Infecté par Virtumonde et Virtumonde.dll [Résolu]

laure888 - Dernière réponse le 9 juil. 2008 à 22:53

Bonjour,
J'étais infectée par les virus virtumonde et virtumond.dll, j'ai téléchargé et utilisé Hijackthis je vous evoie mon rapport pour savoir si mon ordinateur est sain.
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:50, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2576BE31-56D4-4096-A189-78007A89E698} - C:\WINDOWS\system32\hgGyvtSJ.dll (file missing)
O2 - BHO: (no name) - {34924C23-018A-47D7-AC6C-D18B2A926811} - C:\WINDOWS\system32\geBroNfg.dll (file missing)
O2 - BHO: (no name) - {4647C2C7-9F3D-4220-87D9-43E617F67478} - C:\WINDOWS\system32\iiffEwxu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FCDCD4FF-3898-4793-A4D7-30F43B100DB9} - (no file)
O2 - BHO: (no name) - {FF70F367-0034-401A-A2F9-05CB00CB2257} - C:\WINDOWS\system32\tuvTkhiJ.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O3 - Toolbar: atfxqogp - {23649E36-60C6-4433-880A-9DF59FC27342} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S88.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Didier\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKLM\..\Run: [282220f0] rundll32.exe "C:\WINDOWS\system32\qnyviufo.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1005] command /c del "C:\WINDOWS\system32\geBroNfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9768] cmd /c del "C:\WINDOWS\system32\geBroNfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5495] command /c del "C:\WINDOWS\system32\tuvTkhiJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6299] cmd /c del "C:\WINDOWS\system32\tuvTkhiJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8080] command /c del "C:\WINDOWS\system32\hgGyvtSJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2770] cmd /c del "C:\WINDOWS\system32\hgGyvtSJ.dll_old"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://zylom.king.com/ctl/kingcomie.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: iiffEwxu - C:\WINDOWS\SYSTEM32\iiffEwxu.dll
O21 - SSODL: vregfwlx - {ABABFD46-64EF-4FC5-80ED-F290F617A9E1} - C:\WINDOWS\vregfwlx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Infecté par Virtumonde et Virtumonde.dll »

Suggestions

Infecté par Virtumonde et Virtumonde.dll
Infection virtumonde.dll » Forum
Infection par virtumonde.dll » Forum
Infecté par virtumonde dll. » Forum
Pc infecté par Virtumonde dll .HELP !!! » Forum
Infecté pa Virtumonde et Virtumonde.dll » Forum

Plus

Réponse

geoffrey5 13786Messages postés 20 mai 2007Date d'inscription 21 mai 2010Dernière intervention 10 juin 2008 à 23:55

Salut !!

Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

déconnecte internet et désactive ton antivirus le temps de la manipulation

=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau

Ajouter un commentaire - Site web

Réponse

geoffrey5 13786Messages postés 20 mai 2007Date d'inscription 21 mai 2010Dernière intervention 10 juin 2008 à 23:57

ensuite :

Télécharger sur le Bureau vundofix : http://www.atribune.org/ccount/click.php?id=4

- Double-clic VundoFix.exe.
-Clic Scan for Vundo
- le scan peut être assez long (1à2h) comme très rapide , à la fin
-Clic Fix Vundo
- Puis yes
- Le Bureau disparaît un moment lors de la suppression des fichiers.
-Message shutdown
-clic oui
-Redémarrage auto
Note : il peut y avoir plusieurs redémarrages
-copier le rapport qui est dans C:\vundofix.txt

et refait un hijack

Ajouter un commentaire - Site web

laure888 - 11 juin 2008 à 09:13

Bonjour,

Merci beaucoup, j'ai réussi à désactiver le virus

Réponse

geoffrey5 13786Messages postés 20 mai 2007Date d'inscription 21 mai 2010Dernière intervention 11 juin 2008 à 11:30

Salut !!

Refais un rapport hijackthis pour vérifier stp

Ajouter un commentaire - Site web

Réponse

Alanbeuze@hotmail.com 16Messages postés 9 juillet 2008Date d'inscription 9 juil. 2008 à 22:52

J'ai lancé Virtumondobegone voici le log :

[07/09/2008, 22:44:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Egg\Bureau\VirtumundoBeGone.exe" )
[07/09/2008, 22:44:26] - Detected System Information:
[07/09/2008, 22:44:27] - Windows Version: 5.1.2600, Service Pack 2
[07/09/2008, 22:44:27] - Current Username: Egg (Admin)
[07/09/2008, 22:44:27] - Windows is in NORMAL mode.
[07/09/2008, 22:44:28] - Searching for Browser Helper Objects:
[07/09/2008, 22:44:28] - BHO 1: {0ED49734-0923-4BB8-8121-9A920BB0772A} ()
[07/09/2008, 22:44:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:28] - No filename found. Continuing.
[07/09/2008, 22:44:29] - BHO 2: {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} ()
[07/09/2008, 22:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:29] - Checking for HKLM\...\Winlogon\Notify\yayaaBUN
[07/09/2008, 22:44:29] - Found: HKLM\...\Winlogon\Notify\yayaaBUN - This is probably Virtumundo.
[07/09/2008, 22:44:30] - Assigning {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} MSEvents Object
[07/09/2008, 22:44:30] - BHO list has been changed! Starting over...
[07/09/2008, 22:44:30] - BHO 1: {0ED49734-0923-4BB8-8121-9A920BB0772A} ()
[07/09/2008, 22:44:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:31] - No filename found. Continuing.
[07/09/2008, 22:44:31] - BHO 2: {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} (MSEvents Object)
[07/09/2008, 22:44:31] - ALERT: Found MSEvents Object!
[07/09/2008, 22:44:31] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/09/2008, 22:44:31] - BHO 4: {693E6478-BEC4-4256-9278-38E1230063E1} ()
[07/09/2008, 22:44:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:32] - No filename found. Continuing.
[07/09/2008, 22:44:32] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/09/2008, 22:44:32] - BHO 6: {7A98F607-2B09-46F6-9889-DA6F3ADDFB1E} ()
[07/09/2008, 22:44:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:33] - No filename found. Continuing.
[07/09/2008, 22:44:33] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/09/2008, 22:44:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:34] - No filename found. Continuing.
[07/09/2008, 22:44:34] - BHO 8: {E1C9F102-EBE0-4678-9684-F25518B6128B} ()
[07/09/2008, 22:44:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:34] - Checking for HKLM\...\Winlogon\Notify\pmnKCuSj
[07/09/2008, 22:44:34] - Key not found: HKLM\...\Winlogon\Notify\pmnKCuSj, continuing.
[07/09/2008, 22:44:35] - Finished Searching Browser Helper Objects
[07/09/2008, 22:44:35] - *** Detected MSEvents Object
[07/09/2008, 22:44:35] - Trying to remove MSEvents Object...
[07/09/2008, 22:44:36] - Terminating Process: IEXPLORE.EXE
[07/09/2008, 22:44:37] - Terminating Process: RUNDLL32.EXE
[07/09/2008, 22:44:38] - Disabling Automatic Shell Restart
[07/09/2008, 22:44:38] - Terminating Process: EXPLORER.EXE
[07/09/2008, 22:44:39] - Suspending the NT Session Manager System Service
[07/09/2008, 22:44:40] - Terminating Windows NT Logon/Logoff Manager
[07/09/2008, 22:44:40] - Re-enabling Automatic Shell Restart
[07/09/2008, 22:44:41] - File to disable: C:\WINDOWS\system32\yayaaBUN.dll
[07/09/2008, 22:44:41] - Removing HKLM\...\Browser Helper Objects\{33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}
[07/09/2008, 22:44:41] - Removing HKCR\CLSID\{33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}
[07/09/2008, 22:44:41] - Adding Kill Bit for ActiveX for GUID: {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}
[07/09/2008, 22:44:42] - Deleting ATLEvents/MSEvents Registry entries
[07/09/2008, 22:44:42] - Removing HKLM\...\Winlogon\Notify\yayaaBUN
[07/09/2008, 22:44:42] - Searching for Browser Helper Objects:
[07/09/2008, 22:44:42] - BHO 1: {0ED49734-0923-4BB8-8121-9A920BB0772A} ()
[07/09/2008, 22:44:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:43] - No filename found. Continuing.
[07/09/2008, 22:44:43] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/09/2008, 22:44:43] - BHO 3: {693E6478-BEC4-4256-9278-38E1230063E1} ()
[07/09/2008, 22:44:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:44] - No filename found. Continuing.
[07/09/2008, 22:44:44] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/09/2008, 22:44:44] - BHO 5: {7A98F607-2B09-46F6-9889-DA6F3ADDFB1E} ()
[07/09/2008, 22:44:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:45] - No filename found. Continuing.
[07/09/2008, 22:44:45] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/09/2008, 22:44:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:45] - No filename found. Continuing.
[07/09/2008, 22:44:46] - BHO 7: {E1C9F102-EBE0-4678-9684-F25518B6128B} ()
[07/09/2008, 22:44:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:46] - Checking for HKLM\...\Winlogon\Notify\pmnKCuSj
[07/09/2008, 22:44:46] - Key not found: HKLM\...\Winlogon\Notify\pmnKCuSj, continuing.
[07/09/2008, 22:44:46] - Finished Searching Browser Helper Objects
[07/09/2008, 22:44:47] - Finishing up...
[07/09/2008, 22:44:47] - A restart is needed.
[07/09/2008, 22:44:47] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/09/2008, 22:45:01] - Attempting to Restart via STOP error (Blue Screen!)

Ajouter un commentaire

Réponse

Alanbeuze@hotmail.com 16Messages postés 9 juillet 2008Date d'inscription 9 juil. 2008 à 22:53

oups mauvais topic désolé!

Ajouter un commentaire

Répondre au sujet

Posez votre question

Dossier à la une

Passage au tout numérique : quel coût pour les particuliers ?

Passage au tout numérique : quel coût pour les particuliers ?

Combien cela coûte-t-il au total ? Quelles aides apportent l'état et les acteurs du marché pour alléger cette charge non choisie ? Tous les détails sur Commentçamarche.net.

Infecté par Virtumonde et Virtumonde.dll [Résolu]

Infecté par Virtumonde et Virtumonde.dll »

Passage au tout numérique : quel coût pour les particuliers ?