Sujet Précédent Sujet Suivant

Infecté par Virtumonde et Virtumonde.dll

Résolu/Fermé
laure888 - 10 juin 2008 à 23:52
 Profil bloqué - 9 juil. 2008 à 22:53
Bonjour,

J'étais infectée par les virus virtumonde et virtumond.dll, j'ai téléchargé et utilisé Hijackthis je vous evoie mon rapport pour savoir si mon ordinateur est sain.

Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:50, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2576BE31-56D4-4096-A189-78007A89E698} - C:\WINDOWS\system32\hgGyvtSJ.dll (file missing)
O2 - BHO: (no name) - {34924C23-018A-47D7-AC6C-D18B2A926811} - C:\WINDOWS\system32\geBroNfg.dll (file missing)
O2 - BHO: (no name) - {4647C2C7-9F3D-4220-87D9-43E617F67478} - C:\WINDOWS\system32\iiffEwxu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FCDCD4FF-3898-4793-A4D7-30F43B100DB9} - (no file)
O2 - BHO: (no name) - {FF70F367-0034-401A-A2F9-05CB00CB2257} - C:\WINDOWS\system32\tuvTkhiJ.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O3 - Toolbar: atfxqogp - {23649E36-60C6-4433-880A-9DF59FC27342} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S88.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Didier\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKLM\..\Run: [282220f0] rundll32.exe "C:\WINDOWS\system32\qnyviufo.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1005] command /c del "C:\WINDOWS\system32\geBroNfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9768] cmd /c del "C:\WINDOWS\system32\geBroNfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5495] command /c del "C:\WINDOWS\system32\tuvTkhiJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6299] cmd /c del "C:\WINDOWS\system32\tuvTkhiJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8080] command /c del "C:\WINDOWS\system32\hgGyvtSJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2770] cmd /c del "C:\WINDOWS\system32\hgGyvtSJ.dll_old"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - https://www.king.com/
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1211033458_89c1db5989089f28c61f4a8d5c436788&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: iiffEwxu - C:\WINDOWS\SYSTEM32\iiffEwxu.dll
O21 - SSODL: vregfwlx - {ABABFD46-64EF-4FC5-80ED-F290F617A9E1} - C:\WINDOWS\vregfwlx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

5 réponses

Réponse 1 / 5
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
10 juin 2008 à 23:55
Salut !!

Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

déconnecte internet et désactive ton antivirus le temps de la manipulation



=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
0
Réponse 2 / 5
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
10 juin 2008 à 23:57
ensuite :

Télécharger sur le Bureau vundofix : http://www.atribune.org/ccount/click.php?id=4


- Double-clic VundoFix.exe.
-Clic Scan for Vundo
- le scan peut être assez long (1à2h) comme très rapide , à la fin
-Clic Fix Vundo
- Puis yes
- Le Bureau disparaît un moment lors de la suppression des fichiers.
-Message shutdown
-clic oui
-Redémarrage auto
Note : il peut y avoir plusieurs redémarrages
-copier le rapport qui est dans C:\vundofix.txt

et refait un hijack
0
laure888
11 juin 2008 à 09:13
Bonjour,

Merci beaucoup, j'ai réussi à désactiver le virus
0
Réponse 3 / 5
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 juin 2008 à 11:30
Salut !!

Refais un rapport hijackthis pour vérifier stp
0
Réponse 4 / 5
Profil bloqué
9 juil. 2008 à 22:52
J'ai lancé Virtumondobegone voici le log :


[07/09/2008, 22:44:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Egg\Bureau\VirtumundoBeGone.exe" )
[07/09/2008, 22:44:26] - Detected System Information:
[07/09/2008, 22:44:27] - Windows Version: 5.1.2600, Service Pack 2
[07/09/2008, 22:44:27] - Current Username: Egg (Admin)
[07/09/2008, 22:44:27] - Windows is in NORMAL mode.
[07/09/2008, 22:44:28] - Searching for Browser Helper Objects:
[07/09/2008, 22:44:28] - BHO 1: {0ED49734-0923-4BB8-8121-9A920BB0772A} ()
[07/09/2008, 22:44:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:28] - No filename found. Continuing.
[07/09/2008, 22:44:29] - BHO 2: {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} ()
[07/09/2008, 22:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:29] - Checking for HKLM\...\Winlogon\Notify\yayaaBUN
[07/09/2008, 22:44:29] - Found: HKLM\...\Winlogon\Notify\yayaaBUN - This is probably Virtumundo.
[07/09/2008, 22:44:30] - Assigning {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} MSEvents Object
[07/09/2008, 22:44:30] - BHO list has been changed! Starting over...
[07/09/2008, 22:44:30] - BHO 1: {0ED49734-0923-4BB8-8121-9A920BB0772A} ()
[07/09/2008, 22:44:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:31] - No filename found. Continuing.
[07/09/2008, 22:44:31] - BHO 2: {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} (MSEvents Object)
[07/09/2008, 22:44:31] - ALERT: Found MSEvents Object!
[07/09/2008, 22:44:31] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/09/2008, 22:44:31] - BHO 4: {693E6478-BEC4-4256-9278-38E1230063E1} ()
[07/09/2008, 22:44:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:32] - No filename found. Continuing.
[07/09/2008, 22:44:32] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/09/2008, 22:44:32] - BHO 6: {7A98F607-2B09-46F6-9889-DA6F3ADDFB1E} ()
[07/09/2008, 22:44:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:33] - No filename found. Continuing.
[07/09/2008, 22:44:33] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/09/2008, 22:44:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:34] - No filename found. Continuing.
[07/09/2008, 22:44:34] - BHO 8: {E1C9F102-EBE0-4678-9684-F25518B6128B} ()
[07/09/2008, 22:44:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:34] - Checking for HKLM\...\Winlogon\Notify\pmnKCuSj
[07/09/2008, 22:44:34] - Key not found: HKLM\...\Winlogon\Notify\pmnKCuSj, continuing.
[07/09/2008, 22:44:35] - Finished Searching Browser Helper Objects
[07/09/2008, 22:44:35] - *** Detected MSEvents Object
[07/09/2008, 22:44:35] - Trying to remove MSEvents Object...
[07/09/2008, 22:44:36] - Terminating Process: IEXPLORE.EXE
[07/09/2008, 22:44:37] - Terminating Process: RUNDLL32.EXE
[07/09/2008, 22:44:38] - Disabling Automatic Shell Restart
[07/09/2008, 22:44:38] - Terminating Process: EXPLORER.EXE
[07/09/2008, 22:44:39] - Suspending the NT Session Manager System Service
[07/09/2008, 22:44:40] - Terminating Windows NT Logon/Logoff Manager
[07/09/2008, 22:44:40] - Re-enabling Automatic Shell Restart
[07/09/2008, 22:44:41] - File to disable: C:\WINDOWS\system32\yayaaBUN.dll
[07/09/2008, 22:44:41] - Removing HKLM\...\Browser Helper Objects\{33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}
[07/09/2008, 22:44:41] - Removing HKCR\CLSID\{33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}
[07/09/2008, 22:44:41] - Adding Kill Bit for ActiveX for GUID: {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}
[07/09/2008, 22:44:42] - Deleting ATLEvents/MSEvents Registry entries
[07/09/2008, 22:44:42] - Removing HKLM\...\Winlogon\Notify\yayaaBUN
[07/09/2008, 22:44:42] - Searching for Browser Helper Objects:
[07/09/2008, 22:44:42] - BHO 1: {0ED49734-0923-4BB8-8121-9A920BB0772A} ()
[07/09/2008, 22:44:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:43] - No filename found. Continuing.
[07/09/2008, 22:44:43] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/09/2008, 22:44:43] - BHO 3: {693E6478-BEC4-4256-9278-38E1230063E1} ()
[07/09/2008, 22:44:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:44] - No filename found. Continuing.
[07/09/2008, 22:44:44] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/09/2008, 22:44:44] - BHO 5: {7A98F607-2B09-46F6-9889-DA6F3ADDFB1E} ()
[07/09/2008, 22:44:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:45] - No filename found. Continuing.
[07/09/2008, 22:44:45] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/09/2008, 22:44:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:45] - No filename found. Continuing.
[07/09/2008, 22:44:46] - BHO 7: {E1C9F102-EBE0-4678-9684-F25518B6128B} ()
[07/09/2008, 22:44:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:46] - Checking for HKLM\...\Winlogon\Notify\pmnKCuSj
[07/09/2008, 22:44:46] - Key not found: HKLM\...\Winlogon\Notify\pmnKCuSj, continuing.
[07/09/2008, 22:44:46] - Finished Searching Browser Helper Objects
[07/09/2008, 22:44:47] - Finishing up...
[07/09/2008, 22:44:47] - A restart is needed.
[07/09/2008, 22:44:47] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/09/2008, 22:45:01] - Attempting to Restart via STOP error (Blue Screen!)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Profil bloqué
9 juil. 2008 à 22:53
oups mauvais topic désolé!
0

Discussions similaires

Virtumonde.Dll
speedyyamas12 -
jlpjlp -

22 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
Virtumonde.dll détècté avec spybot ??
Banban la tulipe -
dom -

18 réponses
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses