Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par Babas
#133813
Bonjour à  tous,

on m'a prêté un ordinateur portable avec un Windows xp SP3 visiblement infecté : en branchant un disque dur externe dessus, il m'a contracté le fameux virus des dossiers en raccourci.

J'ai commencé par un scan via Malwarebytes antimalware. Je n'ai malheureusement pas gardé le rapport mais voici le log :
Code: Tout sélectionner
Malwarebytes Anti-Malware
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Scan Date: 21/04/2014
Scan Time: 15:40:10
Logfile: 1er scan malwarebytes.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.21.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: labiov

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 222655
Time Elapsed: 23 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\CLASSES\CLSID\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}, Quarantined, [5b9d5fcdfe7d52e4e08361b57290c937],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\CLASSES\CLSID\{A03467B7-AF0C-4B7D-BA04-D019B0CA7CFA}, Quarantined, [5b9d5fcdfe7d52e4e08361b57290c937],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\CLASSES\CLSID\{D6533F74-218B-41BE-9D91-5BD471FECFFD}, Quarantined, [5b9d5fcdfe7d52e4e08361b57290c937],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\CLASSES\Toolbar.CT2851639, Quarantined, [5b9d5fcdfe7d52e4e08361b57290c937],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D6533F74-218B-41BE-9D91-5BD471FECFFD}, Quarantined, [5b9d5fcdfe7d52e4e08361b57290c937],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\CLASSES\CLSID\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}\INPROCSERVER32, Quarantined, [5b9d5fcdfe7d52e4e08361b57290c937],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}, Quarantined, [5b9d5fcdfe7d52e4e08361b57290c937],
PUP.Optional.Conduit.A, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, Quarantined, [11e7b676cab1fa3c713eadee48bb44bc],
PUP.Optional.ValueApps.A, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Quarantined, [857389a3621940f6a2cb641c3cc632ce],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [936507250774cd6912e44936c939cb35],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [2dcbc864a2d988ae5fca6c2a15eed52b],

Registry Values: 9
Worm.Autorun, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Adobe Reader Speed Launcher, C:\WINDOWS\System32\service214.exe, Quarantined, [3fb9f3390e6d3105484b99177c843cc4]
Worm.Autorun, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Adobe Reader Speed Launcher, C:\WINDOWS\System32\service214.exe, Quarantined, [3fb9f3390e6d3105484b99177c843cc4]
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}, Quarantined, [5b9d5fcdfe7d52e4e08361b57290c937],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}, uTorrentBar_FR Toolbar, Quarantined, [5b9d5fcdfe7d52e4e08361b57290c937]
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}, Quarantined, [f206ff2d8cef2e0880e31ef89270926e],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}, Quarantined, [b840b577e497df57f56ef323af536b95],
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Adobe Reader Speed Launcher, C:\WINDOWS\System32\service214.exe, Quarantined, [14e430fc7605cf6781f7c0d21be750b0]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R0DtO0U1C1S1U1StR0J1Q2P1J1K1I2R, Quarantined, [2dcbc864a2d988ae5fca6c2a15eed52b]
Hijack.ControlPanelStyle, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Quarantined, [7385ce5e2c4fe056aef712de788acb35]

Registry Data: 9
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[8c6c93991e5d45f1b8131e06dd275ca4]
PUM.Hijack.StartMenu, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Good: (1), Bad: (0),Replaced,[d226b4787605b97d5de850d60301f10f]
PUM.Hijack.Help, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Good: (0), Bad: (1),Replaced,[9464a18bb9c2b18555a245df9b69837d]
PUM.Hijack.StartMenu, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Good: (1), Bad: (0),Replaced,[b048db511b604fe7dd686abc55af5fa1]
PUM.Hijack.Help, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Good: (0), Bad: (1),Replaced,[20d81a12fe7d87affcfb4bd9ae567d83]
PUM.Hijack.StartMenu, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Good: (1), Bad: (0),Replaced,[58a031fb3843a0968bba2105e02430d0]
PUM.Hijack.Help, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Good: (0), Bad: (1),Replaced,[718737f5790290a6fafd83a135cf22de]
PUM.Hijack.StartMenu, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Good: (1), Bad: (0),Replaced,[649487a5b9c27bbbb68f091de51f1ce4]
PUM.Hijack.Help, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Good: (0), Bad: (1),Replaced,[01f7bd6ff388fd397a7d37ed010342be]

Folders: 2
PUP.Optional.Conduit.A, C:\Documents and Settings\labiov\Local Settings\Temp\CT2851639, Quarantined, [1cdcaf7daad18aac9980bca4d82ac040],
PUP.Optional.Conduit.A, C:\Documents and Settings\labiov\Local Settings\Temp\CT2851639\xpi, Quarantined, [1cdcaf7daad18aac9980bca4d82ac040],

Files: 17
Worm.Autorun, C:\WINDOWS\system32\service214.exe, Quarantined, [3fb9f3390e6d3105484b99177c843cc4],
PUP.Optional.uTorrentBar.A, C:\Program Files\uTorrentBar_FR\prxtbuTor.dll, Quarantined, [5b9d5fcdfe7d52e4e08361b57290c937],
PUP.Optional.Somoto, C:\Documents and Settings\labiov\Local Settings\Temp\3r7QNTAH.exe.part, Quarantined, [fff9c06c8dee16201490ea62709443bd],
PUP.Optional.Somoto, C:\Documents and Settings\labiov\Local Settings\Temp\bitool.dll, Quarantined, [26d2bd6f730860d611550fee20e15ca4],
PUP.Optional.Somoto, C:\Documents and Settings\labiov\Local Settings\Temp\nsf102.tmp, Quarantined, [e01881ab92e9a195fd0f9f2061a23dc3],
PUP.Optional.Somoto, C:\Documents and Settings\labiov\Local Settings\Temp\nsyF8.tmp, Quarantined, [c4349a921d5ee353b05c536c828154ac],
PUP.Optional.Somoto, C:\Documents and Settings\labiov\Local Settings\Temp\nszFD.tmp, Quarantined, [9d5b71bbb2c961d5a765d5ea7d86dc24],
PUP.Optional.Somoto, C:\Documents and Settings\labiov\Local Settings\Temp\dffhIKnW.exe.part, Quarantined, [a94fec400b70c76f5d47af9de71d857b],
PUP.Optional.Maucampo.A, C:\Documents and Settings\labiov\Local Settings\Temp\maucampoSetup.exe, Quarantined, [e5138d9f6b103ef8afccde2464a0837d],
PUP.Optional.Somoto, C:\Documents and Settings\labiov\Local Settings\Temporary Internet Files\Content.IE5\7UCH1B8Z\BiTool[1].dll, Quarantined, [5d9b56d605763bfbde8850ad8978837d],
PUP.Optional.Somoto, C:\Documents and Settings\labiov\Local Settings\Temporary Internet Files\Content.IE5\HL7DCA4E\setup[1].exe, Quarantined, [06f2161659227bbb0705a51a857e669a],
PUP.Optional.Somoto, C:\Documents and Settings\labiov\Local Settings\Temporary Internet Files\Content.IE5\S0IKP48V\setup[1].exe, Quarantined, [8c6cc765b4c758deb05ccdf24cb7d32d],
PUP.Optional.Maucampo.A, C:\Documents and Settings\labiov\Local Settings\Temp\maucampo\maucampo_Setup.exe, Quarantined, [ba3ec16b3348db5bc121773562a1ba46],
PUP.Optional.Conduit.A, C:\Documents and Settings\labiov\Local Settings\Temp\CT2851639\CT2851639.txt, Quarantined, [1cdcaf7daad18aac9980bca4d82ac040],
PUP.Optional.Conduit.A, C:\Documents and Settings\labiov\Local Settings\Temp\CT2851639\CT2851639.xpi, Quarantined, [1cdcaf7daad18aac9980bca4d82ac040],
PUP.Optional.Conduit.A, C:\Documents and Settings\labiov\Local Settings\Temp\CT2851639\manifest.json, Quarantined, [1cdcaf7daad18aac9980bca4d82ac040],
PUP.Optional.Conduit.A, C:\Documents and Settings\labiov\Local Settings\Temp\CT2851639\xpi\install.rdf, Quarantined, [1cdcaf7daad18aac9980bca4d82ac040],

Physical Sectors: 0
(No malicious items detected)


(end)
une cinquantaine d'infections mis en quarantaine.

J'ai ensuite chercher un peu plus via divers forum et j'ai commencé par lancer un ZHPDiag dont le rapport est perdu car j'en ai relancé par la suite (voir plus bas). Il me parlait en fin de rapport de 5 menaces : un rogue sur un programme (PC Speed Maximiser que je vire après recherche via le panneau de configuration) et 4 toolbars (conduit, ask, et je me rappelle plus les 2 autres mais ils vont surement apparaitre dans les rapports suivants).

Après quelques recherches sur divers forum, je me lance dans adwcleaner et, décidément, je foire pas mal, mais je ne retrouve pas le rapport. Je vois 14 éléments en quarantaine liés à  uTorrentBar_Fr et un CookiesExceptions.txt pour PC Speed Maximizer.

Puis j'enchaine avec un nouveau scan Malwarebytes dont voici le log :
Code: Tout sélectionner
Malwarebytes Anti-Malware
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Scan Date: 22/04/2014
Scan Time: 11:39:46
Logfile: 2eme scan malwarebytes.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.21.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: labiov

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 221726
Time Elapsed: 20 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Agent, HKU\S-1-5-21-789336058-1580436667-1177238915-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Adobe Reader Speed Launcher, C:\WINDOWS\System32\service214.exe, Quarantined, [a6521e0e46351c1a2db8938a689b8878]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
.
Un nouvel élément en quarantaine.

Et je termine par un scan HitmanPro :
Code: Tout sélectionner
[code]
HitmanPro 3.7.9.216
www.hitmanpro.com

Computer name . . . . : ORDINATEUR
Windows . . . . . . . : 5.1.3.2600.X86/2
User name . . . . . . : ORDINATEUR\labiov
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2014-04-22 11:43:41
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 34s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 1
Traces . . . . . . . : 73

Objects scanned . . . : 341.782
Files scanned . . . . : 17.888
Remnants scanned . . : 53.084 files / 270.810 keys

Miniport ____________________________________________________________________

Primary
DriverObject . . . : 89BB2D20
DriverName . . . . : \Driver\atapi
DriverPath . . . . : atapi.sys
StartIo . . . . . : F7841864 atapi.sys+30820
IRP_MJ_SCSI . . . : F7843B40 atapi.sys+39744
Solution
DriverObject . . . : 89BB2D20
DriverName . . . . : \Driver\atapi
DriverPath . . . . : atapi.sys
StartIo . . . . . : F7841864 atapi.sys+30820
IRP_MJ_SCSI . . . : F7840852 atapi.sys+26706

Malware _____________________________________________________________________

C:\Documents and Settings\labiov\Mes documents\Téléchargements\FileZilla_3.7.3_win32-setup.exe -> Quarantined
Size . . . . . . . : 674.736 bytes
Age . . . . . . . : 21.9 days (2014-03-31 15:14:38)
Entropy . . . . . : 7.8
SHA-256 . . . . . : CF905A357DB6E622E645895A12F6F230C5F946CE9A7CF9FD476386C2EF599952
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Trojan.Heur2.GZ.PGZ@b4zwVxgi
Fuzzy . . . . . . : 107.0


Cookies _____________________________________________________________________

C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:247realmedia.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:2o7.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ad.360yield.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ad.adc-serv.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ad.adserver01.de
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ad.e-kolay.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ad.prismamediadigital.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ad.yieldmanager.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ad.zanox.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.ad4game.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.clicmanager.fr
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.creative-serving.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.filmlush.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.flixaddict.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.lzjl.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.movielush.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.pubmatic.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.pushplay.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.reelvidz.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ads.yahoo.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:adtech.de
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:adtechus.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:adverticum.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:advertising.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:advertstream.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:aimfar.solution.weborama.fr
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:at.atwola.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:atdmt.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:be.sitestat.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:bs.serving-sys.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:burstnet.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:c.atdmt.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:c1.atdmt.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:casalemedia.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ccmbenchmarck.solution.weborama.fr
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:clubmedbelgique.solution.weborama.fr
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:corel.112.2o7.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:cstatic.weborama.fr
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:dmtracker.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:doubleclick.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:fastclick.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:fr.sitestat.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:in.getclicky.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:invitemedia.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:livejasmin.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:media6degrees.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:microsoftwindows.112.2o7.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:myroitracking.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:nl.sitestat.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:overture.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:questionmarket.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:revsci.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ru4.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:serving-sys.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:smartadserver.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:sncf2.solution.weborama.fr
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:sncfautotrain.solution.weborama.fr
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:specificclick.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:statcounter.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:static.freewebs.getclicky.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:statse.webtrendslive.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:track.adform.net
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:tradedoubler.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:uk.at.atwola.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:weborama.fr
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:ww251.smartadserver.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:www.etracker.de
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:www.googleadservices.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:www3.smartadserver.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:xiti.com
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:yadro.ru
C:\Documents and Settings\labiov\Application Data\Mozilla\Firefox\Profiles\ve2hii0y.default-1398156074046\cookies.sqlite:zedo.com


[/code]
.

Pour finir, j'ai relancé un ZHPDiag dont voici le rapport :
http://cjoint.com/?DDwv0ACnjey.

Je ne pense pas avoir terminé pour autant et je ne sais pas trop quoi faire avec les fichiers en quarantaine.

De plus, je compte me pencher sur cette histoire de disque dur infecté (composé d'une partition en ntfs et d'une en fat32). Je l'ai donc branché sans rien ouvrir et ai lancé un usbfix en mode suppression dont voici le rapport :
http://www.cjoint.com/?DDwv4U9p9m5.

Que ce soit pour l'ordinateur comme pour le disque dur, je compte bien formater tout ça après backup. Seulement, j'aimerais faire un backup propre (d'autant que ce n'est pas mon ordi, donc pas moi qui ferai le backup) et j'ai l'impression qu'il va m'être difficile de finir le nettoyage seul, un coup d'oeil plus expert serait la bienvenue.

Merci d'avance,
Babas.
Avatar du membre
par Evasion60
#133827
:hello: Bonsoir

Le forum ne prends pas en charge des OS non officiels =>

O4 - HKUS\S-1-5-18\..\RunOnce: [WinLSD_SP3] . (...) -- C:\WINDOWS\LSD\end.cmd => Unknown owner%Windows LSD III (version pirate XP)
O4 - HKUS\S-1-5-19\..\RunOnce: [WinLSD_SP3] . (...) -- C:\WINDOWS\LSD\end.cmd => Unknown owner%Windows LSD III (version pirate XP)
O4 - HKUS\S-1-5-20\..\RunOnce: [WinLSD_SP3] . (...) -- C:\WINDOWS\LSD\end.cmd => Unknown owner%Windows LSD III (version pirate XP)

Edité : Par contre nous faisons en sorte que l'infection n'aille pas toucher d'autres ordinateurs, surtout si celles-ci sont transmissibles par voie USB comme c'est le cas pour toi.

Pour supprimer cette infection :
  • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
  • Branche toutes vos sources de données externes à  votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisis l'option Suppression

    Image

    Note : L'ordinateur va redémarrer automatiquement, au redémarrage, clique sur le message transmis par UsbFix et laisse le programme travailler.

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
Bonne continuation ;)

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)