sheveun
-
Compteur de contenus
4 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par sheveun
-
Gros problemes de virus pop-up win pro 2006
sheveun a répondu à un(e) sujet de sheveun dans Analyses et éradication malwares
VundoFix V6.4.1 Checking Java version... Sun Java not detected Scan started at 22:36:15 02/06/2007 Listing files found while scanning.... No infected files were found. rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 22:42:39, on 02/06/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\winamp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Salaat Time\SalaatTime.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\malcolm\Bureau\text.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [salaatTime] C:\Program Files\Salaat Time\SalaatTime.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Windows Defender User Interface - Unknown owner - C:\WINDOWS\MsMpEng.exe (file missing) Beginning removal... C'est bizzare je suis hyper infecté pourtant!!! -
Gros problemes de virus pop-up win pro 2006
sheveun a répondu à un(e) sujet de sheveun dans Analyses et éradication malwares
salut, SDFix: Version 1.85 Run by malcolm - 02/06/2007 - 18:54:40,60 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: Microsoft windows FTPd ImagePath: "C:\WINDOWS\System32\dllcache\updtftpini.exe" Microsoft windows FTPd - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\-93061~1 - Deleted C:\WINDOWS\system32\TFTP1700 - Deleted Removing Temp Files... ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes: C:\WINDOWS\system32\SalaatTime.dll C:\Program Files\Salaat Time\Setup.exe Finished -
Gros problemes de virus pop-up win pro 2006
sheveun a répondu à un(e) sujet de sheveun dans Analyses et éradication malwares
Salut, En fait pour jetico cela va etre difficile car justement je ne suis pas un utilisateur experimenté et le tutorial me parait bien compliqué Je m'etais debrouillé pour pouvoir surfer un minimum en telechargeant hitman pro et virtumonde donc voici le rapport: [05/31/2007, 19:45:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\malcolm\Bureau\VirtumundoBeGone.exe" ) [05/31/2007, 19:45:21] - Detected System Information: [05/31/2007, 19:45:21] - Windows Version: 5.1.2600, [05/31/2007, 19:45:21] - Current Username: malcolm (Admin) [05/31/2007, 19:45:21] - Windows is in NORMAL mode. [05/31/2007, 19:45:21] - Searching for Browser Helper Objects: [05/31/2007, 19:45:21] - BHO 1: {CD3447D4-CA39-4377-8084-30E86331D74C} () [05/31/2007, 19:45:21] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/31/2007, 19:45:21] - Checking for HKLM\...\Winlogon\Notify\oysarviu [05/31/2007, 19:45:21] - Key not found: HKLM\...\Winlogon\Notify\oysarviu, continuing. [05/31/2007, 19:45:21] - BHO 2: {E3511E3B-FA32-4D5B-9FA4-C5A09FBC8592} () [05/31/2007, 19:45:21] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/31/2007, 19:45:21] - Checking for HKLM\...\Winlogon\Notify\awtss [05/31/2007, 19:45:21] - Found: HKLM\...\Winlogon\Notify\awtss - This is probably Virtumundo. [05/31/2007, 19:45:21] - Assigning {E3511E3B-FA32-4D5B-9FA4-C5A09FBC8592} MSEvents Object [05/31/2007, 19:45:21] - BHO list has been changed! Starting over... [05/31/2007, 19:45:21] - BHO 1: {CD3447D4-CA39-4377-8084-30E86331D74C} () [05/31/2007, 19:45:21] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/31/2007, 19:45:21] - Checking for HKLM\...\Winlogon\Notify\oysarviu [05/31/2007, 19:45:21] - Key not found: HKLM\...\Winlogon\Notify\oysarviu, continuing. [05/31/2007, 19:45:21] - BHO 2: {E3511E3B-FA32-4D5B-9FA4-C5A09FBC8592} (MSEvents Object) [05/31/2007, 19:45:21] - ALERT: Found MSEvents Object! [05/31/2007, 19:45:21] - Finished Searching Browser Helper Objects [05/31/2007, 19:45:21] - *** Detected MSEvents Object [05/31/2007, 19:45:21] - Trying to remove MSEvents Object... [05/31/2007, 19:45:22] - Terminating Process: IEXPLORE.EXE [05/31/2007, 19:45:22] - Terminating Process: RUNDLL32.EXE [05/31/2007, 19:45:23] - Disabling Automatic Shell Restart [05/31/2007, 19:45:23] - Terminating Process: EXPLORER.EXE [05/31/2007, 19:45:23] - Suspending the NT Session Manager System Service [05/31/2007, 19:45:23] - Terminating Windows NT Logon/Logoff Manager [05/31/2007, 19:45:24] - Re-enabling Automatic Shell Restart [05/31/2007, 19:45:24] - File to disable: C:\WINDOWS\System32\awtss.dll [05/31/2007, 19:45:24] - Renaming C:\WINDOWS\System32\awtss.dll -> C:\WINDOWS\System32\awtss.dll.vir [05/31/2007, 19:45:24] - File successfully renamed! [05/31/2007, 19:45:24] - Removing HKLM\...\Browser Helper Objects\{E3511E3B-FA32-4D5B-9FA4-C5A09FBC8592} [05/31/2007, 19:45:24] - Removing HKCR\CLSID\{E3511E3B-FA32-4D5B-9FA4-C5A09FBC8592} [05/31/2007, 19:45:24] - Adding Kill Bit for ActiveX for GUID: {E3511E3B-FA32-4D5B-9FA4-C5A09FBC8592} [05/31/2007, 19:45:24] - Deleting ATLEvents/MSEvents Registry entries [05/31/2007, 19:45:24] - Removing HKLM\...\Winlogon\Notify\awtss [05/31/2007, 19:45:24] - Searching for Browser Helper Objects: [05/31/2007, 19:45:24] - BHO 1: {CD3447D4-CA39-4377-8084-30E86331D74C} () [05/31/2007, 19:45:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/31/2007, 19:45:24] - Checking for HKLM\...\Winlogon\Notify\oysarviu [05/31/2007, 19:45:24] - Key not found: HKLM\...\Winlogon\Notify\oysarviu, continuing. [05/31/2007, 19:45:24] - Finished Searching Browser Helper Objects [05/31/2007, 19:45:24] - Finishing up... [05/31/2007, 19:45:24] - A restart is needed. [05/31/2007, 19:45:27] - Attempting to Restart via STOP error (Blue Screen!) -
Gros problemes de virus pop-up win pro 2006
sheveun a posté un sujet dans Analyses et éradication malwares
Salut, Je suis victime de differents virus et autres pop-up(winpro2006 pour ne pas changer),de plus mon ordi redemarre brusquement aprés un arrét du systeme!! il m'est impossible de telecharger des logiciels anti malware alors que faire etant donné que je suis un veritable debutant en informatique!!! merci de votre aide!! Voici le rapport hijack Logfile of HijackThis v1.99.1 Scan saved at 19:02:09, on 31/05/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\malcolm\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe C:\Documents and Settings\malcolm\Local Settings\Temporary Internet Files\Content.IE5\W56B8PAR\hijackthis[1]\test.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\System32\oysarviu.dll O2 - BHO: (no name) - {E3511E3B-FA32-4D5B-9FA4-C5A09FBC8592} - C:\WINDOWS\System32\awtss.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\osgjfpki.dll",realset O4 - HKLM\..\Run: [FC Tilecom] Tilecomfc.com O4 - HKLM\..\RunServices: [FC Tilecom] Tilecomfc.com O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: awtss - C:\WINDOWS\System32\awtss.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Microsoft windows FTPd - Unknown owner - C:\WINDOWS\System32\dllcache\updtftpini.exe (file missing)