Help - Trojan Vundo à supprimer
arno84
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai un problème pour la suppression du spyware 'trojan.vundo'.
J'ai effectué un premier hijackthis, mais je n'ai pas détecté les lignes indiquant la présence de Trojan.Vundo. Il y avait bien les lignes O2 et O20 mais elles ne correspondaient pas à celles présentées dans l'aide trouvée sur ce site.
J'ai tout de même fait un Vundo scan. En voici le rapport:
VundoFix V7.0.6
Scan started at 14:23:49 27/08/2008
Listing files found while scanning....
C:\Windows\system32\dfwxcvwp.ini
C:\Windows\system32\dwmccsjo.dll
C:\Windows\system32\efcAPHYQ.dll
C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\hgGvvtsr.dll
C:\Windows\system32\hgGxVPFu.dll
C:\Windows\system32\ibwfts.dll
C:\Windows\system32\jkkLFuvu.dll
C:\Windows\system32\jyrqmz.dll
C:\Windows\system32\kdvytrnn.dll
C:\Windows\system32\kqaetdli.dll
C:\Windows\system32\ljJBqnKb.dll
C:\Windows\system32\ltxdiyed.dll
C:\Windows\system32\mlJDsRki.dll
C:\Windows\system32\mlJYssPH.dll
C:\Windows\system32\odjkzi.dll
C:\Windows\system32\pfatwaak.dll
C:\Windows\system32\pmnnNdbY.dll
C:\Windows\system32\pwvcxwfd.dll
C:\Windows\system32\qoMgggFY.dll
C:\Windows\system32\rqRLfeEu.dll
C:\Windows\system32\tuvSigfC.dll
C:\Windows\system32\urqRKBUl.dll
C:\Windows\system32\vabypoxf.dll
C:\Windows\system32\vmvdle.dll
C:\Windows\system32\vtUooOIy.dll
C:\Windows\system32\wgthub.dll
Beginning removal...
Attempting to delete C:\Windows\system32\dfwxcvwp.ini
C:\Windows\system32\dfwxcvwp.ini Has been deleted!
Attempting to delete C:\Windows\system32\dwmccsjo.dll
C:\Windows\system32\dwmccsjo.dll Has been deleted!
Attempting to delete C:\Windows\system32\efcAPHYQ.dll
C:\Windows\system32\efcAPHYQ.dll Has been deleted!
Attempting to delete C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\geBroLBq.dll Could not be deleted.
Attempting to delete C:\Windows\system32\hgGvvtsr.dll
C:\Windows\system32\hgGvvtsr.dll Has been deleted!
Attempting to delete C:\Windows\system32\hgGxVPFu.dll
C:\Windows\system32\hgGxVPFu.dll Has been deleted!
Attempting to delete C:\Windows\system32\ibwfts.dll
C:\Windows\system32\ibwfts.dll Has been deleted!
Attempting to delete C:\Windows\system32\jkkLFuvu.dll
C:\Windows\system32\jkkLFuvu.dll Has been deleted!
Attempting to delete C:\Windows\system32\jyrqmz.dll
C:\Windows\system32\jyrqmz.dll Has been deleted!
Attempting to delete C:\Windows\system32\kdvytrnn.dll
C:\Windows\system32\kdvytrnn.dll Has been deleted!
Attempting to delete C:\Windows\system32\kqaetdli.dll
C:\Windows\system32\kqaetdli.dll Has been deleted!
Attempting to delete C:\Windows\system32\ljJBqnKb.dll
C:\Windows\system32\ljJBqnKb.dll Has been deleted!
Attempting to delete C:\Windows\system32\ltxdiyed.dll
C:\Windows\system32\ltxdiyed.dll Could not be deleted.
Attempting to delete C:\Windows\system32\mlJDsRki.dll
C:\Windows\system32\mlJDsRki.dll Has been deleted!
Attempting to delete C:\Windows\system32\mlJYssPH.dll
C:\Windows\system32\mlJYssPH.dll Has been deleted!
Attempting to delete C:\Windows\system32\odjkzi.dll
C:\Windows\system32\odjkzi.dll Has been deleted!
Attempting to delete C:\Windows\system32\pfatwaak.dll
C:\Windows\system32\pfatwaak.dll Has been deleted!
Attempting to delete C:\Windows\system32\pmnnNdbY.dll
C:\Windows\system32\pmnnNdbY.dll Has been deleted!
Attempting to delete C:\Windows\system32\pwvcxwfd.dll
C:\Windows\system32\pwvcxwfd.dll Could not be deleted.
Attempting to delete C:\Windows\system32\qoMgggFY.dll
C:\Windows\system32\qoMgggFY.dll Has been deleted!
Attempting to delete C:\Windows\system32\rqRLfeEu.dll
C:\Windows\system32\rqRLfeEu.dll Has been deleted!
Attempting to delete C:\Windows\system32\tuvSigfC.dll
C:\Windows\system32\tuvSigfC.dll Has been deleted!
Attempting to delete C:\Windows\system32\urqRKBUl.dll
C:\Windows\system32\urqRKBUl.dll Has been deleted!
Attempting to delete C:\Windows\system32\vabypoxf.dll
C:\Windows\system32\vabypoxf.dll Has been deleted!
Attempting to delete C:\Windows\system32\vmvdle.dll
C:\Windows\system32\vmvdle.dll Has been deleted!
Attempting to delete C:\Windows\system32\vtUooOIy.dll
C:\Windows\system32\vtUooOIy.dll Has been deleted!
Attempting to delete C:\Windows\system32\wgthub.dll
C:\Windows\system32\wgthub.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\geBroLBq.dll Could not be deleted.
Attempting to delete C:\Windows\system32\ltxdiyed.dll
C:\Windows\system32\ltxdiyed.dll Has been deleted!
Attempting to delete C:\Windows\system32\pwvcxwfd.dll
C:\Windows\system32\pwvcxwfd.dll Has been deleted!
Attempting to delete C:\Windows\system32\wgthub.dll
C:\Windows\system32\wgthub.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
--------------------------------------------
Et voici le rapport du hijackthis réalisé aprés les opérations du Vundo scan.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:18, on 27/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Arno Huart\Bureau\VundoFix.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Trend Micro\HijackThis\CCM.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {2BBD9CEC-F314-429D-9B90-E674E6049EA6} - (no file)
O2 - BHO: (no name) - {389E61E2-5CD7-4CAB-AF51-60F2AC73C35D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {6d15b87a-fb23-2a4a-9964-2d5c7f48e99a} - {a99e84f7-c5d2-4699-a4a2-32bfa78b51d6} - C:\WINDOWS\system32\sdbqcj.dll
O2 - BHO: (no name) - {A9AB94E1-8F48-417C-8CCE-E3B6629E964A} - (no file)
O2 - BHO: (no name) - {B5969A7C-81A5-4027-A17F-D828792AA9D5} - C:\WINDOWS\system32\nnnnKbCs.dll
O2 - BHO: (no name) - {D0790168-28C6-42AB-8858-92B956D46B1C} - C:\WINDOWS\system32\geBroLBq.dll
O2 - BHO: (no name) - {E301376F-D859-4B74-9997-EC988BD797FE} - C:\WINDOWS\system32\vtUooOIy.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [\MAIGNOT\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P33 "\\MAIGNOT\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [c8928099] rundll32.exe "C:\WINDOWS\system32\mmqpymnu.dll",b
O4 - HKLM\..\Run: [BMcba1b305] Rundll32.exe "C:\WINDOWS\system32\cbigrviv.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F8C8FFF-7A27-4C52-A227-EDA954EFF64C}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: sdbqcj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.habiter-selon-lovag.com/homme/parois7.htm#
J'ai un problème pour la suppression du spyware 'trojan.vundo'.
J'ai effectué un premier hijackthis, mais je n'ai pas détecté les lignes indiquant la présence de Trojan.Vundo. Il y avait bien les lignes O2 et O20 mais elles ne correspondaient pas à celles présentées dans l'aide trouvée sur ce site.
J'ai tout de même fait un Vundo scan. En voici le rapport:
VundoFix V7.0.6
Scan started at 14:23:49 27/08/2008
Listing files found while scanning....
C:\Windows\system32\dfwxcvwp.ini
C:\Windows\system32\dwmccsjo.dll
C:\Windows\system32\efcAPHYQ.dll
C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\hgGvvtsr.dll
C:\Windows\system32\hgGxVPFu.dll
C:\Windows\system32\ibwfts.dll
C:\Windows\system32\jkkLFuvu.dll
C:\Windows\system32\jyrqmz.dll
C:\Windows\system32\kdvytrnn.dll
C:\Windows\system32\kqaetdli.dll
C:\Windows\system32\ljJBqnKb.dll
C:\Windows\system32\ltxdiyed.dll
C:\Windows\system32\mlJDsRki.dll
C:\Windows\system32\mlJYssPH.dll
C:\Windows\system32\odjkzi.dll
C:\Windows\system32\pfatwaak.dll
C:\Windows\system32\pmnnNdbY.dll
C:\Windows\system32\pwvcxwfd.dll
C:\Windows\system32\qoMgggFY.dll
C:\Windows\system32\rqRLfeEu.dll
C:\Windows\system32\tuvSigfC.dll
C:\Windows\system32\urqRKBUl.dll
C:\Windows\system32\vabypoxf.dll
C:\Windows\system32\vmvdle.dll
C:\Windows\system32\vtUooOIy.dll
C:\Windows\system32\wgthub.dll
Beginning removal...
Attempting to delete C:\Windows\system32\dfwxcvwp.ini
C:\Windows\system32\dfwxcvwp.ini Has been deleted!
Attempting to delete C:\Windows\system32\dwmccsjo.dll
C:\Windows\system32\dwmccsjo.dll Has been deleted!
Attempting to delete C:\Windows\system32\efcAPHYQ.dll
C:\Windows\system32\efcAPHYQ.dll Has been deleted!
Attempting to delete C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\geBroLBq.dll Could not be deleted.
Attempting to delete C:\Windows\system32\hgGvvtsr.dll
C:\Windows\system32\hgGvvtsr.dll Has been deleted!
Attempting to delete C:\Windows\system32\hgGxVPFu.dll
C:\Windows\system32\hgGxVPFu.dll Has been deleted!
Attempting to delete C:\Windows\system32\ibwfts.dll
C:\Windows\system32\ibwfts.dll Has been deleted!
Attempting to delete C:\Windows\system32\jkkLFuvu.dll
C:\Windows\system32\jkkLFuvu.dll Has been deleted!
Attempting to delete C:\Windows\system32\jyrqmz.dll
C:\Windows\system32\jyrqmz.dll Has been deleted!
Attempting to delete C:\Windows\system32\kdvytrnn.dll
C:\Windows\system32\kdvytrnn.dll Has been deleted!
Attempting to delete C:\Windows\system32\kqaetdli.dll
C:\Windows\system32\kqaetdli.dll Has been deleted!
Attempting to delete C:\Windows\system32\ljJBqnKb.dll
C:\Windows\system32\ljJBqnKb.dll Has been deleted!
Attempting to delete C:\Windows\system32\ltxdiyed.dll
C:\Windows\system32\ltxdiyed.dll Could not be deleted.
Attempting to delete C:\Windows\system32\mlJDsRki.dll
C:\Windows\system32\mlJDsRki.dll Has been deleted!
Attempting to delete C:\Windows\system32\mlJYssPH.dll
C:\Windows\system32\mlJYssPH.dll Has been deleted!
Attempting to delete C:\Windows\system32\odjkzi.dll
C:\Windows\system32\odjkzi.dll Has been deleted!
Attempting to delete C:\Windows\system32\pfatwaak.dll
C:\Windows\system32\pfatwaak.dll Has been deleted!
Attempting to delete C:\Windows\system32\pmnnNdbY.dll
C:\Windows\system32\pmnnNdbY.dll Has been deleted!
Attempting to delete C:\Windows\system32\pwvcxwfd.dll
C:\Windows\system32\pwvcxwfd.dll Could not be deleted.
Attempting to delete C:\Windows\system32\qoMgggFY.dll
C:\Windows\system32\qoMgggFY.dll Has been deleted!
Attempting to delete C:\Windows\system32\rqRLfeEu.dll
C:\Windows\system32\rqRLfeEu.dll Has been deleted!
Attempting to delete C:\Windows\system32\tuvSigfC.dll
C:\Windows\system32\tuvSigfC.dll Has been deleted!
Attempting to delete C:\Windows\system32\urqRKBUl.dll
C:\Windows\system32\urqRKBUl.dll Has been deleted!
Attempting to delete C:\Windows\system32\vabypoxf.dll
C:\Windows\system32\vabypoxf.dll Has been deleted!
Attempting to delete C:\Windows\system32\vmvdle.dll
C:\Windows\system32\vmvdle.dll Has been deleted!
Attempting to delete C:\Windows\system32\vtUooOIy.dll
C:\Windows\system32\vtUooOIy.dll Has been deleted!
Attempting to delete C:\Windows\system32\wgthub.dll
C:\Windows\system32\wgthub.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\geBroLBq.dll Could not be deleted.
Attempting to delete C:\Windows\system32\ltxdiyed.dll
C:\Windows\system32\ltxdiyed.dll Has been deleted!
Attempting to delete C:\Windows\system32\pwvcxwfd.dll
C:\Windows\system32\pwvcxwfd.dll Has been deleted!
Attempting to delete C:\Windows\system32\wgthub.dll
C:\Windows\system32\wgthub.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
--------------------------------------------
Et voici le rapport du hijackthis réalisé aprés les opérations du Vundo scan.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:18, on 27/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Arno Huart\Bureau\VundoFix.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Trend Micro\HijackThis\CCM.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {2BBD9CEC-F314-429D-9B90-E674E6049EA6} - (no file)
O2 - BHO: (no name) - {389E61E2-5CD7-4CAB-AF51-60F2AC73C35D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {6d15b87a-fb23-2a4a-9964-2d5c7f48e99a} - {a99e84f7-c5d2-4699-a4a2-32bfa78b51d6} - C:\WINDOWS\system32\sdbqcj.dll
O2 - BHO: (no name) - {A9AB94E1-8F48-417C-8CCE-E3B6629E964A} - (no file)
O2 - BHO: (no name) - {B5969A7C-81A5-4027-A17F-D828792AA9D5} - C:\WINDOWS\system32\nnnnKbCs.dll
O2 - BHO: (no name) - {D0790168-28C6-42AB-8858-92B956D46B1C} - C:\WINDOWS\system32\geBroLBq.dll
O2 - BHO: (no name) - {E301376F-D859-4B74-9997-EC988BD797FE} - C:\WINDOWS\system32\vtUooOIy.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [\MAIGNOT\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P33 "\\MAIGNOT\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [c8928099] rundll32.exe "C:\WINDOWS\system32\mmqpymnu.dll",b
O4 - HKLM\..\Run: [BMcba1b305] Rundll32.exe "C:\WINDOWS\system32\cbigrviv.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F8C8FFF-7A27-4C52-A227-EDA954EFF64C}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: sdbqcj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.habiter-selon-lovag.com/homme/parois7.htm#
A voir également:
- Help - Trojan Vundo à supprimer
- Supprimer rond bleu whatsapp - Guide
- Fichier impossible à supprimer - Guide
- Supprimer page word - Guide
- Supprimer pub youtube - Accueil - Streaming
- Supprimer application windows 10 - Guide
10 réponses
Attempting to delete C:\Windows\system32\wgthub.dll
C:\Windows\system32\wgthub.dll Could not be deleted.
refais le mais en mode sans echec :)
C:\Windows\system32\wgthub.dll Could not be deleted.
refais le mais en mode sans echec :)
arno84
pourriez vous m'indiquer comment faire car je ne suis pas famillier avec le moe sans échec?
Bien sur
tu démarres ton ordinateur : F8 F8 F8 jusqu'à ce que tu voies un affichage noir :
Démarrer en mode sans echec
Redemarrer avec les dernier param connus
etc
etc
tu choisiras : démarrer en mode sans echec (simple)
ton bureau vas se relancer (de maniere différence) et là tu referas ton scan.
Restera plus qu'à redémarrer normalement
tu démarres ton ordinateur : F8 F8 F8 jusqu'à ce que tu voies un affichage noir :
Démarrer en mode sans echec
Redemarrer avec les dernier param connus
etc
etc
tu choisiras : démarrer en mode sans echec (simple)
ton bureau vas se relancer (de maniere différence) et là tu referas ton scan.
Restera plus qu'à redémarrer normalement
je viens donc de le faire mais il reste toujours 2 dll qui n'ont pas pu être supprimés. Voici le rapport des 2 derniers Vundo scan:
Scan started at 15:16:31 27/08/2008
Listing files found while scanning....
C:\Windows\system32\cbigrviv.dll
C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\mmqpymnu.dll
C:\Windows\system32\nnnnKbCs.dll
C:\Windows\system32\sCbKnnnn.ini
C:\Windows\system32\sCbKnnnn.ini2
C:\Windows\system32\sdbqcj.dll
C:\Windows\system32\unmypqmm.ini
C:\Windows\system32\wgthub.dll
C:\Windows\system32\xwdamawb.dll
Beginning removal...
Attempting to delete C:\Windows\system32\cbigrviv.dll
C:\Windows\system32\cbigrviv.dll Could not be deleted.
Attempting to delete C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\geBroLBq.dll Could not be deleted.
Attempting to delete C:\Windows\system32\mmqpymnu.dll
C:\Windows\system32\mmqpymnu.dll Could not be deleted.
Attempting to delete C:\Windows\system32\nnnnKbCs.dll
C:\Windows\system32\nnnnKbCs.dll Has been deleted!
Attempting to delete C:\Windows\system32\sCbKnnnn.ini
C:\Windows\system32\sCbKnnnn.ini Has been deleted!
Attempting to delete C:\Windows\system32\sCbKnnnn.ini2
C:\Windows\system32\sCbKnnnn.ini2 Has been deleted!
Attempting to delete C:\Windows\system32\sdbqcj.dll
C:\Windows\system32\sdbqcj.dll Could not be deleted.
Attempting to delete C:\Windows\system32\unmypqmm.ini
C:\Windows\system32\unmypqmm.ini Has been deleted!
Attempting to delete C:\Windows\system32\wgthub.dll
C:\Windows\system32\wgthub.dll Could not be deleted.
Attempting to delete C:\Windows\system32\xwdamawb.dll
C:\Windows\system32\xwdamawb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\Windows\system32\cbigrviv.dll
C:\Windows\system32\cbigrviv.dll Has been deleted!
Attempting to delete C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\geBroLBq.dll Could not be deleted.
Attempting to delete C:\Windows\system32\mmqpymnu.dll
C:\Windows\system32\mmqpymnu.dll Has been deleted!
Attempting to delete C:\Windows\system32\sdbqcj.dll
C:\Windows\system32\sdbqcj.dll Could not be deleted.
Attempting to delete C:\Windows\system32\wgthub.dll
C:\Windows\system32\wgthub.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V7.0.6
Scan started at 15:54:32 27/08/2008
Listing files found while scanning....
C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\sdbqcj.dll
Beginning removal...
Attempting to delete C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\geBroLBq.dll Could not be deleted.
Attempting to delete C:\Windows\system32\sdbqcj.dll
C:\Windows\system32\sdbqcj.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Performing Repairs to the registry.
Done!
--------
N'y as t il pas un autre moyen pour les supprimer? que dois je faire??
Arnaud
Scan started at 15:16:31 27/08/2008
Listing files found while scanning....
C:\Windows\system32\cbigrviv.dll
C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\mmqpymnu.dll
C:\Windows\system32\nnnnKbCs.dll
C:\Windows\system32\sCbKnnnn.ini
C:\Windows\system32\sCbKnnnn.ini2
C:\Windows\system32\sdbqcj.dll
C:\Windows\system32\unmypqmm.ini
C:\Windows\system32\wgthub.dll
C:\Windows\system32\xwdamawb.dll
Beginning removal...
Attempting to delete C:\Windows\system32\cbigrviv.dll
C:\Windows\system32\cbigrviv.dll Could not be deleted.
Attempting to delete C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\geBroLBq.dll Could not be deleted.
Attempting to delete C:\Windows\system32\mmqpymnu.dll
C:\Windows\system32\mmqpymnu.dll Could not be deleted.
Attempting to delete C:\Windows\system32\nnnnKbCs.dll
C:\Windows\system32\nnnnKbCs.dll Has been deleted!
Attempting to delete C:\Windows\system32\sCbKnnnn.ini
C:\Windows\system32\sCbKnnnn.ini Has been deleted!
Attempting to delete C:\Windows\system32\sCbKnnnn.ini2
C:\Windows\system32\sCbKnnnn.ini2 Has been deleted!
Attempting to delete C:\Windows\system32\sdbqcj.dll
C:\Windows\system32\sdbqcj.dll Could not be deleted.
Attempting to delete C:\Windows\system32\unmypqmm.ini
C:\Windows\system32\unmypqmm.ini Has been deleted!
Attempting to delete C:\Windows\system32\wgthub.dll
C:\Windows\system32\wgthub.dll Could not be deleted.
Attempting to delete C:\Windows\system32\xwdamawb.dll
C:\Windows\system32\xwdamawb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\Windows\system32\cbigrviv.dll
C:\Windows\system32\cbigrviv.dll Has been deleted!
Attempting to delete C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\geBroLBq.dll Could not be deleted.
Attempting to delete C:\Windows\system32\mmqpymnu.dll
C:\Windows\system32\mmqpymnu.dll Has been deleted!
Attempting to delete C:\Windows\system32\sdbqcj.dll
C:\Windows\system32\sdbqcj.dll Could not be deleted.
Attempting to delete C:\Windows\system32\wgthub.dll
C:\Windows\system32\wgthub.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V7.0.6
Scan started at 15:54:32 27/08/2008
Listing files found while scanning....
C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\sdbqcj.dll
Beginning removal...
Attempting to delete C:\Windows\system32\geBroLBq.dll
C:\Windows\system32\geBroLBq.dll Could not be deleted.
Attempting to delete C:\Windows\system32\sdbqcj.dll
C:\Windows\system32\sdbqcj.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Performing Repairs to the registry.
Done!
--------
N'y as t il pas un autre moyen pour les supprimer? que dois je faire??
Arnaud
Bonjour
Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Déconnecte-toi, ferme toute tes applications et désactive tes défenses ( anti-virus, anti-spyware,...) le temps de la manip !!
Installe le soft à la racine de C:\ ( et pas ailleurs! --->"C\:SmitfraudFix.exe" ) .
Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php
Utilisation ---> option 1 / Recherche :
Double clique sur l'icône "Smitfraudfix.exe" et sélectionne 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.
Poste le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite .
(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)
*** source de toptitbal **** (flemme de recopier)
Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Déconnecte-toi, ferme toute tes applications et désactive tes défenses ( anti-virus, anti-spyware,...) le temps de la manip !!
Installe le soft à la racine de C:\ ( et pas ailleurs! --->"C\:SmitfraudFix.exe" ) .
Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php
Utilisation ---> option 1 / Recherche :
Double clique sur l'icône "Smitfraudfix.exe" et sélectionne 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.
Poste le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite .
(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)
*** source de toptitbal **** (flemme de recopier)
voici le rapport simtfraudfix:
SmitFraudFix v2.339
Rapport fait à 17:07:19,21, 27/08/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Arno Huart\Bureau\SmitfraudFix\Policies.exe
C:\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arno Huart
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arno Huart\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ARNOHU~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\PCHealthCenter\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.habiter-selon-lovag.com/homme/parois7.htm#"
"SubscribedURL"="http://www.habiter-selon-lovag.com/homme/parois7.htm#"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
SmitFraudFix v2.339
Rapport fait à 17:07:19,21, 27/08/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Arno Huart\Bureau\SmitfraudFix\Policies.exe
C:\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arno Huart
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arno Huart\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ARNOHU~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\PCHealthCenter\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.habiter-selon-lovag.com/homme/parois7.htm#"
"SubscribedURL"="http://www.habiter-selon-lovag.com/homme/parois7.htm#"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bingo !
Bon
https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
suis la démarche ! courage, c'est bientot fini
Bon
https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
suis la démarche ! courage, c'est bientot fini
voici le rapport du scan:
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1089
Windows 5.1.2600 Service Pack 3
19:07:18 27/08/2008
mbam-log-08-27-2008 (19-07-14).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 124340
Temps écoulé: 1 hour(s), 37 minute(s), 43 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 86
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBqPFXR.dll (Trojan.Vundo.H) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{261df1f6-b531-4bc0-a4ce-dcdd3c43429b} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{261df1f6-b531-4bc0-a4ce-dcdd3c43429b} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa6ffa96-2049-4f93-9204-3e0ce628c3d6} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fa6ffa96-2049-4f93-9204-3e0ce628c3d6} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0790168-28c6-42ab-8858-92b956d46b1c} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d0790168-28c6-42ab-8858-92b956d46b1c} (Trojan.BHO.H) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8928099 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcba1b305 (Trojan.Vundo) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqpfxr -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqpfxr -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ckxvpk.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geBqPFXR.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\RXFPqBeg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\RXFPqBeg.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ytdneias.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\saiendty.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geBroLBq.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\system32\wjpiorvy.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\L3BXABIU\kb767887[2] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\NR078YA0\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\NR078YA0\kb456456[2] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb65666[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb671231[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb671231[2] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\cntr[2] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb65666[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb767887[1] (Trojan.Vundo.H) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0106431.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0106676.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0108676.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108749.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108750.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108758.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108899.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108900.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108942.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108943.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108944.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109008.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109009.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109011.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109012.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109038.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109039.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109040.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109041.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109042.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110061.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110064.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110066.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110067.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110068.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110072.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110078.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110079.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110080.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110085.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110086.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110099.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110103.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110104.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110105.dll (Trojan.Vundo.H) -> No action taken.
C:\VundoFix Backups\cbigrviv.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\dwmccsjo.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\hgGvvtsr.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\ibwfts.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\jyrqmz.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\kdvytrnn.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\kqaetdli.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\ltxdiyed.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\mmqpymnu.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\nnnnKbCs.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\odjkzi.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\pfatwaak.dll.bad (Trojan.Vundo.H) -> No action taken.
C:\VundoFix Backups\pwvcxwfd.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\sdbqcj.dll.bad (Trojan.Vundo.H) -> No action taken.
C:\VundoFix Backups\vabypoxf.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\vmvdle.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\vtUooOIy.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\wgthub.dll.bad (Trojan.Vundo.H) -> No action taken.
C:\VundoFix Backups\xwdamawb.dll.bad (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cvjkeiof.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dohtqxsa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gfyypauc.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jybvntyd.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pkyynabe.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rrfnghdn.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sdbqcj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wqkdkjcl.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxhsshbh.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yjlfkpca.exe (Trojan.Vundo) -> No action taken.
------
No action taken - cela veut il dire que les fichiers infectés en question n'ont pas étés supprimés?
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1089
Windows 5.1.2600 Service Pack 3
19:07:18 27/08/2008
mbam-log-08-27-2008 (19-07-14).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 124340
Temps écoulé: 1 hour(s), 37 minute(s), 43 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 86
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBqPFXR.dll (Trojan.Vundo.H) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{261df1f6-b531-4bc0-a4ce-dcdd3c43429b} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{261df1f6-b531-4bc0-a4ce-dcdd3c43429b} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa6ffa96-2049-4f93-9204-3e0ce628c3d6} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fa6ffa96-2049-4f93-9204-3e0ce628c3d6} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0790168-28c6-42ab-8858-92b956d46b1c} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d0790168-28c6-42ab-8858-92b956d46b1c} (Trojan.BHO.H) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8928099 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcba1b305 (Trojan.Vundo) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqpfxr -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqpfxr -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ckxvpk.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geBqPFXR.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\RXFPqBeg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\RXFPqBeg.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ytdneias.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\saiendty.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geBroLBq.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\system32\wjpiorvy.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\L3BXABIU\kb767887[2] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\NR078YA0\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\NR078YA0\kb456456[2] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb65666[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb671231[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb671231[2] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\cntr[2] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb65666[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb767887[1] (Trojan.Vundo.H) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0106431.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0106676.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0108676.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108749.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108750.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108758.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108899.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108900.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108942.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108943.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108944.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109008.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109009.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109011.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109012.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109038.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109039.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109040.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109041.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109042.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110061.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110064.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110066.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110067.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110068.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110072.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110078.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110079.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110080.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110085.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110086.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110099.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110103.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110104.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110105.dll (Trojan.Vundo.H) -> No action taken.
C:\VundoFix Backups\cbigrviv.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\dwmccsjo.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\hgGvvtsr.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\ibwfts.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\jyrqmz.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\kdvytrnn.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\kqaetdli.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\ltxdiyed.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\mmqpymnu.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\nnnnKbCs.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\odjkzi.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\pfatwaak.dll.bad (Trojan.Vundo.H) -> No action taken.
C:\VundoFix Backups\pwvcxwfd.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\sdbqcj.dll.bad (Trojan.Vundo.H) -> No action taken.
C:\VundoFix Backups\vabypoxf.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\vmvdle.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\vtUooOIy.dll.bad (Trojan.Vundo) -> No action taken.
C:\VundoFix Backups\wgthub.dll.bad (Trojan.Vundo.H) -> No action taken.
C:\VundoFix Backups\xwdamawb.dll.bad (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cvjkeiof.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dohtqxsa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gfyypauc.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jybvntyd.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pkyynabe.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rrfnghdn.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sdbqcj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wqkdkjcl.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxhsshbh.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yjlfkpca.exe (Trojan.Vundo) -> No action taken.
------
No action taken - cela veut il dire que les fichiers infectés en question n'ont pas étés supprimés?
omg?? ce signifie quoi??
Voici le rapport aprés mise en quarantaine et suppression:
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1089
Windows 5.1.2600 Service Pack 3
19:07:56 27/08/2008
mbam-log-08-27-2008 (19-07-56).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 124340
Temps écoulé: 1 hour(s), 37 minute(s), 43 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 86
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBqPFXR.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{261df1f6-b531-4bc0-a4ce-dcdd3c43429b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{261df1f6-b531-4bc0-a4ce-dcdd3c43429b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa6ffa96-2049-4f93-9204-3e0ce628c3d6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{fa6ffa96-2049-4f93-9204-3e0ce628c3d6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0790168-28c6-42ab-8858-92b956d46b1c} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d0790168-28c6-42ab-8858-92b956d46b1c} (Trojan.BHO.H) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8928099 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcba1b305 (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqpfxr -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqpfxr -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ckxvpk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBqPFXR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\RXFPqBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RXFPqBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ytdneias.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\saiendty.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBroLBq.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\wjpiorvy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\L3BXABIU\kb767887[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\NR078YA0\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\NR078YA0\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb671231[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\cntr[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb767887[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0106431.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0106676.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0108676.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108749.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108750.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108758.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108899.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108900.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108942.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108944.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109008.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109009.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109011.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109012.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109039.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109041.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109042.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110061.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110064.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110072.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110085.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110086.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110099.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110103.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110105.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\VundoFix Backups\cbigrviv.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\dwmccsjo.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\hgGvvtsr.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\ibwfts.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\jyrqmz.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\kdvytrnn.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\kqaetdli.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\ltxdiyed.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\mmqpymnu.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\nnnnKbCs.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\odjkzi.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\pfatwaak.dll.bad (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\VundoFix Backups\pwvcxwfd.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\sdbqcj.dll.bad (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\VundoFix Backups\vabypoxf.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\vmvdle.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\vtUooOIy.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\wgthub.dll.bad (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\VundoFix Backups\xwdamawb.dll.bad (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cvjkeiof.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dohtqxsa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfyypauc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jybvntyd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pkyynabe.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrfnghdn.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdbqcj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqkdkjcl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxhsshbh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjlfkpca.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
Tout semble revenu dans l'ordre!!
Merci beaucoup!!!!
J'en profite pour une dernière question la mise à jour de mon spybot à instalé un nouvelle version depuis quelques temps. Cette version me donnait des messages régulier me proposant de refuser ou accepter une modifcation. De quelle modification sagit-il??
Arnaud
Voici le rapport aprés mise en quarantaine et suppression:
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1089
Windows 5.1.2600 Service Pack 3
19:07:56 27/08/2008
mbam-log-08-27-2008 (19-07-56).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 124340
Temps écoulé: 1 hour(s), 37 minute(s), 43 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 86
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBqPFXR.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{261df1f6-b531-4bc0-a4ce-dcdd3c43429b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{261df1f6-b531-4bc0-a4ce-dcdd3c43429b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa6ffa96-2049-4f93-9204-3e0ce628c3d6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{fa6ffa96-2049-4f93-9204-3e0ce628c3d6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0790168-28c6-42ab-8858-92b956d46b1c} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d0790168-28c6-42ab-8858-92b956d46b1c} (Trojan.BHO.H) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8928099 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcba1b305 (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqpfxr -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqpfxr -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ckxvpk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBqPFXR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\RXFPqBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RXFPqBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ytdneias.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\saiendty.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBroLBq.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\wjpiorvy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\L3BXABIU\kb767887[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\NR078YA0\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\NR078YA0\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\P22LGI8L\kb671231[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\cntr[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arno Huart\Local Settings\Temporary Internet Files\Content.IE5\QA22AG02\kb767887[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0106431.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0106676.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP240\A0108676.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108749.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108750.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP241\A0108758.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108899.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108900.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108942.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP242\A0108944.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109008.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109009.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109011.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP243\A0109012.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109039.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109041.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0109042.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110061.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110064.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110072.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110085.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP244\A0110086.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110099.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110103.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP245\A0110105.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\VundoFix Backups\cbigrviv.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\dwmccsjo.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\hgGvvtsr.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\ibwfts.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\jyrqmz.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\kdvytrnn.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\kqaetdli.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\ltxdiyed.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\mmqpymnu.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\nnnnKbCs.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\odjkzi.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\pfatwaak.dll.bad (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\VundoFix Backups\pwvcxwfd.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\sdbqcj.dll.bad (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\VundoFix Backups\vabypoxf.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\vmvdle.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\vtUooOIy.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\wgthub.dll.bad (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\VundoFix Backups\xwdamawb.dll.bad (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cvjkeiof.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dohtqxsa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfyypauc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jybvntyd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pkyynabe.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrfnghdn.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdbqcj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqkdkjcl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxhsshbh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjlfkpca.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
Tout semble revenu dans l'ordre!!
Merci beaucoup!!!!
J'en profite pour une dernière question la mise à jour de mon spybot à instalé un nouvelle version depuis quelques temps. Cette version me donnait des messages régulier me proposant de refuser ou accepter une modifcation. De quelle modification sagit-il??
Arnaud
surement une modification de registre suite à une installe logicielle ?
omg = oh ma gueule ....
Content que tu t'en sois sorti
omg = oh ma gueule ....
Content que tu t'en sois sorti
