SOS virus generic

ghislo88 Messages postés 19 Statut Membre -  
ghislo88 Messages postés 19 Statut Membre -
Bonjour,

ma machine redemare sans arret en affichant lecran bleu.
quand elle reusiit a sallumer Mc affe dettecte le virus generic et le suprime
mais a chaque fois que je demarre il dettecte toujour le meme virus et le suprime je ne sais plus quoi faire;
svp aidez moi
Configuration: Windows XP
Internet Explorer 6.0

3 réponses

  1.
    Hadrienen Messages postés 723 Statut Membre 25
     
    Salut ,

    1°Telecharge Hijacthis
    Installe le
    Lance le
    choisi "Do a scan only "
    Poste le rapport

    2°télécharge MBAM .

    Mets le à jour et scan complet.

    Poste le rapport.
    0
  2. ghislo88 Messages postés 19 Statut Membre
     
    voici le rapport de mbam

    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1654
    Windows 5.1.2600 Service Pack 2

    01/01/2002 01:42:19
    mbam-log-2009-02-09 (01-42-19).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 87950
    Temps écoulé: 1 hour(s), 30 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 21
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-21cx1c642131} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    D:\WINDOWS\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
    D:\WINDOWS\system32\kamsoft.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    D:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
    D:\WINDOWS\system32\iexplorer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    D:\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    0
  3. ghislo88 Messages postés 19 Statut Membre
     
    voici le rapprot hj this
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:17:11, on 10/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Keenfinder\keenfinder.exe
    D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    D:\WINDOWS\system32\igfxtray.exe
    D:\WINDOWS\system32\hkcmd.exe
    D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    D:\Program Files\SuperCopier2\SuperCopier2.exe
    D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    D:\Program Files\Keenfinder\keenfinder.exe
    D:\WINDOWS\System32\alg.exe
    D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
    D:\WINDOWS\system32\XP-4FC9895B.EXE
    D:\Program Files\Soft4Ever\looknstop\_looknstop.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\DAP\DAP.exe
    D:\WINDOWS\system32\wuauc1t.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Look 'n' Stop] "D:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
    O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [XP-4FC9895B] D:\WINDOWS\system32\XP-4FC9895B.EXE
    O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,I (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
    O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
    O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
    O4 - Startup: ¡¡¡¡¡¡.lnk = D:\WINDOWS\system32\XP-4FC9895B.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Keenfinder Service - Unknown owner - D:\Program Files\Keenfinder\keenfinder.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - D:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: Norton AntiVirus - Unknown owner - D:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe (file missing)
    0

Discussions similaires

'' generic android ''
Flxra._.Atxmics -
Flxra._.Atxmics -

2 réponses
Chrome://newtab
Nova -
snoopy35_ -

14 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses