Aide pour éradiquer Vundo et autres...
Résolu
royalscalp
Messages postés
348
Statut
Membre
-
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour, je suis en pleine période de "désinfection" des ordis de mes proches...
Comme beaucoup d'utilisateurs de PC, ils ne sont pas conscients des "dangers" auxquels ils sont confrontés...
Bref, sur un des PC que j'ai désinfecté, j'ai juste utilisé MBAM comme tool...
Voici le rapport, j'ai jamais vu ça de ma vie pour le moment...quelques 251 fichiers infectés en 15 min --' et ça juste en 'recherche rapide'... Vundo fait partie du lot... No comment
Jugez par vous même (le rapport MBAM témoignant) :
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 2
11/10/2009 22:52:08
mbam-log-2009-10-11 (22-52-08).txt
Type de recherche: Examen rapide
Eléments examinés: 89904
Temps écoulé: 14 minute(s), 30 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 69
Valeur(s) du Registre infectée(s): 14
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 140
Processus mémoire infecté(s):
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\AdobeR.exe (Worm.RJump) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\console32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00D5384.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tuvVLeET.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opmlihjo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aqqzmn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\byXRigDV.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00d5384 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\8c1919b3486 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0024586 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{793757ee-e6d4-414f-9513-9304bdcb06f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d29832fc-b852-405b-b039-72d979b14998} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{793757ee-e6d4-414f-9513-9304bdcb06f6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{793757ee-e6d4-414f-9513-9304bdcb06f6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d29832fc-b852-405b-b039-72d979b14998} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d29832fc-b852-405b-b039-72d979b14998} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxrigdv (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqqihaw (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule19 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1efbd3d1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f2a2a80 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f2a2a80 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ravav (Worm.RJump) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\console32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\console32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvvleet -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.24 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest (Worm.Archive) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shrtufee.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hmwbrbvt.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khgmxxxm.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\fdkjhmmf.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ppvwedut.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkrsessm.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\rlqbuhtl.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\iobedxil.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvxlexmc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\console32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\_A00F1EFBD3D1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D5384.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfhvritb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fiwyiwkd.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnmvqwaq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlnvsaih.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asgfcydy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00C8BD0.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abjupura.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpacrxap.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebjcyqho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002910.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004C672.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpwixupw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xnfjnuag.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jynmwnss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00CAB92.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wasboqpu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0026E41.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tyekrban.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubgjcjhk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgniuhrn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ciydgond.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcabeuqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkurimeq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009B4C8.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hqdwsg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8f2a2a80.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smixgflq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tgmqrqxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00F4A01.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niflcljt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rgeaqbia.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxurefxd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kryocjnc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkwkldnh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tjwivovp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8f2a2a80.txt (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lasctj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxnehn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yvdmfgit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkpwnisv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujexq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lylpqwee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqqzmn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\casyfkkf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkliGy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TEeLVvut.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\TEeLVvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccccApP.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlpdfqyj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlxreesk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kseerxlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\getexwvm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cipcpcic.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cicpcpic.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkkfysac.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jyqfdplq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rposqmsv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mvwxeteg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcircpqf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqpcrich.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opmlihjo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xfaudxon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oofwsefg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfeswfoo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temporary Internet Files\Content.IE5\B73OIWXG\kb600179[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgutnhvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRigDV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\noxduafx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcYSmMF.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifdbCVo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsmqsopr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nrpyhwbl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGvssTK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvVLeET.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqQiHaw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvhntugq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\installer.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\installer.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\unpack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nocd.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nocd.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nodvd.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\patch.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\patch.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nodvd.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\AdobeR.exe (Worm.RJump) -> Quarantined and deleted successfully.
Aidez moi, merci ! =)
Comme beaucoup d'utilisateurs de PC, ils ne sont pas conscients des "dangers" auxquels ils sont confrontés...
Bref, sur un des PC que j'ai désinfecté, j'ai juste utilisé MBAM comme tool...
Voici le rapport, j'ai jamais vu ça de ma vie pour le moment...quelques 251 fichiers infectés en 15 min --' et ça juste en 'recherche rapide'... Vundo fait partie du lot... No comment
Jugez par vous même (le rapport MBAM témoignant) :
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 2
11/10/2009 22:52:08
mbam-log-2009-10-11 (22-52-08).txt
Type de recherche: Examen rapide
Eléments examinés: 89904
Temps écoulé: 14 minute(s), 30 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 69
Valeur(s) du Registre infectée(s): 14
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 140
Processus mémoire infecté(s):
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\AdobeR.exe (Worm.RJump) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\console32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00D5384.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tuvVLeET.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opmlihjo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aqqzmn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\byXRigDV.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00d5384 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\8c1919b3486 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0024586 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{793757ee-e6d4-414f-9513-9304bdcb06f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d29832fc-b852-405b-b039-72d979b14998} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{793757ee-e6d4-414f-9513-9304bdcb06f6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{793757ee-e6d4-414f-9513-9304bdcb06f6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d29832fc-b852-405b-b039-72d979b14998} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d29832fc-b852-405b-b039-72d979b14998} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxrigdv (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqqihaw (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule19 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1efbd3d1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f2a2a80 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f2a2a80 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ravav (Worm.RJump) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\console32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\console32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvvleet -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.24 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest (Worm.Archive) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shrtufee.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hmwbrbvt.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khgmxxxm.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\fdkjhmmf.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ppvwedut.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkrsessm.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\rlqbuhtl.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\iobedxil.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvxlexmc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\console32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\_A00F1EFBD3D1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D5384.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfhvritb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fiwyiwkd.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnmvqwaq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlnvsaih.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asgfcydy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00C8BD0.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abjupura.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpacrxap.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebjcyqho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002910.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004C672.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpwixupw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xnfjnuag.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jynmwnss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00CAB92.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wasboqpu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0026E41.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tyekrban.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubgjcjhk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgniuhrn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ciydgond.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcabeuqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkurimeq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009B4C8.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hqdwsg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8f2a2a80.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smixgflq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tgmqrqxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00F4A01.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niflcljt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rgeaqbia.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxurefxd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kryocjnc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkwkldnh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tjwivovp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8f2a2a80.txt (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lasctj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxnehn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yvdmfgit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkpwnisv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujexq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lylpqwee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqqzmn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\casyfkkf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkliGy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TEeLVvut.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\TEeLVvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccccApP.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlpdfqyj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlxreesk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kseerxlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\getexwvm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cipcpcic.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cicpcpic.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkkfysac.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jyqfdplq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rposqmsv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mvwxeteg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcircpqf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqpcrich.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opmlihjo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xfaudxon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oofwsefg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfeswfoo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temporary Internet Files\Content.IE5\B73OIWXG\kb600179[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgutnhvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRigDV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\noxduafx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcYSmMF.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifdbCVo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsmqsopr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nrpyhwbl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGvssTK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvVLeET.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqQiHaw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvhntugq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\installer.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\installer.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\unpack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nocd.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nocd.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nodvd.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\patch.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\patch.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nodvd.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\AdobeR.exe (Worm.RJump) -> Quarantined and deleted successfully.
Aidez moi, merci ! =)
A voir également:
- Aide pour éradiquer Vundo et autres...
- Éradiquer mites alimentaires - Guide
- Eradiquer TR/Crypt.XPACK.Gen [trojan] - Forum Virus
- Besoin d'aide pour éradiquer un virus "Photo 018.exe" ✓ - Forum Virus
- Comment éradiquer " premier opinion " ✓ - Forum Windows 7
24 réponses
Comme je savais que l'ordi était infecté, j'me suis dit : "Pendant la désinfection, autant ne pas mettre d'antivirus"...
J'pensais qu'en en mettant un, ça allait compliquer les choses...
Voilà !
Mais sinon, j'ai pour habitude de tourner avec Spybot + Zone Alarm + Avira Antivir pour ce qui est de la protection... Donc j'allais installer ça sur l'ordi de mon ami après avoir fini la désinfection ! ^^
Est-ce une bêtise ?
J'pensais qu'en en mettant un, ça allait compliquer les choses...
Voilà !
Mais sinon, j'ai pour habitude de tourner avec Spybot + Zone Alarm + Avira Antivir pour ce qui est de la protection... Donc j'allais installer ça sur l'ordi de mon ami après avoir fini la désinfection ! ^^
Est-ce une bêtise ?
Run by ADMIN at 2009-10-15 19:59:04
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 3 GB (15%) free of 17 GB
Total RAM: 255 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:14, on 15/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ADMIN\Bureau\RSIT.exe
C:\Program Files\trend micro\ADMIN.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Benjamin
O17 - HKLM\Software\..\Telephony: DomainName = Benjamin
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Benjamin
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Benjamin