virtumonde a l'aide il ne veux pas partir

Question

Bonjour,
voila ca fait plusieur jour que j'essaye de me debarasser de plusieur trojan qui revienne tout le temps
j'ai telecharger spybot et il me trouve a chaque scanne virtumonde qu'il supprime avec succes mais qui reviens tout le temps

merci a celui qui pourras m'aider


voici le rapport hijacthis 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:20:24, on 25/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\ManyCam 2.2\ManyCam.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\HiJackThis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1FFD2461-C816-431B-8EFD-F1555F8BCAFD} - C:\WINDOWS\system32\xxyawwus.dll (file missing)
O2 - BHO: (no name) - {2753B591-D1EC-4A00-93E4-CEC5247EB60C} - C:\WINDOWS\system32	uvVMgfD.dll
O2 - BHO: (no name) - {4239B89B-7C0C-424F-8FA6-1F70584FC462} - C:\WINDOWS\system32\ljJaaaay.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ODSPConfig] C:\Program Files\ODSP\ODSPConfig.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.2\ManyCam.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.49/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2C240B-05E9-4406-B466-9C852805A152}: NameServer = 80.10.246.1 81.253.149.2
O20 - Winlogon Notify: tuvVMgfD - C:\WINDOWS\SYSTEM32	uvVMgfD.dll
O21 - SSODL: SrvKernel - {828bd38d-8dc2-4a6b-a5b1-2c8f15958b9b} - C:\WINDOWS\Installer\{828bd38d-8dc2-4a6b-a5b1-2c8f15958b9b}\SrvKernel.dll (file missing)
O21 - SSODL: zip - {c21c48ef-fbd9-4d8a-acdb-7227c55ed562} - C:\WINDOWS\Installer\{c21c48ef-fbd9-4d8a-acdb-7227c55ed562}\zip.dll (file missing)
O21 - SSODL: BootSetup - {0722d7f2-118b-437e-ba7d-ce06ccd2c104} - C:\WINDOWS\Installer\{0722d7f2-118b-437e-ba7d-ce06ccd2c104}\BootSetup.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ODSP Host Service (ODSP Host) - Unknown owner - C:\Program Files\ODSP\ODSPHost_NT.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Utilisateur anonyme · Answer

http://www.sospc33.com/info-telecharger-utilitaire-de-desinfection-fix-vundo-monde-version-1-6.html

Installe le fix vundo et scan ta machine

aureli62 · Answer

re
je recommance le scan car l'ordinateur a bloque a cause de l'antivrus

Utilisateur anonyme · Answer

ok

toptitbal · Answer

Bonjour

Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) : 
http://siri.urz.free.fr/Fix/SmitfraudFix.exe 

Déconnecte-toi, ferme toute tes applications et désactive tes défenses ( anti-virus, anti-spyware,...) le temps de la manip !! 

Installe le soft à la racine de C:\ ( et pas ailleurs! --->"C\:SmitfraudFix.exe" ) . 

Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php 

Utilisation ---> option 1 / Recherche : 
Double clique sur l'icône "Smitfraudfix.exe" et sélectionne 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection. 

Poste le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite . 

(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

Utilisateur anonyme · Answer

J'te laisse finir, j'ai faim ...

aureli62 · Answer

personne s'il vous plait?
merci

Utilisateur anonyme · Answer

tu as lancé la désinfection avec smirt ?

Utilisateur anonyme · Answer

ça c'est le scan

lance la désinfection

aureli62 · Answer

voila c'est fait



[08/26/2008, 13:05:08] - VirtumundoBeGone v1.5 ( "C:\DOCUME~1\HP_PRO~1\MESDOC~1\MICKAE~1.GAL\vundofix.exe" )
[08/26/2008, 13:05:09] - Detected System Information:
[08/26/2008, 13:05:09] -  Windows Version: 5.1.2600, Service Pack 2
[08/26/2008, 13:05:09] -  Current Username: HP_Propriétaire (Admin)
[08/26/2008, 13:05:09] -  Windows is in NORMAL mode.
[08/26/2008, 13:05:09] - Searching for Browser Helper Objects:
[08/26/2008, 13:05:09] -  BHO 1: {1FFD2461-C816-431B-8EFD-F1555F8BCAFD} ()
[08/26/2008, 13:05:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:09] -  Checking for HKLM\...\Winlogon\Notify\xxyawwus
[08/26/2008, 13:05:09] -  Key not found: HKLM\...\Winlogon\Notify\xxyawwus, continuing.
[08/26/2008, 13:05:09] -  BHO 2: {2753B591-D1EC-4A00-93E4-CEC5247EB60C} ()
[08/26/2008, 13:05:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:09] -  Checking for HKLM\...\Winlogon\Notify	uvVMgfD
[08/26/2008, 13:05:09] -  Found: HKLM\...\Winlogon\Notify	uvVMgfD - This is probably Virtumundo.
[08/26/2008, 13:05:09] -  Assigning {2753B591-D1EC-4A00-93E4-CEC5247EB60C} MSEvents Object
[08/26/2008, 13:05:09] - BHO list has been changed! Starting over...
[08/26/2008, 13:05:09] -  BHO 1: {1FFD2461-C816-431B-8EFD-F1555F8BCAFD} ()
[08/26/2008, 13:05:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:10] -  Checking for HKLM\...\Winlogon\Notify\xxyawwus
[08/26/2008, 13:05:10] -  Key not found: HKLM\...\Winlogon\Notify\xxyawwus, continuing.
[08/26/2008, 13:05:10] -  BHO 2: {2753B591-D1EC-4A00-93E4-CEC5247EB60C} (MSEvents Object)
[08/26/2008, 13:05:10] - ALERT: Found MSEvents Object!
[08/26/2008, 13:05:10] -  BHO 3: {39B7653A-D3BD-48A9-9577-FEC5BE89D0DD} ()
[08/26/2008, 13:05:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:10] -  Checking for HKLM\...\Winlogon\Notify\yayyAqrS
[08/26/2008, 13:05:10] -  Key not found: HKLM\...\Winlogon\Notify\yayyAqrS, continuing.
[08/26/2008, 13:05:10] -  BHO 4: {4239B89B-7C0C-424F-8FA6-1F70584FC462} ()
[08/26/2008, 13:05:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:10] -  Checking for HKLM\...\Winlogon\Notify\ljJaaaay
[08/26/2008, 13:05:10] -  Key not found: HKLM\...\Winlogon\Notify\ljJaaaay, continuing.
[08/26/2008, 13:05:10] -  BHO 5: {724d43a9-0d85-11d4-9908-00400523e39a} ()
[08/26/2008, 13:05:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:10] -  Checking for HKLM\...\Winlogon\Notifyoboform
[08/26/2008, 13:05:10] -  Key not found: HKLM\...\Winlogon\Notifyoboform, continuing.
[08/26/2008, 13:05:10] -  BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/26/2008, 13:05:10] -  BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[08/26/2008, 13:05:10] -  BHO 8: {ffcd73d5-716a-45ad-9c89-2e4dfaa6863f} ()
[08/26/2008, 13:05:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:11] -  Checking for HKLM\...\Winlogon\Notify	qxqae
[08/26/2008, 13:05:11] -  Key not found: HKLM\...\Winlogon\Notify	qxqae, continuing.
[08/26/2008, 13:05:11] - Finished Searching Browser Helper Objects
[08/26/2008, 13:05:11] - *** Detected MSEvents Object
[08/26/2008, 13:05:11] - Trying to remove MSEvents Object...
[08/26/2008, 13:05:12] -    Terminating Process: IEXPLORE.EXE
[08/26/2008, 13:05:13] -    Terminating Process: RUNDLL32.EXE
[08/26/2008, 13:05:13] -    Disabling Automatic Shell Restart
[08/26/2008, 13:05:13] -    Terminating Process: EXPLORER.EXE
[08/26/2008, 13:05:15] -    Suspending the NT Session Manager System Service
[08/26/2008, 13:05:15] -    Terminating Windows NT Logon/Logoff Manager
[08/26/2008, 13:05:15] -    Re-enabling Automatic Shell Restart
[08/26/2008, 13:05:16] -   File to disable: C:\WINDOWS\system32	uvVMgfD.dll
[08/26/2008, 13:05:16] -   Removing HKLM\...\Browser Helper Objects\{2753B591-D1EC-4A00-93E4-CEC5247EB60C}
[08/26/2008, 13:05:16] -   Removing HKCR\CLSID\{2753B591-D1EC-4A00-93E4-CEC5247EB60C}
[08/26/2008, 13:05:18] -   Adding Kill Bit for ActiveX for GUID: {2753B591-D1EC-4A00-93E4-CEC5247EB60C}
[08/26/2008, 13:05:19] -   Deleting ATLEvents/MSEvents Registry entries
[08/26/2008, 13:05:19] -   Removing HKLM\...\Winlogon\Notify	uvVMgfD
[08/26/2008, 13:05:19] - Searching for Browser Helper Objects:
[08/26/2008, 13:05:19] -  BHO 1: {1FFD2461-C816-431B-8EFD-F1555F8BCAFD} ()
[08/26/2008, 13:05:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:19] -  Checking for HKLM\...\Winlogon\Notify\xxyawwus
[08/26/2008, 13:05:19] -  Key not found: HKLM\...\Winlogon\Notify\xxyawwus, continuing.
[08/26/2008, 13:05:19] -  BHO 2: {39B7653A-D3BD-48A9-9577-FEC5BE89D0DD} ()
[08/26/2008, 13:05:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:19] -  Checking for HKLM\...\Winlogon\Notify\yayyAqrS
[08/26/2008, 13:05:19] -  Key not found: HKLM\...\Winlogon\Notify\yayyAqrS, continuing.
[08/26/2008, 13:05:19] -  BHO 3: {4239B89B-7C0C-424F-8FA6-1F70584FC462} ()
[08/26/2008, 13:05:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:19] -  Checking for HKLM\...\Winlogon\Notify\ljJaaaay
[08/26/2008, 13:05:19] -  Key not found: HKLM\...\Winlogon\Notify\ljJaaaay, continuing.
[08/26/2008, 13:05:19] -  BHO 4: {724d43a9-0d85-11d4-9908-00400523e39a} ()
[08/26/2008, 13:05:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:19] -  Checking for HKLM\...\Winlogon\Notifyoboform
[08/26/2008, 13:05:19] -  Key not found: HKLM\...\Winlogon\Notifyoboform, continuing.
[08/26/2008, 13:05:19] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/26/2008, 13:05:19] -  BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[08/26/2008, 13:05:19] -  BHO 7: {ffcd73d5-716a-45ad-9c89-2e4dfaa6863f} ()
[08/26/2008, 13:05:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2008, 13:05:20] -  Checking for HKLM\...\Winlogon\Notify	qxqae
[08/26/2008, 13:05:20] -  Key not found: HKLM\...\Winlogon\Notify	qxqae, continuing.
[08/26/2008, 13:05:20] - Finished Searching Browser Helper Objects
[08/26/2008, 13:05:20] - Finishing up...
[08/26/2008, 13:05:20] - A restart is needed.
[08/26/2008, 13:07:44] - Attempting to Restart via STOP error (Blue Screen!)

Utilisateur anonyme · Answer

comment est ta navig mtn ?

aureli62 · Answer

toujours pareil j'ai encore des pages de pub qui s'ouvre
et intenet exploreur qui rame enormement

Utilisateur anonyme · Answer

et le fix vundo bloquait ?

aureli62 · Answer

oui il n'arrive pas aller jusqu'au bout meme en mode sans echec

Utilisateur anonyme · Answer

https://www.broadcom.com/support/security-center

Prend celui du site de son éditeur et recommence... y a pas de raison

Utilisateur anonyme · Answer

Si ça ne donne rien, tu suivras ça :

http://forum.pcastuces.com/malwarebytes_antimalwares___tutor­iel-f31s3.htm 

J'viens de le faire avec un autre, tout s'est  bien passé

aureli62 · Answer

j'ai reussis 
voila le raport:


Symantec Trojan.Vundo Removal Tool 1.5.0
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been terminated.

C:\Documents and Settings\HP_Propriétaire\Bureau..........................................

(j'ai supprime tous les lignes qu'il y avait entree deux car beaucoup d'adressse mail de mes contact msn
j'ai du supprime 1 centaine  de ligne environ)
....................................................



\DFSR\Staging\CS{7FF35FC2-6470-B3BE-0788-35F53834B8E3}\01\17-{7FF35FC2-6470-B3BE-0788-35F53834B8E3}-v1-{CCB5093C-0DCD-4D56-94DF-1C504CEB0238}-v17-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)

Trojan.Vundo has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 128737
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral processes suspended: 1
The number of viral threads terminated: 0
The number of registry entries fixed: 0






est ce que je fait la suite car le lien est invalide
merci

(par contre pour l'instant je n'est plus de fenetre qui s'ouvre et internet et plus rapide)

Utilisateur anonyme · Answer

hm vundo semble enlevé !

Navigue un peu et ois ce que ça donne // reboot ton pc et va surfer un peu. Si ton systeme est stable et ta connexion ok, ma fois ça semble tout bon

Utilisateur anonyme · Answer

https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

si le coeur t'en dit tu peux

aureli62 · Answer

ok je vais le faire car mon mari a ete un pe sur le net etune nouvelle page c'est ouverte

aureli62 · Answer

voiic le nouveau rapport:
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1089
Windows 5.1.2600 Service Pack 2

09:22:49 28/08/2008
mbam-log-08-28-2008 (09-22-49).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 121713
Temps écoulé: 1 hour(s), 27 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000041.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000042.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000043.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000044.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000045.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000046.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000047.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000048.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000049.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000050.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000051.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0000037.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\octcqopl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjkxwmxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

ça semble bon (bjr)

la navig se comporte comment ?

aureli62 · Answer

pour l'instant ca a l'air d'etre bon je vais relancer spybot et avast pour voir si c'est bon
en tout cas un grand merci car j'etais vraiment perdu
je donnerais les rapport des que tout ca est termine

Virtumonde a l'aide il ne veux pas partir

22 réponses

Votre réponse

Discussions similaires

Newsletters