Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

PROBLEME SERIEUX !!!!! AIDEZ MOI SVP

Dernière réponse le 24 mar 2009 à 20:19:37 nnboss, le 24 mar 2009 à 19:07:22

Signaler ce message aux modérateurs

Bonjour, Je fait appelle a vous car hier en demarrant mon pc avast ma indiquer qui y'avai
beaucoup de virus (cheval de troie trojan..ect) alors que la veille tout marchait bien !j'ai tenter alors le scan au redemarage (programmer pour supprimer les fichier infectés avant qu'il soit actif) mais après le scan avast me dit encore que ces mêmes fichier son sur mon pc enfaite sa les supprime pas .Spybot n'y fait rien aussi ! malware bite trouve plus de 65 fichier infecter mais quant je fait supprimer les memes fichier reviennent toujours en plus maintenant sa m'ouvre des pages internet explorer pour rien alors que mon navigateur par default est Mozilla !!! J'AIS BESOIN D'AIDE

Configuration: Windows XP
Firefox 3.0.7

Meilleures réponses pour « PROBLEME SERIEUX !!!!! AIDEZ MOI SVP » dans :

Message d'erreur Serieuse de windows XP Pro (Résolu) Voir

Site sérieux (Résolu) Voir

Le + sérieux ébergeur pr achat nom de domaine (Résolu) Voir

[Windows] Le système a récupéré d'une erreur sérieuse VoirCe message d'erreur s'affichant au démarrage de Windows indique que le système ne s'est pas arrêté correctement. La cause de ce message peut être tout simplement liée à une mauvaise extinction de l'ordinateur (ordinateur éteint brutalement) ou...

Sérieux du site: maismoinscher.com ? Voir

Système à récupéré erreur sérieuse ? Voir

Le système a recupéré d'une erreur serieuse Voir

Posez votre question Répondre

crapoulou, le 24 mar 2009 à 19:10:20

Salut,
Poste le rapport de Malwarebytes Anti MAlware. (Il se trouve dans l'onglet Rapports/Log).

- Télécharge HijackThis Version 2.02 :
= = = = >>> En cliquant ici <<< = = = =

- Enregistre HJTInstall.exe sur ton bureau.
- Fais un double-clic (gauche) sur HJTInstall.exe afin de lancer l’installation
- Clique sur Install ensuite sur « I Accept »
- Clique sur « Do a scan system and save log file »
- Le bloc-notes s’ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
T'as un problème ? Passe sur CCM!
Il n'y a pas de problème sans solution.

Répondre à crapoulou

nnboss, le 24 mar 2009 à 19:39:36

VOICI LE RAPPORT

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1813
Windows 5.1.2600 Service Pack 2

24/03/2009 19:35:18
mbam-log-2009-03-24 (19-35-14).txt

Type de recherche: Examen rapide
Eléments examinés: 90631
Temps écoulé: 41 minute(s), 32 second(s)

Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 56
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 55

Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohbxy (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\glaide32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\restore (Rootkit.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c1f8034 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfqo (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12zfg94-f641-2sf-k31p-5n1er6h6l2 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrpack29 (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg515-k641-55sf-n66p (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Heuristics.Reserved.Word.Exploit) -> Data: c:\documents and settings\all users\application data\microsoft\svchost.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe") Good: (Explorer.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> No action taken.
C:\Program Files\iCheck (Trojan.Agent) -> No action taken.
C:\Program Files\VnrPack (Adware.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\suwxxyay.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\suwxxyay.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jiewlvur.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> No action taken.
C:\RECYCLER\S-1-5-21-8162064167-8498976116-960435484-7326\service.exe (Trojan.Agent) -> No action taken.
C:\Program Files\WWShow\WWShow.dll (Trojan.Agent) -> No action taken.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\awtqrsPh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcYpNDV.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkKDsqO.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlJYpqoM.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qoMEtUmJ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqqOigd.dl_ (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tsuninst.exe (Spyware.TargetSaver) -> No action taken.
C:\WINDOWS\system32\yayywUlj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayyXnKD.dll (Trojan.Vundo.H) -> No action taken.
C:\mbackyt.exe (Trojan.TinyDownloader705) -> No action taken.
C:\rfjcpx.exe (Trojan.TinyDownloader705) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\rip10.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\__E.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\OS2CM5XY\152[1].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\T94SPGTK\155[1].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temporary Internet Files\Content.IE5\9MOA5K7G\apstpldr.dll[1].htm (Trojan.Vundo) -> No action taken.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> No action taken.
C:\Program Files\VnrPack\dicts.gz (Adware.Agent) -> No action taken.
C:\Program Files\VnrPack\trgts.gz (Adware.Agent) -> No action taken.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\netsik.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eliezer\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eliezer\Application Data\Twain\Twain.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\lsass.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\BN7E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\BN8B.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN23.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> No action taken.

Répondre à nnboss

vil coyote, le 24 mar 2009 à 19:10:50

'Lut,
primo, tu n'es pas obligé de hurler, on n'est pas sourd.. :(
Secundo, la place de ce topic est dans le forum virus.sécu..
c|:-=

Répondre à vil coyote

exclusiv111, le 24 mar 2009 à 19:15:14

C vaiment genant mais essaye de telecharger nod32 de www.nod32.com il va te demander un nom d'utilisateur et mot de passe, tu les trouvera dans www.nod123.cn a gauche de al page d'acceuil, supprime ts les antivirus puis installe nod32, fais un scan, si t'as de chance il va ts supprimer sinon au pire des cas il va les mettre en quarantaine, si c le cas malheureusement tu aura besoin d'un formatage du dusque dur, bonne nuit une bonne question=une bonne reponse

Répondre à exclusiv111

nnboss, le 24 mar 2009 à 19:35:47

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1813
Windows 5.1.2600 Service Pack 2

24/03/2009 19:35:18
mbam-log-2009-03-24 (19-35-14).txt

Type de recherche: Examen rapide
Eléments examinés: 90631
Temps écoulé: 41 minute(s), 32 second(s)

Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 56
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 55

Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohbxy (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\glaide32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\restore (Rootkit.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c1f8034 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfqo (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12zfg94-f641-2sf-k31p-5n1er6h6l2 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrpack29 (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg515-k641-55sf-n66p (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Heuristics.Reserved.Word.Exploit) -> Data: c:\documents and settings\all users\application data\microsoft\svchost.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe") Good: (Explorer.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> No action taken.
C:\Program Files\iCheck (Trojan.Agent) -> No action taken.
C:\Program Files\VnrPack (Adware.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\suwxxyay.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\suwxxyay.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jiewlvur.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> No action taken.
C:\RECYCLER\S-1-5-21-8162064167-8498976116-960435484-7326\service.exe (Trojan.Agent) -> No action taken.
C:\Program Files\WWShow\WWShow.dll (Trojan.Agent) -> No action taken.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\awtqrsPh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcYpNDV.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkKDsqO.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlJYpqoM.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qoMEtUmJ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqqOigd.dl_ (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tsuninst.exe (Spyware.TargetSaver) -> No action taken.
C:\WINDOWS\system32\yayywUlj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayyXnKD.dll (Trojan.Vundo.H) -> No action taken.
C:\mbackyt.exe (Trojan.TinyDownloader705) -> No action taken.
C:\rfjcpx.exe (Trojan.TinyDownloader705) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\rip10.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\__E.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\OS2CM5XY\152[1].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\T94SPGTK\155[1].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temporary Internet Files\Content.IE5\9MOA5K7G\apstpldr.dll[1].htm (Trojan.Vundo) -> No action taken.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> No action taken.
C:\Program Files\VnrPack\dicts.gz (Adware.Agent) -> No action taken.
C:\Program Files\VnrPack\trgts.gz (Adware.Agent) -> No action taken.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\netsik.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eliezer\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eliezer\Application Data\Twain\Twain.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\lsass.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\BN7E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\Local Settings\Temp\BN8B.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN23.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> No action taken.

Répondre à nnboss

crapoulou, le 24 mar 2009 à 19:47:18

"No action taken."
Supprime tout !
Poste le rapport qui te mets "quarantine and deleted seuccessfully" en face des fichiers. T'as un problème ? Passe sur CCM!
Il n'y a pas de problème sans solution.

Répondre à crapoulou

wajdi09, le 24 mar 2009 à 19:51:30

Je te conseille de formater l'ordinateur

Répondre à wajdi09

crapoulou, le 24 mar 2009 à 19:54:49

La solution facile.
S'il vient là, c'est pour solutionner son problème autrement à mon avis ...! T'as un problème ? Passe sur CCM!
Il n'y a pas de problème sans solution.

Répondre à crapoulou

chimay8, le 24 mar 2009 à 19:55:18

Je te conseille de formater l'ordinateur

et ça sert à quoi d'avoir un forum virus/sécurité??? Bouh!! Les méchants virus...

Répondre à chimay8

nnboss, le 24 mar 2009 à 19:56:53

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1813
Windows 5.1.2600 Service Pack 2

24/03/2009 19:38:17
mbam-log-2009-03-24 (19-38-17).txt

Type de recherche: Examen rapide
Eléments examinés: 90631
Temps écoulé: 41 minute(s), 32 second(s)

Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 56
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 55

Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohbxy (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b3039f6-f197-4b4a-ba48-2a27a949cf06} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bbe9e0d1-c3e0-44fc-a77b-688038822e3e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\glaide32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c1f8034 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfqo (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12zfg94-f641-2sf-k31p-5n1er6h6l2 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrpack29 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg515-k641-55sf-n66p (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxxwus -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Heuristics.Reserved.Word.Exploit) -> Data: c:\documents and settings\all users\application data\microsoft\svchost.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqOHbxY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sgkvvl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayxxwus.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\suwxxyay.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\suwxxyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvlweij.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jiewlvur.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBsRHy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fmardmop.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Fichiers communs\rfqo\rfqom.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\rfqo\rfqoa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\rfqo\rfqod\rfqoc.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-8162064167-8498976116-960435484-7326\service.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files\WWShow\WWShow.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqrsPh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYpNDV.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKDsqO.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYpqoM.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMEtUmJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqqOigd.dl_ (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsuninst.exe (Spyware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayywUlj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyXnKD.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\mbackyt.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\rfjcpx.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\rip10.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\__E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\OS2CM5XY\152[1].net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eliezer\Local Settings\Temporary Internet Files\Content.IE5\T94SPGTK\155[1].net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temporary Internet Files\Content.IE5\9MOA5K7G\apstpldr.dll[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\dicts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\trgts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\VnrPack29.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\netsik.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eliezer\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eliezer\Application Data\Twain\Twain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\BN7E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NNB\Local Settings\Temp\BN8B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN23.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Répondre à nnboss

wajdi09, le 24 mar 2009 à 20:00:32

JE TE CONSEILLE DE FORMATER L'ORDINATEUR

Répondre à wajdi09

chimay8, le 24 mar 2009 à 20:01:57

Tu as deux messages et tu débloques déja... Bouh!! Les méchants virus...

Répondre à chimay8

chimay8, le 24 mar 2009 à 20:03:45

Crapoulou,

verni29 m'a fait remarqué quelque chose

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NNB\reader_s.exe (Trojan.Agent) -> No action taken.

ça pue le virut... Bouh!! Les méchants virus...

Répondre à chimay8

chimay8, le 24 mar 2009 à 20:13:50

Fais ceci stp

**désactive ton antivirus, logiciels de protections et logiciels pouvant bloquer les popups (barres Google, barres Yahoo etc..).**

Ouvre internet explorer --> Outils --> Options internet --> onglet "sécurité" --> Valide "niveau par défaut".
Toujours sur Internet explorer --> Outils --> Options internet --> onglet "avancé" --> valide "Paramètres par défaut".

Scan en ligne avec Kaspersky :
- http://webscanner.kaspersky.fr/ en utilisant Internet Explorer et pas Firefox, ça ne marchera pas!.
- Si tu es perdu, tu peux suivre l'aide pour les scans en ligne http://www.malekal.com/scan_Av_en_ligne.html#mozTocId291566

AIDE : Configurer le contrôle des ActiveX < http://www.inoculer.com/activex.php3 >
Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html , ou là : http://forum.pcastuces.com/sujet.asp?f=25&s=37641 (par Morgane & nico_dodo)

- Au moment de choisir la cible à analyser, clique sur le bouton Paramètres d'analyse
- Dans la nouvelle fenêtre, coche "étendu" au milieu puis clique sur OK.
- Choisis le poste de travail dans la cible à analyser
- Copie/colle le rapport du scan ici

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner,
reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne. Bouh!! Les méchants virus...

Répondre à chimay8

crapoulou, le 24 mar 2009 à 20:19:37

Salut Fabrice,
Bien vu.
Je te laisse ;-).
A+.
Bonne continuation. T'as un problème ? Passe sur CCM!
Il n'y a pas de problème sans solution.

Répondre à crapoulou

Posez votre question Répondre