problème pour eteindre mon pc Résolu/Fermé

Question

Bonjour, j' ai installé antivir,  spybot et malwarebytes c'est peu être trop non ?
j'ai des soucis pour eteindre mon pc ,il affiche plusieurs fois le même message, (fin de programme IEXPLORE.EXE ECT.... je clic sur terminer la fenetre s'eteint pour réapparaitre plusieurs fois avant que mon pc veuille bien faire dodo
est ce que j'ai encore  quelques  saletées ?
je croyais avoir fais le ménage avec malwarebytes, qui m'a mis 87 fichiers infectés en quarantaine, j'ai refais un scan avec antivir qui m'a trouvé 9 virus de plus.
le problème persiste toujours,
Merci d'avance si quelqu'un peu me dire ce qui ce passe et quoi faire........

chimay8 · Accepted Answer

hé destrio...ta pas le temps de perdre ton temps avec des personnes pareilles...

dans 15 jours t'y est encore;il y a d'autres gens qui ont besoin de se faire désinfectés
si monsieur a peur, propose lui d'aller dans un magasin pour se faire retirer les crasses.

si tu dois commencer à jouer sur des 20 ièmes de log!!!!!

Destrio5 · Answer

Salut,

- Télécharge HijackThis v2.0.2 sur ton Bureau.

- Double-clique sur HJTInstall afin de lancer l'installation.

- Clique sur Install ensuite sur I Accept.

- Clique sur Do a system scan and save a logfile.

- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.

Destrio5 · Answer

Clique sur mon pseudo, tu verras que je suis une personne de confiance.

Destrio5 · Answer

87 fichiers infectés, ça fait beaucoup, je pense à une infection Vundo, tu peux vérifier dans MBAM dans l'onglet Rapports/Logs.

cachou64 · Answer

Type de recherche: Examen complet (C:\|D:\|H:\|)
Eléments examinés: 141514
Temps écoulé: 1 hour(s), 13 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 48 
ça fais beaucoup non ?

Destrio5 · Answer

Le rapport de MBAM n'est pas complet.

cachou64 · Answer

:
C:\WINDOWS\system32\cBsPGvTj.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a454664-8c4b-477a-9dfd-d73001adbfc5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3a454664-8c4b-477a-9dfd-d73001adbfc5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmdvmmjc (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad355109-71a3-4550-bad5-d3f378950094} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad355109-71a3-4550-bad5-d3f378950094} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3a454664-8c4b-477a-9dfd-d73001adbfc5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{870e3b1b-d1c6-4b91-864c-90043cf02e56} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RADIO_USA (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RADIO_USA Toolbar (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RADIO_USA (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{870e3b1b-d1c6-4b91-864c-90043cf02e56} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{870e3b1b-d1c6-4b91-864c-90043cf02e56} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{870e3b1b-d1c6-4b91-864c-90043cf02e56} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbspgvtj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbspgvtj  -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\RADIO_USA (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.341.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.341.0bB.tmp (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.341.0bB.tmp\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.341.0bB.tmp\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.341.0bB.tmp\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA\CacheIcons (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA\CacheIcons (Adware.Agent) -> Files: 472 -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA\Communities (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA\RadioPlayer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss (Adware.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\cBsPGvTj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jTvGPsBc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jTvGPsBc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pMDVmmJc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcqsdw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cgcuecbq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qbceucgc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ihpdrvrd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drvrdphi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Temporary Internet Files\Content.IE5\J1E8M292\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\RADIO_USA	bRAD1.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Program Files\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBC7D642-3A20-48B5-955F-F2D6D129D857}\RP306\A0069434.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBC7D642-3A20-48B5-955F-F2D6D129D857}\RP306\A0069461.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBC7D642-3A20-48B5-955F-F2D6D129D857}\RP306\A0072693.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBC7D642-3A20-48B5-955F-F2D6D129D857}\RP307\A0072731.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBC7D642-3A20-48B5-955F-F2D6D129D857}\RP307\A0072745.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfjiycre.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pMDVmmJc.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
wrxggbv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\RADIO_USA\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RADIO_USA	bRADI.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RADIO_USA	oolbar.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RADIO_USA\UNWISE.EXE (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.341.0bB.tmp\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.341.0bB.tmp\firefox\extensions\components
pclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA\LanguagePack.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA\LocalSettings.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA\ThirdPartyComponents.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA\update.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA\Communities\CommunitiesGroup.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USA\RadioPlayer\Predefined_Media_List.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___online_wsj_com_xml_rss_3_7011_xml.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___online_wsj_com_xml_rss_3_7011_xml_history.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___online_wsj_com_xml_rss_3_7011_xml_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___rssfeeds_usatoday_com_usatoday-NewsTopStories.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___rssfeeds_usatoday_com_usatoday-NewsTopStories_history.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___rssfeeds_usatoday_com_usatoday-NewsTopStories_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___rss_news_yahoo_com_rss_elections#.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___rss_news_yahoo_com_rss_elections#_history.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___rss_news_yahoo_com_rss_elections#_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___tinyurl_com_2u3tzj.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___tinyurl_com_2u3tzj_history.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___tinyurl_com_2u3tzj_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___www_nytimes_com_services_xml_rss_nyt_National_xml.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___www_nytimes_com_services_xml_rss_nyt_National_xml_history.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\christian\Local Settings\Application Data\RADIO_USAss\http___www_nytimes_com_services_xml_rss_nyt_National_xml_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

Destrio5 · Answer

"C:\WINDOWS\system32\cBsPGvTj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jTvGPsBc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jTvGPsBc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pMDVmmJc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcqsdw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cgcuecbq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qbceucgc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ihpdrvrd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drvrdphi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully."

---> Plein de fichiers Vundo.

Depuis quelques jours, beaucoup de gens sont infectés par cette infection et malheureusement, MBAM ne suffit pas car Vundo se recrée et se multiplie.

cachou64 · Answer

quoi faire ?

Destrio5 · Answer

J'ai deux propositions :

---> ComboFix + RSIT

---> RSIT + OTMoveIt3

cachou64 · Answer

je vais essayer, mais pour ce soir ce sera tout, merci infiniment et excuse pour ce manque de confiance ça viendra peut être en attendant bonne nuit

Destrio5 · Answer

Si tu changes d'avis :

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Je te conseille vivement d'installer la Console de récupération.

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt

cachou64 · Answer

slt et vundo fix par ex

Destrio5 · Answer

VundoFix est dépassé et ne connait pas cette nouvelle version de Vundo.

cachou64 · Answer

B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
O2 - BHO: (no name) - {3A454664-8C4B-477A-9DFD-D73001ADBFC5} - (no file)
O2 - BHO: (no name) - {4EC0EF61-7F86-4020-814C-5BC0559D1375} - (no file) dans mon bloc note hijac,  ça vous dis quelque chose

Destrio5 · Answer

Ce ne sont que des clés de registre.

Ecoute, Vundo est une infection tenace. Si tu ne veux pas suivre mes indications car cela te fait peur, je comprends tout à fait mais on ne continue pas à tourner autour du pot.

cachou64 · Answer

j'ai fais un scan avec combo, le problème persiste

Destrio5 · Answer

Il me faut le rapport pour te faire un script ComboFix.

cachou64 · Answer

que peu tu voir dans ce rapport, je suis lourd je sais mais tu n'ai pas obligé de me répondre

Destrio5 · Answer

Plein de choses mais pas d'infos personnelles.

cachou64 · Answer

et dans le bloc note de hijack, je t'ai envoyé un extrait des fichiers ou je ne sais quoi qui sont touchés par vundo je crois il faut les supprimer et comment ?

cachou64 · Answer

super vague

chimay8 · Answer

hé bin!! ta plus qu'a surfer!!!

Destrio5 · Answer

cachou64 ---> Je préfère arrêter la désinfection ici puisque tu me fais perdre mon temps.

Bonne soirée.

Utilisateur anonyme · Answer

mdr

hé cahchou t as quelques choses a cacher ??

genre film de cul ?? o_O

xd

cachou64 · Answer

+ de 24000 messages en 4 mois je pense que tu as du temps à perdre merci quand même 
ps je n'ai rien à cacher par contre je trouve que tu es assez influenssable ( voir chimay et chiquitine)

Destrio5 · Answer

Ce sont les gens comme toi qui me font perdre du temps.

Je te maudis, j'espère que les infections se multiplieront dans ton PC et que ton PC plantera rapidement.

Au revoir.

cachou64 · Answer

slt  je vois que tous le monde s'enerve alors j'insiste pas j'aurais apris quelque petit truc en votre compagnie
désolé si je vous tane mais c'est la première fois, je debute ........ à tchao.....

Problème pour eteindre mon pc

28 réponses

Newsletters