Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

Infectée par win spyware protect

 

2 utilisateurs anonymes et 151 utilisateurs inconnus
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Infectée par win spyware protect

Prévenir les modérateurs en cas d'abus 
stephy33000
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 18/07/2008 à 15:57:50  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour, je suis infectée par win spyware protect, il s'est insallé sur mon bureau, m'affiche des pages de pub intempestives...

 Par ailleurs, je n'arrive pas à activer les mises à jour automatiques de windows.
 Merci de m'aider, sachant que je suis novice. ;)

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 18/07/2008 à 17:03:53  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour,

 Passe un coup de MalwareBytes (scan complet) et nettoie tout ce qu'il trouve
 Aide : http://www.site-naheulbeuk.com/malwarebytes.php
 Post moi le rapport généré à la fin dans ta prochaine réponse :)

 :hello:


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
(Publicité)
stephy33000
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 18/07/2008 à 18:53:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Merci de m'aider !
 Par contre il me dit qu'il n'a pas réussi à supprimer certains éléments.
 voici le rapport:

 Malwarebytes' Anti-Malware 1.20
 Version de la base de données: 964
 Windows 5.1.2600 Service Pack 2

 20:49:16 18/07/2008
 mbam-log-7-18-2008 (20-49-16).txt

 Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
 Eléments examinés: 132728
 Temps écoulé: 29 minute(s), 15 second(s)

 Processus mémoire infecté(s): 1
 Module(s) mémoire infecté(s): 2
 Clé(s) du Registre infectée(s): 22
 Valeur(s) du Registre infectée(s): 3
 Elément(s) de données du Registre infecté(s): 2
 Dossier(s) infecté(s): 17
 Fichier(s) infecté(s): 45

 Processus mémoire infecté(s):
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprt​ct.exe (Rogue.WinSpywareProtect) -> Unloaded process successfully.

 Module(s) mémoire infecté(s):
 C:\WINDOWS\system32\fccCVnop.d​ll (Trojan.Vundo) -> Unloaded module successfully.
 C:\WINDOWS\Resources\SysCD.dll (Trojan.Clicker) -> Unloaded module successfully.

 Clé(s) du Registre infectée(s):
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{03c9c6e2-0592-4ec6-89​bd-fd65e798fd11} (Trojan.Vundo) -> Delete on reboot.
 HKEY_CLASSES_ROOT\CLSID\{03c9c​6e2-0592-4ec6-89bd-fd65e798fd1​1} (Trojan.Vundo) -> Delete on reboot.
 HKEY_CLASSES_ROOT\wasfsd.creat​ionnotifier (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_CLASSES_ROOT\wasfsd.creat​ionnotifier.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_CLASSES_ROOT\CLSID\{abcd4​567-76b5-4bc7-aac5-396d70925b2​2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_CLASSES_ROOT\Interface\{a​bcd4567-4d73-43e9-85e5-53a2dbd​95422} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_CLASSES_ROOT\Interface\{a​bcd4567-d8e8-4df1-a3ea-d0aa72f​42622} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_CLASSES_ROOT\Typelib\{abc​d4567-7437-43ef-ab74-4ab1d3a37​422} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_CLASSES_ROOT\CLSID\{69893​162-7939-46dd-8466-f6021f33745​4} (Trojan.Clicker) -> Delete on reboot.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\USL​st (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\USS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\USS_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\US​S (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Sec​uriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\uss_{826f15bf-1a4c-​4290-bfd1-794af7a2cb8f}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\uss_{d1957ff4-ea22-​4b4a-81a1-c62068479ded}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\uss_{ec572088-91c7-​4293-93f9-93d40b0e0b36}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\wasfsd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

 Valeur(s) du Registre infectée(s):
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run\s9201 (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\ShellServiceObjectDelayLoad\s​yscd (Trojan.Clicker) -> Delete on reboot.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run\48c35b7f (Trojan.Vundo) -> Quarantined and deleted successfully.

 Elément(s) de données du Registre infecté(s):
 HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\LSA\Secu​rity Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccvnop -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\LSA\Auth​entication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccvnop  -> Delete on reboot.

 Dossier(s) infecté(s):
 C:\Program Files\USS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\#agents (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\#agents\53 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\#monitors (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\#monitors\DirMonitor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\#monitors\FileMonito​r (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\#monitors\RegMonitor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{826F15BF-1A4C-4290-​BFD1-794AF7A2CB8F} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{D1957FF4-EA22-4b4a-​81A1-C62068479DED} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{EC572088-91C7-4293-​93F9-93D40B0E0B36} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\WINDOWS\system32\977751 (Trojan.BHO) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

 Fichier(s) infecté(s):
 C:\WINDOWS\system32\fccCVnop.d​ll (Trojan.Vundo) -> Delete on reboot.
 C:\WINDOWS\system32\ponVCccf.i​ni (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\system32\ponVCccf.i​ni2 (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\system32\uocjgrhl.d​ll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\system32\lhrgjcou.i​ni (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{826F15BF-1A4C-4290-​BFD1-794AF7A2CB8F}\kernel.dll (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{D1957FF4-EA22-4b4a-​81A1-C62068479DED}\AsAgents.dl​l (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\System Volume Information\_restore{E118F3A7-​8F51-4054-AD78-71B7A0A087B7}\R​P236\A0092336.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\system32\qgkttd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\system32\xmmuqbnh.d​ll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\system32\977751\977​751.dll (Trojan.BHO) -> Quarantined and deleted successfully.
 C:\WINDOWS\system32\drivers\wa​sfsd.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\#agents\53\#startup (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{826F15BF-1A4C-4290-​BFD1-794AF7A2CB8F}\GESPlugin.d​ll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{826F15BF-1A4C-4290-​BFD1-794AF7A2CB8F}\GESPlugin.x​ml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{826F15BF-1A4C-4290-​BFD1-794AF7A2CB8F}\unins000.da​t (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{826F15BF-1A4C-4290-​BFD1-794AF7A2CB8F}\unins000.ex​e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{D1957FF4-EA22-4b4a-​81A1-C62068479DED}\AMPlugin.dl​l (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{D1957FF4-EA22-4b4a-​81A1-C62068479DED}\AMPlugin.xm​l (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{D1957FF4-EA22-4b4a-​81A1-C62068479DED}\AsAgents.xm​l (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{D1957FF4-EA22-4b4a-​81A1-C62068479DED}\msvcp71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{D1957FF4-EA22-4b4a-​81A1-C62068479DED}\msvcr71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{D1957FF4-EA22-4b4a-​81A1-C62068479DED}\unins000.da​t (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{D1957FF4-EA22-4b4a-​81A1-C62068479DED}\unins000.ex​e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{EC572088-91C7-4293-​93F9-93D40B0E0B36}\GSCRPlugin.​dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{EC572088-91C7-4293-​93F9-93D40B0E0B36}\unins000.da​t (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Program Files\USS\{EC572088-91C7-4293-​93F9-93D40B0E0B36}\unins000.ex​e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprt​ct.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\200​80718085048107.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\200​80718091846765.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\200​80718104216034.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\200​80718170827578.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\200​80718190629796.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\200​80718201127140.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
 C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
 C:\WINDOWS\Resources\SysCD.dll (Trojan.Clicker) -> Delete on reboot.
 C:\Program Files\tmp0.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
 C:\Program Files\tmp1.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
 C:\Program Files\tmp2.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
 C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Documents and Settings\Stéphanie MENAY\Local Settings\Temp\software.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Documents and Settings\Stéphanie MENAY\Local Settings\Temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Documents and Settings\Stéphanie MENAY\Local Settings\Temp\vistasp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 19/07/2008 à 17:34:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonsoir,

 Télécharge ComboFix (créé par sUBs) sur ton Bureau

 Démarre en mode sans échec : http://forum.telecharger.01net [...] ges-1.html


 
  • Double clique combofix.exe.
  • Tape sur la touche 1 pour démarrer le scan puis laisse toi guider.
  • ComboFix redémarrera ton PC
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

 NOTE : Le rapport se trouve également ici : C:\Combofix.txt

 :hello:


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
 Page :
1

Aller à :
 

Sujets relatifs
Clef USB infectée, affichage fichier en raccourci Infectée par Mu search dial et wajam
clé usb inféctée PC surement infectée
Supprimer search protect by conduit pb avec spyware antivirus security pro !
Infectée de Email-Worm.Win32.Runouce.b infectée par W32.Myzor.FK@yf bis
[résolu] Infectée par systèmedoctor  
Plus de sujets relatifs à : Infectée par win spyware protect

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
[resolu] Spam centre de sécurité Windows 33
Résidus de Vundo et Navipromo [résolu] 21
[ RESOLU] alerte de sécurité windows et pubs intempestives 30
Deux Attaques En 5 Jours (résolu) 18
des fenetre pub s'ouvre avec explorer et firefox 6