Trojan sdbot7821 et 7633
lealacata
-
Laurent2709 Messages postés 917 Statut Contributeur -
Laurent2709 Messages postés 917 Statut Contributeur -
Bonjour,
J'ai fais un scanne disc grace a clean virus et j'aurai le virus msn
trojan sdbot-7821 et trojan sdbot-7633 ! dans plusieurs fichiers
c:\windows\system32\dllcache\spoolms.exe x3
c:\windows\documents and setting/anthony/local
c:\windows\documents and setting/hp-proprietaire/local
pour le trojan 7821
et c:\windows\ccsuvhst.exe pour le trojan sdbot-7633
please aidez moi a les enlever car les antivirus ne peuvent les supprimer c la cata
merci de votre aide
lea
J'ai fais un scanne disc grace a clean virus et j'aurai le virus msn
trojan sdbot-7821 et trojan sdbot-7633 ! dans plusieurs fichiers
c:\windows\system32\dllcache\spoolms.exe x3
c:\windows\documents and setting/anthony/local
c:\windows\documents and setting/hp-proprietaire/local
pour le trojan 7821
et c:\windows\ccsuvhst.exe pour le trojan sdbot-7633
please aidez moi a les enlever car les antivirus ne peuvent les supprimer c la cata
merci de votre aide
lea
A voir également:
- Trojan sdbot7821 et 7633
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Virus trojan al11 ✓ - Forum Virus
2 réponses
Salut,
Télécharge MalwareByte's Anti-malware. Fais un scan complet. A la fin du scan, affiche les résultats et supprime tout, ensuite poste le log
Télécharge MalwareByte's Anti-malware. Fais un scan complet. A la fin du scan, affiche les résultats et supprime tout, ensuite poste le log
Oups! Sorry pour l'absence, j'ai une vie moi aussi lol.
Heu, donc les virus sont encore présents? Ca m'étonnerait honnêtement, mais tu as du redémarrer? Dans ce cas là, les virus seraient revenus grâce à la restauration système. Mais je ne connais pas ton nettoyeur de virus, et tu sûre que ton logiciel est officel est que ce ne soit pas un truc du genre "drivecleaner"?
Heu, donc les virus sont encore présents? Ca m'étonnerait honnêtement, mais tu as du redémarrer? Dans ce cas là, les virus seraient revenus grâce à la restauration système. Mais je ne connais pas ton nettoyeur de virus, et tu sûre que ton logiciel est officel est que ce ne soit pas un truc du genre "drivecleaner"?
ok j'essaie et te tiens au courant
merci
lea
voici le log
aMalwarebytes' Anti-Malware 1.10
Version de la base de données: 589
Type de recherche: Examen complet (C:\|D:\|H:\|I:\|J:\|K:\|)
Eléments examinés: 187510
Temps écoulé: 45 minute(s), 58 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 34
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
C:\WINDOWS\system32\dllcache\spoolms.exe (Worm.DsBot) -> Unloaded process successfully.
C:\WINDOWS\system32\dllcache\spoolms.exe (Worm.DsBot) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{4fc63700-2093-4ad2-8d37-3b3d86d9c940} (Trojan.Perfiler) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5bf0ce3e-61d2-4a7b-baa3-0c4667a9563d} (Trojan.Perfiler) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{095c0db4-fea6-440e-8dfc-00fc53ac827d} (Trojan.Perfiler) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ptpsa32.ptpsaweb (Trojan.Perfiler) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ptpsa32.ptpsaweb.1 (Trojan.Perfiler) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88c51e90-8e9c-4c96-8a45-574d88b63faf} (Trojan.Perfiler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{88c51e90-8e9c-4c96-8a45-574d88b63faf} (Trojan.Perfiler) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\20d44373d4925635cd6b8242090010d8c942c65e (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2c5eceb3d45147eb99fa51120e7c7adebe213de6 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\a6a50b0ebf885a7dd4fb6927f1388592138fffe6 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\d0201ec18700c017433b1c681c48acd51b332706 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{16f6a635-09f8-44e6-953e-81d037647255} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34dcdbdb-60ef-4281-92c6-68c299aab8e5} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b8f9dd56-4ffa-47b0-b9d7-42f45a752f4e} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\autosearch1.srchhook (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\autosearch1.srchhook.1 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\autosearch1.bhosrc (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\autosearch1.bhosrc.1 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho1.html (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho1.html.1 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PTPSA32.PTPSAWeb (Trojan.Perfiler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PTPSA32.PTPSAWeb.1 (Trojan.Perfiler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoSearch1.BHOsrc (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoSearch1.BHOsrc.1 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoSearch1.SrchHook (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoSearch1.SrchHook.1 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\spoolms (Trojan.Downloader) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\anthony\Local Settings\Temp\GLKE.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\spoolms.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\DSC01497.zip (Worm.DsBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijcdyzmnik_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijcdyzmnik_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
le scan dit avoir supprimer ors en refaisant scan clean virus les virus sont encore là
est ce vraiment ce qu'il faut faire ?
les scan virus ne peuvent supprimer ces virus ?
merci de ton aide
j'ai fais un msnfix
merci de me dire que faire apres....
MSNFix 1.698
C:\Documents and Settings\HP_Propri‚taire\Bureau\MSNFix\MSNFix
Fix exécuté le 04/04/2008 - 17:54:55.51 By HP_Propri‚taire
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system32\microsoft\backup.tftp
************************ Recherche les dossiers présents
... \TEMP\
************************ Suppression des fichiers
/!\ ... C:\WINDOWS\system32\microsoft\backup.tftp
************************ Suppression des dossiers
/!\ ... \TEMP\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 04042008_175828.73.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------