Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

WMA/TrojanDownloader

Dernière réponse le 20 sep 2009 à 16:19:43 Disney, le 14 sep 2009 à 20:57:09

Signaler ce message aux modérateurs

Bonjour,

je viens de récuperer un disque dur completement infecté , Nod 32 antivirus 4 detecte une quantité inombrable de virus du type :

E:\Documents and Settings\Administrateur\Searched\Blonde Light-skinned Ebony Babe gets a White Dick.avi WMA/TrojanDownloader.GetCodec.B cheval de troie

suivi de milier de noms dans le meme genre !

Pouvez vous m'aider , puis vous poster mon rapport HijackThis?

Configuration: Windows XP
Firefox 3.5.1

Meilleures réponses pour « WMA/TrojanDownloader » dans :

In fecté par un virus qui s'attaque aux MP3 Voir

Virus trojan downloader.wma wimad.l (Résolu) Voir

Fichier WMA Voir Format WMA Un fichier WMA est un fichier audio au format propriétaire Windows Media Audio créé par Microsoft. Ce type de format est prévu pour pouvoir être lu en streaming. Comment lire un fichier WMA ? Pour lire une fichier au format WMA, il...

[Audio] Conversion d'un fichier au format WMA en MP3 VoirPour convertir un fichier audio au format WMA en MP3, il suffit d'utiliser un logiciel de conversion tel que l'un des suivants : Free Mp3 Wma Converter dBpower-AMP Music Converter (DMC) MediaCoder GX::Transcoder Par ailleurs, il est à...

Convertir un fichier MP3 en WMA VoirPour convertir un fichier au format MP3 vers le format WMA, il est possible d'utiliser un des logiciels suivants : AMV Convert Tool Free Mp3 Wma Converter MediaCoder Switch Sound Format Converter Super GX::Transcoder

Convertir wav en mp3 ou wma (Résolu) Voir

Convertir un fichier flv en wma ou mp3 (Résolu) Voir

Conversion fichiers wma en wav (Résolu) Voir

Télécharger Free Mp3 Wma Converter Voir

Télécharger Efficient WMA MP3 Converter Voir

Télécharger Nero WMA Plug-in VoirNero est réputé dans le monde du gravage CD, DVD, mais à la base il ne supporte pas le format WMA ou Windows Media Audio. Nero WMA plugin est le support du format WMA sur Nero. Ce format a les mêmes caractéristiques que le format MP3 puisqu'ils...

Posez votre question Répondre

XaTon, le 14 sep 2009 à 20:58:06

Salut ,

Oui , poste un log Hijack

←« XaŦoи »→ ™

Répondre à XaTon

Disney, le 14 sep 2009 à 21:09:58

Une fois le rapport qui s'affiche dans le note pad , dois je cliquer sur scan ou fix checked ??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:23, on 14/09/2009
Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Taskix\Taskix32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Garmin\gStart.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DeskSpace\deskspace.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [wASO] C:\Program Files\Windows Trust\wASO.exe /Q
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
End of file - 8659 bytes

Répondre à Disney

kduc, le 14 sep 2009 à 22:28:57

Salut à vous deux,

Disney,

Continue sur ce forum et laisse tomber 01.net.

D' avance, merci.

http://forum.telecharger.01net.com/...

Répondre à kduc

Benj_64, le 14 sep 2009 à 22:47:23

Ca marche v attendre une reponse sur votre forum ,
entre temps g tester malwarebytes anti malware , et tout comme Nod il galere sur des trucs du genre :

Blonde Light-skinned Ebony Babe gets a White Dick.avi , il e detecte des milliers comme ca !

C'est virtumonde?

Répondre à Benj_64

kduc, le 14 sep 2009 à 22:50:14

...

Merci de ta compréhension.

---
Non, ce n' est pas Virtumonde !

---
En attendant le retour de ton sauveur, relance Malwarebytes pour un scan.

Poste le rapport.

PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
puis sur Supprimer la sélection.

Répondre à kduc

XaTon, le 15 sep 2009 à 15:24:18

Re !

Oui poste don un rapport Mbam pour commencer
←« XaŦoи »→ ™

Répondre à XaTon

Disney, le 15 sep 2009 à 17:12:21

J'ai un petit souci , le scan ne se termine jamais , il detecte des milliers de .avi genre noms de films de X , ces films n'existe meme pas sur le disque dur , des trojans dans tous les sens ... que faire ?? Nod32 et Dr Web font de meme ...

Merci

Répondre à Disney

XaTon, le 15 sep 2009 à 17:18:36

Simple question , ton Windows est officiel ?
←« XaŦoи »→ ™

Répondre à XaTon

kduc, le 15 sep 2009 à 17:57:46

Salut à vous deux,

Modifié, je pense aussi ...

"O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') "

Répondre à kduc

XaTon, le 15 sep 2009 à 17:59:46

Salut kduc .

Louche ces 4 lignes

A suivre

...
←« XaŦoи »→ ™

Répondre à XaTon

Benj_64, le 15 sep 2009 à 20:16:47

Tout à fait c'est W Trust 3 , bon je teste Mbam en mode sans echec ... d'autres idées ??

Répondre à Benj_64

Benj_64, le 15 sep 2009 à 20:28:58

Voici la liste des menaces detectées :

E:\WINDOWS\Temp\tqrD.tmp Win32/TrojanDownloader.FakeAlert.ZC cheval de troie
E:\WINDOWS\Temp\46.tmp Win32/Spy.Zbot.JF cheval de troie
E:\WINDOWS\Temp\438952640exe. 1104 Win32/Agent.PTL cheval de troie
E:\WINDOWS\Temp\1145518032.exe une variante probable de Win32/Agent cheval de troie
E:\WINDOWS\system32\drivers\ati4bexx.sys Win32/Wigon.IX cheval de troie
E:\WINDOWS\system32\drivers\ad028471.sys Win32/Rustock.NGJ cheval de troie
E:\WINDOWS\system32\drivers\ids9158.sys Win32/Rootkit.Agent.ITJ cheval de troie
E:\WINDOWS\system32\drivers\ovfsthowmbardnkjahlybiqppyumltiqxhxvro.sys Win32/Agent.PHE cheval de troie
E:\WINDOWS\system32\meiuxlgx.dll Win32/Adware.Virtumonde application
E:\WINDOWS\system32\yuoknxah.ini Win32/Adware.Virtumonde.NEO application
E:\WINDOWS\system32\ykepqb.dll Win32/Adware.SuperJuan application
E:\WINDOWS\system32\ftp_non_crp.exe Win32/PSW.Delf.NOV cheval de troie
E:\WINDOWS\system32\umjpuvdi1.tmp Win32/AutoRun.Agent.LT ver
E:\WINDOWS\system32\ovfsthpexmlxlyxjoglrqlrcdeywvfhdiypfrt.dll Win32/Olmarik.IX cheval de troie
E:\uckwvbf.exe Win32/Kryptik.DS.Gen cheval de troie
E:\oruocu.exe Win32/Small.NEK cheval de troie

Si ca peut aider .. Merci

Répondre à Benj_64

Benj_64, le 15 sep 2009 à 21:34:56

Voici mon rapport Mbam :

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2797
Windows 5.1.2600 Service Pack 3, v.5755 (Safe Mode)

15/09/2009 21:30:21
mbam-log-2009-09-15 (21-30-21).txt

Type de recherche: Examen complet (E:\|)
Eléments examinés: 190174
Temps écoulé: 54 minute(s), 26 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 136

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
E:\Documents and Settings\Sydney\lsass.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\tmp12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\4JA76PAN\CAP4QHLZ (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\JFPBVL0W\CA0T65JC (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\W56N41AB\CA3U0FBL (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\W56N41AB\CA557FU8 (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\W56N41AB\CATOOB1H (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\WLYV8P2J\CAIRERIH (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\Sydney\Local Settings\Temp\Temporary Internet Files\Content.IE5\YZI78FMH\CAE3Y7UD (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Program Files\Microsoft Common\svchost.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP45\A0055807.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP45\A0055824.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP45\A0055840.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP48\A0056900.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP48\A0056914.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP48\A0056923.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0056932.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0056940.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0056947.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0057948.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0057955.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0057968.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0057975.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP49\A0058968.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP50\A0058976.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP50\A0058995.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP50\A0059018.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP50\A0059026.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP51\A0059170.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP52\A0060171.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP52\A0060176.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP52\A0060179.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP52\A0060193.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP52\A0061202.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP53\A0061245.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP53\A0061250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP53\A0062239.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP54\A0062284.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP54\A0062303.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP56\A0062345.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP56\A0062356.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP58\A0063394.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP58\A0063413.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP59\A0063434.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP59\A0063447.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP59\A0063465.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP63\A0071507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP63\A0071508.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP63\A0071509.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP64\A0071522.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP64\A0071529.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6DF5A597-E527-4F35-AFE4-EA83D5025E21}\RP64\A0071534.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\dst2rv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\aplbgxaj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ccykegrg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\coqovo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\dacwwuhx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\dhfweoeg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ezwwba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\fpkgpqbj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\fuahjkot.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\gcwzyd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\gerboa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\gqnsmg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ivjaqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\jfdwqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\jtntow.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\kislwahv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\kisrhd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\kpshte.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\lihqwofh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\MSINET.oca (Malware.Trace) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\nencecbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ngygkc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\notbaduh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\nqwhlr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\paekhc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\prpjdhix.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\psyaos.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\rghvbbvc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\rksivv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\rqlkblnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ryqemxso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\sqybhyai.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\tilmmt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\tyspmqpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\utldev.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\whgaaoof.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\xcphtk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\xgjhlesm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ycwctptt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\zoqsjm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\aNI02\aNI022328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\aNI15\aNI151080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\1B1.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\38.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\3C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\44.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\45.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\49.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN11.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN13.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN18.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN1A.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN1C.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN1E.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN20.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN2D.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN2F.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN3.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN31.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN33.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN35.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN37.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN41.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN44.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN47.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN5.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN7.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN9.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BNA.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BND.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BNF.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\dhb15.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\eziD.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\gsk23.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\nqw18.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\phs1E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\raj9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\ryu43.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\TMP4B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\toq2A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\vjl3C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\wlx49.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\xxi1C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\zscF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

Répondre à Benj_64

Benj_64, le 16 sep 2009 à 16:17:40

Personne ne peut m'aider?? Nod32 trouve toujours les memes "virus" "trojans" ...

Répondre à Benj_64

kduc, le 16 sep 2009 à 18:04:28

Salut,

Relance un scan Malwarebytes (ne poste pas le rapport).

Relance un scan Nod32 et poste le rapport.

Répondre à kduc

XaTon, le 16 sep 2009 à 18:20:54

Personne ne peut m'aider??

Désoler mais avec un Windows cracké , on peut pas faire grand chose

... ←« XaŦoи »→ ™

Répondre à XaTon

Dysney, le 20 sep 2009 à 14:35:37

Bon les gars merci pour tout , j'ai résolu le probleme en lançant Malwarebytes suivi de Dr Web le tout en mode sans echec et enfin un petit coup d'Eset apres redemarrage , finition avec spybot et ad aware , puis re un coup d'Eset pour verifier une derniere fois .

I l n'y a plus aucune trace de quoique ce soit de louche sur ce disque dur .. ;)

Répondre à Dysney

kduc, le 20 sep 2009 à 16:19:43

Salut,

OK. Tant mieux pour toi ...

Répondre à kduc

Posez votre question Répondre