Votre question

VIRUSPlein de pub au démarage de windows Uccleaner...

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Avril 2008 20:42:20

coucou j'ai plein de problème pas le temps des détails mon internet va encore planter (virus) voici le log hijackthis AIDEZ MOI SVP
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:49, on 2008-04-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\wzstovch\cxwpgzch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Véronique\Local Settings\Temporary Internet Files\Content.IE5\SL8IO7B4\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {74B82A6B-204F-4EBE-9D73-A2656B0DCF1E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A546F24A-A48E-4C86-BD64-B4F701DBB0A3} - C:\WINDOWS\system32\ddcYsSLe.dll
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\khfGaxwv.dll
O2 - BHO: DVA Gate - {AEAFB69D-EDE2-47C8-BDBA-D8938DE059D3} - C:\WINDOWS\qnmargolewk.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: dpevflbg - {CE66268D-0208-4D9E-8BC7-12D91072A34D} - C:\WINDOWS\dpevflbg.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [4027da51] rundll32.exe "C:\WINDOWS\system32\xutfugyc.dll",b
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [wrhjrkgk] C:\WINDOWS\system32\gdodwhod.exe
O4 - HKCU\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide
O4 - HKLM\..\Policies\Explorer\Run: [lHoj5HwFa5] C:\Documents and Settings\All Users\Application Data\wzstovch\cxwpgzch.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O20 - Winlogon Notify: khfGaxwv - C:\WINDOWS\SYSTEM32\khfGaxwv.dll
O21 - SSODL: vadokmxt - {ED9576A1-F731-496A-8351-86FCF28B3C9C} - C:\WINDOWS\vadokmxt.dll
O21 - SSODL: wdpoefan - {6625552F-3D31-4E2B-8715-556ADBE473D0} - C:\WINDOWS\wdpoefan.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6973 bytes

Autres pages sur : virusplein pub demarage windows uccleaner

27 Avril 2008 20:45:12

désolé double post ... BitDefender Total Security ne trouve rien et mon pc flanche à totes es 5 minutes..... j'ai des pubs UCCleaner je ne peux plus ouvrir mon gestionnaire de tâches... des "Alertes Virus" de microsoft et plus encore! Aidez-moi svp :( 
27 Avril 2008 21:13:47

plein d'Alertes partout je vois plus rien... adiez-moi svp :( 
C'est que j'ai un travail de chimie à remettre pour bientôt et c'est mon seul PC... j'suis incapable de taper car tout ferme
Contenus similaires
27 Avril 2008 21:16:08

:hello:  Bonjour,

Du calme merci :o  Il fallait faire plus attention à ce que tu fais sur le net :) 

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    27 Avril 2008 21:48:42

    merci de ton aide, Merillym. Scan en cours...
    27 Avril 2008 22:08:56

    voici le rapport
    EDIT: VOICI LE RAPPORT TEL QU'IL EST[#0000ff]APRÈSLE REDÉMARRAGE DU PC
    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 690

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 56454
    Temps écoulé: 18 minute(s), 7 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 48
    Valeur(s) du Registre infectée(s): 10
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 8
    Fichier(s) infecté(s): 96

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    c:\WINDOWS\system32\khfGaxwv.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\ddcYsSLe.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{a6c54318-5ac7-477d-b0a7-49af5189300c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6c54318-5ac7-477d-b0a7-49af5189300c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfgaxwv (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4111c0bf-a8b2-4ced-9c56-1208cbcd61fa} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{4111c0bf-a8b2-4ced-9c56-1208cbcd61fa} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Interface\{c63691f4-f245-4dde-b79e-ae9885e0102b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d9c28083-e28d-4ab3-b109-82758b1b484c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a78bc6b0-af68-47c0-a2de-daadeff87df9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ee7c45b3-8f9b-4a78-be6e-aa3267d541be} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e95305fa-0407-4401-9240-793f8a6197c3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc-cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{655453f0-3797-4fbd-8c06-d2cfd523b799} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6625552f-3d31-4e2b-8715-556adbe473d0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ed9576a1-f731-496a-8351-86fcf28b3c9c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{aeafb69d-ede2-47c8-bdba-d8938de059d3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aeafb69d-ede2-47c8-bdba-d8938de059d3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ce66268d-0208-4d9e-8bc7-12d91072a34d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dpevflbg.bagl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dpevflbg.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a6c54318-5ac7-477d-b0a7-49af5189300c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4027da51 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lHoj5HwFa5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{655453f0-3797-4fbd-8c06-d2cfd523b799} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wdpoefan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vadokmxt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ce66268d-0208-4d9e-8bc7-12d91072a34d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcyssle -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcyssle -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner\com (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Application Data\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\WINDOWS\system32\khfGaxwv.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ddcYsSLe.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\eLSsYcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eLSsYcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xutfugyc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cyguftux.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\wzstovch\cxwpgzch.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Local Settings\Temp\EXPLOR~1.EXE.bak (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\olgdqarf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\wxvgsdbq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner\PC-Cleaner.db (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner\PC-Cleaner.exe (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner\pccleaner.pkg (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner\program.info (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner\Uninstall.exe (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner\com\pcsd.dll (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Application Data\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Application Data\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\wdpoefan.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\vadokmxt.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\qnmargolewk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\dpevflbg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Bureau\blackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Véronique\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    27 Avril 2008 22:17:55

    je l'ai prit avant de tout supprimer... y'a eu aucun problème pour supprimer. Tout à l'air OK ici jusqu'à maintenant :) 
    27 Avril 2008 23:17:52

    Re,

    Tu es encore infecté(e) et je ne sais pas si tu réalises à quel point tu l'étais ! Pas étonnant que ton PC déconnait ! Je ne sais pas ce que tu fais sur le net, toi ou un autre utilisateur d'ailleurs, mais faudrait arrêter de faire n'importe quoi :)  Clique sur le lien dans ma signature pour en savoir plus.

    Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

    1) [~] Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
    [~] Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK

    Tu recocheras après.


    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

    2) Désactive toute protection résidente ( antivirus…) !
    Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !


    Télécharge Combofix de sUBs
    Sauvegarde le sur ton bureau et pas ailleurs !
    Redémarre en mode sans échecs : aide ici >>>
    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

    3) Copie/colle un nouveau rapport HiJackThis avec.

    Bonne soirée :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS