aide pour le virus TR/Vundo.Gen Fermé

Question

Bonjour,

j'ai un virus sous windows media center, Antivir l'a détecté, il s'appelle TR/Vundo.Gen et il se situe dans le fichier C:\WINDOWD\system32\rqRJDvTm.dll.

J'ai fais un scann antivirus voici mon rapport : 

" 


Avira AntiVir Personal
Report file date: mardi 29 juillet 2008  20:51

Scanning for 1518730 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    YANN

Version information:
BUILD.DAT     : 8.1.00.295      16479 Bytes  09/04/2008 16:24:00
AVSCAN.EXE    : 8.1.2.12       311553 Bytes  18/03/2008 09:02:56
AVSCAN.DLL    : 8.1.1.0         53505 Bytes  07/02/2008 08:43:37
LUKE.DLL      : 8.1.2.9        151809 Bytes  28/02/2008 08:41:23
LUKERES.DLL   : 8.1.2.1         12033 Bytes  21/02/2008 08:28:40
ANTIVIR0.VDF  : 6.40.0.0     11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.5.1       8182784 Bytes  24/06/2008 18:48:36
ANTIVIR2.VDF  : 7.0.5.174     2027008 Bytes  25/07/2008 18:48:44
ANTIVIR3.VDF  : 7.0.5.188      139264 Bytes  29/07/2008 18:48:45
Engineversion : 8.1.1.12  
AEVDF.DLL     : 8.1.0.5        102772 Bytes  25/02/2008 09:58:21
AESCRIPT.DLL  : 8.1.0.59       307579 Bytes  29/07/2008 18:48:58
AESCN.DLL     : 8.1.0.23       119156 Bytes  29/07/2008 18:48:57
AERDL.DLL     : 8.1.0.20       418165 Bytes  29/07/2008 18:48:57
AEPACK.DLL    : 8.1.2.1        364917 Bytes  29/07/2008 18:48:55
AEOFFICE.DLL  : 8.1.0.21       192891 Bytes  29/07/2008 18:48:54
AEHEUR.DLL    : 8.1.0.44      1343863 Bytes  29/07/2008 18:48:53
AEHELP.DLL    : 8.1.0.15       115063 Bytes  29/07/2008 18:48:49
AEGEN.DLL     : 8.1.0.31       311669 Bytes  29/07/2008 18:48:49
AEEMU.DLL     : 8.1.0.6        430451 Bytes  29/07/2008 18:48:48
AECORE.DLL    : 8.1.1.7        172406 Bytes  29/07/2008 18:48:47
AEBB.DLL      : 8.1.0.1         53617 Bytes  29/07/2008 18:48:46
AVWINLL.DLL   : 1.0.0.7         14593 Bytes  23/01/2008 17:07:53
AVPREF.DLL    : 8.0.0.1         25857 Bytes  18/02/2008 10:37:50
AVREP.DLL     : 8.0.0.2         98561 Bytes  29/07/2008 18:48:45
AVREG.DLL     : 8.0.0.0         30977 Bytes  23/01/2008 17:07:49
AVARKT.DLL    : 1.0.0.23       307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.11       114945 Bytes  28/02/2008 08:31:31
SQLITE3.DLL   : 3.3.17.1       339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.19        28929 Bytes  23/01/2008 17:08:39
NETNT.DLL     : 8.0.0.1          7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes  10/03/2008 14:37:25
RCTEXT.DLL    : 8.0.32.0        86273 Bytes  06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 29 juillet 2008  20:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
      [INFO]      No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\WinCtrl32.dll
      [DETECTION] Is the Trojan horse TR/Agent.16384.CA
      [WARNING]   An error has occurred and the file was not deleted. ErrorID: 26003
      [WARNING]   

The registry was scanned ( '22' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Program Files\PCHealthCenter\0.exe
      [DETECTION] Is the Trojan horse TR/FakeAV.X.1
      [NOTE]      The file was moved to '48f47df9.qua'!
C:\Program Files\PCHealthCenter\2.exe
      [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Agent.AC
      [NOTE]      The file was moved to '48f47e0b.qua'!
C:\Program Files\PCHealthCenter\3.exe
      [DETECTION] Is the Trojan horse TR/PcHealth.1
      [NOTE]      The file was moved to '48f47ece.qua'!
C:\Program Files\PCHealthCenter\5.exe
      [DETECTION] Contains detection pattern of the dropper DR/Fraud.VistAntivi
      [NOTE]      The file was moved to '48f47ed2.qua'!
C:\Program Files\PCHealthCenter\7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.122
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP329\A0041235.dll
      [DETECTION] Is the Trojan horse TR/Agent.16384.CA
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP329\A0041239.sys
      [DETECTION] Is the Trojan horse TR/Agent.16384.CA
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP329\A0041242.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.122
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP329\A0041243.exe
      [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Agent.AC
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP329\A0041244.exe
      [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Agent.AC
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP329\A0041245.dll
      [DETECTION] Is the Trojan horse TR/Agent.16384.CA
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP329\A0041249.sys
      [DETECTION] Is the Trojan horse TR/Agent.16384.CA
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP330\A0042242.exe
      [DETECTION] Is the Trojan horse TR/PcHealth.1
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP330\A0042243.dll
      [DETECTION] Is the Trojan horse TR/Agent.16384.CA
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP330\A0042250.sys
      [DETECTION] Is the Trojan horse TR/Agent.16384.CA
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP330\A0042253.exe
      [DETECTION] Is the Trojan horse TR/PcHealth.1
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP330\A0042254.dll
      [DETECTION] Is the Trojan horse TR/Agent.16384.CA
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP330\A0042259.sys
      [DETECTION] Is the Trojan horse TR/Agent.16384.CA
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP330\snapshot\MFEX-1.DAT
      [DETECTION] Is the Trojan horse TR/Agent.16384.CA
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP332\A0042667.exe
      [DETECTION] Is the Trojan horse TR/FakeAV.X.1
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP332\A0042668.exe
      [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Agent.AC
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP332\A0042669.exe
      [DETECTION] Is the Trojan horse TR/PcHealth.1
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP332\A0042670.exe
      [DETECTION] Contains detection pattern of the dropper DR/Fraud.VistAntivi
      [NOTE]      The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP332\A0042671.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.122
      [NOTE]      The file was deleted!
C:\WINDOWS\Sys1.exe
      [DETECTION] Is the Trojan horse TR/PcHealth.1
      [NOTE]      The file was deleted!


End of the scan: mardi 29 juillet 2008  22:44
Used time:  1:53:16 min

The scan has been canceled!

   4307 Scanning directories
 151239 Files were scanned
     26 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     21 files were deleted
      0 files were repaired
      4 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 151213 Files not concerned
   2982 Archives were scanned
      2 Warnings
     25 Notes
"

Si quelqu'un peut m'aider s'il vous plait ce serait vraiment très gentil.

MERCI BEAUCOUP D'AVANCE 

:)

itachi01 · Answer

Tu as supprimé les virus ?

itachi01 · Answer

Alors telecharge malwarebytes que tu peux trouver sur ce liens https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html installe le et fais bien la mise à jour ensuite tu fais un examen complet et tu me posteras le rapport a la fin du scan merci

helooo · Answer

voilà mon rapport : 

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 5.1.2600 Service Pack 2

23:57:22 29/07/2008
malware1.txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 69783
Temps écoulé: 25 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 28

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\kgtcfdji.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32qRJDvTm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnOIYpp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\utkzmz.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598a8261-539d-43fc-af7a-3b0026009698} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{598a8261-539d-43fc-af7a-3b0026009698} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9483e12-795f-4a7c-acc2-75089d961ca4} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e9483e12-795f-4a7c-acc2-75089d961ca4} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e8ac85e8-4634-426d-942b-1f6069723dc7} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8ac85e8-4634-426d-942b-1f6069723dc7} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnoiypp (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a8b35f4b (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e8ac85e8-4634-426d-942b-1f6069723dc7} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32qrjdvtm -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32qrjdvtm  -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32qRJDvTm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mTvDJRqr.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mTvDJRqr.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\utkzmz.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kgtcfdji.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ijdfctgk.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnOIYpp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\Program Files\VAV\vav.cpl (Rogue.Antispyware) -> No action taken.
C:\Documents and Settings\LEMELLETIER\Local Settings\Temporary Internet Files\Content.IE5\4PZ1S3QM\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\LEMELLETIER\Local Settings\Temporary Internet Files\Content.IE5\EKVA2IH4\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\VAV\vav.exe (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32	uvTmJax.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\LEMELLETIER\Bureau\Vista Antivirus 2008.lnk (Rogue.VistaAntivirus2008) -> No action taken.
C:\Documents and Settings\LEMELLETIER\Local Settings\Temp\s1265.php (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\drivers\Winip75.sys (Rootkit.Agent) -> No action taken.

itachi01 · Answer

Ok tu as supprimé les dossier infectés ?

helooo · Answer

Voilà je l'ai fais voici mon rapport, par contre il me demande de démarrer je vais le faire maintenant.

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 5.1.2600 Service Pack 2

00:01:15 30/07/2008
mbam-log-7-30-2008 (00-01-15).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 69783
Temps écoulé: 25 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 28

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\kgtcfdji.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32qRJDvTm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnOIYpp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\utkzmz.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598a8261-539d-43fc-af7a-3b0026009698} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{598a8261-539d-43fc-af7a-3b0026009698} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9483e12-795f-4a7c-acc2-75089d961ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e9483e12-795f-4a7c-acc2-75089d961ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e8ac85e8-4634-426d-942b-1f6069723dc7} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8ac85e8-4634-426d-942b-1f6069723dc7} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnoiypp (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a8b35f4b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e8ac85e8-4634-426d-942b-1f6069723dc7} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32qrjdvtm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32qrjdvtm  -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32qRJDvTm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mTvDJRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mTvDJRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utkzmz.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kgtcfdji.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ijdfctgk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnOIYpp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\VAV\vav.cpl (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LEMELLETIER\Local Settings\Temporary Internet Files\Content.IE5\4PZ1S3QM\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LEMELLETIER\Local Settings\Temporary Internet Files\Content.IE5\EKVA2IH4\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.exe (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	uvTmJax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LEMELLETIER\Bureau\Vista Antivirus 2008.lnk (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\LEMELLETIER\Local Settings\Temp\s1265.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winip75.sys (Rootkit.Agent) -> Delete on reboot.

itachi01 · Answer

Oui alors redemarre et supprime tous se qu'il a détécté

helooo · Answer

c'est bon j'ai redémarrer et mon antivirus me fais plus d'alerte. Est ce que c'est bon, peut être faut il que je fasse un autre scann avec le logiciel que tu m'a indiqué pour en être sur ?

itachi01 · Answer

Non saibon pour finir telecharge ceci et fais un bon nettoyage :

http://www.cleanersoft.net/fr/

tutoriel ici :

https://www.malekal.com/tutoriel-ccleaner/

helooo · Answer

et bien merci beaucouop beaucoup j'ai déjà ce logiciel pour nettoyer régulièrement mon pc.

Encore MERCI :) :)

itachi01 · Answer

Et pour finir telecharge ce logiciel et utilise le et supprime tout ce qu il trouve apres avoir fait une recherche http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner

itachi01 · Answer

Ouais mais dsl je mettais trompé de logiciel enfaite celui ci va terminer le travail pour la desinfection

E..T · Answer

Bonsoir,

hitachi01 >>No action taken. signifie que rien n'a été supprimé !


helooo,

lique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

-Une fois installé, le renommer en titeuf.exe pour contrer une éventuelle infection de vundo 

Double-clique sur HJT.exe pour lancer le programme

Accepte en cliquant sur le bouton "I Accept"

Ensuite clique sur "do a system scan and save a logfile" et postes le rapport obtenu ici.

itachi01 · Answer

Oula oui tu as raison E..T je n'avais même pas vue (tête en l'air va ) merci et oufaite c'est itachi(mangas) et pas hitachi( truc en tout genre)

itachi01 · Answer

Tu me fais dire n'importe quoi E.T tu as regardé le 1er scan mais regarde le 2eme de malwarebytes sa veut bien dire supprimé Delete on reboot.  (regarde dans le premier sa dis sa C:\WINDOWS\system32\kgtcfdji.dll (Trojan.Vundo) -> No action taken.  et dans le 2eme scan sa dis sa C:\WINDOWS\system32\kgtcfdji.dll (Trojan.Vundo) -> Delete on reboot.) ;)

E..T · Answer

Ouaahh et je ne suis pas un pro mais quand je ne sais pas je me tais ou je lis et j'apprend!!! c'est long mais la il y a VUNDO et Malwarebytes' Anti-Malware  n'est pas assez puissant pour virer cette merde.
++

itachi01 · Answer

Cool si tu n'es pas content de mes methode c'est la même chose tu vois le bouton ou y'a un triangle et ba si tu n'es pas content de mes message tu clique dessus rien de plus simple. Et oufaite j'ai raison et c'est bien marqué supprimé donc cherche pas tu as tord sur le coup mais comme je t'ai dis si tu n'ai pas content avec mon mess clique sur le triangle jaune monsieur le pro

E..T · Answer

Et mon ptit pote cool ;-)
Tu dis que c'est bon alors qu'on n'a même pas eu un rapport hijackthis !
Comment tu sais que c'est bon et je ne suis pas un pro :-(( jm'en fou ça va viendre)
Les pros tu les verras.
@++

itachi01 · Answer

Et ouafite je te contredit encore une fois mais vundo j'y est déja eu j'ai passer un coup de malwarebytes et un coup de toulscleaner et plus rien donc voilà.

itachi01 · Answer

Oui tu as raison j'ai oublier le rapport hijackthis j'urais dis y penser je m'escuze

E..T · Answer

Bah on verra avec le log hijackthis si il arrive ?
++

itachi01 · Answer

Ouais mais je te laisserais faire pasque les logs de hijackthis pas mon truc donc (mais jvais apprendre a savoir les comprendres)helooo tu pourrais faire un log hijackthis stp si tu ne la pas E.T ta donner la demarche à faire

Aide pour le virus TR/Vundo.Gen

21 réponses

Discussions similaires