pc infecté par antivirus 2009 : aide urgenteRésolu/Fermé

Question

Bonjour,

Mon pc a été infecté par anivirus 2009
Pourriez-vous m'aider à supprimer ce virus.
Voici les infos donnée par hijackthis.

QUE FAUT-IL FAIRE ENSUITE ????






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:36, on 5/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\Packard Bell\FIJI\AOSD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WerCon.exe
C:\Users\jean-claude\jack.exe
c:\program files\google\googletoolbar1user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] "C:\Users\jean-claude\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe" -startup  -product IncrediMail  
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JEAN-C~1\AppData\Local\Temp\qoMgdeDU.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JEAN-C~1\AppData\Local\Temp\wvUmjGaa.dll,c
O4 - HKCU\..\Run: [38cd16ee] rundll32.exe "C:\Users\JEAN-C~1\AppData\Local\Temp\kqrjiwra.dll",b
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ASWLSVC - Unknown owner - C:\Windows\System32\ASWLSVC.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

varfendell · Answer

Bonjour,

regarde ici

lion1951wjc · Answer

merci bcp de ton aide, mais est-il possible d'avoir celà en francais ?

varfendell · Answer

eu...j'ai fait une petite manipulation pour avoir  la page en français
http://translate.google.fr/...  dit moi si c'est mieux.

lion1951wjc · Answer

voici le résultat du logiciel Malwarebytes' Anti-Malware 1.24

Que faire ensuite ?  Merci.




Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1026
Windows 6.0.6001 Service Pack 1

11:39:57 5/08/2008
mbam-log-8-5-2008 (11-39-57).txt

Type de recherche: Examen rapide
Eléments examinés: 42263
Temps écoulé: 6 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Users\jean-claude\AppData\Local\Temp\wvUmjGaa.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\jean-claude\AppData\Local\Temp\qoMgdeDU.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\ParisHilton (Adware.NaviPromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\jean-claude\AppData\Local\Temp\wvUmjGaa.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\jean-claude\AppData\Local\Temp\qoMgdeDU.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\jean-claude\AppData\Local\Temp\mojxdqwq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp00008564 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp00008dec (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp00009a2c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp00009bc1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp0000a42a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp0000aee4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp0000eb19 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp00010962 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp000113fc (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp0001512b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp00019ab8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp000205f8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp	mp0006c773 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp\urqOGVPF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp\uvqxcgvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp\efcASlLC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp\efcBqpmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp\stl_orig.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\jean-claude\AppData\Local\Temp\s1265.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.

varfendell · Answer

rolala,

bourrer de trojan ton PC, il était infecter par Vundo et FakeAlert (ce dernier provient de sites à caracteres pornographique^^)
Normalement il va te falloir redemarer ton PC, et ça devrait etre bon. il va peut etre t'afficher un rapport au redemarage, post le, sinon refait en un.

lion1951wjc · Answer

ok celà à l'air bon, le pc a bien redémarré, et je n'ai plus les messages de ces fameux antivirus 2009.
quant au fake alert ??? mystère, je ne sais pas d'où ça vient. 
Je sais qu'il y a parfois des images porno qui apparaisse sur mon pc, serait-ce celà ?
en tout cas, merci pour ton aide....

varfendell · Answer

Bien, tu peut mettre le marqueur résolu ^^
il y a parfois des images porno qui apparaisse sur mon pc
Voici un petit article sur les fake.
En général les fake publicitaire affiche ce genre de pop up intempestif.

Pc infecté par antivirus 2009 : aide urgente

7 réponses

Newsletters