Virus Virtumonde
Cunniggan
Messages postés
40
Statut
Membre
-
verni29 Messages postés 6805 Statut Contributeur sécurité -
verni29 Messages postés 6805 Statut Contributeur sécurité -
Bonjour,
Mon ordinateur est rongé par un ignoble vers, que Doctor Antispyware a détecte comme étant le virus "Virtumonde". Quand je vais sur internet, une fenêtre s'ouvre et me dit ceci: "Attention! Votre ordinateur est infecté, vous pouvez souffrir de pertes de données etc..."
Si je ferme la fenêtre, une autre s'ouvre immédiatement sur une fausse analyse de mon disque dur, en me certifiant que mon ordinateur est gravement infecté. Si je ne fais rien, de nombreuses autres fenêtres du même types que la première s'ouvrent, et j'ai parfois a gérer des dizaines de fenêtres a la seconde.
De plus, j'ai parfois des messages d'erreur qui m'inquiètent un peu, comme "error rundlll.exe", ou des choses comme ca. Comment faire pour m'en débarasser?
Merci d'avance, amis experts!
Mon ordinateur est rongé par un ignoble vers, que Doctor Antispyware a détecte comme étant le virus "Virtumonde". Quand je vais sur internet, une fenêtre s'ouvre et me dit ceci: "Attention! Votre ordinateur est infecté, vous pouvez souffrir de pertes de données etc..."
Si je ferme la fenêtre, une autre s'ouvre immédiatement sur une fausse analyse de mon disque dur, en me certifiant que mon ordinateur est gravement infecté. Si je ne fais rien, de nombreuses autres fenêtres du même types que la première s'ouvrent, et j'ai parfois a gérer des dizaines de fenêtres a la seconde.
De plus, j'ai parfois des messages d'erreur qui m'inquiètent un peu, comme "error rundlll.exe", ou des choses comme ca. Comment faire pour m'en débarasser?
Merci d'avance, amis experts!
A voir également:
- Virus Virtumonde
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
8 réponses
Bonjour,
Commence par ceci ( 2 rapports à poster )
Télécharges Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Double-clique sur " RSIT.exe " pour le lancer .
dans la fenêtre qui va s’ouvrir choisis 2 months pour l'option "List files/folders created ..." ,
cliques ensuite sur " Continue " pour lancer l'analyse ...
Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.
Attends jusqu’à la fin de l’analyse.
deux rapports vont être generés.
Poste le contenu de " log.txt ", ainsi que de " info.txt " ( dans la barre des tâches), pour analyse et attends la suite ...
Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.
A+
Commence par ceci ( 2 rapports à poster )
Télécharges Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Double-clique sur " RSIT.exe " pour le lancer .
dans la fenêtre qui va s’ouvrir choisis 2 months pour l'option "List files/folders created ..." ,
cliques ensuite sur " Continue " pour lancer l'analyse ...
Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.
Attends jusqu’à la fin de l’analyse.
deux rapports vont être generés.
Poste le contenu de " log.txt ", ainsi que de " info.txt " ( dans la barre des tâches), pour analyse et attends la suite ...
Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.
A+
Merci pour ta réponse si rapide!
Voila les rapports. D'abord le rapport Log
Logfile of random's system information tool 1.05 (written by random/random)
Run by cunnigganh at 2009-01-16 12:18:12
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 807 MB (0%) free of 238 GB
Total RAM: 767 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:19, on 16/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cunnigganh\Bureau\RSIT.exe
C:\Program Files\trend micro\cunnigganh.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {ba4678cb-a537-845b-cb64-b636dc41d7d8} - {8d7d14cd-636b-46bc-b548-735abc8764ab} - C:\WINDOWS\system32\zikzmt.dll
O2 - BHO: (no name) - {b03d80d0-d61d-4412-88a0-90743f5d570e} - C:\Documents and Settings\All Users\Application Data\dawusere\dawusere.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [pekohasoko] Rundll32.exe "C:\Documents and Settings\All Users\Application Data\godidusa\godidusa.dll",s
O4 - HKLM\..\Run: [90d5a2a7] rundll32.exe "C:\WINDOWS\system32\fabapufu.dll",b
O4 - HKLM\..\Run: [CPM93e6913b] Rundll32.exe "c:\windows\system32\hufowebi.dll",a
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4075533F-30F6-4641-BB38-093E5D55B094}: NameServer = 192.168.1.1
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: cru629.dat C:\Documents and Settings\All Users\Application Data\boliraka\boliraka.dll c:\windows\system32\hufowebi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hufowebi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hufowebi.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Voila les rapports. D'abord le rapport Log
Logfile of random's system information tool 1.05 (written by random/random)
Run by cunnigganh at 2009-01-16 12:18:12
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 807 MB (0%) free of 238 GB
Total RAM: 767 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:19, on 16/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cunnigganh\Bureau\RSIT.exe
C:\Program Files\trend micro\cunnigganh.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {ba4678cb-a537-845b-cb64-b636dc41d7d8} - {8d7d14cd-636b-46bc-b548-735abc8764ab} - C:\WINDOWS\system32\zikzmt.dll
O2 - BHO: (no name) - {b03d80d0-d61d-4412-88a0-90743f5d570e} - C:\Documents and Settings\All Users\Application Data\dawusere\dawusere.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [pekohasoko] Rundll32.exe "C:\Documents and Settings\All Users\Application Data\godidusa\godidusa.dll",s
O4 - HKLM\..\Run: [90d5a2a7] rundll32.exe "C:\WINDOWS\system32\fabapufu.dll",b
O4 - HKLM\..\Run: [CPM93e6913b] Rundll32.exe "c:\windows\system32\hufowebi.dll",a
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4075533F-30F6-4641-BB38-093E5D55B094}: NameServer = 192.168.1.1
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: cru629.dat C:\Documents and Settings\All Users\Application Data\boliraka\boliraka.dll c:\windows\system32\hufowebi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hufowebi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hufowebi.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’éxecuter .
Accepte. Après la, mise à jour, le logiciel va s’ouvrir.
Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.
A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.
Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.
Le scan dure en moyenne 50 mn.
A+
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’éxecuter .
Accepte. Après la, mise à jour, le logiciel va s’ouvrir.
Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.
A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.
Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.
Le scan dure en moyenne 50 mn.
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voila le rapport!
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1658
Windows 5.1.2600 Service Pack 2
16/01/2009 19:42:28
mbam-log-2009-01-16 (19-42-28).txt
Type de recherche: Examen complet (C:\|H:\|)
Eléments examinés: 218428
Temps écoulé: 2 hour(s), 5 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 73
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fabapufu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\hufowebi.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d7d14cd-636b-46bc-b548-735abc8764ab} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d7d14cd-636b-46bc-b548-735abc8764ab} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b03d80d0-d61d-4412-88a0-90743f5d570e} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b03d80d0-d61d-4412-88a0-90743f5d570e} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8d7d14cd-636b-46bc-b548-735abc8764ab} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\90d5a2a7 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm93e6913b (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pekohasoko (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\hufowebi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\hufowebi.dll -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\zikzmt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bidubiti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itibudib.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\difoyuro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oruyofid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fabapufu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ufupabaf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fanesohu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhosenaf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\holiwaga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agawiloh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kaleguli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilugelak.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kidamore.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eromadik.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lajijasu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\usajijal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\megidizu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uzidigem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nisamuza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azumasin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pujadoli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilodajup.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sivuvaje.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejavuvis.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuvamifi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifimavuy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zilivihi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ihiviliz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hufowebi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\dawusere\dawusere.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\bufezeza\bufezeza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\gulidowu\gulidowu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\tenugizu\tenugizu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vivamone_2\Local Settings\Temp\salftm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP961\A0398329.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP961\A0398331.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP961\A0398330.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP962\A0398544.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP962\A0398545.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP964\A0398850.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP966\A0402863.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP973\A0407042.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aldopx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bukeyovi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cptndt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gorumiba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kijudawi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kivigoru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luvoneme.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mebokewe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mxytyd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nageyefu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tepusiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vehuyafa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hatakuvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hesanebo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lijujuto.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\biyebafi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wurubawu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rosobogu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zevihami.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kupaviba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\veseyusi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vewalimu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\voladeti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\volamele.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\neweyoko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tahisepi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\godidusa\godidusa.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\gojobeju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1658
Windows 5.1.2600 Service Pack 2
16/01/2009 19:42:28
mbam-log-2009-01-16 (19-42-28).txt
Type de recherche: Examen complet (C:\|H:\|)
Eléments examinés: 218428
Temps écoulé: 2 hour(s), 5 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 73
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fabapufu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\hufowebi.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d7d14cd-636b-46bc-b548-735abc8764ab} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d7d14cd-636b-46bc-b548-735abc8764ab} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b03d80d0-d61d-4412-88a0-90743f5d570e} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b03d80d0-d61d-4412-88a0-90743f5d570e} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8d7d14cd-636b-46bc-b548-735abc8764ab} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\90d5a2a7 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm93e6913b (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pekohasoko (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\hufowebi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\hufowebi.dll -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\zikzmt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bidubiti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itibudib.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\difoyuro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oruyofid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fabapufu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ufupabaf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fanesohu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhosenaf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\holiwaga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agawiloh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kaleguli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilugelak.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kidamore.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eromadik.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lajijasu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\usajijal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\megidizu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uzidigem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nisamuza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azumasin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pujadoli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilodajup.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sivuvaje.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejavuvis.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuvamifi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifimavuy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zilivihi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ihiviliz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hufowebi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\dawusere\dawusere.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\bufezeza\bufezeza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\gulidowu\gulidowu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\tenugizu\tenugizu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vivamone_2\Local Settings\Temp\salftm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP961\A0398329.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP961\A0398331.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP961\A0398330.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP962\A0398544.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP962\A0398545.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP964\A0398850.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP966\A0402863.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BE093E71-23A4-4BFB-A5E7-8A4C5EECBD60}\RP973\A0407042.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aldopx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bukeyovi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cptndt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gorumiba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kijudawi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kivigoru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luvoneme.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mebokewe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mxytyd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nageyefu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tepusiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vehuyafa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hatakuvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hesanebo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lijujuto.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\biyebafi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wurubawu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rosobogu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zevihami.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kupaviba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\veseyusi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vewalimu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\voladeti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\volamele.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\neweyoko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tahisepi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\godidusa\godidusa.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\gojobeju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
Bien,
Malwarebytes a fait le ménage.
reste à voir si il reste du monde dans la maison.
Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Télécharges la console sur ton bureau ( Important ).
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=fr
déconnecte toi du net.
Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.
Glisse/Dépose ce fichier sur l'icone de ComBoFix.
Regarde le lien suivant si tu ne sais pas ce qu'est un Glisser/Déposer
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Ceci va lancer combofix et installer la console de récupération.
Accepte le contrat de licence.
Tu devrais avoir un message de confirmation de la bonne installation de la console.
Clique sur Oui pour continuer le scan.
Poste le rapport que tu auras obtenu.
A+
Malwarebytes a fait le ménage.
reste à voir si il reste du monde dans la maison.
Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Télécharges la console sur ton bureau ( Important ).
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=fr
déconnecte toi du net.
Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.
Glisse/Dépose ce fichier sur l'icone de ComBoFix.
Regarde le lien suivant si tu ne sais pas ce qu'est un Glisser/Déposer
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Ceci va lancer combofix et installer la console de récupération.
Accepte le contrat de licence.
Tu devrais avoir un message de confirmation de la bonne installation de la console.
Clique sur Oui pour continuer le scan.
Poste le rapport que tu auras obtenu.
A+
