Sujet Précédent Sujet Suivant

Virus comment le supprimer de l'aide merci

niky16 Messages postés 53 Statut Membre -  
raphy00 Messages postés 1112 Statut Membre -
Bonjour,

un de mes ordinateurs est infecté par un ou plusieurs virus, je ne sais pas comment les supprimer.

J'ai fait une analyse kaspersky, il m'en détecte 13.

Est-ce que quelqun peut m'apporter son aide ?

Merci beaucoup.

6 réponses

Réponse 1 / 6
raphy00 Messages postés 1112 Statut Membre 9
 
Salut,

Telecharges malwares bytes anti malwares :

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

Fais un scan complet et postes le rapport.

____________________________________________________________________________________

Puis :

Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Avant toute installation, renommes le en lalala.exe.

Accepte la license en cliquant sur le bouton "I Accept"

Ensuite clique sur "do a system scan and save a logfile" et postes le rapport.
0
Réponse 2 / 6
niky16 Messages postés 53 Statut Membre
 
je fais tout ca et je te scanne les rapports dès que c'est fait.

Merci de ton aide.
0
Réponse 3 / 6
niky16 Messages postés 53 Statut Membre
 
voila le rapport de malwarebytes.

Je continue avec hijackthis et je poste le rapport dès que c'est terminé.

Merci de ton aide.

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 884

11:18:51 24/06/2008
mbam-log-6-24-2008 (11-18-51).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 233812
Temps écoulé: 1 hour(s), 0 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 23

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aspimgr (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aspimgr (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr (Trojan.Proxy) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebProxy (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XP SecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\XPSecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\data (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\XPSecurityCenter\XPSecurityCenter.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\htmlayout.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\install.exe (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\pthreadVC2.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\un.ico (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\unzip32.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\XP_SecurityCenter.cfg (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\data\daily.cvd (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\index.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winivstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aspimgr.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\XPSecurityCenter.lnk (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\portable.ANGELIE\Local Settings\Temp\_check32.bat (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 4 / 6
niky16 Messages postés 53 Statut Membre
 
Et voila le scan de Hisjackthis

Vois tu encore des cochonneries qui reste

Merci de ton aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:08, on 24/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = angelie.local
O17 - HKLM\Software\..\Telephony: DomainName = angelie.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEBFC803-4D68-4F97-B349-8BF26090DABF}: Domain = angelie.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEBFC803-4D68-4F97-B349-8BF26090DABF}: NameServer = 213.36.80.1,192.168.0.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = angelie.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = angelie.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = angelie.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = angelie.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = angelie.local
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
niky16 Messages postés 53 Statut Membre
 
voila je pense avoir tout fait.

Merci de me dire si c'est propre ou s'il reste des éléments a supprimer.
0
Réponse 6 / 6
raphy00 Messages postés 1112 Statut Membre 9
 
Salut,

Attention, tu n'as toujours pas renommé hijackthis.exe. Va ici :

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Et renommes hijackthis.exe en salut.exe.
Et postes un nouveau rapport.
0

Discussions similaires

Supprimer compte facebook sans mail
Joris77 -
Mollygwen -

24 réponses