Virtumonde
nade
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
je me bats depuis plusieurs jours avec plusieurs virus dont virtumonde. je ne peux plus me connecter à certaines pages avec firefox (ex : impossible de faire une recherche google).
j'ai Eset comme antivirus qui me trouve toujours ceci : "une variante de Win32/adware.virtumonde application" et "Win32/adware.sidebar application" .
j'ai tenté de virer virtumonde avec les utilitaires F-VMonde ou FxVundoB, mais Eset les retrouve toujours.
j'ai des pages de pub qui apparaissent quand j'utilise IE, les mises à jour windows sont tjs désactivés quand je redémarre, alors que je les active ...
donc si qqun peut me venir en aide, ca serait vraiment gentil ...
merci
je me bats depuis plusieurs jours avec plusieurs virus dont virtumonde. je ne peux plus me connecter à certaines pages avec firefox (ex : impossible de faire une recherche google).
j'ai Eset comme antivirus qui me trouve toujours ceci : "une variante de Win32/adware.virtumonde application" et "Win32/adware.sidebar application" .
j'ai tenté de virer virtumonde avec les utilitaires F-VMonde ou FxVundoB, mais Eset les retrouve toujours.
j'ai des pages de pub qui apparaissent quand j'utilise IE, les mises à jour windows sont tjs désactivés quand je redémarre, alors que je les active ...
donc si qqun peut me venir en aide, ca serait vraiment gentil ...
merci
10 réponses
Effectue ceci :
1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :
7) Dans l'onglet analyse, vérifie que "Exécuter une analyse complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse. (effectue une mise a jour avant chaque scan )
8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK puis sur le bouton afficher les résultats
10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.tu le fais :)
11) MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
12) Ferme MBAN en cliquant sur Quitter.
----------------
tutoriel en image :D
https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
---------------------
Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici avec l'autre
En ce qui concerne Avast mettez vous en tête que ce n'est pas avast qui est responsable de vos infections. C'est l'utilisateur qui est responsable. Si vous faite attention à ce que vous faites vous ne rencontrerez aucun problème après si vous téléchargez des cracks, keygen,etc. ou si vous cliquez sur des liens suspects vous ne devez pas mettre en tort vos logiciels de sécuriter.
Donc maintenant faites attention sur quoi vous cliquez et sur ce que vous téléchargez. Merci
1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :
7) Dans l'onglet analyse, vérifie que "Exécuter une analyse complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse. (effectue une mise a jour avant chaque scan )
8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK puis sur le bouton afficher les résultats
10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.tu le fais :)
11) MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
12) Ferme MBAN en cliquant sur Quitter.
----------------
tutoriel en image :D
https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
---------------------
Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici avec l'autre
En ce qui concerne Avast mettez vous en tête que ce n'est pas avast qui est responsable de vos infections. C'est l'utilisateur qui est responsable. Si vous faite attention à ce que vous faites vous ne rencontrerez aucun problème après si vous téléchargez des cracks, keygen,etc. ou si vous cliquez sur des liens suspects vous ne devez pas mettre en tort vos logiciels de sécuriter.
Donc maintenant faites attention sur quoi vous cliquez et sur ce que vous téléchargez. Merci
lu,
1/ verifie que ton nod32 soit à jour
ta la version 3 ou 2 ?
faut que tailel dans les option de scan et que tu mette en nettoyage strict pour le scan en manuelle ensuite redemarre en mode sans echec (touche F8) et fait un scan complet.
1/ verifie que ton nod32 soit à jour
ta la version 3 ou 2 ?
faut que tailel dans les option de scan et que tu mette en nettoyage strict pour le scan en manuelle ensuite redemarre en mode sans echec (touche F8) et fait un scan complet.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
effectivement j'avais avast avant et ca n'etait pas mieux ...
attention je suis pas des plus doués, donc qu'est-ce que mon nod32 ? et comment vérifier qu'il est à jour ?
et la version 3 ou 2 de XP ? la 2 ...
attention je suis pas des plus doués, donc qu'est-ce que mon nod32 ? et comment vérifier qu'il est à jour ?
et la version 3 ou 2 de XP ? la 2 ...
je ne critiquais pas avast, je disais juste que mon problème n'avait été resolu grâce à cet antivirus ( pas plus qu'avec Eset d'ailleurs )
merci pour les instructions, je m'en occupe de suite
merci pour les instructions, je m'en occupe de suite
2.7 est moche
la 3 est belle
voila la difference :
v2.x :
http://www.firewallleaktester.com/images_site/nod32.jpg
v3.x :
http://cybernetnews.com/wp-content/uploads/2006/08/Nod32v3.gif
bon les look c'est à peu près ca, ca a changer legerement depuis.
ta fait le scan en mode sans echec?
la 3 est belle
voila la difference :
v2.x :
http://www.firewallleaktester.com/images_site/nod32.jpg
v3.x :
http://cybernetnews.com/wp-content/uploads/2006/08/Nod32v3.gif
bon les look c'est à peu près ca, ca a changer legerement depuis.
ta fait le scan en mode sans echec?
voici les rapports :
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 873
13:39:42 21/06/2008
mbam-log-6-21-2008 (13-39-42).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 104622
Temps écoulé: 37 minute(s), 43 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 62
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBtQjIA.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mcjfsnxa.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wgloskoy.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4ef1531-e376-4148-a30e-ba207eb8b99a} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a4ef1531-e376-4148-a30e-ba207eb8b99a} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysidesearchsearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac4728d6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMaf741b4a (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebtqjia -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebtqjia -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\geBtQjIA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\AIjQtBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AIjQtBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcjfsnxa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\axnsfjcm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgloskoy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yoksolgw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0100353.exe (Adware.Vapsup) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0100418.exe (Adware.Vapsup) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0102484.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goc\vbashcom3.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\_Ticker_ticker.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jqqwjgtw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
[06/21/2008, 13:42:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Autres\Bureau\VirtumundoBeGone.exe" )
[06/21/2008, 13:42:49] - Detected System Information:
[06/21/2008, 13:42:49] - Windows Version: 5.1.2600, Service Pack 2
[06/21/2008, 13:42:49] - Current Username: Autres (Admin)
[06/21/2008, 13:42:49] - Windows is in NORMAL mode.
[06/21/2008, 13:42:49] - Searching for Browser Helper Objects:
[06/21/2008, 13:42:49] - BHO 1: {3c15fa01-b178-43da-bd3f-3aec0d23bf72} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\fnsrpwsk
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\fnsrpwsk, continuing.
[06/21/2008, 13:42:49] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/21/2008, 13:42:49] - BHO 3: {5C589057-4C5D-4CD9-BCD7-F96A977CC810} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\mlJCVoPf
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\mlJCVoPf, continuing.
[06/21/2008, 13:42:49] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 13:42:49] - BHO 5: {9C28EAFB-FF50-4F42-8D39-A006129CC907} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\xxyxXOeF
[06/21/2008, 13:42:49] - Found: HKLM\...\Winlogon\Notify\xxyxXOeF - This is probably Virtumundo.
[06/21/2008, 13:42:49] - Assigning {9C28EAFB-FF50-4F42-8D39-A006129CC907} MSEvents Object
[06/21/2008, 13:42:49] - BHO list has been changed! Starting over...
[06/21/2008, 13:42:49] - BHO 1: {3c15fa01-b178-43da-bd3f-3aec0d23bf72} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\fnsrpwsk
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\fnsrpwsk, continuing.
[06/21/2008, 13:42:49] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/21/2008, 13:42:49] - BHO 3: {5C589057-4C5D-4CD9-BCD7-F96A977CC810} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\mlJCVoPf
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\mlJCVoPf, continuing.
[06/21/2008, 13:42:49] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 13:42:49] - BHO 5: {9C28EAFB-FF50-4F42-8D39-A006129CC907} (MSEvents Object)
[06/21/2008, 13:42:49] - ALERT: Found MSEvents Object!
[06/21/2008, 13:42:49] - Finished Searching Browser Helper Objects
[06/21/2008, 13:42:49] - *** Detected MSEvents Object
[06/21/2008, 13:42:49] - Trying to remove MSEvents Object...
[06/21/2008, 13:42:50] - Terminating Process: IEXPLORE.EXE
[06/21/2008, 13:42:50] - Terminating Process: RUNDLL32.EXE
[06/21/2008, 13:42:50] - Disabling Automatic Shell Restart
[06/21/2008, 13:42:50] - Terminating Process: EXPLORER.EXE
[06/21/2008, 13:42:50] - Suspending the NT Session Manager System Service
[06/21/2008, 13:42:50] - Terminating Windows NT Logon/Logoff Manager
[06/21/2008, 13:42:50] - Re-enabling Automatic Shell Restart
[06/21/2008, 13:42:50] - File to disable: C:\WINDOWS\system32\xxyxXOeF.dll
[06/21/2008, 13:42:50] - Removing HKLM\...\Browser Helper Objects\{9C28EAFB-FF50-4F42-8D39-A006129CC907}
[06/21/2008, 13:42:50] - Removing HKCR\CLSID\{9C28EAFB-FF50-4F42-8D39-A006129CC907}
[06/21/2008, 13:42:50] - Adding Kill Bit for ActiveX for GUID: {9C28EAFB-FF50-4F42-8D39-A006129CC907}
[06/21/2008, 13:42:50] - Deleting ATLEvents/MSEvents Registry entries
[06/21/2008, 13:42:50] - Removing HKLM\...\Winlogon\Notify\xxyxXOeF
[06/21/2008, 13:42:50] - Searching for Browser Helper Objects:
[06/21/2008, 13:42:50] - BHO 1: {3c15fa01-b178-43da-bd3f-3aec0d23bf72} ()
[06/21/2008, 13:42:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:50] - Checking for HKLM\...\Winlogon\Notify\fnsrpwsk
[06/21/2008, 13:42:50] - Key not found: HKLM\...\Winlogon\Notify\fnsrpwsk, continuing.
[06/21/2008, 13:42:50] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/21/2008, 13:42:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:50] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/21/2008, 13:42:50] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/21/2008, 13:42:50] - BHO 3: {5C589057-4C5D-4CD9-BCD7-F96A977CC810} ()
[06/21/2008, 13:42:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:50] - Checking for HKLM\...\Winlogon\Notify\mlJCVoPf
[06/21/2008, 13:42:50] - Key not found: HKLM\...\Winlogon\Notify\mlJCVoPf, continuing.
[06/21/2008, 13:42:50] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 13:42:50] - Finished Searching Browser Helper Objects
[06/21/2008, 13:42:50] - Finishing up...
[06/21/2008, 13:42:50] - A restart is needed.
[06/21/2008, 13:42:50] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[06/21/2008, 13:43:02] - Attempting to Restart via STOP error (Blue Screen!)
[06/21/2008, 13:48:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Autres\Bureau\VirtumundoBeGone.exe" )
[06/21/2008, 13:48:11] - User choose NOT to continue. Exiting...
[06/21/2008, 13:51:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Autres\Bureau\VirtumundoBeGone.exe" )
[06/21/2008, 13:51:07] - Detected System Information:
[06/21/2008, 13:51:07] - Windows Version: 5.1.2600, Service Pack 2
[06/21/2008, 13:51:07] - Current Username: Autres (Admin)
[06/21/2008, 13:51:07] - Windows is in NORMAL mode.
[06/21/2008, 13:51:07] - Searching for Browser Helper Objects:
[06/21/2008, 13:51:07] - BHO 1: {3c15fa01-b178-43da-bd3f-3aec0d23bf72} ()
[06/21/2008, 13:51:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:51:07] - Checking for HKLM\...\Winlogon\Notify\fnsrpwsk
[06/21/2008, 13:51:07] - Key not found: HKLM\...\Winlogon\Notify\fnsrpwsk, continuing.
[06/21/2008, 13:51:07] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/21/2008, 13:51:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:51:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/21/2008, 13:51:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/21/2008, 13:51:07] - BHO 3: {5C589057-4C5D-4CD9-BCD7-F96A977CC810} ()
[06/21/2008, 13:51:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:51:07] - Checking for HKLM\...\Winlogon\Notify\mlJCVoPf
[06/21/2008, 13:51:07] - Key not found: HKLM\...\Winlogon\Notify\mlJCVoPf, continuing.
[06/21/2008, 13:51:07] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 13:51:07] - Finished Searching Browser Helper Objects
[06/21/2008, 13:51:07] - Finishing up...
[06/21/2008, 13:51:07] - Nothing found! Exiting...
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 873
13:39:42 21/06/2008
mbam-log-6-21-2008 (13-39-42).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 104622
Temps écoulé: 37 minute(s), 43 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 62
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBtQjIA.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mcjfsnxa.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wgloskoy.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4ef1531-e376-4148-a30e-ba207eb8b99a} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a4ef1531-e376-4148-a30e-ba207eb8b99a} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysidesearchsearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac4728d6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMaf741b4a (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebtqjia -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebtqjia -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\geBtQjIA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\AIjQtBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AIjQtBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcjfsnxa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\axnsfjcm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgloskoy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yoksolgw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0100353.exe (Adware.Vapsup) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0100418.exe (Adware.Vapsup) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0102484.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goc\vbashcom3.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\_Ticker_ticker.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jqqwjgtw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
[06/21/2008, 13:42:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Autres\Bureau\VirtumundoBeGone.exe" )
[06/21/2008, 13:42:49] - Detected System Information:
[06/21/2008, 13:42:49] - Windows Version: 5.1.2600, Service Pack 2
[06/21/2008, 13:42:49] - Current Username: Autres (Admin)
[06/21/2008, 13:42:49] - Windows is in NORMAL mode.
[06/21/2008, 13:42:49] - Searching for Browser Helper Objects:
[06/21/2008, 13:42:49] - BHO 1: {3c15fa01-b178-43da-bd3f-3aec0d23bf72} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\fnsrpwsk
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\fnsrpwsk, continuing.
[06/21/2008, 13:42:49] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/21/2008, 13:42:49] - BHO 3: {5C589057-4C5D-4CD9-BCD7-F96A977CC810} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\mlJCVoPf
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\mlJCVoPf, continuing.
[06/21/2008, 13:42:49] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 13:42:49] - BHO 5: {9C28EAFB-FF50-4F42-8D39-A006129CC907} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\xxyxXOeF
[06/21/2008, 13:42:49] - Found: HKLM\...\Winlogon\Notify\xxyxXOeF - This is probably Virtumundo.
[06/21/2008, 13:42:49] - Assigning {9C28EAFB-FF50-4F42-8D39-A006129CC907} MSEvents Object
[06/21/2008, 13:42:49] - BHO list has been changed! Starting over...
[06/21/2008, 13:42:49] - BHO 1: {3c15fa01-b178-43da-bd3f-3aec0d23bf72} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\fnsrpwsk
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\fnsrpwsk, continuing.
[06/21/2008, 13:42:49] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/21/2008, 13:42:49] - BHO 3: {5C589057-4C5D-4CD9-BCD7-F96A977CC810} ()
[06/21/2008, 13:42:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:49] - Checking for HKLM\...\Winlogon\Notify\mlJCVoPf
[06/21/2008, 13:42:49] - Key not found: HKLM\...\Winlogon\Notify\mlJCVoPf, continuing.
[06/21/2008, 13:42:49] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 13:42:49] - BHO 5: {9C28EAFB-FF50-4F42-8D39-A006129CC907} (MSEvents Object)
[06/21/2008, 13:42:49] - ALERT: Found MSEvents Object!
[06/21/2008, 13:42:49] - Finished Searching Browser Helper Objects
[06/21/2008, 13:42:49] - *** Detected MSEvents Object
[06/21/2008, 13:42:49] - Trying to remove MSEvents Object...
[06/21/2008, 13:42:50] - Terminating Process: IEXPLORE.EXE
[06/21/2008, 13:42:50] - Terminating Process: RUNDLL32.EXE
[06/21/2008, 13:42:50] - Disabling Automatic Shell Restart
[06/21/2008, 13:42:50] - Terminating Process: EXPLORER.EXE
[06/21/2008, 13:42:50] - Suspending the NT Session Manager System Service
[06/21/2008, 13:42:50] - Terminating Windows NT Logon/Logoff Manager
[06/21/2008, 13:42:50] - Re-enabling Automatic Shell Restart
[06/21/2008, 13:42:50] - File to disable: C:\WINDOWS\system32\xxyxXOeF.dll
[06/21/2008, 13:42:50] - Removing HKLM\...\Browser Helper Objects\{9C28EAFB-FF50-4F42-8D39-A006129CC907}
[06/21/2008, 13:42:50] - Removing HKCR\CLSID\{9C28EAFB-FF50-4F42-8D39-A006129CC907}
[06/21/2008, 13:42:50] - Adding Kill Bit for ActiveX for GUID: {9C28EAFB-FF50-4F42-8D39-A006129CC907}
[06/21/2008, 13:42:50] - Deleting ATLEvents/MSEvents Registry entries
[06/21/2008, 13:42:50] - Removing HKLM\...\Winlogon\Notify\xxyxXOeF
[06/21/2008, 13:42:50] - Searching for Browser Helper Objects:
[06/21/2008, 13:42:50] - BHO 1: {3c15fa01-b178-43da-bd3f-3aec0d23bf72} ()
[06/21/2008, 13:42:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:50] - Checking for HKLM\...\Winlogon\Notify\fnsrpwsk
[06/21/2008, 13:42:50] - Key not found: HKLM\...\Winlogon\Notify\fnsrpwsk, continuing.
[06/21/2008, 13:42:50] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/21/2008, 13:42:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:50] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/21/2008, 13:42:50] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/21/2008, 13:42:50] - BHO 3: {5C589057-4C5D-4CD9-BCD7-F96A977CC810} ()
[06/21/2008, 13:42:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:42:50] - Checking for HKLM\...\Winlogon\Notify\mlJCVoPf
[06/21/2008, 13:42:50] - Key not found: HKLM\...\Winlogon\Notify\mlJCVoPf, continuing.
[06/21/2008, 13:42:50] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 13:42:50] - Finished Searching Browser Helper Objects
[06/21/2008, 13:42:50] - Finishing up...
[06/21/2008, 13:42:50] - A restart is needed.
[06/21/2008, 13:42:50] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[06/21/2008, 13:43:02] - Attempting to Restart via STOP error (Blue Screen!)
[06/21/2008, 13:48:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Autres\Bureau\VirtumundoBeGone.exe" )
[06/21/2008, 13:48:11] - User choose NOT to continue. Exiting...
[06/21/2008, 13:51:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Autres\Bureau\VirtumundoBeGone.exe" )
[06/21/2008, 13:51:07] - Detected System Information:
[06/21/2008, 13:51:07] - Windows Version: 5.1.2600, Service Pack 2
[06/21/2008, 13:51:07] - Current Username: Autres (Admin)
[06/21/2008, 13:51:07] - Windows is in NORMAL mode.
[06/21/2008, 13:51:07] - Searching for Browser Helper Objects:
[06/21/2008, 13:51:07] - BHO 1: {3c15fa01-b178-43da-bd3f-3aec0d23bf72} ()
[06/21/2008, 13:51:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:51:07] - Checking for HKLM\...\Winlogon\Notify\fnsrpwsk
[06/21/2008, 13:51:07] - Key not found: HKLM\...\Winlogon\Notify\fnsrpwsk, continuing.
[06/21/2008, 13:51:07] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/21/2008, 13:51:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:51:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/21/2008, 13:51:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/21/2008, 13:51:07] - BHO 3: {5C589057-4C5D-4CD9-BCD7-F96A977CC810} ()
[06/21/2008, 13:51:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 13:51:07] - Checking for HKLM\...\Winlogon\Notify\mlJCVoPf
[06/21/2008, 13:51:07] - Key not found: HKLM\...\Winlogon\Notify\mlJCVoPf, continuing.
[06/21/2008, 13:51:07] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 13:51:07] - Finished Searching Browser Helper Objects
[06/21/2008, 13:51:07] - Finishing up...
[06/21/2008, 13:51:07] - Nothing found! Exiting...
bien peux tu me poster un rapport hijackthis :
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
rencontres tu encore des problèmes ?
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
rencontres tu encore des problèmes ?
