10 réponses
Bonjour
teste avec "Spybot"
https://www.clubic.com/telecharger-fiche10965-spybot-search-and-destroy.html
teste avec "Spybot"
https://www.clubic.com/telecharger-fiche10965-spybot-search-and-destroy.html
alu!!
virtu:
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
kiss
virtu:
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
kiss
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Oui car dans ce cas le virus n'est pas actif.
sauf dans certain cas (virus qui se lance au démarrage..Mbr)
sauf dans certain cas (virus qui se lance au démarrage..Mbr)
[02/28/2008, 18:18:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[02/28/2008, 18:18:43] - Detected System Information:
[02/28/2008, 18:18:43] - Windows Version: 5.1.2600, Service Pack 2
[02/28/2008, 18:18:43] - Current Username: Administrateur (Admin)
[02/28/2008, 18:18:43] - Windows is in NORMAL mode.
[02/28/2008, 18:18:43] - Searching for Browser Helper Objects:
[02/28/2008, 18:18:43] - BHO 1: {09f2671a-c6e5-42bb-863c-b2a56d425503} ()
[02/28/2008, 18:18:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 18:18:43] - Checking for HKLM\...\Winlogon\Notify\ulmawujc
[02/28/2008, 18:18:43] - Key not found: HKLM\...\Winlogon\Notify\ulmawujc, continuing.
[02/28/2008, 18:18:43] - BHO 2: {5BBFDF71-E725-4713-8972-27AE99DE9760} ()
[02/28/2008, 18:18:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 18:18:43] - Checking for HKLM\...\Winlogon\Notify\pmnlk
[02/28/2008, 18:18:43] - Key not found: HKLM\...\Winlogon\Notify\pmnlk, continuing.
[02/28/2008, 18:18:43] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/28/2008, 18:18:43] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/28/2008, 18:18:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 18:18:43] - No filename found. Continuing.
[02/28/2008, 18:18:43] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/28/2008, 18:18:43] - BHO 6: {96AA952C-C3E6-4FEF-BBBB-DCE69BAC940D} ()
[02/28/2008, 18:18:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 18:18:43] - Checking for HKLM\...\Winlogon\Notify\ssqpn
[02/28/2008, 18:18:43] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
[02/28/2008, 18:18:43] - BHO 7: {ED120D76-BF31-412C-A99B-783C6676E128} ()
[02/28/2008, 18:18:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 18:18:43] - Checking for HKLM\...\Winlogon\Notify\yayvsqo
[02/28/2008, 18:18:43] - Key not found: HKLM\...\Winlogon\Notify\yayvsqo, continuing.
[02/28/2008, 18:18:43] - Finished Searching Browser Helper Objects
[02/28/2008, 18:18:43] - Finishing up...
[02/28/2008, 18:18:43] - Nothing found! Exiting...
je n'ai plus d'avertissement de nod32 mais des popup oui
[02/28/2008, 18:18:43] - Detected System Information:
[02/28/2008, 18:18:43] - Windows Version: 5.1.2600, Service Pack 2
[02/28/2008, 18:18:43] - Current Username: Administrateur (Admin)
[02/28/2008, 18:18:43] - Windows is in NORMAL mode.
[02/28/2008, 18:18:43] - Searching for Browser Helper Objects:
[02/28/2008, 18:18:43] - BHO 1: {09f2671a-c6e5-42bb-863c-b2a56d425503} ()
[02/28/2008, 18:18:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 18:18:43] - Checking for HKLM\...\Winlogon\Notify\ulmawujc
[02/28/2008, 18:18:43] - Key not found: HKLM\...\Winlogon\Notify\ulmawujc, continuing.
[02/28/2008, 18:18:43] - BHO 2: {5BBFDF71-E725-4713-8972-27AE99DE9760} ()
[02/28/2008, 18:18:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 18:18:43] - Checking for HKLM\...\Winlogon\Notify\pmnlk
[02/28/2008, 18:18:43] - Key not found: HKLM\...\Winlogon\Notify\pmnlk, continuing.
[02/28/2008, 18:18:43] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/28/2008, 18:18:43] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/28/2008, 18:18:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 18:18:43] - No filename found. Continuing.
[02/28/2008, 18:18:43] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/28/2008, 18:18:43] - BHO 6: {96AA952C-C3E6-4FEF-BBBB-DCE69BAC940D} ()
[02/28/2008, 18:18:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 18:18:43] - Checking for HKLM\...\Winlogon\Notify\ssqpn
[02/28/2008, 18:18:43] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
[02/28/2008, 18:18:43] - BHO 7: {ED120D76-BF31-412C-A99B-783C6676E128} ()
[02/28/2008, 18:18:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 18:18:43] - Checking for HKLM\...\Winlogon\Notify\yayvsqo
[02/28/2008, 18:18:43] - Key not found: HKLM\...\Winlogon\Notify\yayvsqo, continuing.
[02/28/2008, 18:18:43] - Finished Searching Browser Helper Objects
[02/28/2008, 18:18:43] - Finishing up...
[02/28/2008, 18:18:43] - Nothing found! Exiting...
je n'ai plus d'avertissement de nod32 mais des popup oui
Logfile of HijackThis v1.99.1
Scan saved at 18:25:33, on 2008-02-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Install\Cochonneries\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [74146943] rundll32.exe "C:\WINDOWS\system32\wkdliwpx.dll",b
O4 - HKLM\..\Run: [BM77275adf] Rundll32.exe "C:\WINDOWS\system32\yctrmeij.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Scan saved at 18:25:33, on 2008-02-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Install\Cochonneries\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [74146943] rundll32.exe "C:\WINDOWS\system32\wkdliwpx.dll",b
O4 - HKLM\..\Run: [BM77275adf] Rundll32.exe "C:\WINDOWS\system32\yctrmeij.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
pour le virus virtumonde ca va cependant maintenant j'ai des popup de site pornographie qui saffiche!!!
