infecté par Virtumonde et Virtumonde.dll Résolu/Fermé

Question

Bonjour,

J'étais infectée par les virus virtumonde et virtumond.dll, j'ai téléchargé et utilisé Hijackthis je vous evoie mon rapport pour savoir si mon ordinateur est sain. 

Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:50, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2576BE31-56D4-4096-A189-78007A89E698} - C:\WINDOWS\system32\hgGyvtSJ.dll (file missing)
O2 - BHO: (no name) - {34924C23-018A-47D7-AC6C-D18B2A926811} - C:\WINDOWS\system32\geBroNfg.dll (file missing)
O2 - BHO: (no name) - {4647C2C7-9F3D-4220-87D9-43E617F67478} - C:\WINDOWS\system32\iiffEwxu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FCDCD4FF-3898-4793-A4D7-30F43B100DB9} - (no file)
O2 - BHO: (no name) - {FF70F367-0034-401A-A2F9-05CB00CB2257} - C:\WINDOWS\system32	uvTkhiJ.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O3 - Toolbar: atfxqogp - {23649E36-60C6-4433-880A-9DF59FC27342} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S88.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Didier\LOCALS~1\Tempbnpsrv.exe/r
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKLM\..\Run: [282220f0] rundll32.exe "C:\WINDOWS\system32\qnyviufo.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1005] command /c del "C:\WINDOWS\system32\geBroNfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9768] cmd /c del "C:\WINDOWS\system32\geBroNfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5495] command /c del "C:\WINDOWS\system32	uvTkhiJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6299] cmd /c del "C:\WINDOWS\system32	uvTkhiJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8080] command /c del "C:\WINDOWS\system32\hgGyvtSJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2770] cmd /c del "C:\WINDOWS\system32\hgGyvtSJ.dll_old"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - https://www.king.com/
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1211033458_89c1db5989089f28c61f4a8d5c436788&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: iiffEwxu - C:\WINDOWS\SYSTEM32\iiffEwxu.dll
O21 - SSODL: vregfwlx - {ABABFD46-64EF-4FC5-80ED-F290F617A9E1} - C:\WINDOWS\vregfwlx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

geoffrey5 · Answer

Salut !!

Télécharge sur le bureau virtumundobegone : 
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 

déconnecte internet et désactive ton antivirus le temps de la manipulation



=> Double clic sur VirtumundoBeGone.exe 
=> Clic Continue ==> clic Start 
=> Clic Oui 
=> A la fin si Vundo est présent , le PC s’éteint et redémarre 
- Si Ecran bleu et message : Erreur fatale .. pas de problème 
=> Poster le rapport VBG.TXT qui est sur le bureau

geoffrey5 · Answer

ensuite : 

Télécharger sur le Bureau  vundofix : http://www.atribune.org/ccount/click.php?id=4
 

- Double-clic VundoFix.exe. 
-Clic Scan for Vundo 
- le scan peut être assez long (1à2h) comme très rapide , à la fin 
-Clic Fix Vundo 
- Puis yes 
- Le Bureau disparaît un moment lors de la suppression des fichiers. 
-Message shutdown 
-clic oui 
-Redémarrage auto 
Note : il peut y avoir plusieurs redémarrages 
-copier le rapport qui est dans C:\vundofix.txt 

et refait un hijack

geoffrey5 · Answer

Salut !!

Refais un rapport hijackthis pour vérifier stp

Alanbeuze@hotmail.com · Answer

J'ai lancé Virtumondobegone voici le log : 


[07/09/2008, 22:44:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Egg\Bureau\VirtumundoBeGone.exe" )
[07/09/2008, 22:44:26] - Detected System Information:
[07/09/2008, 22:44:27] -  Windows Version: 5.1.2600, Service Pack 2
[07/09/2008, 22:44:27] -  Current Username: Egg (Admin)
[07/09/2008, 22:44:27] -  Windows is in NORMAL mode.
[07/09/2008, 22:44:28] - Searching for Browser Helper Objects:
[07/09/2008, 22:44:28] -  BHO 1: {0ED49734-0923-4BB8-8121-9A920BB0772A} ()
[07/09/2008, 22:44:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:28] -  No filename found. Continuing.
[07/09/2008, 22:44:29] -  BHO 2: {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} ()
[07/09/2008, 22:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:29] -  Checking for HKLM\...\Winlogon\Notify\yayaaBUN
[07/09/2008, 22:44:29] -  Found: HKLM\...\Winlogon\Notify\yayaaBUN - This is probably Virtumundo.
[07/09/2008, 22:44:30] -  Assigning {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} MSEvents Object
[07/09/2008, 22:44:30] - BHO list has been changed! Starting over...
[07/09/2008, 22:44:30] -  BHO 1: {0ED49734-0923-4BB8-8121-9A920BB0772A} ()
[07/09/2008, 22:44:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:31] -  No filename found. Continuing.
[07/09/2008, 22:44:31] -  BHO 2: {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} (MSEvents Object)
[07/09/2008, 22:44:31] - ALERT: Found MSEvents Object!
[07/09/2008, 22:44:31] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/09/2008, 22:44:31] -  BHO 4: {693E6478-BEC4-4256-9278-38E1230063E1} ()
[07/09/2008, 22:44:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:32] -  No filename found. Continuing.
[07/09/2008, 22:44:32] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/09/2008, 22:44:32] -  BHO 6: {7A98F607-2B09-46F6-9889-DA6F3ADDFB1E} ()
[07/09/2008, 22:44:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:33] -  No filename found. Continuing.
[07/09/2008, 22:44:33] -  BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/09/2008, 22:44:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:34] -  No filename found. Continuing.
[07/09/2008, 22:44:34] -  BHO 8: {E1C9F102-EBE0-4678-9684-F25518B6128B} ()
[07/09/2008, 22:44:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:34] -  Checking for HKLM\...\Winlogon\Notify\pmnKCuSj
[07/09/2008, 22:44:34] -  Key not found: HKLM\...\Winlogon\Notify\pmnKCuSj, continuing.
[07/09/2008, 22:44:35] - Finished Searching Browser Helper Objects
[07/09/2008, 22:44:35] - *** Detected MSEvents Object
[07/09/2008, 22:44:35] - Trying to remove MSEvents Object...
[07/09/2008, 22:44:36] -    Terminating Process: IEXPLORE.EXE
[07/09/2008, 22:44:37] -    Terminating Process: RUNDLL32.EXE
[07/09/2008, 22:44:38] -    Disabling Automatic Shell Restart
[07/09/2008, 22:44:38] -    Terminating Process: EXPLORER.EXE
[07/09/2008, 22:44:39] -    Suspending the NT Session Manager System Service
[07/09/2008, 22:44:40] -    Terminating Windows NT Logon/Logoff Manager
[07/09/2008, 22:44:40] -    Re-enabling Automatic Shell Restart
[07/09/2008, 22:44:41] -   File to disable: C:\WINDOWS\system32\yayaaBUN.dll
[07/09/2008, 22:44:41] -   Removing HKLM\...\Browser Helper Objects\{33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}
[07/09/2008, 22:44:41] -   Removing HKCR\CLSID\{33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}
[07/09/2008, 22:44:41] -   Adding Kill Bit for ActiveX for GUID: {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}
[07/09/2008, 22:44:42] -   Deleting ATLEvents/MSEvents Registry entries
[07/09/2008, 22:44:42] -   Removing HKLM\...\Winlogon\Notify\yayaaBUN
[07/09/2008, 22:44:42] - Searching for Browser Helper Objects:
[07/09/2008, 22:44:42] -  BHO 1: {0ED49734-0923-4BB8-8121-9A920BB0772A} ()
[07/09/2008, 22:44:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:43] -  No filename found. Continuing.
[07/09/2008, 22:44:43] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/09/2008, 22:44:43] -  BHO 3: {693E6478-BEC4-4256-9278-38E1230063E1} ()
[07/09/2008, 22:44:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:44] -  No filename found. Continuing.
[07/09/2008, 22:44:44] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/09/2008, 22:44:44] -  BHO 5: {7A98F607-2B09-46F6-9889-DA6F3ADDFB1E} ()
[07/09/2008, 22:44:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:45] -  No filename found. Continuing.
[07/09/2008, 22:44:45] -  BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/09/2008, 22:44:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:45] -  No filename found. Continuing.
[07/09/2008, 22:44:46] -  BHO 7: {E1C9F102-EBE0-4678-9684-F25518B6128B} ()
[07/09/2008, 22:44:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2008, 22:44:46] -  Checking for HKLM\...\Winlogon\Notify\pmnKCuSj
[07/09/2008, 22:44:46] -  Key not found: HKLM\...\Winlogon\Notify\pmnKCuSj, continuing.
[07/09/2008, 22:44:46] - Finished Searching Browser Helper Objects
[07/09/2008, 22:44:47] - Finishing up...
[07/09/2008, 22:44:47] - A restart is needed.
[07/09/2008, 22:44:47] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/09/2008, 22:45:01] - Attempting to Restart via STOP error (Blue Screen!)

Alanbeuze@hotmail.com · Answer

oups mauvais topic désolé!

Infecté par Virtumonde et Virtumonde.dll

5 réponses

Discussions similaires