Sujet Précédent Sujet Suivant

Antivirus xp 2009 - trojan vundo

Fermé
nla - 5 août 2008 à 12:15
 nla - 6 août 2008 à 11:16
Bonjour,

Pouvez-vous m'aider à supprimer le virus cité en objet - trojan vundo - ?

J'ai effectué un scan avec Malwarebytes et vous trouverez ci-après le log.

Avec tous mes remerciements,

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1016
Windows 5.1.2600 Service Pack 2

11:25:19 05/08/2008
mbam-log-8-5-2008 (11-25-19).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 97966
Temps écoulé: 1 hour(s), 55 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 56

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\khfEXRHA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aftduo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ljJDTmKd.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6325c81a-bded-4f08-af2b-c461964c1dcf} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6325c81a-bded-4f08-af2b-c461964c1dcf} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73633053-7f6d-45d5-8a40-7dc6c6b7873c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{73633053-7f6d-45d5-8a40-7dc6c6b7873c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{193752c1-4ac3-4f2f-a16b-050fd3967b88} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{193752c1-4ac3-4f2f-a16b-050fd3967b88} (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjdtmkd (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c85d97f8 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcb6ea464 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{193752c1-4ac3-4f2f-a16b-050fd3967b88} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfexrha -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfexrha -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\aftduo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfEXRHA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\AHRXEfhk.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\AHRXEfhk.ini2 (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\afmxnfsv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsfnxmfa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xgrmvlrv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrlvmrgx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJDTmKd.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\EQQHXPG2\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\TOX13HHJ\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP385\A0107942.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP388\A0110014.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP390\A0115122.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\11.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\12.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\20.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\21.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\22.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\23.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\24.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\25.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\26.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\27.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\28.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\29.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\73.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\74.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sjouejdj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyihpjqp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcb6ea464.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcb6ea464.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msplock32.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seqmcqe_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seqmcqe_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
A voir également:

2 réponses

Réponse 1 / 2
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
5 août 2008 à 12:19
1er étape
VundoFix

Télécharge VundoFix sur ton bureau.http://www.atribune.org/ccount/click.php?id=4
Double-clique sur VundoFix.exe afin de le lancer, puis clique sur le bouton "Scan for Vundo".
Lorsque le scan est terminé, clique sur le bouton "Remove Vundo".
Une invite te demandera si tu veux supprimer les fichiers, dit oui
le Bureau devrait disparaîte lors de la suppression des fichiers
tu verra ensuite une invite qui t'annoncera que ton PC va s'éteindre (shutdown en anglais) : clique sur OK.
1
nla
5 août 2008 à 14:19
Rebonjour,

J'ai fait le scan : aucun fichier infecté.

Que dois-je faire maintenant?

Je pensais que l'antivirus xp 2009 était à l'origine du blocage des mises à jour automatiques.

Mais mon icône de désactivation des MAJ est omniprésent.

Que faire donc?

Merci par avance,
0
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350 > nla
5 août 2008 à 16:50
utilise ComboFix pour nettoyer certains fichiers récalcitrants de Vundo
Télécharge http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau.
Redémarre ton PC en mode sans échec.
Double clique sur ComboFix.exe
Tape sur la touche Y pour démarrer le scan.
ComboFix redémarrera ton PC : suivre les instructions indiquées à l'écran.
0
nla > sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024
6 août 2008 à 11:13
Bonjour,

Et un grand merci pour la résolution de mon problème : j'ai suivi vos instructions à la lettre, tout s'est bien déroulé et les MAJ automatiques sont réactivées.

J'espère ne plus avoir de souci, auquel cas je me permettrai de recontacter la communauté .

Encore merci por vos lumières.

Au plaisir,
0
Réponse 2 / 2
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
6 août 2008 à 02:19
Bonsoir,

**Pour suivre**

0
nla
6 août 2008 à 11:16
Bonjour,

J'ai suivi les instructions et tout est résolu.

J'adresse le dernier log à mon correspondant pour vérification.

Voulez-vous une copie?

Merci pour votre remarque pertinente,

A bientôt,
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses