Votre question

Problème : Virtumonde me gache la vie =(

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Octobre 2008 18:55:49

Voila sa fait un moment que j'ai remarqué que l'ordinateur de mon frère rammait beaucoup, il m'a également dit que des pubs arrivaient sans arrêt et que c'était impossible de jouer sur un joue sans être coupé par un retour wondows toutes les 5-10 minutes... J'ai fait une analyse avec Ad-Aware 2008 et Spybot qui m'ont tout les deux signalé la présencé d'un certain "virtumonde" et apparemment c'est ce spyware qui serait a l'origine de mes problèmes (les deux logiciels ne signalant aucune autre présence de spyware après désinfection). J'ai essayé d'effacer mais ils revient et les pubs persistent, en ce qui concerne les jeux desfois ça peut durer 20 min que je n'ai pas de retour windows, mais sa finit toujours par arriver !
S.v.p. aidez-moi je ne sais vraiment pas quoi faire, j'ai regardé sur des forums etc. mais je n'arrive pas a trouver une situation identique à la mienne, je veux me débarasser de ce fléau...!!!

Autres pages sur : probleme virtumonde gache vie

30 Octobre 2008 19:53:50

Merci pour votre reponse rapide... Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:03 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\WANADOO\GestionnaireInternet.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\WANADOO\ComComp.exe
C:\PROGRA~1\WANADOO\Toaster.exe
C:\PROGRA~1\WANADOO\Inactivity.exe
C:\PROGRA~1\WANADOO\PollingModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\WANADOO\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Four Inside] C:\DOCUME~1\Korisnik\APPLIC~1\AXISSL~1\INFO SEEK.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1...
O20 - AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll haslhl.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7262 bytes
Contenus similaires
30 Octobre 2008 19:55:19

re

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    30 Octobre 2008 20:58:14

    re =)
    Voila le rapport :

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1340
    Windows 5.1.2600 Service Pack 2

    10/30/2008 8:41:50 PM
    mbam-log-2008-10-30 (20-41-46).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 98104
    Temps écoulé: 20 minute(s), 11 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 109
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 29

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\tuvtuVNH.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\haslhl.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\fccdaaBt.dll (Trojan.Vundo) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b2e0e03-4c15-40eb-847a-36592c1bf700} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{5b2e0e03-4c15-40eb-847a-36592c1bf700} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccdaabt (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e09f3e8-ff96-4cbb-a301-8c6c9f881ca2} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{8e09f3e8-ff96-4cbb-a301-8c6c9f881ca2} (Trojan.Vundo.H) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8e09f3e8-ff96-4cbb-a301-8c6c9f881ca2} (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5b2e0e03-4c15-40eb-847a-36592c1bf700} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqsc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp (Security.Hijack) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvtuvnh -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvtuvnh -> No action taken.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\tuvtuVNH.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\HNVutvut.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\HNVutvut.ini2 (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\fccdaaBt.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\haslhl.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\xqfyiflk.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\klfiyfqx.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\hpwhurcm.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\mcruhwph.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\qoMgdccc.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\qkraxprx.exe (Trojan.LowZones) -> No action taken.
    C:\WINDOWS\system32\hAag3u04.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\kaxfbjbq.exe (Trojan.LowZones) -> No action taken.
    C:\WINDOWS\system32\nnnnLeFv.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\cbXOiJDs.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\nljiyawa.exe (Trojan.LowZones) -> No action taken.
    C:\WINDOWS\system32\haajgihl.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\cscghonf.exe (Trojan.LowZones) -> No action taken.
    C:\Documents and Settings\Korisnik\Local Settings\Temporary Internet Files\Content.IE5\5DYRW9AZ\kb20010911[1] (Trojan.LowZones) -> No action taken.
    C:\Documents and Settings\Korisnik\Local Settings\Temporary Internet Files\Content.IE5\OTMF4XYB\upd105320[1] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Korisnik\Local Settings\Temporary Internet Files\Content.IE5\0H2V89A7\nd82m0[1] (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP142\A0036717.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP142\A0038844.exe (Trojan.LowZones) -> No action taken.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP142\A0038845.exe (Trojan.LowZones) -> No action taken.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP142\A0039032.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP144\A0045161.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045520.DLL (Trojan.Vundo) -> No action taken.
    D:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP117\A0033963.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\sexit.dat (Trojan.Agent) -> No action taken.
    31 Octobre 2008 17:07:35

    bonjour

    1

    Tu as mal lu la procédure:
    dans ton rapport:
    Citation :
    C:\WINDOWS\system32\sexit.dat (Trojan.Agent) -> No action taken.


    Quand l'outil a trouvé quelque-chose, à la fin, il faut cliquer sur "Supprimer la sélection".

    Recommence stp


    2

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer



    3

    ajoute un nouveau rapport Hijackthis.
    20 Novembre 2008 19:54:35

    Bonjour, je tiens d'abord a m'excuser de mon abscence prolonger, et voici le bon rapport cette fois ci :

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1340
    Windows 5.1.2600 Service Pack 2

    11/20/2008 7:27:19 PM
    mbam-log-2008-11-20 (19-27-19).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 99274
    Temps écoulé: 32 minute(s), 20 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 21
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 62

    Processus mémoire infecté(s):
    C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\tuvSJYst.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\mlJCSjkl.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\oswdaw.dll (Trojan.Vundo.H) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12e7c9da-cf8c-4c30-a498-9a97bf06fa82} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{12e7c9da-cf8c-4c30-a498-9a97bf06fa82} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5174472a-4130-48e9-8f78-bec91c955bcf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5174472a-4130-48e9-8f78-bec91c955bcf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljcsjkl (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f1189ef-897a-4323-aa4d-2e1076348afb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3f1189ef-897a-4323-aa4d-2e1076348afb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5174472a-4130-48e9-8f78-bec91c955bcf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12e7c9da-cf8c-4c30-a498-9a97bf06fa82} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\95437986382921029217284972227197 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sutelorope (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvsjyst -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvsjyst -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Korisnik\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\tuvSJYst.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\tsYJSvut.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\tsYJSvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oswdaw.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\mlJCSjkl.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\cvgfmjmr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rmjmfgvc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gisbmewe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ewembsig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kqyvdbwf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fwbdvyqk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wcrihitm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mtihircw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zarorero.dll (Trojan.BHO.H) -> Delete on reboot.
    C:\WINDOWS\system32\ersqwqio.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Korisnik\Local Settings\Temporary Internet Files\Content.IE5\X7L17DNR\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Korisnik\Local Settings\Temporary Internet Files\Content.IE5\IR6H27OL\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045534.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045536.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045538.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045539.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045541.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045542.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045543.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045544.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045545.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045546.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045555.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045557.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6E553143-7BD4-4987-8954-FA4585734648}\RP148\A0045558.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Korisnik\Start Menu\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Korisnik\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Korisnik\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bikehizi.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkhgecC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnnmKAs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnnNGAt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnmlIay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnmlkJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqNDTKA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtTmjIy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXOggeD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcCrRiG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGwwUkJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGwXrSi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iiffDVLC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifebAsP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifFyVll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJBTmnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJaywuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqNGYRl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqOIXOF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqPjiiH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqPfeCR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljJATMGx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUMebCS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUoMdCT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfFYpnN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Korisnik\Desktop\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
    20 Novembre 2008 20:11:56

    Et voici le rapport de ComboFix :

    ComboFix 08-11-19.08 - Korisnik 2008-11-20 20:00:13.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.670 [GMT 1:00]
    Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\bkdaihml.ini
    c:\windows\system32\cjygua.dll
    c:\windows\system32\djubqecm.dll
    c:\windows\system32\gajukilu.dll
    c:\windows\system32\giapsukx.ini
    c:\windows\system32\incxoles.ini
    c:\windows\system32\isocpnol.ini
    c:\windows\system32\jdalrbct.dll
    c:\windows\system32\joyobn.dll
    c:\windows\system32\kbtpqeok.ini
    c:\windows\system32\lkepukbp.dll
    c:\windows\system32\ohzsjt.dll
    c:\windows\system32\ooffqgyy.ini
    c:\windows\system32\orvxclwt.dll
    c:\windows\system32\psjmyrip.ini
    c:\windows\system32\qcncar.dll
    c:\windows\system32\qwybymfx.ini
    c:\windows\system32\rfnjrd.dll
    c:\windows\system32\rhjbvyfs.dll
    c:\windows\system32\rkghul.dll
    c:\windows\system32\sdvhcphq.dll
    c:\windows\system32\sykmxfpm.ini
    c:\windows\system32\trbuuu.dll
    c:\windows\system32\vrdmtlby.dll
    c:\windows\system32\wdvpkesd.dll
    c:\windows\system32\wfodvfbg.ini
    c:\windows\system32\xzxwgv.dll
    c:\windows\system32\ygidbuwi.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
    .

    2008-11-19 15:32 . 2008-11-19 15:32 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\skypePM
    2008-11-19 15:32 . 2008-11-19 15:32 56 --ah----- c:\windows\system32\ezsidmv.dat
    2008-11-19 15:27 . 2008-11-19 15:27 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Skype
    2008-11-19 15:25 . 2008-11-19 15:25 <DIR> d-------- c:\program files\Skype
    2008-11-19 15:25 . 2008-11-19 15:25 <DIR> d-------- c:\program files\Common Files\Skype
    2008-11-19 15:24 . 2008-11-19 15:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
    2008-11-18 19:17 . 2008-11-18 19:17 <DIR> d--hs---- C:\FOUND.010
    2008-11-16 09:24 . 2008-11-16 09:24 <DIR> d-------- c:\program files\Axis Slow Link
    2008-11-16 08:31 . 2008-11-16 08:31 <DIR> d--hs---- C:\FOUND.009
    2008-11-14 20:43 . 2008-11-14 20:43 <DIR> d--hs---- C:\FOUND.008
    2008-11-11 09:31 . 2008-11-11 09:31 <DIR> d--hs---- C:\FOUND.007
    2008-11-10 20:35 . 2008-11-10 20:35 <DIR> d--hs---- C:\FOUND.006
    2008-11-09 18:24 . 2008-11-09 18:24 <DIR> d--h----- C:\BJPrinter
    2008-11-09 18:24 . 2003-05-20 05:00 105,984 --a------ c:\windows\system32\CNMLMyd.DLL
    2008-11-09 18:24 . 2003-07-25 16:34 53,248 --a------ c:\windows\system32\cncipst0.dll
    2008-11-09 18:24 . 2003-05-20 05:00 6,656 --a------ c:\windows\system32\CNMVSyd.DLL
    2008-11-09 18:15 . 2008-11-09 18:15 <DIR> d--h----- C:\CanonMP
    2008-11-08 11:45 . 2008-11-08 11:45 <DIR> d--hs---- C:\FOUND.005
    2008-11-02 22:48 . 2008-11-02 22:48 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\TeamViewer
    2008-11-02 22:47 . 2008-11-02 22:47 <DIR> d-------- c:\documents and settings\Korisnik\temp
    2008-10-30 20:07 . 2008-10-30 20:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-10-30 20:07 . 2008-10-30 20:07 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Malwarebytes
    2008-10-30 20:07 . 2008-10-30 20:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-10-30 20:07 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-10-30 20:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-10-30 19:48 . 2008-10-30 19:48 <DIR> d-------- c:\program files\Trend Micro
    2008-10-30 19:14 . 2008-10-30 19:14 95 --a------ c:\windows\wininit.ini
    2008-10-30 18:24 . 2008-10-30 18:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2008-10-30 18:24 . 2008-10-30 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-30 17:52 . 2008-10-30 17:52 <DIR> d-------- c:\program files\Enigma Software Group
    2008-10-30 17:45 . 2008-10-30 17:45 <DIR> d-------- c:\windows\system32\AGEIA
    2008-10-30 17:45 . 2008-10-30 17:45 <DIR> d-------- c:\program files\AGEIA Technologies
    2008-10-30 17:44 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
    2008-10-29 20:54 . 2008-10-29 20:54 <DIR> d-------- c:\documents and settings\Korisnik\DoctorWeb
    2008-10-29 14:34 . 2008-10-29 14:34 <DIR> d-------- C:\VundoFix Backups
    2008-10-29 13:00 . 2008-10-29 13:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2008-10-28 22:40 . 2008-10-28 22:40 <DIR> d--hs---- C:\FOUND.004
    2008-10-28 21:41 . 2008-10-28 21:41 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Acreon
    2008-10-26 11:30 . 2008-10-26 13:33 96,976 --a------ c:\windows\system32\drivers\klin.dat
    2008-10-26 11:30 . 2008-10-26 11:30 87,855 --a------ c:\windows\system32\drivers\klick.dat
    2008-10-26 11:28 . 2008-10-26 11:28 <DIR> d-------- c:\program files\Kaspersky Lab
    2008-10-26 11:28 . 2008-10-26 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2008-10-26 11:28 . 2008-11-20 20:01 737,280 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2008-10-26 11:28 . 2008-11-20 20:01 90,144 --ahs---- c:\windows\system32\drivers\fidbox2.dat
    2008-10-26 11:28 . 2008-11-20 20:01 6,400 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2008-10-26 11:28 . 2008-11-20 20:01 1,388 --ahs---- c:\windows\system32\drivers\fidbox2.idx
    2008-10-24 22:54 . 2008-10-24 22:54 <DIR> d-------- c:\program files\Google
    2008-10-24 22:45 . 2008-10-24 22:45 <DIR> d-------- c:\windows\system32\Adobe
    2008-10-23 19:55 . 2008-10-23 19:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zylom

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-18 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
    2008-10-18 22:03 --------- d-----w c:\documents and settings\Korisnik\Application Data\Axis Slow Link
    2008-10-18 22:03 --------- d-----w c:\documents and settings\All Users\Application Data\Joy coal mpeg heck
    2008-10-18 22:02 --------- d-----w c:\program files\MessengerPlus! 3
    2008-10-17 23:15 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
    2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
    2008-09-28 13:50 --------- d-----w c:\program files\Messenger Plus! Live
    2008-09-28 13:50 --------- d-----w c:\program files\Circle Developement
    2008-09-27 18:33 --------- d-----w c:\program files\Microsoft
    2008-09-27 18:26 --------- d-----w c:\program files\Common Files\Windows Live
    2008-09-21 18:57 --------- d-----w c:\program files\ma-config.com
    2008-09-21 18:57 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2008-09-09 21:06 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
    2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
    2008-08-29 07:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
    .

    ------- Sigcheck -------

    2004-08-03 21:56 690176 3a5ee0514f56b1b775d7641cfba5ad37 c:\windows\system32\wininet.dll
    2004-08-03 21:56 690176 3a5ee0514f56b1b775d7641cfba5ad37 c:\windows\system32\dllcache\wininet.dll

    2004-08-03 21:56 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\explorer.exe
    2004-08-03 21:56 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 154368]
    "WOOKIT"="c:\progra~1\WANADOO\Shell.exe" [2004-08-23 122880]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-25 68856]
    "Four Inside"="c:\docume~1\Korisnik\APPLIC~1\AXISSL~1\INFO SEEK.exe" [2008-11-16 550400]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-09-07 94208]
    "WOOWATCH"="c:\progra~1\WANADOO\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\WANADOO\GestMaj.exe" [2004-10-14 32768]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-10-18 190024]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
    "mpeg heck log link"="c:\documents and settings\All Users\Application Data\Joy coal mpeg heck\Bolt Meal.exe" [2008-11-20 7073280]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
    "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
    "SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe]

    c:\documents and settings\Korisnik\Start Menu\Programs\Startup\
    UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
    Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
    TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
    "Steam"="d:\steam\steam.exe" -silent
    "Four Inside"=c:\docume~1\Korisnik\APPLIC~1\AXISSL~1\INFO SEEK.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    "NSLauncher"=c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "mpeg heck log link"=c:\documents and settings\All Users\Application Data\Joy coal mpeg heck\Browse Tick.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
    "d:\\Steam\\steamapps\\nikola_95\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
    R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-03 14336]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
    S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-10-28 195752]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-06-23 355584]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1697f55a-5695-11dd-bceb-00155897ab20}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1697f55b-5695-11dd-bceb-00155897ab20}]
    \Shell\AutoRun\command - H:\fnexsjs.exe
    \Shell\explore\Command - H:\fnexsjs.exe
    \Shell\open\Command - H:\fnexsjs.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2eb55cda-a5e3-11dd-bdf0-00155897ab20}]
    \Shell\AutoRun\command - G:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fbab930-5d86-11dd-bd00-00155897ab20}]
    \Shell\AutoRun\command - G:\fnexsjs.exe
    \Shell\explore\Command - G:\fnexsjs.exe
    \Shell\open\Command - G:\fnexsjs.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bc76064-42b8-11dd-bca3-00155897ab20}]
    \Shell\AutoRun\command - G:\fnexsjs.exe
    \Shell\explore\Command - G:\fnexsjs.exe
    \Shell\open\Command - G:\fnexsjs.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a90862ee-6d29-11dd-bd08-00155897ab20}]
    \Shell\AutoRun\command - G:\fnexsjs.exe
    \Shell\explore\Command - G:\fnexsjs.exe
    \Shell\open\Command - G:\fnexsjs.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-20 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]

    2008-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2008-11-20 c:\windows\Tasks\AAA76ECE91891F72.job
    - c:\docume~1\korisnik\applic~1\axissl~1\Setupbuildcool.exe [2008-11-16 09:28]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{3f1189ef-897a-4323-aa4d-2e1076348afb} - c:\windows\system32\zarorero.dll
    BHO-{5B2E0E03-4C15-40EB-847A-36592C1BF700} - (no file)
    BHO-{5C187A1A-B600-4AEB-8B1C-2F1893071902} - (no file)
    HKLM-Run-sutelorope - c:\windows\system32\bikehizi.dll
    Notify-fccdaaBt - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.fr/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: { - c:\program files\Messenger\msmsgs.exe
    IE: {c:\program files\Messenger\msmsgs.exe - -

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_4.cab
    c:\windows\Downloaded Program Files\hardwaredetection.inf

    c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
    hxxp://game09.zylom.com/activex/zylomgamesplayer.cab
    c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf

    c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
    hxxp://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-20 20:03:03
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
    c:\program files\BONJOUR\MDNSRESPONDER.EXE
    c:\windows\SYSTEM32\FTRTSVC.EXE
    c:\windows\SYSTEM32\NVSVC32.EXE
    c:\program files\WANADOO\TASKBARICON.EXE
    c:\program files\INTERNET EXPLORER\IEXPLORE.EXE
    c:\program files\INTERNET EXPLORER\IEXPLORE.EXE
    c:\progra~1\WANADOO\GestionnaireInternet.exe
    c:\progra~1\WANADOO\ComComp.exe
    c:\progra~1\WANADOO\Toaster.exe
    c:\progra~1\WANADOO\Inactivity.exe
    c:\progra~1\WANADOO\PollingModule.exe
    c:\windows\System32\ALERTM~1\ALERTM~1.EXE
    c:\program files\WANADOO\WATCH.EXE
    c:\program files\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-20 20:07:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-11-20 19:07:48

    Pre-Run: 11,086,929,920 bytes free
    Post-Run: 11,634,982,912 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    275
    20 Novembre 2008 20:21:09

    Pour finir, voici le rapport HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:15:32 PM, on 11/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WANADOO\GestionnaireInternet.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\PROGRA~1\WANADOO\ComComp.exe
    C:\PROGRA~1\WANADOO\Toaster.exe
    C:\PROGRA~1\WANADOO\Inactivity.exe
    C:\PROGRA~1\WANADOO\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\WANADOO\Watch.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SoftwareDistribution\Download\a09af09928e177cd9ba61ead21886d9e\update\update.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [mpeg heck log link] C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck\Bolt Meal.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Four Inside] C:\DOCUME~1\Korisnik\APPLIC~1\AXISSL~1\INFO SEEK.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 8189 bytes
    20 Novembre 2008 22:26:04

    re

    1

    Télécharge Flash Disinfector
    Connecte tes supports amovibles sur ton PC. (lecteur mp3, DD externe, clé USB...)
    Connecte tous les périphériques externes ( DD , USB , ..... )
    Double clique sur Flash Disinfector et laisse toi guider






    2


    Copie (Ctrl+C) le texte ci-dessous :
    File::
    c:\windows\Tasks\AAA76ECE91891F72.job
    H:\fnexsjs.exe
    H:\fnexsjs.exe


    Folder::
    c:\program files\Axis Slow Link
    c:\program files\Circle Developement
    c:\documents and settings\Korisnik\Application Data\Axis Slow Link
    c:\documents and settings\All Users\Application Data\Joy coal mpeg heck

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a90862ee-6d29-11dd-bd08-00155897ab20}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bc76064-42b8-11dd-bca3-00155897ab20}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fbab930-5d86-11dd-bd00-00155897ab20}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1697f55b-5695-11dd-bceb-00155897ab20}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mpeg heck log link"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Four Inside"=-



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS