Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

Windows security alert (virus)

 

1 utilisateur anonyme et 6 utilisateurs inconnus
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Windows security alert (virus)

Prévenir les modérateurs en cas d'abus 
pouetpou
pouetpou
  1. Posté le 21/08/2009 à 10:41:50  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut,

 Ca va faire 1 semaine que j'ai ce virus/malware ou je ne sais trop quoi sur mon PC  :pleure:  , j'en peux plus la, j'ai eu beau faire des scans avec Avira, avec Spybot SD, Adeware etc... Il est toujours la !

 ne fenetre Windows security alert pop toute les minutes en bas a droite de l'ecran, de temps en temps une autre fenetre, rouge, pop en plein milieu de l'ecran avec ecrit dedans: Spyware Alert. Vulnerabilities found. blablabla puis deux case avec Activate Security Central, or Stay unprotected.

 J'ai telecharge HJThis, je vous laisse mon rapport...

pouetpou
  1. Posté le 21/08/2009 à 10:43:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 12:42:11, on 21/08/2009
 Platform: Windows XP SP3 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16850)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\ZoneLabs\v​smon.exe
 C:\Program Files\Lavasoft\Ad-Aware\AAWSer​vice.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Avira\AntiVir Desktop\sched.exe
 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
 C:\Program Files\a-squared Free\a2service.exe
 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent​.exe
 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 C:\Program Files\AskBarDis\bar\bin\AskSer​vice.exe
 C:\Program Files\Bonjour\mDNSResponder.ex​e
 C:\WINDOWS\Microsoft.NET\Frame​work\v2.0.50727\mscorsvw.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
 C:\WINDOWS\system32\oodag.exe
 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\Explorer.exe
 C:\WINDOWS\system32\conime.exe
 C:\WINDOWS\RTHDCPL.EXE
 C:\Program Files\Razer\Lachesis\razerhid.​exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\MOM.exe
 C:\Program Files\Yahoo!\Search Protection\SearchProtection.ex​e
 C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe
 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\Razer\Lachesis\OSD.exe
 C:\Program Files\DAEMON Tools Lite\daemon.exe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\Program Files\Curse\CurseClient.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Razer\Lachesis\razertra.​exe
 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
 C:\Program Files\PPLive\PPLive.exe
 C:\Program Files\Razer\Lachesis\razerofa.​exe
 C:\WINDOWS\systemls.exe
 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\ccc.exe
 C:\WINDOWS\system32\wbem\wmiap​srv.exe
 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
 C:\WINDOWS\system32\taskmgr.ex​e
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695E​CA05670} - (no file)
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B​94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
 O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e​39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar​1.dll
 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F99​7BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: BHO - {5B1D95A2-F547-4e5e-8902-622B0​8354622} - C:\WINDOWS\system32\iehelper.d​ll (file missing)
 O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3A​AC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - (no file)
 O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364​A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
 O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b8​8305f98} - C:\Program Files\AskBarDis\bar\bin\askBar​1.dll
 O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMI​G.EXE" /Spoil /RemAdvDef /Migration32
 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLG​NT\TINTSETP.EXE /SYNC
 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLG​NT\TINTSETP.EXE /IMEName
 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMI​G.EXE
 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
 O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe" MSRun
 O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.​exe
 O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.ex​e"
 O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
 O4 - HKLM\..\RunOnce: [SpybotDeletingC8561] cmd.exe /c del "C:\WINDOWS\system32\hjgruikdm​yjjmx.dat"
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1​\DW\dwtrig20.exe" -t
 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
 O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
 O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.ex​e
 O4 - HKCU\..\Run: [PPLive] "C:\Program Files\PPLive\PPLive.exe" /LoadModule ppvod.dll
 O4 - HKCU\..\Run: [ccleaner] "D:\Program File\CCleaner\CCleaner.exe" /AUTO
 O4 - HKCU\..\Run: [system pools] C:\WINDOWS\systemls.exe
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKCU\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RéSEAU')
 O4 - HKUS\S-1-5-21-1935655697-88435​7618-725345543-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Invité')
 O4 - HKUS\S-1-5-21-1935655697-88435​7618-725345543-501\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.​exe" (User 'Invité')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
 O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
 O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXC​EL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B1​90E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.​DLL
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O15 - ESC Trusted Zone: http://*.update.microsoft.com
 O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw [...] ontrol.cab
 O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909​CB9515D} (Edit Class) - https://site.cmbchina.com/download/CMBEdit.cab
 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD8​4642501} (Checkers Class) - http://messenger.zone.msn.com/ [...] b56986.cab
 O16 - DPF: {5D6F45B3-9043-443D-A792-11544​7494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ [...] E_UNO1.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF​33E833C} (WUWebControl Class) - http://www.update.microsoft.co [...] 1421614722
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA​91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co [...] 1424488171
 O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D​2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-22031​3175592} (MSN Games - Installer) - http://messenger.zone.msn.com/ [...] b56649.cab
 O16 - DPF: {BD393C14-72AD-4790-A095-76522​973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/ [...] b57213.cab
 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46​475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b56907.cab
 O16 - DPF: {EF0D1A14-1033-41A2-A589-240C0​1EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab
 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C​7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKY​PE4~1.DLL
 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
 O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceAdobeActiv​eFileMonitor7.0 (aawserviceaawserviceAdobeActi​veFileMonitor7.0) - Unknown owner - C:\WINDOWS\TEMP\espxdfatuc.exe (file missing)
 O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceAdobeActiv​eFileMonitor7.0 aawserviceaawserviceAdobeActiv​eFileMonitor7.0aawserviceAdobe​ActiveFileMonitor7.0 (aawserviceaawserviceAdobeActi​veFileMonitor7.0aawserviceAdob​eActiveFileMonitor7.0) - Unknown owner - C:\WINDOWS\TEMP\iocqxjmpii.exe
 O23 - Service: Lavasoft Ad-Aware Service aawserviceAdobeActiveFileMonit​or7.0 (aawserviceAdobeActiveFileMoni​tor7.0) - Unknown owner - C:\WINDOWS\TEMP\xykuhkummn.exe (file missing)
 O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent​.exe
 O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
 O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskSer​vice.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.ex​e
 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.​exe
 O23 - Service: Service de l?ˉiPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWSer​vice.exe
 O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.de​s.exe (file missing)
 O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
 O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\v​smon.exe
 O23 - Service: Centre de s¨|curit¨| wscsvc Defrag (wscsvc Defrag) - Unknown owner - C:\WINDOWS\system32\accesorr.e​xe (file missing)
 O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\Ya​hooAUService.exe

 --
 End of file - 13097 bytes

(Publicité)
severus-rogue
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 21/08/2009 à 11:21:16  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjours, tu as plein d'infection ! Supprime ces lignes :

 O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMI​G.EXE" /Spoil /RemAdvDef /Migration32
 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLG​NT\TINTSETP.EXE /IMEName
 O4 - HKLM\..\RunOnce: [SpybotDeletingC8561] cmd.exe /c del "C:\WINDOWS\system32\hjgruikdm​yjjmx.dat"
 O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1​\DW\dwtrig20.exe" -t
 O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1​\DW\dwtrig20.exe" -t
 O4 - HKCU\..\Run: [system pools] C:\WINDOWS\systemls.exe
 O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceAdobeActiv​eFileMonitor7.0 (aawserviceaawserviceAdobeActi​veFileMonitor7.0) - Unknown owner - C:\WINDOWS\TEMP\espxdfatuc.exe (file missing)
 O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceAdobeActiv​eFileMonitor7.0 aawserviceaawserviceAdobeActiv​eFileMonitor7.0aawserviceAdobe​ActiveFileMonitor7.0 (aawserviceaawserviceAdobeActi​veFileMonitor7.0aawserviceAdob​eActiveFileMonitor7.0) - Unknown owner - C:\WINDOWS\TEMP\iocqxjmpii.exe
 O23 - Service: Lavasoft Ad-Aware Service aawserviceAdobeActiveFileMonit​or7.0 (aawserviceAdobeActiveFileMoni​tor7.0) - Unknown owner - C:\WINDOWS\TEMP\xykuhkummn.exe (file missing)
 O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskSer​vice.exe
 O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.de​s.exe (file missing)
 O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
 O23 - Service: Centre de s¨|curit¨| wscsvc Defrag (wscsvc Defrag) - Unknown owner - C:\WINDOWS\system32\accesorr.e​xe (file missing)

 Scan le pc avec malwarebyte's puis poste le rapport stp.

pouetpou
  1. Posté le 21/08/2009 à 12:49:38  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,
 Merci pour votre aide. J'ai bien Fixe les lignes comme dit plus haut. Et deja je vois une difference, rien qu'en ayant fixe les lignes. Je n'ai plus cette fausse alerte ni la boite de dialogue au centre de l'ecran ''Sywarew detected''

 Voici le scan de Malewarebyte's:

 Malwarebytes' Anti-Malware 1.40
 Database version: 2669
 Windows 5.1.2600 Service Pack 3

 21/08/2009 14:57:13
 mbam-log-2009-08-21 (14-57-09).txt

 Scan type: Quick Scan
 Objects scanned: 103395
 Time elapsed: 13 minute(s), 43 second(s)

 Memory Processes Infected: 0
 Memory Modules Infected: 1
 Registry Keys Infected: 8
 Registry Values Infected: 0
 Registry Data Items Infected: 2
 Folders Infected: 2
 Files Infected: 15

 Memory Processes Infected:
 (No malicious items detected)

 Memory Modules Infected:
 \\?\globalroot\systemroot\syst​em32\hjgruiwndoqpot.dll (Trojan.TDSS) -> No action taken.

 Registry Keys Infected:
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{5b1d95a2-f547-4e5e-89​02-622b08354622} (Trojan.Vundo.H) -> No action taken.
 HKEY_CLASSES_ROOT\CLSID\{5b1d9​5a2-f547-4e5e-8902-622b0835462​2} (Trojan.Vundo.H) -> No action taken.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Ext\Stats\{5b1d95a2-f547-4e5e-​8902-622b08354622} (Trojan.FakeAlert) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\adzgaloregames (Adware.Agent) -> No action taken.
 HKEY_CURRENT_USER\SOFTWARE\AvS​can (Trojan.FakeAlert) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Image File Execution Options\dailybucks_install.exe (Security.Hijack) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\cpmsky (Adware.Agent) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\mySearchAssistant (Adware.BHO) -> No action taken.

 Registry Values Infected:
 (No malicious items detected)

 Registry Data Items Infected:
 HKEY_CLASSES_ROOT\regfile\shel​l\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1" ) Good: (regedit.exe "%1" ) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Winlogon\She​ll (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> No action taken.

 Folders Infected:
 C:\Program Files\Adzgalore Games Collection (Adware.Agent) -> No action taken.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection  (Adware.Agent) -> No action taken.

 Files Infected:
 C:\WINDOWS\system32\iehelper.d​ll (Trojan.Vundo.H) -> No action taken.
 \\?\globalroot\systemroot\syst​em32\hjgruiwndoqpot.dll (Trojan.TDSS) -> No action taken.
 C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopter​s.exe (Adware.Agent) -> No action taken.
 C:\Program Files\Adzgalore Games Collection\BobAndBill.exe (Adware.Agent) -> No action taken.
 C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe (Adware.Agent) -> No action taken.
 C:\Program Files\Adzgalore Games Collection\Lines.exe (Adware.Agent) -> No action taken.
 C:\Program Files\Adzgalore Games Collection\uninstall.exe (Adware.Agent) -> No action taken.
 C:\Program Files\Adzgalore Games Collection\VideoPool.exe (Adware.Agent) -> No action taken.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk  (Adware.Agent) -> No action taken.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection\Crazy Blocks.lnk  (Adware.Agent) -> No action taken.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection\Lines.lnk  (Adware.Agent) -> No action taken.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection\The Battles Of Helicopters.lnk  (Adware.Agent) -> No action taken.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection\Video Pool.lnk  (Adware.Agent) -> No action taken.
 C:\WINDOWS\system32\drivers\st​r.sys (Rootkit.Agent) -> No action taken.
 C:\WINDOWS\systemls.exe (Trojan.FakeAlert) -> No action ta

pouetpou
  1. Posté le 21/08/2009 à 13:02:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Malwarebytes' Anti-Malware 1.40
 Database version: 2669
 Windows 5.1.2600 Service Pack 3

 21/08/2009 14:59:46
 mbam-log-2009-08-21 (14-59-46).txt

 Scan type: Quick Scan
 Objects scanned: 103395
 Time elapsed: 13 minute(s), 43 second(s)

 Memory Processes Infected: 0
 Memory Modules Infected: 1
 Registry Keys Infected: 8
 Registry Values Infected: 0
 Registry Data Items Infected: 2
 Folders Infected: 2
 Files Infected: 15

 Memory Processes Infected:
 (No malicious items detected)

 Memory Modules Infected:
 \\?\globalroot\systemroot\syst​em32\hjgruiwndoqpot.dll (Trojan.TDSS) -> Delete on reboot.

 Registry Keys Infected:
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{5b1d95a2-f547-4e5e-89​02-622b08354622} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 HKEY_CLASSES_ROOT\CLSID\{5b1d9​5a2-f547-4e5e-8902-622b0835462​2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Ext\Stats\{5b1d95a2-f547-4e5e-​8902-622b08354622} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\adzgaloregames (Adware.Agent) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\AvS​can (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Image File Execution Options\dailybucks_install.exe (Security.Hijack) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\cpmsky (Adware.Agent) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\mySearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.

 Registry Values Infected:
 (No malicious items detected)

 Registry Data Items Infected:
 HKEY_CLASSES_ROOT\regfile\shel​l\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1" ) Good: (regedit.exe "%1" ) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Winlogon\She​ll (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully.

 Folders Infected:
 C:\Program Files\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection  (Adware.Agent) -> Quarantined and deleted successfully.

 Files Infected:
 C:\WINDOWS\system32\iehelper.d​ll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 \\?\globalroot\systemroot\syst​em32\hjgruiwndoqpot.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
 C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopter​s.exe (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Program Files\Adzgalore Games Collection\BobAndBill.exe (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Program Files\Adzgalore Games Collection\Lines.exe (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Program Files\Adzgalore Games Collection\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Program Files\Adzgalore Games Collection\VideoPool.exe (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk  (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection\Crazy Blocks.lnk  (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection\Lines.lnk  (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection\The Battles Of Helicopters.lnk  (Adware.Agent) -> Quarantined and deleted successfully.
 C:\Documents and Settings\Station\Menu Démarrer\Programmes\Adzgalore Games Collection\Video Pool.lnk  (Adware.Agent) -> Quarantined and deleted successfully.
 C:\WINDOWS\system32\drivers\st​r.sys (Rootkit.Agent) -> Delete on reboot.
 C:\WINDOWS\systemls.exe (Trojan.FakeAlert) -> Quarantined and deleted successfu

(Publicité)
pouetpou
  1. Posté le 21/08/2009 à 13:04:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Certain items could not be removed! The first few are listed below. All items that couldn't be remouved have beed added to the delete on reboot list. Please  restart yout computer.........

severus-rogue
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 21/08/2009 à 20:21:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re scan le pc avec malwarebyte's stp puis poste le rapport.

pouetpou
  1. Posté le 23/08/2009 à 11:27:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut, voici le scan Mb;

 Malwarebytes' Anti-Malware 1.40
 Database version: 2669
 Windows 5.1.2600 Service Pack 3

 23/08/2009 13:26:06
 mbam-log-2009-08-23 (13-26-02).txt

 Scan type: Quick Scan
 Objects scanned: 103897
 Time elapsed: 14 minute(s), 27 second(s)

 Memory Processes Infected: 0
 Memory Modules Infected: 1
 Registry Keys Infected: 0
 Registry Values Infected: 0
 Registry Data Items Infected: 0
 Folders Infected: 0
 Files Infected: 2

 Memory Processes Infected:
 (No malicious items detected)

 Memory Modules Infected:
 \\?\globalroot\systemroot\syst​em32\hjgruiwndoqpot.dll (Trojan.TDSS) -> No action taken.

 Registry Keys Infected:
 (No malicious items detected)

 Registry Values Infected:
 (No malicious items detected)

 Registry Data Items Infected:
 (No malicious items detected)

 Folders Infected:
 (No malicious items detected)

 Files Infected:
 \\?\globalroot\systemroot\syst​em32\hjgruiwndoqpot.dll (Trojan.TDSS) -> No action taken.
 C:\WINDOWS\system32\drivers\st​r.sys (Rootkit.Agent) -> No action taken.

(Publicité)
 Page :
1

Aller à :
 

Sujets relatifs
Redemarrage intempestif de windows (Virus, trojan) VIRUS ALERT!
Security Toolbar 7.1 (édition suppression identité) Suite virus downloader => Bureau windows tout bleu
spyware secure-averti ssement windows pop up génant avec windows vista
virus ou autre ? malgrès le blocage trafic internet continue Windows rame grave..(résolu)
Plus de sujets relatifs à : Windows security alert (virus)

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
Probleme Rootkit 4
Besoin d'aide, trojan win32.Hrup.a 5
Infecté par Win32.Mabezat et autres [résolu] 27
Virtumonde (bis) 1
Gen:rootkit.heur.cuw@eufl jti 5