Comment ce debarraser de security tool
Résolu
stich
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
voila ce matin j'ai decouvert le "fameux" security tool en faisant des recherche sur internet jai decouver que c'etais un virus probleme je sais pas comment m'en debarraser ni les marches a suivre en vous lisant tous je suis perdue!!! voici mes symptome au bout d'un certain temp l'ordi s'arrete comment faire pouvez vous m'aider svp honnetement je ne connais pas grand chose a l'informatique 'ai grand besoin d'aide svp!! merci d'avance en esperant que l'on vienne a mon secour
voila ce matin j'ai decouvert le "fameux" security tool en faisant des recherche sur internet jai decouver que c'etais un virus probleme je sais pas comment m'en debarraser ni les marches a suivre en vous lisant tous je suis perdue!!! voici mes symptome au bout d'un certain temp l'ordi s'arrete comment faire pouvez vous m'aider svp honnetement je ne connais pas grand chose a l'informatique 'ai grand besoin d'aide svp!! merci d'avance en esperant que l'on vienne a mon secour
A voir également:
- Comment ce debarraser de security tool
- Hp usb disk storage format tool - Télécharger - Stockage
- Ds3 tool - Télécharger - Émulation
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Media creation tool - Télécharger - Systèmes d'exploitation
- Windows usb/dvd download tool - Télécharger - Systèmes d'exploitation
41 réponses
salut, tu es infecter par SECURITY TOOL, c'est un rogue, un faux antivirus si tu veux...
il y a une invasion depuis hier!!!
je vais essayer de te désinfecter:
Redémarre ton pc en mode sans échec avec prise en charge réseau
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
ensuite, lis ceci: https://www.cjoint.com/?jzlxaYmFgu
enfin, on commence:
si tu es sous VISTA ou SEVEN:
1/ desactive l'UAC:
> Va dans démarrer puis panneau de configuration
>Double Clique sur l'icône "Comptes d'utilisateurs"
>Clique ensuite sur désactiver et valide.
ensuite, MBAM :
> Télécharge MBAM
> Tu auras un tutoriel à ta disposition pour l'installer et l'utiliser correctement.
> Fais la mise à jour du logiciel /!\(elle se fait normalement à l'installation)/!\
> A l'apparition de la fenêtre de MBAM, clique sur «exécuter un examen complet»
> Sélectionne les disques que tu veux analyser et clique sur "Lancer l'examen"
> L'analyse peut durer un plusieurs heures...
> Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats"
> Vérifie que tout est bien coché et clique sur "Supprimer la sélection" => et ensuite sur "OK"
> Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
> Si le logiciel te demande de redémarrer, fais le en cliquant sur « OUI »
a++
il y a une invasion depuis hier!!!
je vais essayer de te désinfecter:
Redémarre ton pc en mode sans échec avec prise en charge réseau
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
ensuite, lis ceci: https://www.cjoint.com/?jzlxaYmFgu
enfin, on commence:
si tu es sous VISTA ou SEVEN:
1/ desactive l'UAC:
> Va dans démarrer puis panneau de configuration
>Double Clique sur l'icône "Comptes d'utilisateurs"
>Clique ensuite sur désactiver et valide.
ensuite, MBAM :
> Télécharge MBAM
> Tu auras un tutoriel à ta disposition pour l'installer et l'utiliser correctement.
> Fais la mise à jour du logiciel /!\(elle se fait normalement à l'installation)/!\
> A l'apparition de la fenêtre de MBAM, clique sur «exécuter un examen complet»
> Sélectionne les disques que tu veux analyser et clique sur "Lancer l'examen"
> L'analyse peut durer un plusieurs heures...
> Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats"
> Vérifie que tout est bien coché et clique sur "Supprimer la sélection" => et ensuite sur "OK"
> Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
> Si le logiciel te demande de redémarrer, fais le en cliquant sur « OUI »
a++
tu peux démarrer en mode normal??
fais ceci en mode normale si tu le peux, sinon, en mode sans eches avec prise en charge réseau
/!\ utilisateur de vista et seven faite clique droit et "éxécuter en teps qu'administrateur/!\
> Télécharge zhpdiag (de Nicolas Coolman)
> Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
> /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »/!\
> Clique sur la petite loupe en haut à gauche pour débuter l'analyse :
>attention, le scan peut durer un certain temps, ne touche a rien d'autre tant que le scan est en cour
> Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
> Héberge le rapport ZHPDiag.txt sur cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
a++
fais ceci en mode normale si tu le peux, sinon, en mode sans eches avec prise en charge réseau
/!\ utilisateur de vista et seven faite clique droit et "éxécuter en teps qu'administrateur/!\
> Télécharge zhpdiag (de Nicolas Coolman)
> Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
> /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »/!\
> Clique sur la petite loupe en haut à gauche pour débuter l'analyse :
>attention, le scan peut durer un certain temps, ne touche a rien d'autre tant que le scan est en cour
> Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
> Héberge le rapport ZHPDiag.txt sur cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
a++
AD-REMOVER :
> Télécharge ad-remover(de C_XX) sur ton Bureau
>Déconnecte toi et ferme toutes les applications en cours
> Double-clique sur l'icône AD-Remover
> Au menu principal, clique sur "scanner"
> Confirme le lancement de l'analyse et laisse l'outil travailler
> Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )
> Télécharge ad-remover(de C_XX) sur ton Bureau
>Déconnecte toi et ferme toutes les applications en cours
> Double-clique sur l'icône AD-Remover
> Au menu principal, clique sur "scanner"
> Confirme le lancement de l'analyse et laisse l'outil travailler
> Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )
stichh,
1/passe a la suppression.
2/ après, tu me poste le rapport
3/ tu me refais un zhpdiag que j'y vois un peu plus claire.... merci.
je pars dormir, je reprend demain.
a++
1/passe a la suppression.
2/ après, tu me poste le rapport
3/ tu me refais un zhpdiag que j'y vois un peu plus claire.... merci.
je pars dormir, je reprend demain.
a++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
AD-REMOVER :
>Déconnecte toi et ferme toutes les applications en cours
> Double-clique sur l'icône AD-Remover
> Au menu principal, clique sur "supprimer"
> Confirme le lancement de l'analyse et laisse l'outil travailler
> Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )
>Déconnecte toi et ferme toutes les applications en cours
> Double-clique sur l'icône AD-Remover
> Au menu principal, clique sur "supprimer"
> Confirme le lancement de l'analyse et laisse l'outil travailler
> Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )
stich , une info: MBAM peut être très long... ce n'est pas grave, laisse le tourné.
Salut
Tu comprendras que supprimer tes commentaires qui sont eux même suivi de commentaires revient à ne plus savoir de quoi parle l'autre.
Sans compter qu'ensuite tu nous demandes de faire le ménage sur le topic.
Vu que les questions de 'noob' pouvaient avoir un peu d'intérêt, il serait bien de réflechir un peu, soit avant de poster soit avant de supprimer..
cdt
Tu comprendras que supprimer tes commentaires qui sont eux même suivi de commentaires revient à ne plus savoir de quoi parle l'autre.
Sans compter qu'ensuite tu nous demandes de faire le ménage sur le topic.
Vu que les questions de 'noob' pouvaient avoir un peu d'intérêt, il serait bien de réflechir un peu, soit avant de poster soit avant de supprimer..
cdt
voici mon rapport:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4715
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
29/09/2010 17:39:37
mbam-log-2010-09-29 (17-39-37).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 248489
Temps écoulé: 49 minute(s), 6 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 15
Fichier(s) infecté(s): 49
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b4c656c9-f2e9-4e77-b3f4-443df2bd778f} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0d071a1-36b3-4757-a126-14c89c56013a} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{64f56fc1-1272-44cd-ba6e-39723696e350} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{64f56fc1-1272-44cd-ba6e-39723696e350} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64f56fc1-1272-44cd-ba6e-39723696e350} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang (Rogue.Eorezo) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\sébastien\Local Settings\Application Data\icwrfh_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\icwrfh_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\icwrfh.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\icwrfh.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\uqwweco_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\uqwweco_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\uqwweco.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\pichounette\Local Settings\Application Data\1379488079.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\08A40131.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0015676E.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\08AC31C0.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\ConfMedia.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\eoEngine.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoMultiLanguage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoComm.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_16.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_17.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_26.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\FreeImage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\Host.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\icon_eo.st.ico (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\MngInstaller.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins000.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins000.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\user.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\eoAdv.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoclock.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoengine.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eonet.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoweather.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_en.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_es.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_fr.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_it.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\pichounette\Menu Démarrer\Programmes\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4715
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
29/09/2010 17:39:37
mbam-log-2010-09-29 (17-39-37).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 248489
Temps écoulé: 49 minute(s), 6 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 15
Fichier(s) infecté(s): 49
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b4c656c9-f2e9-4e77-b3f4-443df2bd778f} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0d071a1-36b3-4757-a126-14c89c56013a} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{64f56fc1-1272-44cd-ba6e-39723696e350} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{64f56fc1-1272-44cd-ba6e-39723696e350} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64f56fc1-1272-44cd-ba6e-39723696e350} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang (Rogue.Eorezo) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\sébastien\Local Settings\Application Data\icwrfh_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\icwrfh_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\icwrfh.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\icwrfh.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\uqwweco_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\uqwweco_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\sébastien\Local Settings\Application Data\uqwweco.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\pichounette\Local Settings\Application Data\1379488079.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\08A40131.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0015676E.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\08AC31C0.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\ConfMedia.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\eoEngine.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoMultiLanguage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoComm.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_16.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_17.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_26.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\FreeImage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\Host.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\icon_eo.st.ico (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\MngInstaller.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins000.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins000.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\user.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\eoAdv.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoclock.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoengine.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eonet.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoweather.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_en.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_es.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_fr.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_it.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\pichounette\Menu Démarrer\Programmes\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
http://www.cijoint.fr/cjlink.php?file=cj201009/cijmMi7dBG.txt
Je te l'envoie comme ca je ne sais pas si ca te convient??
Je te l'envoie comme ca je ne sais pas si ca te convient??
mais dis moi comment j''ai chopé cette saloperie??? que je me mefie la prochaiine fois
est ce que c'est normal que mon anti virus na rien detecter??? j'ai avast mai l'ancienne version et il me dit pas grand chose alors que le nouveau j'ai d'autre personne se montre plus present faut-il que j'installe la nouvelle version??? ou carement que je change???
est ce que c'est normal que mon anti virus na rien detecter??? j'ai avast mai l'ancienne version et il me dit pas grand chose alors que le nouveau j'ai d'autre personne se montre plus present faut-il que j'installe la nouvelle version??? ou carement que je change???
Il faut savoir que les antivirus ne détectent de manière sûre que ce qu'ils connaissent.
Ensuite cela dépend de leur réactivité à intégrer les nouvelles versions de virus ( ainsi qu'un programme de détection post-infection).
Il semblerait que la dernière version de avast( 5) ne soit pas si mal. pour l'instant avira reste conseillée...et en payant, kaspersky.
Vu les ravages de l'infection, elle s'est servi de failles de sécurité au niveau de la diffusion de module vidéo...vite corrigé a priori.
Ensuite cela dépend de leur réactivité à intégrer les nouvelles versions de virus ( ainsi qu'un programme de détection post-infection).
Il semblerait que la dernière version de avast( 5) ne soit pas si mal. pour l'instant avira reste conseillée...et en payant, kaspersky.
Vu les ravages de l'infection, elle s'est servi de failles de sécurité au niveau de la diffusion de module vidéo...vite corrigé a priori.
salut, je pense que certains risque de trouver ca inutile, mais, j'en ai besoin... refais moi un zhpdiag pour voir si tout a été supprimer.
a+++
a+++
voila j'ai bien reussi a redemarre en mode sans echec et la je suis dans le compte administrateur c bien ca ?? je ne suis pas sous vista mais windows xp
poste le rapport a la fin.
merci.