Infection cheval de troie
paulo40
Messages postés
7
Statut
Membre
-
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour,
Avast vient d'afficher une message indiquant la présence d'un cheval de troie "win32-BHO-KD" impossible de le supprimer ou de le mettre en quarantaine.
J'ai fait un controle avec bitfender en ligne. Celui ci le nomme SPY.BZUD.NGP;
Quelqu'un peut il m'aider à supprimer de cheval de troie.
Vous remerciant tous
Avast vient d'afficher une message indiquant la présence d'un cheval de troie "win32-BHO-KD" impossible de le supprimer ou de le mettre en quarantaine.
J'ai fait un controle avec bitfender en ligne. Celui ci le nomme SPY.BZUD.NGP;
Quelqu'un peut il m'aider à supprimer de cheval de troie.
Vous remerciant tous
A voir également:
- Infection cheval de troie
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Qu'est ce que le cheval au poker - Forum Virus
- Comment se débarrasser d'un cheval de troie ✓ - Forum Virus
- Retrouver son cheval skyrim - Forum Jeux PC
24 réponses
[b]SDFix: Version 1.145 [/b]
Run by jeremy on 23/02/2008 at 11:38
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Name:
sxyajdkl
Path:
system32\drivers\rgdjjexl.dat
sxyajdkl - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Service sxyajdkl - Deleted after Reboot
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\version69ie7fix.dll - Deleted
C:\WINDOWS\system32\drivers\rgdjjexl.dat - Deleted
C:\WINDOWS\SYSTEM32\ATHPRX.DLL - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\tem88.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\tem8C.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\tem90.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\tem92.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\upd5.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\upd96.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\upd99.tmp.exe - Deleted
C:\WINDOWS\system32\service.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 11:51:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x778e"
"DeviceDesc"="\xb973\x778e"
"ProviderName"="\x27fc\21\xee18\x7c91\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x62c"
"ReinstallString"=".10.1000.6"
"DeviceInstanceIds"=str(7):"c:\fsc.tmp\1005877_ati_8_25_0_0\sbdrv\smbus\smbusati.inf"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 30 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 29 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT6.tmp"
Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\jeremy\Bureau\Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage)\MSDE2000\SQLRESLD.DLL"
Sun 3 Feb 2008 7,318 A..H. --- "C:\Documents and Settings\jeremy\Application Data\Microsoft\Office\Shortcut Bar\Off6A.tmp"
[b]Finished![/b]
Run by jeremy on 23/02/2008 at 11:38
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Name:
sxyajdkl
Path:
system32\drivers\rgdjjexl.dat
sxyajdkl - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Service sxyajdkl - Deleted after Reboot
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\version69ie7fix.dll - Deleted
C:\WINDOWS\system32\drivers\rgdjjexl.dat - Deleted
C:\WINDOWS\SYSTEM32\ATHPRX.DLL - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\tem88.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\tem8C.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\tem90.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\tem92.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\upd5.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\upd96.tmp.exe - Deleted
C:\Documents and Settings\jeremy\Local Settings\Temp\upd99.tmp.exe - Deleted
C:\WINDOWS\system32\service.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 11:51:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x778e"
"DeviceDesc"="\xb973\x778e"
"ProviderName"="\x27fc\21\xee18\x7c91\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x62c"
"ReinstallString"=".10.1000.6"
"DeviceInstanceIds"=str(7):"c:\fsc.tmp\1005877_ati_8_25_0_0\sbdrv\smbus\smbusati.inf"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 30 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 29 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT6.tmp"
Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\jeremy\Bureau\Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage)\MSDE2000\SQLRESLD.DLL"
Sun 3 Feb 2008 7,318 A..H. --- "C:\Documents and Settings\jeremy\Application Data\Microsoft\Office\Shortcut Bar\Off6A.tmp"
[b]Finished![/b]
pour chimax:créé ton propre message afin qu'on puisse t'aider STP MERCI !
procede comme suit:http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
procede comme suit:http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
bonjour voila j'ai un tres gros problème avec mon ordinateur.J'ai ouvert accidentellement un fichier sur MSN ce qui m'a declenche une série de virus, de chevaux de troie plu précisément.Je m'y cnnais un peu en inofrmatique et j'ai essayé plusieurs logiciels comme Msnfix qui a échoué tout comme la suppression de la mise en quarantaine d'Avast...Les chavaux de Troie détectés par Avast sont : ogykcx.exe
vw[1].exe( deux fois)
Avez vous une solution?(je suis désolée c la premiere fois que je oste ici et je ne savais pas cmt creer de nouvelle discussion....)
Merci bcp, je compte sur vous!!!^^
vw[1].exe( deux fois)
Avez vous une solution?(je suis désolée c la premiere fois que je oste ici et je ne savais pas cmt creer de nouvelle discussion....)
Merci bcp, je compte sur vous!!!^^
