Trojan:Win32/Vundo.gen!R

cricaster Messages postés 6 Statut Membre -  
 proff61 -
Bonjour a tous,

je suis nouveau sur le forum et j'ai attrapé un trojan.
comment faire pour m'en debarasser s'il vous plait ?
j'utilise avg free en antivirus
merci d'avance pour vos reponses
Configuration: Windows Vista
Internet Explorer 7.0

12 réponses

  1. Utilisateur anonyme
     
    Salut,

    Télécharge HijackThis ici :

    -> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    -> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    -> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    -> Clique sur Install ensuite sur I Accept

    -> Clique sur Do a scan system and save log file

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
    0
  2. cricaster Messages postés 6 Statut Membre
     
    merci beaucoup
    voici le copié collé

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:00:30, on 15/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    C:\Windows\System32\ico.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Windows\Dit.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Windows\DitExp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\TF1Vision\TF1vision.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Sony\SonicStage\SSAAD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sony.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnonkJb.dll,#1
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Host Process] C:\Users\CFB\svchost.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\CFB\AppData\Local\Temp\rqrPJDvt.dll,c
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\CFB\AppData\Local\Temp\ljJATKcy.dll,#1
    O4 - HKCU\..\Run: [54a58e5f] rundll32.exe "C:\Users\CFB\AppData\Local\Temp\tqtmqdrx.dll",b
    O4 - HKCU\..\Run: [BM5796bdc3] Rundll32.exe "C:\Users\CFB\AppData\Local\Temp\pivoguna.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.line6.net
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: sockspy.dll,C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Avlib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Avlib\PACSPTISVR.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Avlib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    0
  3. Utilisateur anonyme
     
    Telecharge malwarebytes

    -> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
  4. cricaster Messages postés 6 Statut Membre
     
    encore merci...
    voici le deuxième rapport

    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1054
    Windows 6.0.6001 Service Pack 1

    18:52:22 15/08/2008
    mbam-log-8-15-2008 (18-52-22).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
    Eléments examinés: 186677
    Temps écoulé: 2 hour(s), 16 minute(s), 25 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 7
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 30

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Users\CFB\AppData\Local\Temp\rqrPJDvt.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Users\CFB\AppData\Local\Temp\tqtmqdrx.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{57df73c0-833c-48b7-9146-1e18930d57ff} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\54a58e5f (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{57df73c0-833c-48b7-9146-1e18930d57ff} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm5796bdc3 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Windows\System32\kBin02 (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Users\CFB\AppData\Local\Temp\rqrPJDvt.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Users\CFB\AppData\Local\Temp\tqtmqdrx.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Users\CFB\AppData\Local\Temp\ljJATKcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\opnonkJb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\pyavnxtn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\gknmvdxo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\hgGxWpqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\wgbnsyfd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\whcpfhmx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\wvUmjJab.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\xxyaayAQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\yayvUMET.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\iifedbca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\khfEXnKB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\cbXQhIBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\couclneq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\ctgkfktg.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\ehohssqe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\tmp0000f00d (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\tmp00011eed (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\tmp00015c73 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\tmp00019620 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\tmp0001aaa2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\tmp0001d973 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\tmp00023a8e (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\byXOfDTJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\kBin02\kBin022328.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\CFB\AppData\Local\Temp\pivoguna.dll (Trojan.Agent) -> Delete on reboot.
    C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\System32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    réouvre malewarebyte
    va sur quarantaine
    supprime tout

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  7. cricaster Messages postés 6 Statut Membre
     
    j'ai supprimé tous les elements dans malwarebytes

    je n'arrive pas a telecherger combofix
    il se charge puis apres plus rien....
    0
  8. Utilisateur anonyme
     
    supprime combofix

    ensuite :

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau

    -> Double clique sur killbagle.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    0
  9. cricaster Messages postés 6 Statut Membre
     
    toujours la meme chose meme apres la modification...
    faut il que je désactive avg avant de le telecharger ?
    0
  10. cricaster Messages postés 6 Statut Membre
     
    toujours rien...je sais plus quoi faire...
    0
  11. Utilisateur anonyme
     
    Essai en mode sans echec

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    -> Tuto :https://www.malekal.com/demarrer-windows-mode-sans-echec/
    0
  12. proff61
     
    j'ai été également en galère avec ce cheval de troie
    solution scanner le pc avec windows defender (vista)
    0