Antivirus 2009: rapport malware besoin d'aide Fermé

Question

Bonjour,
j'ai le virus antivirus 2009
j'ai loader malwarebytes
a la fin il a dit qu'il a pu tout supprimer
voici mon rapport

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1390
Windows 5.1.2600 Service Pack 3

12/11/2008 18:54:41
mbam-log-2008-11-12 (18-54-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 92998
Temps écoulé: 47 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pmnnOFVm.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74084557-be32-489d-9fd1-0ffaff8f68a3} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{74084557-be32-489d-9fd1-0ffaff8f68a3} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Services (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnnofvm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnofvm  -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\pmnnOFVm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mVFOnnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mVFOnnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mathieu\Local Settings\Temporary Internet Files\Content.IE5\5UAA1UEP\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP124\A0081450.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP125\A0081460.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP126\A0081466.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP126\A0082451.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP126\A0083451.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP126\A0083476.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP127\A0083491.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP127\A0083503.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP127\A0083511.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP127\A0083520.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP127\A0084524.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP127\A0085522.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP127\A0085526.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP127\A0086556.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8205D71A-4810-4FD7-A887-74E6860CF33E}\RP128\A0087557.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\wksvcsc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

gen-hackman · Answer

salut  ,  :

ComboFix: 

télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware et ta connection internet 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

roxou · Answer

voici le rapport combofix

ComboFix 08-11-11.01 - Maman 2008-11-12 19:19:17.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.68 [GMT -5:00]
Lancé depuis: c:\documents and settings\Maman\Bureau\ComboFix.exe
* Resident AV is active

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\msn.exe
c:\windows\system32\uwbcpylu.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-13 au 2008-11-13 ))))))))))))))))))))))))))))))))))))
.

2008-11-12 17:10 . 2008-11-12 17:10 <REP> d-------- c:\documents and settings\Maman\Application Data\Malwarebytes
2008-11-12 17:09 . 2008-11-12 17:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-12 17:09 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-12 17:09 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-10 21:43 . 2008-11-11 19:39 7,741 --a------ C:\osjs.exe
2008-11-10 19:08 . 2008-11-11 19:49 7,741 --a------ C:\oss.exe
2008-11-10 18:09 . 2008-11-10 18:09 50,688 -r-hs---- c:\windows\printer.exe
2008-11-09 18:20 . 2008-11-09 18:22 <REP> d-------- c:\program files\Téléchargeur de FlatOut2
2008-11-07 20:21 . 2008-11-07 20:20 93,234 -r-hs---- c:\windows\iMDM32.exe
2008-11-07 20:20 . 2008-11-07 20:20 93,234 --a------ C:\gjfs.exe
2008-11-06 10:16 . 2008-11-06 10:16 93,234 --a------ c:\documents and settings\Mathieu\fat.exe
2008-10-31 17:46 . 2008-10-31 17:46 45 ---h----- c:\windows\dsez3061.dat
2008-10-31 17:45 . 2008-10-31 18:11 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-10-31 17:32 . 2008-10-31 17:32 <REP> d-------- c:\documents and settings\Mathieu\Application Data\Canon
2008-10-25 19:49 . 2008-10-25 19:49 8,192 --ahs---- c:\windows\Thumbs.db
2008-10-24 03:58 . 2008-10-15 11:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 18:19 . 2008-10-31 17:39 <REP> d-------- c:\documents and settings\All Users\Application Data\PhotoStitch
2008-10-22 06:12 . 2008-10-22 06:12 <REP> d-------- c:\program files\Eidos Interactive
2008-10-21 19:26 . 2008-10-21 19:26 <REP> d-------- c:\program files\Fichiers communs\BOONTY Shared
2008-10-21 19:26 . 2008-10-21 19:26 <REP> d-------- c:\documents and settings\All Users\Application Data\BOONTY
2008-10-18 08:39 . 2008-10-18 08:43 <REP> d-------- c:\program files\MTA San Andreas
2008-10-16 19:04 . 2008-10-16 20:38 <REP> d-------- c:\documents and settings\Mathieu\Application Data\uTorrent
2008-10-15 21:17 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 21:16 . 2008-08-14 08:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 21:16 . 2008-08-14 08:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 21:16 . 2008-08-14 08:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 21:16 . 2008-08-14 08:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 21:16 . 2008-09-15 10:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- c:\program files\Fichiers communs\DirectX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 00:02 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-08 19:06 --------- d-----w c:\documents and settings\Mathieu\Application Data\LimeWire
2008-10-22 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-22 01:05 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-21 23:49 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-13 12:25 --------- d-----w c:\program files\EA Sports
2008-10-01 14:44 --------- d--h--r c:\documents and settings\Mathieu\Application Data\SecuROM
2008-09-25 21:18 --------- d-----w c:\program files\NOS
2008-09-25 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-09-25 16:39 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-09-25 16:37 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-09-20 11:33 --------- d-----w c:\program files\Windows Media Connect 2
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-25 17:17 21,840 ----atw c:\windows\system32\SIntfNT.dll
2008-08-25 17:17 17,212 ----atw c:\windows\system32\SIntf32.dll
2008-08-25 17:17 12,067 ----atw c:\windows\system32\SIntf16.dll

gen-hackman · Answer

bien.....veux tu relancer un nouvel hijackthis maintenant ?

gen-hackman · Answer

Tout sera redevenu normal quand on tye l auras dit et non quand tu l auras decide......enfin ...............a bientot alors....................

Antivirus 2009: rapport malware besoin d'aide

4 réponses

Discussions similaires