Virus 2009
Résolu
sylob
Messages postés
20
Statut
Membre
-
sylob Messages postés 20 Statut Membre -
sylob Messages postés 20 Statut Membre -
Bonjour,
ce virus antivir 2009 me pourrit mon système il redemarre windows toutes les 5mn et meouvre des fenètres en pagaille jessaye de le supprimer avec AVG que jai com antivirus et il me dit qu'une partie du système peut être endommagé alors je ne lai pas supprimé par crainte
avec les conseils des autres jai telechargé malwarebytes antimalware mais je ne lai pas encore exécuter car je voudrais que quelqun m guide pour eviter de faire des betises
jai un DELL INSPIRON PORTABLE sous WINDOWS XP
merci de maider
ce virus antivir 2009 me pourrit mon système il redemarre windows toutes les 5mn et meouvre des fenètres en pagaille jessaye de le supprimer avec AVG que jai com antivirus et il me dit qu'une partie du système peut être endommagé alors je ne lai pas supprimé par crainte
avec les conseils des autres jai telechargé malwarebytes antimalware mais je ne lai pas encore exécuter car je voudrais que quelqun m guide pour eviter de faire des betises
jai un DELL INSPIRON PORTABLE sous WINDOWS XP
merci de maider
A voir également:
- Virus 2009
- Virus mcafee - Accueil - Piratage
- Telecharger splitcam ancienne version 2009 - Télécharger - Messagerie
- Virus facebook demande d'amis - Accueil - Facebook
- Msn 2009 - Télécharger - Messagerie
- Artemis virus - Forum Virus
10 réponses
C est pas très malin, y a peut etre des infections plus importantes et d autres logiciels à faire passer avant malwarebytes
Re sylob,
Avant toutes choses, Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp
Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :
https://www.androidworld.fr/
Comment copier/coller le rapport :
Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".
ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
Une explication des raccourcis clavier sont illustrés sur mon site web à cette adresse :
https://www.androidworld.fr/
Avant toutes choses, Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp
Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :
https://www.androidworld.fr/
Comment copier/coller le rapport :
Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".
ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
Une explication des raccourcis clavier sont illustrés sur mon site web à cette adresse :
https://www.androidworld.fr/
Bonjour Geoffreys
je tenvoie le rapport de lanalyse avec Malwarebyts' Antimalware
car javais déjà installé celui ci merci
Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1127
Windows 5.1.2600 Service Pack 2
18/09/2008 12:00:55
mbam-log-2008-09-18 (12-00-54).txt
Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 116995
Temps écoulé: 1 hour(s), 20 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 18
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS.0\system32\gEwVlmkJ.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13593a7d-4b6e-4d75-b1d2-9194b5bf040d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{13593a7d-4b6e-4d75-b1d2-9194b5bf040d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{214bec12-eb09-499e-b54a-af676103ddea} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{214bec12-eb09-499e-b54a-af676103ddea} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6725edc-93ff-479b-a98b-c5b9e3c44864} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccdcaqr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6725edc-93ff-479b-a98b-c5b9e3c44864} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\25607921924641704897336575440097 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1fd68aa0 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1ce5b93c (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS.0\system32\gEwVlmkJ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS.0\system32\JkmlVwEg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\JkmlVwEg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\iciwau.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\fccdcAqr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\winsrc.dll (Adware.Search Toolbar) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\ieexplorer32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\ckvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\drivers\secdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\yayvWoNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\ssqRJdCR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\BM1fd68aa0.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\BM1fd68aa0.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\drivers\etc\services (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
je tenvoie le rapport de lanalyse avec Malwarebyts' Antimalware
car javais déjà installé celui ci merci
Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1127
Windows 5.1.2600 Service Pack 2
18/09/2008 12:00:55
mbam-log-2008-09-18 (12-00-54).txt
Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 116995
Temps écoulé: 1 hour(s), 20 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 18
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS.0\system32\gEwVlmkJ.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13593a7d-4b6e-4d75-b1d2-9194b5bf040d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{13593a7d-4b6e-4d75-b1d2-9194b5bf040d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{214bec12-eb09-499e-b54a-af676103ddea} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{214bec12-eb09-499e-b54a-af676103ddea} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6725edc-93ff-479b-a98b-c5b9e3c44864} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccdcaqr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6725edc-93ff-479b-a98b-c5b9e3c44864} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\25607921924641704897336575440097 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1fd68aa0 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1ce5b93c (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS.0\system32\gEwVlmkJ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS.0\system32\JkmlVwEg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\JkmlVwEg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\iciwau.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\fccdcAqr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\winsrc.dll (Adware.Search Toolbar) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\ieexplorer32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\ckvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\drivers\secdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\yayvWoNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\ssqRJdCR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\BM1fd68aa0.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\BM1fd68aa0.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\drivers\etc\services (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Est-ce que tu as bien fait l'analyse en mode sans échec ?? Si oui, va voir dans Quarantaine si il y a quelque chose, si oui, tu supprimes tout.
Salut Geoffreys avec le rapport que je tai envoyé quels sont tes impressions?
si tu me le recommandes je peux telecharger hijackthis .
si tu me le recommandes je peux telecharger hijackthis .
