WMA/TrojanDownloader Résolu/Fermé

Question

Bonjour,


je viens de récuperer un disque dur completement infecté , Nod 32 antivirus 4 detecte une quantité inombrable de virus du type :

E:\Documents and Settings\Administrateur\Searched\Blonde Light-skinned Ebony Babe gets a White Dick.avi	WMA/TrojanDownloader.GetCodec.B cheval de troie	

suivi de milier de noms dans le meme genre !

Pouvez vous m'aider , puis vous poster mon rapport HijackThis?

XaTon · Answer

Salut ,

Oui , poste un log Hijack

Disney · Answer

une fois le rapport qui s'affiche dans le note pad , dois je cliquer sur scan ou fix checked ??



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:23, on 14/09/2009
Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Taskix\Taskix32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft IntelliType Pro	ype32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Garmin\gStart.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DeskSpace\deskspace.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro	ype32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [wASO] C:\Program Files\Windows Trust\wASO.exe /Q
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

kduc · Answer

Salut à vous deux,

Disney,

Continue sur ce forum et laisse tomber 01.net.

D' avance, merci.

http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/wma-trojandownloader-sujet_53845_1.htm

Benj_64 · Answer

Ca marche v attendre une reponse sur votre forum ,
entre temps g tester malwarebytes anti malware , et tout comme Nod il galere sur des trucs du genre :

Blonde Light-skinned Ebony Babe gets a White Dick.avi , il e detecte des milliers comme ca !

C'est virtumonde?

kduc · Answer

...

Merci de ta compréhension.

---
Non, ce n' est pas Virtumonde !

---
En attendant le retour de ton sauveur, relance Malwarebytes pour un scan.

Poste le rapport.

PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats, 
puis sur Supprimer la sélection.

XaTon · Answer

Re !

Oui poste don un rapport Mbam pour commencer

Disney · Answer

J'ai un petit souci , le scan ne se termine jamais , il detecte des milliers de .avi genre noms de films de X , ces films n'existe meme pas sur le disque dur , des trojans dans tous les sens ... que faire ?? Nod32 et Dr Web font de meme ...

Merci

XaTon · Answer

Simple question , ton Windows est officiel ?

kduc · Answer

Salut à vous deux,

Modifié, je pense aussi ...

"O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') "

XaTon · Answer

Salut kduc .

Louche ces 4 lignes

A suivre 

...

Benj_64 · Answer

tout à fait c'est W Trust 3 , bon je teste Mbam en mode sans echec ... d'autres idées ??

Benj_64 · Answer

Voici la liste des menaces detectées :

E:\WINDOWS\Temp	qrD.tmp	Win32/TrojanDownloader.FakeAlert.ZC cheval de troie	
E:\WINDOWS\Temp\46.tmp	Win32/Spy.Zbot.JF cheval de troie	
E:\WINDOWS\Temp\438952640exe. 1104	Win32/Agent.PTL cheval de troie	
E:\WINDOWS\Temp\1145518032.exe	une variante probable de Win32/Agent cheval de troie	
E:\WINDOWS\system32\drivers\ati4bexx.sys	Win32/Wigon.IX cheval de troie	
E:\WINDOWS\system32\drivers\ad028471.sys	Win32/Rustock.NGJ cheval de troie	
E:\WINDOWS\system32\drivers\ids9158.sys	Win32/Rootkit.Agent.ITJ cheval de troie	
E:\WINDOWS\system32\drivers\ovfsthowmbardnkjahlybiqppyumltiqxhxvro.sys	Win32/Agent.PHE cheval de troie	
E:\WINDOWS\system32\meiuxlgx.dll	Win32/Adware.Virtumonde application	
E:\WINDOWS\system32\yuoknxah.ini	Win32/Adware.Virtumonde.NEO application	
E:\WINDOWS\system32\ykepqb.dll	Win32/Adware.SuperJuan application	
E:\WINDOWS\system32\ftp_non_crp.exe	Win32/PSW.Delf.NOV cheval de troie	
E:\WINDOWS\system32\umjpuvdi1.tmp	Win32/AutoRun.Agent.LT ver	
E:\WINDOWS\system32\ovfsthpexmlxlyxjoglrqlrcdeywvfhdiypfrt.dll	Win32/Olmarik.IX cheval de troie	
E:\uckwvbf.exe	Win32/Kryptik.DS.Gen cheval de troie	
E:\oruocu.exe	Win32/Small.NEK cheval de troie	

Si ca peut aider ..  Merci

Benj_64 · Answer

Voici mon rapport Mbam :

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2797
Windows 5.1.2600 Service Pack 3, v.5755 (Safe Mode)

15/09/2009 21:30:21
mbam-log-2009-09-15 (21-30-21).txt

Type de recherche: Examen complet (E:\|)
Eléments examinés: 190174
Temps écoulé: 54 minute(s), 26 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 136

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
E:\Documents and Settings\Sydney\lsass.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp	mp12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\4JA76PAN\CAP4QHLZ (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\JFPBVL0W\CA0T65JC (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\W56N41AB\CA3U0FBL (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\W56N41AB\CA557FU8 (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\W56N41AB\CATOOB1H (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\WLYV8P2J\CAIRERIH (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\YZI78FMH\CAE3Y7UD (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Program Files\Microsoft Common\svchost.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP45\A0055807.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP45\A0055824.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP45\A0055840.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP48\A0056900.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP48\A0056914.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP48\A0056923.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0056932.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0056940.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0056947.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0057948.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0057955.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0057968.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0057975.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0058968.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP50\A0058976.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP50\A0058995.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP50\A0059018.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP50\A0059026.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP51\A0059170.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP52\A0060171.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP52\A0060176.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP52\A0060179.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP52\A0060193.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP52\A0061202.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP53\A0061245.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP53\A0061250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP53\A0062239.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP54\A0062284.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP54\A0062303.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP56\A0062345.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP56\A0062356.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP58\A0063394.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP58\A0063413.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP59\A0063434.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP59\A0063447.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP59\A0063465.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP63\A0071507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP63\A0071508.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP63\A0071509.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP64\A0071522.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP64\A0071529.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP64\A0071534.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\dst2rv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\aplbgxaj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ccykegrg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\coqovo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\dacwwuhx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\dhfweoeg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ezwwba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\fpkgpqbj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\fuahjkot.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\gcwzyd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\gerboa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\gqnsmg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ivjaqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\jfdwqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\jtntow.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\kislwahv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\kisrhd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\kpshte.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\lihqwofh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\MSINET.oca (Malware.Trace) -> Quarantined and deleted successfully.
E:\WINDOWS\system32
encecbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32
gygkc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32
otbaduh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32
qwhlr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\paekhc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\prpjdhix.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\psyaos.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32ghvbbvc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32ksivv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32qlkblnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32yqemxso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\sqybhyai.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32	ilmmt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32	yspmqpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\utldev.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\whgaaoof.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\xcphtk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\xgjhlesm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ycwctptt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\zoqsjm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\aNI02\aNI022328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\aNI15\aNI151080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\1B1.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\38.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\3C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\44.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\45.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\49.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN11.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN13.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN18.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN1A.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN1C.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN1E.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN20.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN2D.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN2F.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN3.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN31.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN33.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN35.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN37.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN41.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN44.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN47.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN5.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN7.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN9.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BNA.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BND.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BNF.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\dhb15.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\eziD.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\gsk23.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp
qw18.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\phs1E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Tempaj9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Tempyu43.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\TMP4B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp	oq2A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\vjl3C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\wlx49.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\xxi1C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\zscF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

Benj_64 · Answer

Personne ne peut m'aider?? Nod32 trouve toujours les memes "virus" "trojans" ...

kduc · Answer

Salut,

Relance un scan Malwarebytes (ne poste pas le rapport).

Relance un scan Nod32 et poste le rapport.

XaTon · Answer

Personne ne peut m'aider??

Désoler mais avec un Windows cracké , on peut pas faire grand chose

...

Dysney · Answer

Bon les gars merci pour tout , j'ai résolu le probleme en lançant Malwarebytes suivi de Dr Web le tout en mode sans echec et enfin un petit coup d'Eset apres redemarrage , finition avec spybot et ad aware , puis re un coup d'Eset pour verifier une derniere fois .

I l n'y a plus aucune trace de quoique ce soit de louche sur ce disque dur ..  ;)

kduc · Answer

Salut,

OK. Tant mieux pour toi ...

WMA/TrojanDownloader

18 réponses

Discussions similaires