Sujet Précédent Sujet Suivant

PROBLEME SERIEUX !!!!! AIDEZ MOI SVP

nnboss Messages postés 131 Statut Membre -  
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour, Je fait appelle a vous car hier en demarrant mon pc avast ma indiquer qui y'avai
beaucoup de virus (cheval de troie trojan..ect) alors que la veille tout marchait bien !j'ai tenter alors le scan au redemarage (programmer pour supprimer les fichier infectés avant qu'il soit actif) mais après le scan avast me dit encore que ces mêmes fichier son sur mon pc enfaite sa les supprime pas .Spybot n'y fait rien aussi ! malware bite trouve plus de 65 fichier infecter mais quant je fait supprimer les memes fichier reviennent toujours en plus maintenant sa m'ouvre des pages internet explorer pour rien alors que mon navigateur par default est Mozilla !!! J'AIS BESOIN D'AIDE

12 réponses

Réponse 1 / 12
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Salut,
Poste le rapport de Malwarebytes Anti MAlware. (Il se trouve dans l'onglet Rapports/Log).

- Télécharge HijackThis Version 2.02 :
= = = = >>> En cliquant ici <<< = = = =

- Enregistre HJTInstall.exe sur ton bureau.
- Fais un double-clic (gauche) sur HJTInstall.exe afin de lancer l’installation
- Clique sur Install ensuite sur « I Accept »
- Clique sur « Do a scan system and save log file »
- Le bloc-notes s’ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
0
nnboss Messages postés 131 Statut Membre
 
VOICI LE RAPPORT

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1813
Windows 5.1.2600 Service Pack 2

24/03/2009 19:35:18
mbam-log-2009-03-24 (19-35-14).txt

Type de recherche: Examen rapide
Eléments examinés: 90631
Temps écoulé: 41 minute(s), 32 second(s)

Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 56
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 55

Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohbxy (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\glaide32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\restore (Rootkit.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c1f8034 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfqo (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12zfg94-f641-2sf-k31p-5n1er6h6l2 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrpack29 (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg515-k641-55sf-n66p (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Heuristics.Reserved.Word.Exploit) -> Data: c:\documents and settings\all users\application data\microsoft\svchost.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe") Good: (Explorer.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> No action taken.
C:\Program Files\iCheck (Trojan.Agent) -> No action taken.
C:\Program Files\VnrPack (Adware.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\suwxxyay.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\suwxxyay.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jiewlvur.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> No action taken.
C:\RECYCLER\S-1-5-21-8162064167-8498976116-960435484-7326\service.exe (Trojan.Agent) -> No action taken.
C:\Program Files\WWShow\WWShow.dll (Trojan.Agent) -> No action taken.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\awtqrsPh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcYpNDV.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkKDsqO.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlJYpqoM.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qoMEtUmJ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqqOigd.dl_ (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tsuninst.exe (Spyware.TargetSaver) -> No action taken.
C:\WINDOWS\system32\yayywUlj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayyXnKD.dll (Trojan.Vundo.H) -> No action taken.
C:\mbackyt.exe (Trojan.TinyDownloader705) -> No action taken.
C:\rfjcpx.exe (Trojan.TinyDownloader705) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\rip10.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\__E.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\OS2CM5XY\152[1].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\T94SPGTK\155[1].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temporary Internet Files\Content.IE5\9MOA5K7G\apstpldr.dll[1].htm (Trojan.Vundo) -> No action taken.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> No action taken.
C:\Program Files\VnrPack\dicts.gz (Adware.Agent) -> No action taken.
C:\Program Files\VnrPack\trgts.gz (Adware.Agent) -> No action taken.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\netsik.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eliezer\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eliezer\Application Data\Twain\Twain.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\lsass.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\BN7E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\BN8B.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN23.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> No action taken.
0
Réponse 2 / 12
Utilisateur anonyme
 
'Lut,
primo, tu n'es pas obligé de hurler, on n'est pas sourd.. :(
Secundo, la place de ce topic est dans le forum virus.sécu..
0
Réponse 3 / 12
exclusiv111 Messages postés 269 Statut Membre 31
 
c vaiment genant mais essaye de telecharger nod32 de www.nod32.com il va te demander un nom d'utilisateur et mot de passe, tu les trouvera dans www.nod123.cn a gauche de al page d'acceuil, supprime ts les antivirus puis installe nod32, fais un scan, si t'as de chance il va ts supprimer sinon au pire des cas il va les mettre en quarantaine, si c le cas malheureusement tu aura besoin d'un formatage du dusque dur, bonne nuit
0
Réponse 4 / 12
nnboss Messages postés 131 Statut Membre
 
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1813
Windows 5.1.2600 Service Pack 2

24/03/2009 19:35:18
mbam-log-2009-03-24 (19-35-14).txt

Type de recherche: Examen rapide
Eléments examinés: 90631
Temps écoulé: 41 minute(s), 32 second(s)

Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 56
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 55

Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohbxy (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\glaide32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\restore (Rootkit.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c1f8034 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfqo (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12zfg94-f641-2sf-k31p-5n1er6h6l2 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrpack29 (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg515-k641-55sf-n66p (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Heuristics.Reserved.Word.Exploit) -> Data: c:\documents and settings\all users\application data\microsoft\svchost.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe") Good: (Explorer.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> No action taken.
C:\Program Files\iCheck (Trojan.Agent) -> No action taken.
C:\Program Files\VnrPack (Adware.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\suwxxyay.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\suwxxyay.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jiewlvur.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> No action taken.
C:\RECYCLER\S-1-5-21-8162064167-8498976116-960435484-7326\service.exe (Trojan.Agent) -> No action taken.
C:\Program Files\WWShow\WWShow.dll (Trojan.Agent) -> No action taken.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\awtqrsPh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcYpNDV.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkKDsqO.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlJYpqoM.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qoMEtUmJ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqqOigd.dl_ (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tsuninst.exe (Spyware.TargetSaver) -> No action taken.
C:\WINDOWS\system32\yayywUlj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayyXnKD.dll (Trojan.Vundo.H) -> No action taken.
C:\mbackyt.exe (Trojan.TinyDownloader705) -> No action taken.
C:\rfjcpx.exe (Trojan.TinyDownloader705) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\rip10.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\__E.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\OS2CM5XY\152[1].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\T94SPGTK\155[1].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temporary Internet Files\Content.IE5\9MOA5K7G\apstpldr.dll[1].htm (Trojan.Vundo) -> No action taken.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> No action taken.
C:\Program Files\VnrPack\dicts.gz (Adware.Agent) -> No action taken.
C:\Program Files\VnrPack\trgts.gz (Adware.Agent) -> No action taken.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\netsik.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eliezer\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eliezer\Application Data\Twain\Twain.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\lsass.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\BN7E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\BN8B.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN23.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> No action taken.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
"No action taken."
Supprime tout !
Poste le rapport qui te mets "quarantine and deleted seuccessfully" en face des fichiers.
0
Réponse 6 / 12
wajdi09 Messages postés 8 Statut Membre
 
je te conseille de formater l'ordinateur
0
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
La solution facile.
S'il vient là, c'est pour solutionner son problème autrement à mon avis ...!
0
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
Je te conseille de formater l'ordinateur

et ça sert à quoi d'avoir un forum virus/sécurité???
0
Réponse 7 / 12
nnboss Messages postés 131 Statut Membre
 
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1813
Windows 5.1.2600 Service Pack 2

24/03/2009 19:38:17
mbam-log-2009-03-24 (19-38-17).txt

Type de recherche: Examen rapide
Eléments examinés: 90631
Temps écoulé: 41 minute(s), 32 second(s)

Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 56
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 55

Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohbxy (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\glaide32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c1f8034 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfqo (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12zfg94-f641-2sf-k31p-5n1er6h6l2 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrpack29 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg515-k641-55sf-n66p (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Heuristics.Reserved.Word.Exploit) -> Data: c:\documents and settings\all users\application data\microsoft\svchost.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\suwxxyay.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\suwxxyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jiewlvur.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-8162064167-8498976116-960435484-7326\service.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files\WWShow\WWShow.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqrsPh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYpNDV.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKDsqO.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYpqoM.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMEtUmJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqqOigd.dl_ (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsuninst.exe (Spyware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayywUlj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyXnKD.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\mbackyt.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\rfjcpx.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\rip10.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\__E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\OS2CM5XY\152[1].net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\T94SPGTK\155[1].net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temporary Internet Files\Content.IE5\9MOA5K7G\apstpldr.dll[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\dicts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\trgts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\netsik.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eliezer\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eliezer\Application Data\Twain\Twain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\BN7E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\BN8B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN23.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
0
Réponse 8 / 12
wajdi09 Messages postés 8 Statut Membre
 
JE TE CONSEILLE DE FORMATER L'ORDINATEUR
0
Réponse 9 / 12
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
tu as deux messages et tu débloques déja...
0
Réponse 10 / 12
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
Crapoulou,

verni29 m'a fait remarqué quelque chose

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> No action taken.

ça pue le virut...
0
Réponse 11 / 12
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
fais ceci stp

**désactive ton antivirus, logiciels de protections et logiciels pouvant bloquer les popups (barres Google, barres Yahoo etc..).**

Ouvre internet explorer --> Outils --> Options internet --> onglet "sécurité" --> Valide "niveau par défaut".
Toujours sur Internet explorer --> Outils --> Options internet --> onglet "avancé" --> valide "Paramètres par défaut".

Scan en ligne avec Kaspersky :
- https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr en utilisant Internet Explorer et pas Firefox, ça ne marchera pas!.
- Si tu es perdu, tu peux suivre l'aide pour les scans en ligne https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

AIDE : Configurer le contrôle des ActiveX < http://www.inoculer.com/activex.php3 >
Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html , ou là : https://forum.pcastuces.com/sujet.asp?f=25&s=37641 (par Morgane & nico_dodo)

- Au moment de choisir la cible à analyser, clique sur le bouton Paramètres d'analyse
- Dans la nouvelle fenêtre, coche "étendu" au milieu puis clique sur OK.
- Choisis le poste de travail dans la cible à analyser
- Copie/colle le rapport du scan ici

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner,
reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
0
Réponse 12 / 12
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Salut Fabrice,
Bien vu.
Je te laisse ;-).
A+.
Bonne continuation.
0

Discussions similaires

Casino en ligne légal en France ?
nico13008a -
nicotif -

5 réponses
Ne jouez jamais au casino en ligne.
Raymond -
MPMP10 -

1 réponse
Ai-je été piraté en cliquant sur ce lien ?
muna -
bazfile -

7 réponses
Virus Msn - C'est toi sur la photo ?
Astriel -
Jimmyb3 -

16 réponses
Je me suis faite hacker
JeanneJee747485 -
seb77150 -

1 réponse