J'ai tout tenté...please help!!!! vundo...
Dernière réponse : dans Sécurité
Bonjour et Au secours!!!!,
J'ai d'abord essayé de parcourir les reponses pour eviter un post sur un thème déjà abordé, mais je ne suis toujours pas arrivée à me défaire de ce virus -
Voilà ce que j'ai fait:
j'ai d'abord ajouté AntiVir en plus de mon avast (peur que avast ne soit pas bien installé)
J'ai fait un scan vundofix mais il n'a rien trouvé, ensuite j'ai lancé virtumondebegone et voici les résultats:
[07/04/2008, 22:17:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\3QVGV10S\VirtumundoBeGone[1].exe" )
[07/04/2008, 22:17:08] - Detected System Information:
[07/04/2008, 22:17:08] - Windows Version: 5.1.2600, Service Pack 2
[07/04/2008, 22:17:08] - Current Username: Compaq_Propriétaire (Admin)
[07/04/2008, 22:17:09] - Windows is in NORMAL mode.
[07/04/2008, 22:17:09] - Searching for Browser Helper Objects:
[07/04/2008, 22:17:09] - BHO 1: {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} ()
[07/04/2008, 22:17:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:17:09] - Checking for HKLM\...\Winlogon\Notify\ljJBrqOH
[07/04/2008, 22:17:09] - Found: HKLM\...\Winlogon\Notify\ljJBrqOH - This is probably Virtumundo.
[07/04/2008, 22:17:09] - Assigning {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} MSEvents Object
[07/04/2008, 22:17:10] - BHO list has been changed! Starting over...
[07/04/2008, 22:17:10] - BHO 1: {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} (MSEvents Object)
[07/04/2008, 22:17:10] - ALERT: Found MSEvents Object!
[07/04/2008, 22:17:10] - BHO 2: {49F52407-CDCF-4C43-85BA-F1EBA31B961C} ()
[07/04/2008, 22:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:17:10] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/04/2008, 22:17:10] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/04/2008, 22:17:10] - BHO 3: {9C28EAFB-FF50-4F42-8D39-A006129CC907} ()
[07/04/2008, 22:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:17:10] - Checking for HKLM\...\Winlogon\Notify\jkkJbcCs
[07/04/2008, 22:17:11] - Found: HKLM\...\Winlogon\Notify\jkkJbcCs - This is probably Virtumundo.
[07/04/2008, 22:17:11] - Assigning {9C28EAFB-FF50-4F42-8D39-A006129CC907} MSEvents Object
[07/04/2008, 22:17:11] - BHO list has been changed! Starting over...
[07/04/2008, 22:17:11] - BHO 1: {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} (MSEvents Object)
[07/04/2008, 22:17:11] - ALERT: Found MSEvents Object!
[07/04/2008, 22:17:11] - BHO 2: {49F52407-CDCF-4C43-85BA-F1EBA31B961C} ()
[07/04/2008, 22:17:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:17:11] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/04/2008, 22:17:11] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/04/2008, 22:17:12] - BHO 3: {9C28EAFB-FF50-4F42-8D39-A006129CC907} (MSEvents Object)
[07/04/2008, 22:17:12] - ALERT: Found MSEvents Object!
[07/04/2008, 22:17:12] - BHO 4: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/04/2008, 22:17:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:17:12] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/04/2008, 22:17:12] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/04/2008, 22:17:12] - Finished Searching Browser Helper Objects
[07/04/2008, 22:17:12] - *** Detected MSEvents Object
[07/04/2008, 22:17:12] - Trying to remove MSEvents Object...
[07/04/2008, 22:17:13] - Terminating Process: IEXPLORE.EXE
[07/04/2008, 22:17:18] - Terminating Process: RUNDLL32.EXE
[07/04/2008, 22:17:20] - Disabling Automatic Shell Restart
[07/04/2008, 22:17:21] - Terminating Process: EXPLORER.EXE
[07/04/2008, 22:18:15] - Suspending the NT Session Manager System Service
[07/04/2008, 22:18:18] - Terminating Windows NT Logon/Logoff Manager
[07/04/2008, 22:18:20] - Re-enabling Automatic Shell Restart
[07/04/2008, 22:18:22] - File to disable: C:\WINDOWS\system32\ljJBrqOH.dll
[07/04/2008, 22:18:22] - Removing HKLM\...\Browser Helper Objects\{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}
[07/04/2008, 22:18:23] - Removing HKCR\CLSID\{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}
[07/04/2008, 22:18:25] - Adding Kill Bit for ActiveX for GUID: {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}
[07/04/2008, 22:18:26] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2008, 22:18:26] - Removing HKLM\...\Winlogon\Notify\ljJBrqOH
[07/04/2008, 22:18:27] - Searching for Browser Helper Objects:
[07/04/2008, 22:18:27] - BHO 1: {49F52407-CDCF-4C43-85BA-F1EBA31B961C} ()
[07/04/2008, 22:18:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:18:27] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/04/2008, 22:18:27] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/04/2008, 22:18:27] - BHO 2: {9C28EAFB-FF50-4F42-8D39-A006129CC907} (MSEvents Object)
[07/04/2008, 22:18:27] - ALERT: Found MSEvents Object!
[07/04/2008, 22:18:27] - BHO 3: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/04/2008, 22:18:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:18:27] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/04/2008, 22:18:27] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/04/2008, 22:18:27] - Finished Searching Browser Helper Objects
[07/04/2008, 22:18:27] - *** Detected MSEvents Object
[07/04/2008, 22:18:27] - Trying to remove MSEvents Object...
[07/04/2008, 22:18:28] - Terminating Process: IEXPLORE.EXE
[07/04/2008, 22:18:28] - Terminating Process: RUNDLL32.EXE
[07/04/2008, 22:18:29] - Disabling Automatic Shell Restart
[07/04/2008, 22:18:29] - Terminating Process: EXPLORER.EXE
[07/04/2008, 22:18:29] - Suspending the NT Session Manager System Service
[07/04/2008, 22:18:30] - Terminating Windows NT Logon/Logoff Manager
[07/04/2008, 22:18:30] - Re-enabling Automatic Shell Restart
[07/04/2008, 22:18:30] - File to disable: C:\WINDOWS\system32\jkkJbcCs.dll
[07/04/2008, 22:18:30] - Removing HKLM\...\Browser Helper Objects\{9C28EAFB-FF50-4F42-8D39-A006129CC907}
[07/04/2008, 22:18:30] - Removing HKCR\CLSID\{9C28EAFB-FF50-4F42-8D39-A006129CC907}
[07/04/2008, 22:18:30] - Adding Kill Bit for ActiveX for GUID: {9C28EAFB-FF50-4F42-8D39-A006129CC907}
[07/04/2008, 22:18:31] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2008, 22:18:31] - Removing HKLM\...\Winlogon\Notify\jkkJbcCs
[07/04/2008, 22:18:31] - Searching for Browser Helper Objects:
[07/04/2008, 22:18:31] - BHO 1: {49F52407-CDCF-4C43-85BA-F1EBA31B961C} ()
[07/04/2008, 22:18:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:18:31] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/04/2008, 22:18:31] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/04/2008, 22:18:31] - BHO 2: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/04/2008, 22:18:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:18:31] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/04/2008, 22:18:31] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/04/2008, 22:18:31] - Finished Searching Browser Helper Objects
[07/04/2008, 22:18:31] - Finishing up...
[07/04/2008, 22:18:31] - A restart is needed.
[07/04/2008, 22:18:39] - Attempting to Restart via STOP error (Blue Screen!)
[07/05/2008, 2:39:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\3QVGV10S\VirtumundoBeGone[1].exe" )
[07/05/2008, 2:39:19] - Detected System Information:
[07/05/2008, 2:39:19] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 2:39:19] - Current Username: Compaq_Propriétaire (Admin)
[07/05/2008, 2:39:19] - Windows is in NORMAL mode.
[07/05/2008, 2:39:19] - Searching for Browser Helper Objects:
[07/05/2008, 2:39:19] - BHO 1: {A6006408-1AFC-4546-9343-CA1FB40B59A4} ()
[07/05/2008, 2:39:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 2:39:19] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/05/2008, 2:39:19] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/05/2008, 2:39:19] - BHO 2: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/05/2008, 2:39:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 2:39:19] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/05/2008, 2:39:19] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/05/2008, 2:39:19] - Finished Searching Browser Helper Objects
[07/05/2008, 2:39:19] - Finishing up...
[07/05/2008, 2:39:19] - Nothing found! Exiting...
[07/05/2008, 9:02:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\3QVGV10S\VirtumundoBeGone[1].exe" )
[07/05/2008, 9:02:41] - Detected System Information:
[07/05/2008, 9:02:41] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 9:02:41] - Current Username: Compaq_Propriétaire (Admin)
[07/05/2008, 9:02:41] - Windows is in NORMAL mode.
[07/05/2008, 9:02:41] - Searching for Browser Helper Objects:
[07/05/2008, 9:02:41] - BHO 1: {30D4FBF3-AAF4-422D-BCEE-B09DA9D6F787} ()
[07/05/2008, 9:02:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 9:02:41] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/05/2008, 9:02:41] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/05/2008, 9:02:41] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/05/2008, 9:02:41] - BHO 3: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/05/2008, 9:02:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 9:02:41] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/05/2008, 9:02:41] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/05/2008, 9:02:41] - Finished Searching Browser Helper Objects
[07/05/2008, 9:02:41] - Finishing up...
[07/05/2008, 9:02:41] - Nothing found! Exiting...
[07/06/2008, 9:20:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\MO911GGS\VirtumundoBeGone[1].exe" )
[07/06/2008, 9:20:31] - Detected System Information:
[07/06/2008, 9:20:31] - Windows Version: 5.1.2600, Service Pack 2
[07/06/2008, 9:20:31] - Current Username: Compaq_Propriétaire (Admin)
[07/06/2008, 9:20:31] - Windows is in NORMAL mode.
[07/06/2008, 9:20:31] - Searching for Browser Helper Objects:
[07/06/2008, 9:20:31] - BHO 1: {1B502BB3-F095-482C-B62F-72242A916C20} ()
[07/06/2008, 9:20:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 9:20:31] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/06/2008, 9:20:31] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/06/2008, 9:20:31] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/06/2008, 9:20:31] - BHO 3: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/06/2008, 9:20:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 9:20:31] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/06/2008, 9:20:31] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/06/2008, 9:20:31] - Finished Searching Browser Helper Objects
[07/06/2008, 9:20:31] - Finishing up...
[07/06/2008, 9:20:31] - Nothing found! Exiting...
ensuite j'ai lancé symantec remove tool: rien trouvé
J'ai après désactivé la restauration du système et ai relancé les scans..même résultats.
QUant à Spybot, il a trouvé dans les 60 'problèmes' mais lorsque je clique sur le bouton 'resoudre les problèmes, tout se fige (sablier) et dans gestionnaire programme: programme ne repond pas.
Je voulais ensuite installer BHO Demon, mais ne l'ai pas trouvé disponible.
Entretemps j'ai désinstallé AntiVir, car les fenêtres qui s'ouvraient tous les deux secondes avec ce Bip nonstop, et ca pendant les 2 jours depuis que j'essaye de mon débarasser du/des virus - j'en pouvais plus...
ai scanné et supprimé avec Malwarebytes. Voici le report:
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 927
Windows 5.1.2600 Service Pack 2
12:27:26 06/07/2008
mbam-log-7-6-2008 (12-27-26).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 115997
Temps écoulé: 42 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnnlMCr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\tfwhftym.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b502bb3-f095-482c-b62f-72242a916c20} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1b502bb3-f095-482c-b62f-72242a916c20} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02bfd7dc-ab51-4b70-bd6b-d803566f6c17} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec4a1cf6-ae63-45c3-b7c7-e427da6cbfd9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b117f787-30e1-47c9-a515-c3e6f1d21b76} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.bvqs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\186485f7 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ec4a1cf6-ae63-45c3-b7c7-e427da6cbfd9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnlmcr -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnlmcr -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netrax01 (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\opnnlMCr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rCMlnnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rCMlnnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfwhftym.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mytfhwft.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\epnv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\nqgpedlr.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mrvtdpqe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\axrfgvek.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Le système m'a aussi dit que pas TOUT les fichiers ne pouvaient être detruits.
J'ai ensuite re-booté et SpyBot s'est mis en route au démarrage et a encore enlevé 50 fichiers à peu prés.
J'ai encore re-booté et cette fois ci Spy bot n'en a trouvé aucun.
Mais:
- comment etre sûr et certain que tout est nettoyé
- mon fond d'écran se met toujours en place bizarrement: d'abord fond d'écran que j'ai choisi sans icones, puis page bleu avec icones, puis page blanche avec icones, puis Mon fond d'écran avec icones, puis re-fond blanc avec icones. Il semble y avoir aussi un autre fond derrière mes icones (gestion des fichiers, autres emplacements, Details..)
- Quand je clique sur explorer, internet se connecte d'office sur goole, alors que j'avais toujours l'ouverture sur 'orange'
- le logo des pages internet (dans les onglets) est un espece de forme virale pas le 'e' classique d'explorer ou autre...
- et puis: je suis confondu: je ne sais plus si je gard SpyBot, Avast, bref tous ce que j'ai télegargé...quels sont des firewalls, lequels des antivirus...désolé, j'en connais pas grand chose, je mets ma confiance entre vos mains...
Merci
Si quelqu'un pourrait m'aider? Je ne sais plus quoi faire du tout
MerciConfiguration: Windows XPConfiguration: Windows XP
Internet Explorer 7.0
J'ai d'abord essayé de parcourir les reponses pour eviter un post sur un thème déjà abordé, mais je ne suis toujours pas arrivée à me défaire de ce virus -
Voilà ce que j'ai fait:
j'ai d'abord ajouté AntiVir en plus de mon avast (peur que avast ne soit pas bien installé)
J'ai fait un scan vundofix mais il n'a rien trouvé, ensuite j'ai lancé virtumondebegone et voici les résultats:
[07/04/2008, 22:17:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\3QVGV10S\VirtumundoBeGone[1].exe" )
[07/04/2008, 22:17:08] - Detected System Information:
[07/04/2008, 22:17:08] - Windows Version: 5.1.2600, Service Pack 2
[07/04/2008, 22:17:08] - Current Username: Compaq_Propriétaire (Admin)
[07/04/2008, 22:17:09] - Windows is in NORMAL mode.
[07/04/2008, 22:17:09] - Searching for Browser Helper Objects:
[07/04/2008, 22:17:09] - BHO 1: {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} ()
[07/04/2008, 22:17:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:17:09] - Checking for HKLM\...\Winlogon\Notify\ljJBrqOH
[07/04/2008, 22:17:09] - Found: HKLM\...\Winlogon\Notify\ljJBrqOH - This is probably Virtumundo.
[07/04/2008, 22:17:09] - Assigning {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} MSEvents Object
[07/04/2008, 22:17:10] - BHO list has been changed! Starting over...
[07/04/2008, 22:17:10] - BHO 1: {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} (MSEvents Object)
[07/04/2008, 22:17:10] - ALERT: Found MSEvents Object!
[07/04/2008, 22:17:10] - BHO 2: {49F52407-CDCF-4C43-85BA-F1EBA31B961C} ()
[07/04/2008, 22:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:17:10] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/04/2008, 22:17:10] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/04/2008, 22:17:10] - BHO 3: {9C28EAFB-FF50-4F42-8D39-A006129CC907} ()
[07/04/2008, 22:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:17:10] - Checking for HKLM\...\Winlogon\Notify\jkkJbcCs
[07/04/2008, 22:17:11] - Found: HKLM\...\Winlogon\Notify\jkkJbcCs - This is probably Virtumundo.
[07/04/2008, 22:17:11] - Assigning {9C28EAFB-FF50-4F42-8D39-A006129CC907} MSEvents Object
[07/04/2008, 22:17:11] - BHO list has been changed! Starting over...
[07/04/2008, 22:17:11] - BHO 1: {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} (MSEvents Object)
[07/04/2008, 22:17:11] - ALERT: Found MSEvents Object!
[07/04/2008, 22:17:11] - BHO 2: {49F52407-CDCF-4C43-85BA-F1EBA31B961C} ()
[07/04/2008, 22:17:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:17:11] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/04/2008, 22:17:11] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/04/2008, 22:17:12] - BHO 3: {9C28EAFB-FF50-4F42-8D39-A006129CC907} (MSEvents Object)
[07/04/2008, 22:17:12] - ALERT: Found MSEvents Object!
[07/04/2008, 22:17:12] - BHO 4: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/04/2008, 22:17:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:17:12] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/04/2008, 22:17:12] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/04/2008, 22:17:12] - Finished Searching Browser Helper Objects
[07/04/2008, 22:17:12] - *** Detected MSEvents Object
[07/04/2008, 22:17:12] - Trying to remove MSEvents Object...
[07/04/2008, 22:17:13] - Terminating Process: IEXPLORE.EXE
[07/04/2008, 22:17:18] - Terminating Process: RUNDLL32.EXE
[07/04/2008, 22:17:20] - Disabling Automatic Shell Restart
[07/04/2008, 22:17:21] - Terminating Process: EXPLORER.EXE
[07/04/2008, 22:18:15] - Suspending the NT Session Manager System Service
[07/04/2008, 22:18:18] - Terminating Windows NT Logon/Logoff Manager
[07/04/2008, 22:18:20] - Re-enabling Automatic Shell Restart
[07/04/2008, 22:18:22] - File to disable: C:\WINDOWS\system32\ljJBrqOH.dll
[07/04/2008, 22:18:22] - Removing HKLM\...\Browser Helper Objects\{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}
[07/04/2008, 22:18:23] - Removing HKCR\CLSID\{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}
[07/04/2008, 22:18:25] - Adding Kill Bit for ActiveX for GUID: {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}
[07/04/2008, 22:18:26] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2008, 22:18:26] - Removing HKLM\...\Winlogon\Notify\ljJBrqOH
[07/04/2008, 22:18:27] - Searching for Browser Helper Objects:
[07/04/2008, 22:18:27] - BHO 1: {49F52407-CDCF-4C43-85BA-F1EBA31B961C} ()
[07/04/2008, 22:18:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:18:27] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/04/2008, 22:18:27] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/04/2008, 22:18:27] - BHO 2: {9C28EAFB-FF50-4F42-8D39-A006129CC907} (MSEvents Object)
[07/04/2008, 22:18:27] - ALERT: Found MSEvents Object!
[07/04/2008, 22:18:27] - BHO 3: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/04/2008, 22:18:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:18:27] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/04/2008, 22:18:27] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/04/2008, 22:18:27] - Finished Searching Browser Helper Objects
[07/04/2008, 22:18:27] - *** Detected MSEvents Object
[07/04/2008, 22:18:27] - Trying to remove MSEvents Object...
[07/04/2008, 22:18:28] - Terminating Process: IEXPLORE.EXE
[07/04/2008, 22:18:28] - Terminating Process: RUNDLL32.EXE
[07/04/2008, 22:18:29] - Disabling Automatic Shell Restart
[07/04/2008, 22:18:29] - Terminating Process: EXPLORER.EXE
[07/04/2008, 22:18:29] - Suspending the NT Session Manager System Service
[07/04/2008, 22:18:30] - Terminating Windows NT Logon/Logoff Manager
[07/04/2008, 22:18:30] - Re-enabling Automatic Shell Restart
[07/04/2008, 22:18:30] - File to disable: C:\WINDOWS\system32\jkkJbcCs.dll
[07/04/2008, 22:18:30] - Removing HKLM\...\Browser Helper Objects\{9C28EAFB-FF50-4F42-8D39-A006129CC907}
[07/04/2008, 22:18:30] - Removing HKCR\CLSID\{9C28EAFB-FF50-4F42-8D39-A006129CC907}
[07/04/2008, 22:18:30] - Adding Kill Bit for ActiveX for GUID: {9C28EAFB-FF50-4F42-8D39-A006129CC907}
[07/04/2008, 22:18:31] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2008, 22:18:31] - Removing HKLM\...\Winlogon\Notify\jkkJbcCs
[07/04/2008, 22:18:31] - Searching for Browser Helper Objects:
[07/04/2008, 22:18:31] - BHO 1: {49F52407-CDCF-4C43-85BA-F1EBA31B961C} ()
[07/04/2008, 22:18:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:18:31] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/04/2008, 22:18:31] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/04/2008, 22:18:31] - BHO 2: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/04/2008, 22:18:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 22:18:31] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/04/2008, 22:18:31] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/04/2008, 22:18:31] - Finished Searching Browser Helper Objects
[07/04/2008, 22:18:31] - Finishing up...
[07/04/2008, 22:18:31] - A restart is needed.
[07/04/2008, 22:18:39] - Attempting to Restart via STOP error (Blue Screen!)
[07/05/2008, 2:39:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\3QVGV10S\VirtumundoBeGone[1].exe" )
[07/05/2008, 2:39:19] - Detected System Information:
[07/05/2008, 2:39:19] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 2:39:19] - Current Username: Compaq_Propriétaire (Admin)
[07/05/2008, 2:39:19] - Windows is in NORMAL mode.
[07/05/2008, 2:39:19] - Searching for Browser Helper Objects:
[07/05/2008, 2:39:19] - BHO 1: {A6006408-1AFC-4546-9343-CA1FB40B59A4} ()
[07/05/2008, 2:39:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 2:39:19] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/05/2008, 2:39:19] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/05/2008, 2:39:19] - BHO 2: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/05/2008, 2:39:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 2:39:19] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/05/2008, 2:39:19] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/05/2008, 2:39:19] - Finished Searching Browser Helper Objects
[07/05/2008, 2:39:19] - Finishing up...
[07/05/2008, 2:39:19] - Nothing found! Exiting...
[07/05/2008, 9:02:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\3QVGV10S\VirtumundoBeGone[1].exe" )
[07/05/2008, 9:02:41] - Detected System Information:
[07/05/2008, 9:02:41] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 9:02:41] - Current Username: Compaq_Propriétaire (Admin)
[07/05/2008, 9:02:41] - Windows is in NORMAL mode.
[07/05/2008, 9:02:41] - Searching for Browser Helper Objects:
[07/05/2008, 9:02:41] - BHO 1: {30D4FBF3-AAF4-422D-BCEE-B09DA9D6F787} ()
[07/05/2008, 9:02:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 9:02:41] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/05/2008, 9:02:41] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/05/2008, 9:02:41] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/05/2008, 9:02:41] - BHO 3: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/05/2008, 9:02:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 9:02:41] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/05/2008, 9:02:41] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/05/2008, 9:02:41] - Finished Searching Browser Helper Objects
[07/05/2008, 9:02:41] - Finishing up...
[07/05/2008, 9:02:41] - Nothing found! Exiting...
[07/06/2008, 9:20:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\MO911GGS\VirtumundoBeGone[1].exe" )
[07/06/2008, 9:20:31] - Detected System Information:
[07/06/2008, 9:20:31] - Windows Version: 5.1.2600, Service Pack 2
[07/06/2008, 9:20:31] - Current Username: Compaq_Propriétaire (Admin)
[07/06/2008, 9:20:31] - Windows is in NORMAL mode.
[07/06/2008, 9:20:31] - Searching for Browser Helper Objects:
[07/06/2008, 9:20:31] - BHO 1: {1B502BB3-F095-482C-B62F-72242A916C20} ()
[07/06/2008, 9:20:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 9:20:31] - Checking for HKLM\...\Winlogon\Notify\opnnlMCr
[07/06/2008, 9:20:31] - Key not found: HKLM\...\Winlogon\Notify\opnnlMCr, continuing.
[07/06/2008, 9:20:31] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/06/2008, 9:20:31] - BHO 3: {E6B91C03-9ACC-4052-9195-A7F4DE71C3E6} ()
[07/06/2008, 9:20:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 9:20:31] - Checking for HKLM\...\Winlogon\Notify\vtUolKEt
[07/06/2008, 9:20:31] - Key not found: HKLM\...\Winlogon\Notify\vtUolKEt, continuing.
[07/06/2008, 9:20:31] - Finished Searching Browser Helper Objects
[07/06/2008, 9:20:31] - Finishing up...
[07/06/2008, 9:20:31] - Nothing found! Exiting...
ensuite j'ai lancé symantec remove tool: rien trouvé
J'ai après désactivé la restauration du système et ai relancé les scans..même résultats.
QUant à Spybot, il a trouvé dans les 60 'problèmes' mais lorsque je clique sur le bouton 'resoudre les problèmes, tout se fige (sablier) et dans gestionnaire programme: programme ne repond pas.
Je voulais ensuite installer BHO Demon, mais ne l'ai pas trouvé disponible.
Entretemps j'ai désinstallé AntiVir, car les fenêtres qui s'ouvraient tous les deux secondes avec ce Bip nonstop, et ca pendant les 2 jours depuis que j'essaye de mon débarasser du/des virus - j'en pouvais plus...
ai scanné et supprimé avec Malwarebytes. Voici le report:
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 927
Windows 5.1.2600 Service Pack 2
12:27:26 06/07/2008
mbam-log-7-6-2008 (12-27-26).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 115997
Temps écoulé: 42 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnnlMCr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\tfwhftym.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b502bb3-f095-482c-b62f-72242a916c20} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1b502bb3-f095-482c-b62f-72242a916c20} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02bfd7dc-ab51-4b70-bd6b-d803566f6c17} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec4a1cf6-ae63-45c3-b7c7-e427da6cbfd9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b117f787-30e1-47c9-a515-c3e6f1d21b76} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.bvqs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\186485f7 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ec4a1cf6-ae63-45c3-b7c7-e427da6cbfd9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnlmcr -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnlmcr -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netrax01 (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\opnnlMCr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rCMlnnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rCMlnnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfwhftym.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mytfhwft.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\epnv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\nqgpedlr.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mrvtdpqe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\axrfgvek.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Le système m'a aussi dit que pas TOUT les fichiers ne pouvaient être detruits.
J'ai ensuite re-booté et SpyBot s'est mis en route au démarrage et a encore enlevé 50 fichiers à peu prés.
J'ai encore re-booté et cette fois ci Spy bot n'en a trouvé aucun.
Mais:
- comment etre sûr et certain que tout est nettoyé
- mon fond d'écran se met toujours en place bizarrement: d'abord fond d'écran que j'ai choisi sans icones, puis page bleu avec icones, puis page blanche avec icones, puis Mon fond d'écran avec icones, puis re-fond blanc avec icones. Il semble y avoir aussi un autre fond derrière mes icones (gestion des fichiers, autres emplacements, Details..)
- Quand je clique sur explorer, internet se connecte d'office sur goole, alors que j'avais toujours l'ouverture sur 'orange'
- le logo des pages internet (dans les onglets) est un espece de forme virale pas le 'e' classique d'explorer ou autre...
- et puis: je suis confondu: je ne sais plus si je gard SpyBot, Avast, bref tous ce que j'ai télegargé...quels sont des firewalls, lequels des antivirus...désolé, j'en connais pas grand chose, je mets ma confiance entre vos mains...
Merci
Si quelqu'un pourrait m'aider? Je ne sais plus quoi faire du tout
MerciConfiguration: Windows XPConfiguration: Windows XP
Internet Explorer 7.0
Autres pages sur : tente please help vundo
Lassé par la pub ? Créez un compte
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumTrojan vundo help
- ForumHelp infecte par win32 vundo dll trj
- ForumPlease help me problemxp user32.dll
- ForumPlease help connexion internet et avast
- ForumProbleme virus trojan win 32 please help '
- ForumTrojan reel ou fausse alerte please help
- ForumSql error 1064 - please help me
- ForumPlease help rapport hijackthis v2.0.2
- ForumIllustrator cs3 et pdf please help
- ForumInstallshield wizard bloque please help me
- Voir plus
