[LOGICIEL] pc avec un tas de virus...

[nicolasdi28]

Bonjour,

je me suis chopé un virus, et il a du appeler tout ses copains comme Antivirus 2009 et des trucs du genre...

j'ai kaspersky mais il n'arrive pas a désinfecter, les fichiers sont placés dans svhost et il nefonctionne pas en mode sans échec...

rapport smit fraud fix:

SmitFraudFix v2.388

Rapport fait à 18:31:42,10, 02/01/2009

Executé à partir de C:\Documents and Settings\Thierry\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe

C:\Program Files\NetLimiter 2 Lite\nlsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Xfire\xfire.exe

N:\Program Files\PC Wizard 2008\PC Wizard.exe

N:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\sandra.exe

C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Thierry\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

rapport hijack this

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:30:55, on 02/01/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe

C:\Program Files\NetLimiter 2 Lite\nlsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Xfire\xfire.exe

N:\Program Files\PC Wizard 2008\PC Wizard.exe

N:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\sandra.exe

C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: (no name) - {508dcfc6-0afe-4ab8-8a2c-ad6aba1041b9} - C:\WINDOWS\system32\vivuyayo.dll

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {7FC793E3-2599-4E31-9806-1E7BFF68F894} - (no file)

O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O2 - BHO: HttpWatch Basic - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files\HttpWatch\httpwatchsc.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [vuyupofivu] Rundll32.exe "C:\WINDOWS\system32\venijija.dll",s

O4 - HKLM\..\Run: [a04ae597] rundll32.exe "C:\WINDOWS\system32\pogewaso.dll",b

O4 - HKLM\..\Run: [CPMa379d60b] Rundll32.exe "c:\windows\system32\ribenepo.dll",a

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [vuyupofivu] Rundll32.exe "C:\WINDOWS\system32\venijija.dll",s (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Tout télécharger par Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe

O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll

O9 - Extra 'Tools' menuitem: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2A58FA45-9C26-4014-9AB1-07981D8C7C3E}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{8383FB95-2F59-4C4F-A197-9381F4972A01}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{EBB95A39-173D-4CED-9E22-793E2CCD6776}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CS1\Services\Tcpip\..\{2A58FA45-9C26-4014-9AB1-07981D8C7C3E}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CS2\Services\Tcpip\..\{2A58FA45-9C26-4014-9AB1-07981D8C7C3E}: NameServer = 208.67.222.222,208.67.220.220

O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\adialhk.dll c:\progra~1\kasper~1\kasper~1\kloehk.dll C:\WINDOWS\system32\kakinahu.dll c:\windows\system32\ribenepo.dll

O20 - Winlogon Notify: mlJCTNFV - mlJCTNFV.dll (file missing)

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ribenepo.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ribenepo.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate1c95e2f788fdbdc) (gupdate1c95e2f788fdbdc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Lite\nlsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe (file missing)

--

End of file - 11953 bytes

Merci d'avance

[snooky]

Salut ,

lance MBAM , analyse complète et supprime tout ce qu'il trouve .

[nicolasdi28]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a04ae597 (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vuyupofivu (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma379d60b (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7fc793e3-2599-4e31-9806-1e7bff68f894} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kakinahu.dll -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\kakinahu.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kakinahu.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\ribenepo.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\ribenepo.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www2.iesearch.com/) Good: (http://www.google.com/) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www2.iesearch.com/) Good: (http://www.google.com/) -> No action taken.

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\WINDOWS\system32\jalavile.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\elivalaj.ini (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\pogewaso.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\osawegop.ini (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\tefojaru.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\urajofet.ini (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\venijija.dll (Trojan.Vundo.H) -> No action taken.

c:\WINDOWS\system32\ribenepo.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\vivuyayo.dll (Trojan.Vundo.H) -> No action taken.

C:\Documents and Settings\Thierry\Local Settings\Application Data\acoks_navps.dat (Adware.Navipromo.H) -> No action taken.

C:\Documents and Settings\Thierry\Local Settings\Application Data\acoks_nav.dat (Adware.Navipromo.H) -> No action taken.

C:\Documents and Settings\Thierry\Local Settings\Application Data\acoks.dat (Adware.Navipromo.H) -> No action taken.

C:\Documents and Settings\Thierry\Local Settings\Application Data\acoks.exe (Adware.Navipromo.H) -> No action taken.

C:\WINDOWS\system32\kakinahu.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\iqzhez.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\huvehibi.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\damorume.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\tuvujuka.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\norefose.dll (Trojan.Vundo) -> No action taken.

il y a des trucs qui ne se sont pas enlevé, il a redémarré mais je ne sais pas si c'est bon, donc j'ai refait une analyse^^

[snooky]

No Action Taken = Aucune action entreprise.

Il faut tout cocher et supprimer ... lance une nouvelle analyse complète avec MBAM ....

[nicolasdi28]

Le ver se propage en utilisant les dossiers partagés sur les postes en réseau.

bon, bah je sais ou je l'ai eu...

j'ai plus qu'a cleaner le pc de mon frere^^

[snooky]

Lance également ComboFix sur les 2 pc :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Quitte l'antivirus avant de lancer ComboFix .

[nicolasdi28]

Lance également ComboFix sur les 2 pc :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Quitte l'antivirus avant de lancer ComboFix .

j'avais oublié de poster, mais c'est bon^^

je l'ai lancé, il n'a rien trouvé

[XZombi]

Sympa de revenir donner ta réponse.

Manquerait plus que tu mettes [Résolu] dans ton titre et je ne pourrais rien demander de plus.