Pc lent virus ?

Résolu/Fermé

syl78124 Messages postés 76 Date d'inscription jeudi 10 avril 2008 Statut Membre Dernière intervention 14 novembre 2019 - 19 juin 2008 à 15:55
^^Marie^^ Messages postés 113929 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 21 juin 2008 à 23:19

Bonjour,

depuis qq jours mon pc rame. Comme j'ai déjà eu un pb en avril j'ai passé antimalware en mode sans échec
(scan complet, suppression des fichiers infectés, redémarrage du pc, relance antimalware et suppression fichiers en quarantaine)
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 849

22:58:26 18/06/2008
mbam-log-6-18-2008 (22-58-26).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 243028
Temps écoulé: 52 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 37

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\vtUnkljj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ssqpMcCv.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{697620af-7359-40f1-bea4-a7f85325c48b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{697620af-7359-40f1-bea4-a7f85325c48b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8691f860-96e4-4fb3-8d35-531c0d1b0ac1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8691f860-96e4-4fb3-8d35-531c0d1b0ac1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpmccv (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\centerlock.centerlock (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\centerlock.centerlock.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d4ba26a3 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8691f860-96e4-4fb3-8d35-531c0d1b0ac1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd789153f (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtunkljj -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.vundo) -> Data: c:\windows\system32\vtunkljj -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\detcvyjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sjyvcted.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebvlfruj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jurflvbe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jurflvbe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fyrjefxg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxfejryf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gsewwkjb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjkwwesg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\keemgrtk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ktrgmeek.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kgwrsvcn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncvsrwgk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncvsrwgk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nwnyujdd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddjuynwn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upyoejdy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ydjeoypu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUnkljj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jjlknUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjlknUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqpMcCv.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\flo\Local Settings\Temporary Internet Files\Content.IE5\AL3HHFSC\kb516107[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\flo\Local Settings\Temporary Internet Files\Content.IE5\DQIZ2FK7\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Spcron\Spc.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP824\A0267721.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP825\A0267723.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP826\A0269824.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP829\A0272990.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP829\A0272992.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP830\A0277128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP834\A0284265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnpfxciq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pssnjcfi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ghrvfgpg.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

après redémarrage windows en mode normal j'ai constaté qq améliorations mais pas suffisant
j'ai redémarré le pc en mode sans échec et relancé antimalware scan complet et retouvé des fichiers infectés

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 849

08:43:49 19/06/2008
mbam-log-6-19-2008 (08-43-49).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 242828
Temps écoulé: 51 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\vtUnkljj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ssqpMcCv.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7de4805-2d1f-45bc-9114-8a685b094834} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d7de4805-2d1f-45bc-9114-8a685b094834} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8691f860-96e4-4fb3-8d35-531c0d1b0ac1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8691f860-96e4-4fb3-8d35-531c0d1b0ac1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpmccv (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8691f860-96e4-4fb3-8d35-531c0d1b0ac1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd789153f (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\pssnjcfi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifcjnssp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUnkljj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jjlknUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjlknUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqpMcCv.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP834\A0320445.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP834\A0320446.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghrvfgpg.dll (Trojan.Agent) -> Quarantined and deleted successfully.

j'ai relancé le pc une 3e fois et relancer antimalware scan rapide même chose

Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\vtUnkljj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ssqpMcCv.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75576958-58cc-4c0e-b288-ed45f397e687} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{75576958-58cc-4c0e-b288-ed45f397e687} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8691f860-96e4-4fb3-8d35-531c0d1b0ac1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8691f860-96e4-4fb3-8d35-531c0d1b0ac1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpmccv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8691f860-96e4-4fb3-8d35-531c0d1b0ac1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\vtUnkljj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jjlknUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjlknUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqpMcCv.dll (Trojan.Vundo) -> Delete on reboot.

Merci d'avance pour votre aide
Sylvain
ps je reste connecté en mode sans échec avec réseau

A voir également:

Pc lent virus ?
Pc lent - Guide
Benchmark pc - Guide
Reinitialiser pc - Guide
Whatsapp pc - Télécharger - Messagerie
Double ecran pc - Guide

2 réponses

Réponse 1 / 2

romaricdj Messages postés 4 Date d'inscription mercredi 5 avril 2006 Statut Membre Dernière intervention 19 juin 2008
19 juin 2008 à 16:27

change d anti virus.j utilise avast 4.7 et je pense qu il est bon dans ce domaine.d apres ca ke je voi le virus a infecte le registre ce ki va bien attendu cree des gkjlè_àç-à((-'-(d( tu comprend on. donc change d anitivirus c est mieux pour toi .

syl78124 Messages postés 76 Date d'inscription jeudi 10 avril 2008 Statut Membre Dernière intervention 14 novembre 2019
19 juin 2008 à 16:31

ok mais pour changer d'antivirus il faudarit encore que mon pc fonctionne

Réponse 2 / 2

^^Marie^^ Messages postés 113929 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 274
21 juin 2008 à 23:19

**DOUBLON**
http://www.commentcamarche.net/forum/affich 6979342 pb virus spyware log hijackthis antimalware

Newsletters