Infectée par win spyware protect - Sécurité, virus et assimilés::Trojan et spywares

Auteur

Message

stephy33000

Posté le 18/07/2008 17:57:50

Bonjour, je suis infectée par win spyware protect, il s'est insallé sur mon bureau, m'affiche des pages de pub intempestives...

Par ailleurs, je n'arrive pas à activer les mises à jour automatiques de windows.
Merci de m'aider, sachant que je suis novice.

-->Message édité par stephy33000 le 18/07/2008 18:48:03<--

naheulbeuk

Posté le 18/07/2008 19:03:53

bonjour,

Passe un coup de MalwareBytes (scan complet) et nettoie tout ce qu'il trouve
Aide : http://www.site-naheulbeuk.com/malwarebytes.php
Post moi le rapport généré à la fin dans ta prochaine réponse

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

stephy33000

Posté le 18/07/2008 20:53:44

Merci de m'aider !
Par contre il me dit qu'il n'a pas réussi à supprimer certains éléments.
voici le rapport:

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 964
Windows 5.1.2600 Service Pack 2

20:49:16 18/07/2008
mbam-log-7-18-2008 (20-49-16).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 132728
Temps écoulé: 29 minute(s), 15 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 17
Fichier(s) infecté(s): 45

Processus mémoire infecté(s):
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.WinSpywareProtect) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fccCVnop.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\Resources\SysCD.dll (Trojan.Clicker) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03c9c6e2-0592-4ec6-89bd-fd65e798fd11} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{03c9c6e2-0592-4ec6-89bd-fd65e798fd11} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\wasfsd.creationnotifier (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wasfsd.creationnotifier.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abcd4567-76b5-4bc7-aac5-396d70925b22} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abcd4567-4d73-43e9-85e5-53a2dbd95422} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abcd4567-d8e8-4df1-a3ea-d0aa72f42622} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{abcd4567-7437-43ef-ab74-4ab1d3a37422} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{69893162-7939-46dd-8466-f6021f337454} (Trojan.Clicker) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\USLst (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\USS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USS_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\USS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uss_{826f15bf-1a4c-4290-bfd1-794af7a2cb8f}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uss_{d1957ff4-ea22-4b4a-81a1-c62068479ded}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uss_{ec572088-91c7-4293-93f9-93d40b0e0b36}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wasfsd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\syscd (Trojan.Clicker) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\48c35b7f (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccvnop -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccvnop -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\USS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\#agents (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\#agents\53 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\#monitors (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\#monitors\DirMonitor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\#monitors\FileMonitor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\#monitors\RegMonitor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\977751 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\fccCVnop.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ponVCccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ponVCccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uocjgrhl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lhrgjcou.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\kernel.dll (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E118F3A7-8F51-4054-AD78-71B7A0A087B7}\RP236\A0092336.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgkttd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmmuqbnh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\977751\977751.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\wasfsd.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\#agents\53\#startup (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\msvcp71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\msvcr71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\GSCRPlugin.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080718085048107.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080718091846765.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080718104216034.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080718170827578.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080718190629796.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080718201127140.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\SysCD.dll (Trojan.Clicker) -> Delete on reboot.
C:\Program Files\tmp0.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp1.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp2.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stéphanie MENAY\Local Settings\Temp\software.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stéphanie MENAY\Local Settings\Temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stéphanie MENAY\Local Settings\Temp\vistasp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

naheulbeuk

Posté le 19/07/2008 19:34:54

bonsoir,

Télécharge ComboFix (créé par sUBs) sur ton Bureau

Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)

Double clique combofix.exe.

Tape sur la touche 1 pour démarrer le scan puis laisse toi guider.

ComboFix redémarrera ton PC

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

:hello:

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

[sélection] Téléchargement : les dix meilleurs logiciels de la semaine

[banc d'essai] Le classement des fournisseurs d'accès à Internet (2 au 8 octobre)

[bureautique] La version définitive d'OpenOffice.org 3.0 à télécharger

[très haut-débit] Fibre optique : les règles du jeu sont fixées

[desktops] Chez Packard Bell, l'achat d'un PC à 499 euros donne droit à une Xbox 360 à 30 euros

[pc] L'Eee Box d'Asus fourni avec virus

[jeu vidéo] Ça va sortir : James Bond, Quantum of Solace

[microsoft] RIM pourrait être une proie tentante pour Microsoft