Sujet Précédent Sujet Suivant

Trojan32:Win32\Vundo.Gen!M

Eurico -  
 Eurico -
Bonjour, J'aimerais de l'aide s'il vous plait.

Windows defender détecte un Trojan: Trojan32\Win32\Vundo.Gen!M mais il n'arrive pas à le supprimer.
J'ai essayer SuperAntySpyware en mode securité, j'ai desactiver la restauration de sistème, j'ai nettoyer l'historique de Windows Defender et j'ai ensuite nettoyer mon pc avec ccleaner mais le résultat est toujours le meme ça ne fonctionne pas.

Que dois je faire. Y a t'il un programme gratuit qui pourrait supprimer ce trojan automatiquement?

10 réponses

Réponse 1 / 10
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Salut,

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
0
Eurico
 
Salut Destrio5. Merçi pour ton aide je vais suivre tes conseils et ensuite je t'envoie le log.

A tout à l'heure.
0
Réponse 2 / 10
Eurico
 
Salut Destrio5, voici le log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:32, on 06/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\CA\eTrustITM\InoRpc.exe
C:\Programas\CA\eTrustITM\InoRT.exe
C:\Programas\CA\eTrustITM\InoTask.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programas\Analog Devices\SoundMAX\SMTray.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programas\Ahead\InCD\InCD.exe
C:\Programas\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
C:\Programas\Java\jre1.5.0_11\bin\jusched.exe
C:\Programas\Windows Defender\MSASCui.exe
C:\Programas\CA\eTrustITM\realmon.exe
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pt/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - (no file)
O2 - BHO: (no name) - {6C08F644-B392-4D47-B935-EC2D058C1121} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {A042784F-43CA-41AF-8249-D7E80857567E} - C:\WINDOWS\system32\fccAqRLb.dll
O2 - BHO: (no name) - {B506B2B7-5B14-483C-8EAA-258E631636C3} - (no file)
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\geBqOiji.dll
O2 - BHO: (no name) - {FC00BE61-D8BD-4AA7-A97A-B5CE2106E6DE} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Programas\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Client Access Service] "C:\Programas\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Programas\CA\eTrustITM\realmon.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tester] C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RODI.local
O17 - HKLM\Software\..\Telephony: DomainName = RODI.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{20274596-C04F-4FC5-AC83-45DDB2F1C822}: NameServer = 213.228.128.5,194.65.3.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{29C8B830-25A4-42E6-A346-217FDC48F20E}: NameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC3C596-2ED0-4F23-9FF1-BD42AEAE3C89}: NameServer = 10.0.0.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RODI.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{20274596-C04F-4FC5-AC83-45DDB2F1C822}: NameServer = 213.228.128.5,194.65.3.21
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RODI.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{20274596-C04F-4FC5-AC83-45DDB2F1C822}: NameServer = 213.228.128.5,194.65.3.21
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxyvvss - cbxyvvss.dll (file missing)
O20 - Winlogon Notify: efcArrsP - efcArrsP.dll (file missing)
O20 - Winlogon Notify: fcccbXOi - fcccbXOi.dll (file missing)
O20 - Winlogon Notify: fccdefed - fccdefed.dll (file missing)
O20 - Winlogon Notify: geBqOiji - C:\WINDOWS\SYSTEM32\geBqOiji.dll
O20 - Winlogon Notify: hgGyXnNh - hgGyXnNh.dll (file missing)
O20 - Winlogon Notify: qoMdCRHB - qoMdCRHB.dll (file missing)
O20 - Winlogon Notify: rqRHxywX - rqRHxywX.dll (file missing)
O20 - Winlogon Notify: vtUlJayX - vtUlJayX.dll (file missing)
O20 - Winlogon Notify: vtUlKAQg - vtUlKAQg.dll (file missing)
O20 - Winlogon Notify: yaYRIBqR - yaYRIBqR.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comando Remoto do iSeries Access para Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programas\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Programas\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Programas\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Programas\CA\eTrustITM\InoTask.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programas\RealVNC\VNC4\WinVNC4.exe
0
Réponse 3 / 10
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Ah oui, effectivement, Vundo est là.

- Télécharge ComboFix.exe (de sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- Enregistre ce fichier sur le bureau

- Redémarre en mode sans échec :
http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm

- Double-clique sur ComboFix.exe, tape 1, valide par Entrée pour lancer le scan

- Lorsque le scan sera complété, un rapport apparaîtra. Copie/Colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

* Combofix est détecté par certains antivirus comme une infection, il s'agit d'un "faux positif"

** N'en tiens pas compte, continue la procédure.
0
Réponse 4 / 10
Eurico
 
Je continu et j'envoi le log à tout à l'heure.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Eurico
 
Voila le log de ComboFix. J'ai un doute. Lorsque j'ai fais le log avec HijacThis j'étais loguer sur un utilisateur qui appartient à un domaine. J'ai coller Comboxfix sur le bureau et j'ai démarer sur en mode sans échec mais lorsque je suis rentrer en mode sans echec combofix n'y etait pas. Je suis donc rentrer comme administrateur du pc et j'ai collé combofix sur le bureau et apres j'ai demarer en mode sans echec et Comboxfix est apparu. J'espere que ça ne vas pas faussé les resultats.

Voiçi le log.

ComboFix 08-06-20.4 - Administrador 2008-06-26 15:28:16.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.371 [GMT 1:00]
Executando de: C:\Documents and Settings\Administrador\Ambiente de trabalho\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrador.RODI\Application Data\AntispywareBot
C:\Documents and Settings\Administrador.RODI\Application Data\AntispywareBot\Log\2008 Jun 25 - 03_46_33 PM_650.log
C:\Documents and Settings\Administrador.RODI\Application Data\AntispywareBot\rs.dat
C:\Documents and Settings\Administrador.RODI\Application Data\AntispywareBot\Settings\ScanResults.pie
C:\Programas\Ficheiros comuns\WinSoftware
C:\WINDOWS\system32\bLRqAccf.ini
C:\WINDOWS\system32\bLRqAccf.ini2
C:\WINDOWS\system32\ddcYqQjG.dll
C:\WINDOWS\system32\fccAqRLb.dll
C:\WINDOWS\system32\geBqOiji.dll
C:\WINDOWS\system32\HjPAKkkj.ini
C:\WINDOWS\system32\HjPAKkkj.ini2
C:\WINDOWS\system32\nmpsttwa.ini
C:\WINDOWS\system32\nmpsttwa.ini2
C:\WINDOWS\system32\wFfiPXbc.ini
C:\WINDOWS\system32\wFfiPXbc.ini2
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job

.
((((((((((((((((((((((( Ficheiros criados de 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))))
.

2008-06-26 14:50 . 2008-06-26 14:50 <DIR> d-------- C:\Programas\Trend Micro
2008-06-26 12:08 . 2008-06-26 12:08 <DIR> d-------- C:\Programas\CCleaner
2008-06-26 10:23 . 2001-11-20 16:04 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-26 10:23 . 2001-08-17 21:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-26 09:40 . 2008-06-26 09:40 <DIR> d-------- C:\Programas\Ficheiros comuns\Wise Installation Wizard
2008-06-25 16:25 . 2008-06-26 09:39 <DIR> d-------- C:\Programas\SPYWAREfighter
2008-06-25 15:54 . 2008-06-25 16:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 14:26 . 2008-06-25 15:03 <DIR> d-------- C:\VundoFix Backups
2008-06-25 14:22 . 2008-06-26 09:40 <DIR> d-------- C:\Documents and Settings\Administrador.RODI\Application Data\SUPERAntiSpyware.com
2008-06-25 13:20 . 2008-06-25 13:20 <DIR> d-------- C:\Documents and Settings\Administrador\Application Data\SUPERAntiSpyware.com
2008-06-25 12:53 . 2008-06-25 15:53 345 --ahs---- C:\WINDOWS\system32\MTDMUvut.ini
2008-06-25 11:50 . 2008-06-25 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-25 11:49 . 2008-06-26 10:37 <DIR> d-------- C:\Programas\SUPERAntiSpyware
2008-06-25 11:49 . 2008-06-25 11:49 <DIR> d-------- C:\Documents and Settings\mhenriques.RODI\Application Data\SUPERAntiSpyware.com
2008-06-25 11:32 . 2008-06-25 11:38 <DIR> d-------- C:\Documents and Settings\mhenriques.RODI\Application Data\AdobeUM
2008-06-24 12:27 . 2008-06-24 12:27 84,480 --a------ C:\MSNd.exe
2008-06-11 16:33 . 2008-06-11 16:33 <DIR> d-------- C:\WINDOWS\system32\Debug
2008-06-11 08:03 . 2008-06-14 18:59 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:03 . 2008-06-14 18:59 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 10:38 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2004-03-11 12:27 40,960 ----a-w C:\Programas\Uninstall_CDS.exe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"ATIPTA"="C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10 339968]
"RemoteControl"="C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"InCD"="C:\Programas\Ahead\InCD\InCD.exe" [2004-09-07 14:25 1400944]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HPWNTOOLBOX"="C:\Programas\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-01 17:47 327680]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"Client Access Service"="C:\Programas\IBM\Client Access\cwbsvstr.exe" [2005-10-19 05:40 20531]
"Realtime Monitor"="C:\Programas\CA\eTrustITM\realmon.exe" [2005-12-10 01:57 274432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
Adobe Reader Speed Launch.lnk - C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programas\SUPERAntiSpyware\SASSEH.DLL [2008-06-26 10:37 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programas\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyvvss]
cbxyvvss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcArrsP]
efcArrsP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccbXOi]
fcccbXOi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdefed]
fccdefed.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyXnNh]
hgGyXnNh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMdCRHB]
qoMdCRHB.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRHxywX]
rqRHxywX.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlJayX]
vtUlJayX.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlKAQg]
vtUlKAQg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaYRIBqR]
yaYRIBqR.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programas\\Hewlett-Packard\\hp business inkjet 1200 series\\Toolbox\\HPWNTBX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;C:\WINDOWS\system32\DRIVERS\m4301A.sys [2004-09-29 12:07]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2005-03-31 15:44]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
.
Conte£do da pasta 'Tarefas Agendadas'
"2008-06-26 14:40:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programas\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 15:38:10
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programas\Windows Defender\MsMpEng.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-06-26 15:41:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 14:41:32

Pre-Run: 67,015,688,192 bytes livres
Post-Run: 70,459,453,440 bytes livres

145 --- E O F --- 2008-06-26 07:04:00
0
Réponse 6 / 10
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Télécharge le fichier CFScript et enregistre-le sur ton bureau :
http://www.zshare.net/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît (Type 1 to continue, or 2 to abort), tape 1 puis valide.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Eurico
 
Je fais ça em mode sans echec?
0
Réponse 7 / 10
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
En mode normal si tu veux.
0
Eurico
 
Voila le log.

ComboFix 08-06-20.4 - Administrador 2008-06-26 16:54:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.216 [GMT 1:00]
Executando de: C:\Documents and Settings\Administrador\Ambiente de trabalho\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrador\Ambiente de trabalho\cfscript.txt
* Criado um novo ponto de restauro

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((( Ficheiros criados de 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))))
.

2008-06-26 15:41 . 2008-06-26 15:41 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Definiþ§es locais
2008-06-26 15:41 . 2008-06-26 15:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Definiþ§es locais
2008-06-26 15:41 . 2008-06-26 15:41 <DIR> d-------- C:\Documents and Settings\mhenriques\Definiþ§es locais
2008-06-26 15:41 . 2008-06-26 15:41 <DIR> d-------- C:\Documents and Settings\mhenriques.RODI\Definiþ§es locais
2008-06-26 15:41 . 2008-06-26 15:41 <DIR> d-------- C:\Documents and Settings\cmiranda\Definiþ§es locais
2008-06-26 15:41 . 2008-06-26 15:41 <DIR> d-------- C:\Documents and Settings\cmiranda.RODI\Definiþ§es locais
2008-06-26 15:41 . 2008-06-26 15:41 <DIR> d-------- C:\Documents and Settings\administrator\Definiþ§es locais
2008-06-26 15:41 . 2008-06-26 15:41 <DIR> d-------- C:\Documents and Settings\Administrador\Definiþ§es locais
2008-06-26 15:41 . 2008-06-26 15:41 <DIR> d-------- C:\Documents and Settings\Administrador.RODI\Definiþ§es locais
2008-06-26 14:50 . 2008-06-26 14:50 <DIR> d-------- C:\Programas\Trend Micro
2008-06-26 12:08 . 2008-06-26 12:08 <DIR> d-------- C:\Programas\CCleaner
2008-06-26 10:23 . 2001-11-20 16:04 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-26 10:23 . 2001-08-17 21:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-26 09:40 . 2008-06-26 09:40 <DIR> d-------- C:\Programas\Ficheiros comuns\Wise Installation Wizard
2008-06-25 16:25 . 2008-06-26 09:39 <DIR> d-------- C:\Programas\SPYWAREfighter
2008-06-25 15:54 . 2008-06-25 16:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 14:26 . 2008-06-25 15:03 <DIR> d-------- C:\VundoFix Backups
2008-06-25 14:22 . 2008-06-26 09:40 <DIR> d-------- C:\Documents and Settings\Administrador.RODI\Application Data\SUPERAntiSpyware.com
2008-06-25 13:20 . 2008-06-25 13:20 <DIR> d-------- C:\Documents and Settings\Administrador\Application Data\SUPERAntiSpyware.com
2008-06-25 12:53 . 2008-06-25 15:53 345 --ahs---- C:\WINDOWS\system32\MTDMUvut.ini
2008-06-25 11:50 . 2008-06-25 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-25 11:49 . 2008-06-26 10:37 <DIR> d-------- C:\Programas\SUPERAntiSpyware
2008-06-25 11:49 . 2008-06-25 11:49 <DIR> d-------- C:\Documents and Settings\mhenriques.RODI\Application Data\SUPERAntiSpyware.com
2008-06-25 11:32 . 2008-06-25 11:38 <DIR> d-------- C:\Documents and Settings\mhenriques.RODI\Application Data\AdobeUM
2008-06-24 12:27 . 2008-06-24 12:27 84,480 --a------ C:\MSNd.exe
2008-06-11 16:33 . 2008-06-11 16:33 <DIR> d-------- C:\WINDOWS\system32\Debug
2008-06-11 08:03 . 2008-06-14 18:59 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:03 . 2008-06-14 18:59 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 10:38 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2004-03-11 12:27 40,960 ----a-w C:\Programas\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-26_15.41.18.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 14:37:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 14:44:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"ATIPTA"="C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10 339968]
"RemoteControl"="C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"InCD"="C:\Programas\Ahead\InCD\InCD.exe" [2004-09-07 14:25 1400944]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HPWNTOOLBOX"="C:\Programas\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-01 17:47 327680]
"Client Access Service"="C:\Programas\IBM\Client Access\cwbsvstr.exe" [2005-10-19 05:40 20531]
"Realtime Monitor"="C:\Programas\CA\eTrustITM\realmon.exe" [2005-12-10 01:57 274432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
Adobe Reader Speed Launch.lnk - C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programas\SUPERAntiSpyware\SASSEH.DLL [2008-06-26 10:37 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programas\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programas\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programas\\Hewlett-Packard\\hp business inkjet 1200 series\\Toolbox\\HPWNTBX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;C:\WINDOWS\system32\DRIVERS\m4301A.sys [2004-09-29 12:07]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2005-03-31 15:44]

*Newly Created Service* - CATCHME
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-06-26 14:47:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programas\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 16:56:51
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Tempo para conclusão: 2008-06-26 16:58:03
ComboFix-quarantined-files.txt 2008-06-26 15:57:54
ComboFix2.txt 2008-06-26 14:41:36

Pre-Run: 69,880,881,152 bytes livres
Post-Run: 69,870,981,120 bytes livres

110 --- E O F --- 2008-06-26 07:04:00
0
Réponse 8 / 10
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Poste un nouveau rapport HijackThis.
0
Eurico
 
Voila le log de hjackThis.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:34, on 26-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\CA\eTrustITM\InoRpc.exe
C:\Programas\CA\eTrustITM\InoRT.exe
C:\Programas\CA\eTrustITM\InoTask.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programas\Analog Devices\SoundMAX\SMTray.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programas\Ahead\InCD\InCD.exe
C:\Programas\Java\jre1.5.0_11\bin\jusched.exe
C:\Programas\CA\eTrustITM\realmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Programas\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [Client Access Service] "C:\Programas\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Programas\CA\eTrustITM\realmon.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RODI.local
O17 - HKLM\Software\..\Telephony: DomainName = RODI.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{20274596-C04F-4FC5-AC83-45DDB2F1C822}: NameServer = 213.228.128.5,194.65.3.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{29C8B830-25A4-42E6-A346-217FDC48F20E}: NameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC3C596-2ED0-4F23-9FF1-BD42AEAE3C89}: NameServer = 10.0.0.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RODI.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{20274596-C04F-4FC5-AC83-45DDB2F1C822}: NameServer = 213.228.128.5,194.65.3.21
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RODI.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{20274596-C04F-4FC5-AC83-45DDB2F1C822}: NameServer = 213.228.128.5,194.65.3.21
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comando Remoto do iSeries Access para Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programas\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Programas\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Programas\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Programas\CA\eTrustITM\InoTask.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programas\RealVNC\VNC4\WinVNC4.exe
0
Réponse 9 / 10
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Désinstalle Java et installe la dernière version :
https://www.java.com/fr/download/manual.jsp
0
Eurico
 
Apparament ça va etre difficile. Il va faloir que je fasse ça demain car maintenant je ne peux pas.
Merçi beaucoup pour ton aide.
0
Réponse 10 / 10
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Ok ça marche car c'est pas fini ;)
0
Eurico
 
Bonjour, J'ai réussi à supprimer le trojan avec Windows Defender en suprimant tous ce qu'il avait en quarantaine et en nettoyant l'historique.

Merçi beaucoup pour ton aide Destrio5.
0

Discussions similaires

hoax ou véritable virus ?
nath -
nath -

5 réponses
COMMENT ENLEVER WIN32 HOAX.RENOS
MIKE0011 -
jlpjlp -

13 réponses
Virus trouvés
daniel22 -
daniel22 -

19 réponses
hoax.win32.reno...
jedetestelesvirus -
l'internaute -

2 réponses