eDataSecurity\decryption.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ludo
->Temp folder emptied: 1334290 bytes
->Temporary Internet Files folder emptied: 801955 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3383603 bytes
->Google Chrome cache emptied: 92355163 bytes
->Apple Safari cache emptied: 13843679 bytes
->Opera cache emptied: 613360 bytes
->Flash cache emptied: 6014 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 632 bytes
RecycleBin emptied: 835286 bytes

Total Files Cleaned = 108,00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04122010_163652

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
0
Réponse 27 / 49
Utilisateur anonyme
 
j'ai oublié une modification sur une clé recolle ca dans OTL et "Correction"


:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=0
0
Réponse 28 / 49
legolas27 Messages postés 831 Statut Membre 29
 
k c bon
0
Réponse 29 / 49
Utilisateur anonyme
 
gné ?
0
Réponse 30 / 49
legolas27 Messages postés 831 Statut Membre 29
 
J'ai rajouté la modification, je dois transmettre le rapport ?
0
Réponse 31 / 49
Utilisateur anonyme
 
oui s'il te plait
0
Réponse 32 / 49
legolas27 Messages postés 831 Statut Membre 29
 
Voila :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|0IE - HKLM\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)IE - HKU\S-1-5-21-2778378746-2705960229-3684179918-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GdarkIE - HKU\S-1-5-21-2778378746-2705960229-3684179918-1000\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)IE - HKU\S-1-5-21-2778378746-2705960229-3684179918-1000\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)FF - prefs.js..browser.search.defaultenginename: "Gdark"FF - prefs.js..browser.search.defaulturl: "http://fr.gdark.com/"FF - prefs.js..browser.search.selectedEngine: "Gdark"O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)O4 - HKLM..\Run: [NPSStartup] File not foundO4 - HKU\S-1-5-21-2778378746-2705960229-3684179918-1000..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe File not foundO4 - HKU\S-1-5-21-2778378746-2705960229-3684179918-1000..\Run: [????r] File not foundO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:1493A0EF@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1940DBE8@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2 /E :invalid edit format. Invalid data type.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"HonorAutoRunSetting"|1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|1 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Acer\Empowering Technology\eDataSecurity\encryption.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Acer\Empowering Technology\eDataSecurity\decryption.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ludo
->Temp folder emptied: 836948 bytes
->Temporary Internet Files folder emptied: 1738899 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 35965613 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 621 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 632 bytes
RecycleBin emptied: 2415 bytes

Total Files Cleaned = 37,00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04122010_231428

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Il en reste combien des procédures ? ^^
0
Réponse 33 / 49
Utilisateur anonyme
 
?????????????????????????
0
Réponse 34 / 49
legolas27 Messages postés 831 Statut Membre 29
 
Je viens de poster le rapport que tu m'as demandée.
0
Réponse 35 / 49
Utilisateur anonyme
 
on s'est mal compris.....

refais un scan OTL stp
0
Réponse 36 / 49
legolas27 Messages postés 831 Statut Membre 29
 
OLT :

http://www.cijoint.fr/cjlink.php?file=cj201004/cijcSyZYaI.txt

Extras :

http://www.cijoint.fr/cjlink.php?file=cj201004/cijdjVpE5b.txt



Je voulais savoir combien de procédure il reste avant que ça soit bon ? :)
0
Réponse 37 / 49
Utilisateur anonyme
 
ton windows n'est pas à jour , mets à jour avec windows update
0
Réponse 38 / 49
legolas27 Messages postés 831 Statut Membre 29
 
Oui, mais sur les deux mises à jours, y en a toujours une qui s'installe pas, sinon je viens de terminer les mises à jours.
0
Réponse 39 / 49
Utilisateur anonyme
 
tu as installé le service pack 2 ?
0
Utilisateur anonyme
 
Bonjour,
Je m'excuse pour cette intervention qui est hors sujet car j'ai aussi vista sp1
Avant, l'installation de la mise à jour de windows vista SP2 provoque plusieurs problèmes soit aucours de l'installation soit aprés ( problèmes de sons....).
Je te demande gen-hackman s'il est possible ton avis de l'installation de cette mise à jour car j'ai entendue que la version finale de SP2 est prête.
Merci d'avance pour la réponse...
0
Réponse 40 / 49
legolas27 Messages postés 831 Statut Membre 29
 
ça peut être ça marmar


POur moi non, le pack 1 veut pas s'installer,ils disent à chaque fois qu'il y a eu un problème dans l'installation.
0
Utilisateur anonyme
 
Merci legolas pour la réponse.
Est ce que tu as pu installé les autres mises à jour avec succès ?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses