Sujet Précédent Sujet Suivant

Probleme avec un virus

nofear -  
 nofear -
Bonjour,

en étant sur internet j'ai d'un seul coup mon pc qui s'est déconecté et à re démarrer seul. pour infos je ne consultait pas de site x!

je n'ai pas téléchargé de programme n'y ouvert de fichiers .exe

bref j'ai depuis un message qui apparait dans la barre des taches me disant :
warning your pc is infected...
j'ai pc intispyware 2010 qui revient régulièrement me disant que des trojans sont détecté.

au secours que faire??
A voir également:

65 réponses

Précédent
Réponse 21 / 65
nofear
 
voici le post désolé:

SmitFraudFix v2.423

Rapport fait à 1:09:29,21, 22/08/2009
Executé à partir de D:\julien\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\braviax.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7C8C4F2-EF3E-4EBE-8BDB-2382E6C7395B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7C8C4F2-EF3E-4EBE-8BDB-2382E6C7395B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E7C8C4F2-EF3E-4EBE-8BDB-2382E6C7395B}: NameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 22 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
ok ensuite pour demain :

* Sous Vista : ▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Clique sur Démarrer puis sur panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.
▶ Redémarre le PC

▶ Télécharge Combofix de sUBs

▶ et enregistre le sur le Bureau.

▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Je te conseille d'installer la console de récupération !!

ensuite envois le rapport stp
0
Réponse 23 / 65
nofear
 
bizare je n'arrive pas à envoyer la réponse ici
0
Réponse 24 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
Essaye avec c-joint.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 65
nofear
 
voila j'espere que cela va fonctionner

https://www.cjoint.com/?iwpoDRihhf
0
Réponse 26 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
ok il à déjà fait pas mal de boulot combo, tu peux me refaire un RSIT complet. avec les 2 rapport.
0
Réponse 27 / 65
nofear
 
oui effectivement ca va deja bien mieux !

voici le rapport de rsit

https://www.cjoint.com/?iwpBpUELKd
0
Réponse 28 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
je ne vois plus de trace de braviax espérons qu'il soit définitivement parti car il est coriace après ça il restera encore 1 chose à virer :

▶ Télécharge OTM (de Old_Timer) sur ton Bureau

▶ Double-clique sur OTM.exe pour le lancer.

▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste instructions for item to be moved".

-----------------------------------------------------------------------------

:Processes

:services

:reg

:files
C:\Documents and Settings\duo\Menu Démarrer\Programmes\Démarrage
ikowin32.exe
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\PEV.exe
c:\documents and settings\duo\local settings\application data\ceuqs.exe
c:\program files\pc_antispyware2010\uninstall.exe
c:\program files\zango\bin\10.0.314.0\zangouninstaller.exe

:Commands
[purity]
[emptytemp]
[Reboot]

-----------------------------------------------------------------------------

▶ clique sur MoveIt! pour lancer la suppression.

▶ Le résultat apparaitra dans le cadre "Results".

▶ Clique sur Exit pour fermer.

▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

▶ Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

0
Réponse 29 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
ne fait pas otm tout de suite j'ai encore une chose à mettre.
0
Réponse 30 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
c'est bon j'ai modifier otm après ça il ne devrait plus rester de malware ou autre normalement.
0
Réponse 31 / 65
nofear
 
voici le rapport de OTM:

je dois effectuer un achat par internet pensez vous que je puisse le faire sans soucis (par CB)?

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\duo\Menu Démarrer\Programmes\Démarrage moved successfully.
File/Folder ikowin32.exe not found.
C:\WINDOWS\system32\tmp.txt moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
File/Folder c:\documents and settings\duo\local settings\application data\ceuqs.exe not found.
File/Folder c:\program files\pc_antispyware2010\uninstall.exe not found.
File/Folder c:\program files\zango\bin\10.0.314.0\zangouninstaller.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: duo
->Temp folder emptied: 473273 bytes
->Temporary Internet Files folder emptied: 131494 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89161228 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes

User: Propriétaire

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 77352 bytes

Total Files Cleaned = 85,74 mb

OTM by OldTimer - Version 3.0.0.6 log created on 08222009_160704

Files moved on Reboot...

Registry entries deleted on Reboot...
0
Réponse 32 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
excuse moi j'ai mal fait otm , recommance comme ce qui suit STP, pour lereste qui n'a pas été supprimé, je pense qu'il font être supprimé au nettoyage mais pas encore d'achat cb avant d'avoir tout fini :

▶ Télécharge OTM (de Old_Timer) sur ton Bureau

▶ Double-clique sur OTM.exe pour le lancer.

▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste instructions for item to be moved".

-----------------------------------------------------------------------------

:Processes

:services

:reg

:files
C:\Documents and Settings\duo\Menu Démarrer\Programmes\Démarrage\ikowin32.exe

:Commands
[purity]
[emptytemp]
[Reboot]

-----------------------------------------------------------------------------

▶ clique sur MoveIt! pour lancer la suppression.

▶ Le résultat apparaitra dans le cadre "Results".

▶ Clique sur Exit pour fermer.

▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

▶ Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

0
Réponse 33 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
/!\ La ligne files dans otm c'est 1 seule ligne
0
Réponse 34 / 65
nofear
 
voila le rapport otm:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\Documents and Settings\duo\Menu Démarrer\Programmes\Démarrage\ikowin32.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: duo
->Temp folder emptied: 6020 bytes
->Temporary Internet Files folder emptied: 192989 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73472282 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Propriétaire

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 70,32 mb

OTM by OldTimer - Version 3.0.0.6 log created on 08222009_190715

Files moved on Reboot...

Registry entries deleted on Reboot...
0
Réponse 35 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
bon on va faire malware pour effacer les dernières trace :

▶ Télécharge malwarebyte's anti-malware

▶ Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.

▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

▶ L'analyse peut durer un bon moment.....

▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée
0
Réponse 36 / 65
nofear
 
voici le rapport de malware

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2679
Windows 5.1.2600 Service Pack 2

22/08/2009 19:44:44
mbam-log-2009-08-22 (19-44-44).txt

Type de recherche: Examen rapide
Eléments examinés: 97688
Temps écoulé: 5 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 60
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\zango.desktopflash (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zango.desktopflash.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1985fce1-4043-4346-ae70-d0a0cd90bdd3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{dbf00e12-281c-4dc8-a7ec-1ff45182439b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ad71e48f-6f47-4b63-9312-fae879541c4d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dd1cb2d7-161d-4b84-ae5c-08d3faed894f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ZangoSA_df.exe (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\duo\Menu Démarrer\Programmes\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\duo\Menu Démarrer\Programmes\PC_Antispyware2010\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\duo\Menu Démarrer\Programmes\PC_Antispyware2010\Uninstall.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Reset Cursor.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Customer Support Center.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Games!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Library.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Screensavers!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Uninstall Instructions.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Videos!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\duo\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\Documents and Settings\duo\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\duo\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
0
Réponse 37 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
Et ba il en à fait du ménage, vide la quarantaine de malware, ensuite tu va me faire ceci pour voir s'il tu n'as pas de spyware maintenant parès tout ce ménage il va falloir le garder aussi clean:

Télécharge Superantispyware (SAS)

Choisis "enregistrer" et enregistre-le sur ton bureau.

Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

Créé une icône sur le bureau.

Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Préférences, clique sur le bouton "Préférences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

Close browsers before scanning (Fermer Navigateur avant le scan)

Scan for tracking cookies (Scan pour dépister les cookies)

Terminate memory threats before quarantining (Terminez les menaces de mémoire avant de mettre en quarantaine)

- Laisse les autres lignes décochées.

- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, coche C:\Fixed Drive.

Dans la colonne de droite, sous "Complète scan", clique sur "Perform Complète Scan"

Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Préférences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SuperAntiSpyware Scan Log.

- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

- Copie son contenu dans ta réponse.

Regarde bien le tuto SuperAntiSpyware il est très bien expliqué.
0
nofear
 
je suis super content de ton aide, c'est vraiment super.

je doit malheureusement filer je serais de retour demain si tu le veux bien.

encore merci
0
Réponse 38 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
pas de problème merci du super content.
0
Réponse 39 / 65
nofear
 
bonjour, voici la réponse de SAS:

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 08/23/2009 at 10:56 AM

Application Version : 4.27.1002

Core Rules Database Version : 4067
Trace Rules Database Version: 2007

Scan type : Complete Scan
Total Scan Time : 01:28:45

Memory items scanned : 559
Memory threats detected : 2
Registry items scanned : 5778
Registry threats detected : 92
File items scanned : 79836
File threats detected : 152

Trojan.Agent/Gen-Dropper[Crypt]
C:\WINDOWS\SYSTEM32\MSET.EXE
C:\WINDOWS\SYSTEM32\MSET.EXE
C:\DOCUMENTS AND SETTINGS\DUO\MSET.EXE
C:\DOCUMENTS AND SETTINGS\DUO\MSET.EXE
[mset] C:\WINDOWS\SYSTEM32\MSET.EXE
[mset] C:\DOCUMENTS AND SETTINGS\DUO\MSET.EXE
C:\WINDOWS\Prefetch\MSET.EXE-320D04BE.pf

Adware.Tracking Cookie
C:\Documents and Settings\duo\Cookies\duo@adserver.cyberjunior[2].txt
C:\Documents and Settings\duo\Cookies\duo@estat[1].txt
C:\Documents and Settings\duo\Cookies\duo@securityworm5[1].txt
C:\Documents and Settings\duo\Cookies\duo@tradedoubler[1].txt
C:\Documents and Settings\duo\Cookies\duo@msnportal.112.2o7[1].txt
C:\Documents and Settings\duo\Cookies\duo@www.zango[1].txt
C:\Documents and Settings\duo\Cookies\duo@tracker.affistats[2].txt
C:\Documents and Settings\duo\Cookies\duo@ads.pointroll[2].txt
C:\Documents and Settings\duo\Cookies\duo@www.cibleclick[2].txt
C:\Documents and Settings\duo\Cookies\duo@ad.yieldmanager[1].txt
C:\Documents and Settings\duo\Cookies\duo@www.jackpotmadness[2].txt
C:\Documents and Settings\duo\Cookies\duo@fr.12finder[1].txt
C:\Documents and Settings\duo\Cookies\duo@statse.webtrendslive[1].txt
C:\Documents and Settings\duo\Cookies\duo@server.iad.liveperson[3].txt
C:\Documents and Settings\duo\Cookies\duo@track.webtrekk[1].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[7].txt
C:\Documents and Settings\duo\Cookies\duo@autoscout24.112.2o7[1].txt
C:\Documents and Settings\duo\Cookies\duo@media6degrees[1].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[8].txt
C:\Documents and Settings\duo\Cookies\duo@cdiscount[1].txt
C:\Documents and Settings\duo\Cookies\duo@int.sitestat[1].txt
C:\Documents and Settings\duo\Cookies\duo@weba.cdiscount[1].txt
C:\Documents and Settings\duo\Cookies\duo@www.888[1].txt
C:\Documents and Settings\duo\Cookies\duo@ads.elevanet[1].txt
C:\Documents and Settings\duo\Cookies\duo@data.coremetrics[1].txt
C:\Documents and Settings\duo\Cookies\duo@track.effiliation[1].txt
C:\Documents and Settings\duo\Cookies\duo@banner.scasino[2].txt
C:\Documents and Settings\duo\Cookies\duo@media.licenseacquisition[1].txt
C:\Documents and Settings\duo\Cookies\duo@cts.metricsdirect[1].txt
C:\Documents and Settings\duo\Cookies\duo@ilead.itrack[1].txt
C:\Documents and Settings\duo\Cookies\duo@fastclick[1].txt
C:\Documents and Settings\duo\Cookies\duo@banner.cotedazurpalace[2].txt
C:\Documents and Settings\duo\Cookies\duo@banner.eurogrand[2].txt
C:\Documents and Settings\duo\Cookies\duo@adv.surinter[1].txt
C:\Documents and Settings\duo\Cookies\duo@www.etracker[2].txt
C:\Documents and Settings\duo\Cookies\duo@at.atwola[1].txt
C:\Documents and Settings\duo\Cookies\duo@georgiapacificvania.solution.weborama[2].txt
C:\Documents and Settings\duo\Cookies\duo@imrworldwide[2].txt
C:\Documents and Settings\duo\Cookies\duo@adserver.aol[2].txt
C:\Documents and Settings\duo\Cookies\duo@adserver.cafe[1].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[10].txt
C:\Documents and Settings\duo\Cookies\duo@content.licenseacquisition[2].txt
C:\Documents and Settings\duo\Cookies\duo@tacoda[1].txt
C:\Documents and Settings\duo\Cookies\duo@advertising[2].txt
C:\Documents and Settings\duo\Cookies\duo@xiti[1].txt
C:\Documents and Settings\duo\Cookies\duo@bs.serving-sys[2].txt
C:\Documents and Settings\duo\Cookies\duo@ads.racerpress[2].txt
C:\Documents and Settings\duo\Cookies\duo@redcats.122.2o7[1].txt
C:\Documents and Settings\duo\Cookies\duo@track.webtrekk[2].txt
C:\Documents and Settings\duo\Cookies\duo@stats.yme[2].txt
C:\Documents and Settings\duo\Cookies\duo@intermarche2009.solution.weborama[2].txt
C:\Documents and Settings\duo\Cookies\duo@ad.zanox[1].txt
C:\Documents and Settings\duo\Cookies\duo@media.adrevolver[2].txt
C:\Documents and Settings\duo\Cookies\duo@www.skyupadvertising[2].txt
C:\Documents and Settings\duo\Cookies\duo@blancheporte.solution.weborama[1].txt
C:\Documents and Settings\duo\Cookies\duo@statcounter[1].txt
C:\Documents and Settings\duo\Cookies\duo@mkt10.122.2o7[1].txt
C:\Documents and Settings\duo\Cookies\duo@stats.canalblog[1].txt
C:\Documents and Settings\duo\Cookies\duo@ads.128b[2].txt
C:\Documents and Settings\duo\Cookies\duo@tracking.publicidees[1].txt
C:\Documents and Settings\duo\Cookies\duo@stats.federal-hotel[2].txt
C:\Documents and Settings\duo\Cookies\duo@ads1.partnerlogic[1].txt
C:\Documents and Settings\duo\Cookies\duo@landing.adultmatchheat[1].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[6].txt
C:\Documents and Settings\duo\Cookies\duo@ads.canalblog[1].txt
C:\Documents and Settings\duo\Cookies\duo@d2.advertserve[1].txt
C:\Documents and Settings\duo\Cookies\duo@CA4IP0GR.txt
C:\Documents and Settings\duo\Cookies\duo@bizadverts[2].txt
C:\Documents and Settings\duo\Cookies\duo@track.webtrekk[3].txt
C:\Documents and Settings\duo\Cookies\duo@doubleclick[2].txt
C:\Documents and Settings\duo\Cookies\duo@atdmt[2].txt
C:\Documents and Settings\duo\Cookies\duo@bluestreak[2].txt
C:\Documents and Settings\duo\Cookies\duo@stats.searchtrack[1].txt
C:\Documents and Settings\duo\Cookies\duo@ehg-ricaud.hitbox[2].txt
C:\Documents and Settings\duo\Cookies\duo@adviva[2].txt
C:\Documents and Settings\duo\Cookies\duo@zanox[1].txt
C:\Documents and Settings\duo\Cookies\duo@fr.at.atwola[1].txt
C:\Documents and Settings\duo\Cookies\duo@serving-sys[2].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[5].txt
C:\Documents and Settings\duo\Cookies\duo@adtech[2].txt
C:\Documents and Settings\duo\Cookies\duo@adserving.favorit-network[2].txt
C:\Documents and Settings\duo\Cookies\duo@adbrite[2].txt
C:\Documents and Settings\duo\Cookies\duo@hotbar[2].txt
C:\Documents and Settings\duo\Cookies\duo@banner.32vegas[2].txt
C:\Documents and Settings\duo\Cookies\duo@adrevolver[2].txt
C:\Documents and Settings\duo\Cookies\duo@advertstream[2].txt
C:\Documents and Settings\duo\Cookies\duo@adopt.hotbar[2].txt
C:\Documents and Settings\duo\Cookies\duo@adopt.euroclick[2].txt
C:\Documents and Settings\duo\Cookies\duo@1936.stats.stats[2].txt
C:\Documents and Settings\duo\Cookies\duo@bwincom.122.2o7[1].txt
C:\Documents and Settings\duo\Cookies\duo@tracking.3gnet[1].txt
C:\Documents and Settings\duo\Cookies\duo@amaena[2].txt
C:\Documents and Settings\duo\Cookies\duo@smartadserver[1].txt
C:\Documents and Settings\duo\Cookies\duo@excedence.112.2o7[1].txt
C:\Documents and Settings\duo\Cookies\duo@mediaplex[1].txt
C:\Documents and Settings\duo\Cookies\duo@indexstats[2].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[1].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[3].txt
C:\Documents and Settings\duo\Cookies\duo@segafredovirginradiotour.solution.weborama[2].txt
C:\Documents and Settings\duo\Cookies\duo@adultfriendfinder[2].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[2].txt
C:\Documents and Settings\duo\Cookies\duo@ads.118000[2].txt
C:\Documents and Settings\duo\Cookies\duo@samsung.solution.weborama[2].txt
C:\Documents and Settings\duo\Cookies\duo@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\duo\Cookies\duo@zango[2].txt
C:\Documents and Settings\duo\Cookies\duo@apmebf[1].txt
C:\Documents and Settings\duo\Cookies\duo@weborama[2].txt
C:\Documents and Settings\duo\Cookies\duo@ads.fashionriot[2].txt
C:\Documents and Settings\duo\Cookies\duo@banner.prestigecasino[2].txt
C:\Documents and Settings\duo\Cookies\duo@a.websponsors[2].txt
C:\Documents and Settings\duo\Cookies\duo@www.smartadserver[2].txt
C:\Documents and Settings\duo\Cookies\duo@stats1.reliablestats[2].txt
C:\Documents and Settings\duo\Cookies\duo@overture[2].txt
C:\Documents and Settings\duo\Cookies\duo@2o7[2].txt
C:\Documents and Settings\duo\Cookies\duo@ehg-dig.hitbox[1].txt
C:\Documents and Settings\duo\Cookies\duo@as1.falkag[2].txt
C:\Documents and Settings\duo\Cookies\duo@yourmedia[1].txt
C:\Documents and Settings\duo\Cookies\duo@clickbank[1].txt
C:\Documents and Settings\duo\Cookies\duo@ads.verticalscope[1].txt
C:\Documents and Settings\duo\Cookies\duo@int.sitestat[2].txt
C:\Documents and Settings\duo\Cookies\duo@questionmarket[2].txt
C:\Documents and Settings\duo\Cookies\duo@track.effiliation[2].txt
C:\Documents and Settings\duo\Cookies\duo@hosted.zango[1].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[4].txt
C:\Documents and Settings\duo\Cookies\duo@track.webtrekk[4].txt
C:\Documents and Settings\duo\Cookies\duo@t.bbtrack[2].txt
C:\Documents and Settings\duo\Cookies\duo@richmedia.yahoo[1].txt
C:\Documents and Settings\duo\Cookies\duo@adserver.keltravo[2].txt
C:\Documents and Settings\duo\Cookies\duo@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[9].txt
C:\Documents and Settings\duo\Cookies\duo@argusauto2.solution.weborama[1].txt
C:\Documents and Settings\duo\Cookies\duo@fr.sitestat[11].txt
C:\Documents and Settings\duo\Cookies\duo@atwola[1].txt
C:\Documents and Settings\duo\Cookies\duo@ads.axylleus[2].txt
C:\Documents and Settings\duo\Cookies\duo@ushuaia.solution.weborama[2].txt
C:\Documents and Settings\duo\Cookies\duo@fnacmagasin.solution.weborama[2].txt
C:\Documents and Settings\duo\Cookies\duo@stat.dealtime[1].txt
C:\Documents and Settings\duo\Cookies\duo@zedo[1].txt
C:\Documents and Settings\duo\Cookies\duo@server.iad.liveperson[2].txt
C:\Documents and Settings\duo\Cookies\duo@bubblestat[1].txt
C:\Documents and Settings\duo\Cookies\duo@ads.sorpresor[1].txt
C:\Documents and Settings\duo\Cookies\duo@track.webgains[1].txt
C:\Documents and Settings\duo\Cookies\duo@CAXYA3AU.txt
C:\Documents and Settings\duo\Cookies\duo@118218.solution.weborama[2].txt
C:\Documents and Settings\duo\Cookies\duo@cetelem.solution.weborama[2].txt

Adware.Zango Toolbar/Hb
HKCR\Interface\{06784C15-B640-40F8-AEE8-3C1A3C7A899C}
HKCR\Interface\{06784C15-B640-40F8-AEE8-3C1A3C7A899C}\ProxyStubClsid
HKCR\Interface\{06784C15-B640-40F8-AEE8-3C1A3C7A899C}\ProxyStubClsid32
HKCR\Interface\{06784C15-B640-40F8-AEE8-3C1A3C7A899C}\TypeLib
HKCR\Interface\{06784C15-B640-40F8-AEE8-3C1A3C7A899C}\TypeLib#Version
HKCR\Interface\{195EF37C-0FF4-4AEF-B51B-47D326F01978}
HKCR\Interface\{195EF37C-0FF4-4AEF-B51B-47D326F01978}\ProxyStubClsid
HKCR\Interface\{195EF37C-0FF4-4AEF-B51B-47D326F01978}\ProxyStubClsid32
HKCR\Interface\{195EF37C-0FF4-4AEF-B51B-47D326F01978}\TypeLib
HKCR\Interface\{195EF37C-0FF4-4AEF-B51B-47D326F01978}\TypeLib#Version
HKCR\Interface\{1D5DF418-73EA-4B20-B0D1-5F9C6C949CB0}
HKCR\Interface\{1D5DF418-73EA-4B20-B0D1-5F9C6C949CB0}\ProxyStubClsid
HKCR\Interface\{1D5DF418-73EA-4B20-B0D1-5F9C6C949CB0}\ProxyStubClsid32
HKCR\Interface\{1D5DF418-73EA-4B20-B0D1-5F9C6C949CB0}\TypeLib
HKCR\Interface\{1D5DF418-73EA-4B20-B0D1-5F9C6C949CB0}\TypeLib#Version
HKCR\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}
HKCR\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}\ProxyStubClsid
HKCR\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}\ProxyStubClsid32
HKCR\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}\TypeLib
HKCR\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}\TypeLib#Version
HKCR\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119}
HKCR\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119}\ProxyStubClsid
HKCR\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119}\ProxyStubClsid32
HKCR\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119}\TypeLib
HKCR\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119}\TypeLib#Version
HKCR\Interface\{3D2E7662-85FB-4CC1-875C-A624B1AA5D96}
HKCR\Interface\{3D2E7662-85FB-4CC1-875C-A624B1AA5D96}\ProxyStubClsid
HKCR\Interface\{3D2E7662-85FB-4CC1-875C-A624B1AA5D96}\ProxyStubClsid32
HKCR\Interface\{3D2E7662-85FB-4CC1-875C-A624B1AA5D96}\TypeLib
HKCR\Interface\{3D2E7662-85FB-4CC1-875C-A624B1AA5D96}\TypeLib#Version
HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}
HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}\ProxyStubClsid
HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}\ProxyStubClsid32
HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}\TypeLib
HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}\TypeLib#Version
HKCR\Interface\{736918FE-2349-4230-BA9A-1F23649E32AD}
HKCR\Interface\{736918FE-2349-4230-BA9A-1F23649E32AD}\ProxyStubClsid
HKCR\Interface\{736918FE-2349-4230-BA9A-1F23649E32AD}\ProxyStubClsid32
HKCR\Interface\{736918FE-2349-4230-BA9A-1F23649E32AD}\TypeLib
HKCR\Interface\{736918FE-2349-4230-BA9A-1F23649E32AD}\TypeLib#Version
HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}
HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}\ProxyStubClsid
HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}\ProxyStubClsid32
HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}\TypeLib
HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}\TypeLib#Version
HKCR\Interface\{972BC913-312C-44B7-AA91-4AE3EC2E264B}
HKCR\Interface\{972BC913-312C-44B7-AA91-4AE3EC2E264B}\ProxyStubClsid
HKCR\Interface\{972BC913-312C-44B7-AA91-4AE3EC2E264B}\ProxyStubClsid32
HKCR\Interface\{972BC913-312C-44B7-AA91-4AE3EC2E264B}\TypeLib
HKCR\Interface\{972BC913-312C-44B7-AA91-4AE3EC2E264B}\TypeLib#Version
HKCR\Interface\{A0BA9F0F-BCEF-49CF-8A8E-D87E19E066F3}
HKCR\Interface\{A0BA9F0F-BCEF-49CF-8A8E-D87E19E066F3}\ProxyStubClsid
HKCR\Interface\{A0BA9F0F-BCEF-49CF-8A8E-D87E19E066F3}\ProxyStubClsid32
HKCR\Interface\{A0BA9F0F-BCEF-49CF-8A8E-D87E19E066F3}\TypeLib
HKCR\Interface\{A0BA9F0F-BCEF-49CF-8A8E-D87E19E066F3}\TypeLib#Version
HKCR\Interface\{A53762B6-30F7-469F-BA92-13D63CF09A93}
HKCR\Interface\{A53762B6-30F7-469F-BA92-13D63CF09A93}\ProxyStubClsid
HKCR\Interface\{A53762B6-30F7-469F-BA92-13D63CF09A93}\ProxyStubClsid32
HKCR\Interface\{A53762B6-30F7-469F-BA92-13D63CF09A93}\TypeLib
HKCR\Interface\{A53762B6-30F7-469F-BA92-13D63CF09A93}\TypeLib#Version
HKCR\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}
HKCR\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}\ProxyStubClsid
HKCR\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}\ProxyStubClsid32
HKCR\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}\TypeLib
HKCR\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}\TypeLib#Version
HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}
HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}\ProxyStubClsid
HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}\ProxyStubClsid32
HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}\TypeLib
HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}\TypeLib#Version
HKCR\Interface\{C4DB76D5-B430-4652-8599-7CD2C8FE6CC6}
HKCR\Interface\{C4DB76D5-B430-4652-8599-7CD2C8FE6CC6}\ProxyStubClsid
HKCR\Interface\{C4DB76D5-B430-4652-8599-7CD2C8FE6CC6}\ProxyStubClsid32
HKCR\Interface\{C4DB76D5-B430-4652-8599-7CD2C8FE6CC6}\TypeLib
HKCR\Interface\{C4DB76D5-B430-4652-8599-7CD2C8FE6CC6}\TypeLib#Version
HKCR\Interface\{E4662B0A-DA6B-4408-A73B-5A2BBB2B0CC8}
HKCR\Interface\{E4662B0A-DA6B-4408-A73B-5A2BBB2B0CC8}\ProxyStubClsid
HKCR\Interface\{E4662B0A-DA6B-4408-A73B-5A2BBB2B0CC8}\ProxyStubClsid32
HKCR\Interface\{E4662B0A-DA6B-4408-A73B-5A2BBB2B0CC8}\TypeLib
HKCR\Interface\{E4662B0A-DA6B-4408-A73B-5A2BBB2B0CC8}\TypeLib#Version
HKCR\Interface\{E977DE7C-34EA-4876-B333-207C4504589E}
HKCR\Interface\{E977DE7C-34EA-4876-B333-207C4504589E}\ProxyStubClsid
HKCR\Interface\{E977DE7C-34EA-4876-B333-207C4504589E}\ProxyStubClsid32
HKCR\Interface\{E977DE7C-34EA-4876-B333-207C4504589E}\TypeLib
HKCR\Interface\{E977DE7C-34EA-4876-B333-207C4504589E}\TypeLib#Version
HKCR\Interface\{F5FC30C3-68AD-451B-8BC1-8ABD98F2C69A}
HKCR\Interface\{F5FC30C3-68AD-451B-8BC1-8ABD98F2C69A}\ProxyStubClsid
HKCR\Interface\{F5FC30C3-68AD-451B-8BC1-8ABD98F2C69A}\ProxyStubClsid32
HKCR\Interface\{F5FC30C3-68AD-451B-8BC1-8ABD98F2C69A}\TypeLib
HKCR\Interface\{F5FC30C3-68AD-451B-8BC1-8ABD98F2C69A}\TypeLib#Version

Trojan.Agent/Gen
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BRAVIAX.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E085E7-2D04-46BF-BF24-710AADD73283}\RP313\A0061452.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E085E7-2D04-46BF-BF24-710AADD73283}\RP313\A0061462.EXE

Trojan.Downloader-Gen
C:\_OTM\MOVEDFILES\08172009_003200\WINDOWS\SYSTEM32\BRAVIAX.EXE
0
Réponse 40 / 65
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
et ba il en a trouvé des choses dites donc, tu peux me supprimer tout ça, ça doit être dans la quarantaine, ensuite pour vérifier qu'il n'y a plus de virus :

▶ Désactive ton antivirus

▶ Rends toi sur ce site : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (avec Internet Explorer uniquement)

▶ En bas à droite, clique sur Démarrer Online-scanner

▶ Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

▶ Accepte les Contrôle ActiveX

▶ Choisis Poste de travail pour le scan.

▶ Celui-ci terminé, sauvegarde le rapport (choisis fichier texte) et poste le dans ta prochaine réponse.

▶ Pour t'aider à utiliser le scan en ligne, consulte ce tutoriel

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses