Votre question

un vilain virus

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Septembre 2008 05:25:20

salut a tous

bon jespere que ceux qui me lirons vont bien car moi c est pas trop le top je vien de me chopper un mechant virus et la c est pas la periode pour (ca ne l est jamais mais la quand meme )j ai été sur un site de confiance plutot moyenne pour aller télecharger un film (pour dire vrai ct pas du porno sinon je l aurait dit jurer :)  et depuis sa jai des icone qui apparaissent sur la barre du bat des proposition d antivirus windows qui m ont pas l air de l etre et surtout pas moyen d avoir acces ni a mon bureaux ni a mes document ni a mes application ds le menu demarrer
je vien de faire un rapport hi jack this jespere vraiment que qq un pourra m aider merci d avance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:21: VIRUS ALERT!, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Windows\system32\YUR4.exe
C:\Windows\system32\YURD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\funmrylo.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\funmrylo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: MySpaceCustomizer toolbar - {1ec9c976-8b7d-4507-b727-dfec440d576e} - C:\Program Files\MySpaceCustomizer\tbMySp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: peltodgx - {FB63658B-C7BB-4E34-B2DA-6C25BB2BCDE6} - C:\WINDOWS\peltodgx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [\YURA03.exe] C:\Windows\system32\YURA03.exe
O4 - HKLM\..\Run: [\YURA04.exe] C:\Windows\system32\YURA04.exe
O4 - HKLM\..\Run: [\YURA05.exe] C:\Windows\system32\YURA05.exe
O4 - HKLM\..\Run: [\YURA06.exe] C:\Windows\system32\YURA06.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [\YURA0C.exe] C:\Windows\system32\YURA0C.exe
O4 - HKLM\..\Run: [740189c4] rundll32.exe "C:\WINDOWS\system32\asonyrmw.dll",b
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKLM\..\Run: [\YUR15.exe] C:\Windows\system32\YUR15.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [\YURA03.exe] C:\Windows\system32\YURA03.exe
O4 - HKCU\..\Run: [\YURA04.exe] C:\Windows\system32\YURA04.exe
O4 - HKCU\..\Run: [\YURA05.exe] C:\Windows\system32\YURA05.exe
O4 - HKCU\..\Run: [\YURA06.exe] C:\Windows\system32\YURA06.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [SrvCfg] C:\WINDOWS\system32\funmrylo.exe
O4 - HKCU\..\Run: [\YURA0C.exe] C:\Windows\system32\YURA0C.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKCU\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [\YUR15.exe] C:\Windows\system32\YUR15.exe
O4 - HKLM\..\Policies\Explorer\Run: [xnnRCGKfRu] C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/pc/mywebex/tool/syscheck/ieatg...
O21 - SSODL: onfwbsak - {14824014-C7AE-4812-B9C3-C571E05FE603} - C:\WINDOWS\onfwbsak.dll
O21 - SSODL: rwlfsdmk - {F5A54495-7BCF-4DEA-8CE9-DD8FE435C327} - C:\WINDOWS\rwlfsdmk.dll
O21 - SSODL: winsetsrv - {094F8F54-65DC-E8B5-ABA6-05B573E593B3} - C:\Program Files\ziiugcc\winsetsrv.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 10301 bytes

Autres pages sur : vilain virus

a b 8 Sécurité
30 Septembre 2008 12:52:27

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    30 Septembre 2008 13:20:02

    salut angel dark je te remercie de prendre la peine de t occuper de moi ca fait vraiment plaisir .pour ce qui est du rapport combofix il est le suivant
    ComboFix 08-09-28.05 - laurent 2008-09-30 13:07:06.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1356 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\laurent\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos.dat
    C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos.exe
    C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos_nav.dat
    C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos_navps.dat
    C:\Documents and Settings\laurent\Local Settings\Application Data\qwociuo_navfx.dat
    C:\Documents and Settings\laurent\ravmonlog
    C:\Program Files\FBrowserAdvisor
    C:\Program Files\FBrowsingAdvisor
    C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
    C:\Program Files\FBrowsingAdvisor\Logo.png
    C:\Program Files\FBrowsingAdvisor\main.db
    C:\Program Files\FBrowsingAdvisor\unins000.dat
    C:\Program Files\FBrowsingAdvisor\unins000.exe
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
    C:\Program Files\MicroAV
    C:\Program Files\MicroAV\MicroAV.cpl
    C:\Program Files\MicroAV\MicroAV.exe
    C:\Program Files\MicroAV\MicroAV.ooo
    C:\Program Files\MicroAV\MicroAV0.dat
    C:\Program Files\MicroAV\MicroAV1.dat
    C:\Program Files\PCHealthCenter
    C:\Program Files\PCHealthCenter\0.exe
    C:\Program Files\PCHealthCenter\0.gif
    C:\Program Files\PCHealthCenter\1.exe
    C:\Program Files\PCHealthCenter\1.gif
    C:\Program Files\PCHealthCenter\1.ico
    C:\Program Files\PCHealthCenter\2.exe
    C:\Program Files\PCHealthCenter\2.gif
    C:\Program Files\PCHealthCenter\2.ico
    C:\Program Files\PCHealthCenter\3.exe
    C:\Program Files\PCHealthCenter\3.gif
    C:\Program Files\PCHealthCenter\4.exe
    C:\Program Files\PCHealthCenter\5.exe
    C:\Program Files\PCHealthCenter\7.exe
    C:\Program Files\PCHealthCenter\sc.html
    C:\Program Files\webmediaplayer
    C:\Program Files\webmediaplayer\resources\languages_v2.xml
    C:\Program Files\webmediaplayer\resources\webmedias
    C:\Program Files\webmediaplayer\skins\classic.skn
    C:\Program Files\webmediaplayer\sqlite3.dll
    C:\Program Files\webmediaplayer\uninst.exe
    C:\Program Files\webmediaplayer\WebMediaPlayer.exe
    C:\WINDOWS\dfmlxbpkbgl.dll
    C:\WINDOWS\enkr.exe
    C:\WINDOWS\onfwbsak.dll
    C:\WINDOWS\peltodgx.dll
    C:\WINDOWS\rwlfsdmk.dll
    C:\WINDOWS\system32\_005753_.tmp.dll
    C:\WINDOWS\system32\_005754_.tmp.dll
    C:\WINDOWS\system32\_005755_.tmp.dll
    C:\WINDOWS\system32\_005756_.tmp.dll
    C:\WINDOWS\system32\_005763_.tmp.dll
    C:\WINDOWS\system32\_005764_.tmp.dll
    C:\WINDOWS\system32\_005765_.tmp.dll
    C:\WINDOWS\system32\_005766_.tmp.dll
    C:\WINDOWS\system32\_005768_.tmp.dll
    C:\WINDOWS\system32\_005769_.tmp.dll
    C:\WINDOWS\system32\_005772_.tmp.dll
    C:\WINDOWS\system32\_005773_.tmp.dll
    C:\WINDOWS\system32\_005775_.tmp.dll
    C:\WINDOWS\system32\_005776_.tmp.dll
    C:\WINDOWS\system32\_005777_.tmp.dll
    C:\WINDOWS\system32\_005779_.tmp.dll
    C:\WINDOWS\system32\_005782_.tmp.dll
    C:\WINDOWS\system32\_005783_.tmp.dll
    C:\WINDOWS\system32\_005787_.tmp.dll
    C:\WINDOWS\system32\_005788_.tmp.dll
    C:\WINDOWS\system32\_005790_.tmp.dll
    C:\WINDOWS\system32\_005793_.tmp.dll
    C:\WINDOWS\system32\_005795_.tmp.dll
    C:\WINDOWS\system32\_005796_.tmp.dll
    C:\WINDOWS\system32\_005797_.tmp.dll
    C:\WINDOWS\system32\_005798_.tmp.dll
    C:\WINDOWS\system32\_005799_.tmp.dll
    C:\WINDOWS\system32\_005802_.tmp.dll
    C:\WINDOWS\system32\_005803_.tmp.dll
    C:\WINDOWS\system32\_005804_.tmp.dll
    C:\WINDOWS\system32\_005805_.tmp.dll
    C:\WINDOWS\system32\_005806_.tmp.dll
    C:\WINDOWS\system32\_005811_.tmp.dll
    C:\WINDOWS\system32\1.ico
    C:\WINDOWS\system32\2.ico
    C:\WINDOWS\system32\akttzn.exe
    C:\WINDOWS\system32\awtoolb.dll
    C:\WINDOWS\system32\bdn.com
    C:\WINDOWS\system32\bsva-egihsg52.exe
    C:\WINDOWS\system32\byXQHwXr.dll
    C:\WINDOWS\system32\dpcproxy.exe
    C:\WINDOWS\system32\emesx.dll
    C:\WINDOWS\system32\hoproxy.dll
    C:\WINDOWS\system32\hxiwlgpm.dat
    C:\WINDOWS\system32\hxiwlgpm.exe
    C:\WINDOWS\system32\lsprst7.dll
    C:\WINDOWS\system32\medup012.dll
    C:\WINDOWS\system32\msgp.exe
    C:\WINDOWS\system32\msnbho.dll
    C:\WINDOWS\system32\mssecu.exe
    C:\WINDOWS\system32\msvchost.exe
    C:\WINDOWS\system32\msvcsv60.dll
    C:\WINDOWS\system32\mtr2.exe
    C:\WINDOWS\system32\mwin32.exe
    C:\WINDOWS\system32\netode.exe
    C:\WINDOWS\system32\newsd32.exe
    C:\WINDOWS\system32\ps1.exe
    C:\WINDOWS\system32\psof1.exe
    C:\WINDOWS\system32\psoft1.exe
    C:\WINDOWS\system32\regc64.dll
    C:\WINDOWS\system32\regm64.dll
    C:\WINDOWS\system32\Rundl1.exe
    C:\WINDOWS\system32\rXwHQXyb.ini
    C:\WINDOWS\system32\rXwHQXyb.ini2
    C:\WINDOWS\system32\smp
    C:\WINDOWS\system32\smp\msrc.exe
    C:\WINDOWS\system32\sncntr.exe
    C:\WINDOWS\system32\ssprs.dll
    C:\WINDOWS\system32\ssqNGATj.dll
    C:\WINDOWS\system32\ssurf022.dll
    C:\WINDOWS\system32\ssvchost.com
    C:\WINDOWS\system32\ssvchost.exe
    C:\WINDOWS\system32\sysreq.exe
    C:\WINDOWS\system32\taack.dat
    C:\WINDOWS\system32\taack.exe
    C:\WINDOWS\system32\temp#01.exe
    C:\WINDOWS\system32\thun.dll
    C:\WINDOWS\system32\thun32.dll
    C:\WINDOWS\system32\urqNGxVm.dll
    C:\WINDOWS\system32\VBIEWER.OCX
    C:\WINDOWS\system32\vbsys2.dll
    C:\WINDOWS\system32\vcatchpi.dll
    C:\WINDOWS\system32\winlogonpc.exe
    C:\WINDOWS\system32\winsystem.exe
    C:\WINDOWS\system32\WINWGPX.EXE
    C:\x

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-30 13:02 . 2008-09-29 05:55 74,752 --a------ C:\WINDOWS\system32\YUR19.exe
    2008-09-30 05:23 . 2008-09-30 05:23 86,016 --a------ C:\WINDOWS\system32\nedqjydw.exe
    2008-09-30 04:58 . 2008-09-30 04:58 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-30 04:44 . 2008-09-30 13:13 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-30 04:34 . 2008-09-30 01:28 <REP> d-------- C:\SDFix
    2008-09-30 03:50 . 2008-09-30 03:50 945,223 ---hs---- C:\WINDOWS\system32\wmrynosa.ini
    2008-09-30 03:50 . 2008-09-30 03:50 80,000 --a------ C:\WINDOWS\system32\asonyrmw.dll
    2008-09-30 03:44 . 2008-09-30 03:44 <REP> d-------- C:\Program Files\ziiugcc
    2008-09-30 03:44 . 2008-09-30 03:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tybmfktk
    2008-09-30 03:44 . 2008-09-30 03:44 86,016 --a------ C:\WINDOWS\system32\funmrylo.exe
    2008-09-30 03:43 . 2008-09-29 05:55 165,376 --a------ C:\WINDOWS\system32\MicroAV.cpl
    2008-09-30 03:43 . 2008-09-30 00:22 86,016 --a------ C:\WINDOWS\fbxrqtwn.exe
    2008-09-25 21:21 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-09-25 21:21 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-09-25 21:21 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-09-25 21:21 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-09-25 16:05 . 2008-09-25 16:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-25 16:05 . 2008-09-25 16:05 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-09-20 01:32 . 2008-06-23 18:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-09-20 01:32 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-09-20 01:32 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-09-20 01:32 . 2008-06-23 18:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-09-20 01:32 . 2008-06-23 18:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-09-20 01:32 . 2008-06-23 18:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-09-20 01:32 . 2008-06-23 18:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-09-20 01:32 . 2008-06-23 18:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-09-20 01:32 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-09-11 01:21 . 2008-09-11 03:28 <REP> d-------- C:\Documents and Settings\laurent\Application Data\DivX
    2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Program Files\Yahoo!
    2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Program Files\DivX
    2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Yahoo!
    2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-06 03:14 . 2008-09-06 03:14 <REP> d-------- C:\Program Files\Eek! Records
    2008-08-24 01:05 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
    2008-08-07 11:18 . 2008-08-07 11:18 268 --ah----- C:\sqmdata02.sqm
    2008-08-07 11:18 . 2008-08-07 11:18 244 --ah----- C:\sqmnoopt02.sqm
    2008-08-07 02:24 . 2008-08-07 02:24 268 --ah----- C:\sqmdata01.sqm
    2008-08-07 02:24 . 2008-08-07 02:24 244 --ah----- C:\sqmnoopt01.sqm
    2008-08-06 22:19 . 2008-08-06 22:19 268 --ah----- C:\sqmdata00.sqm
    2008-08-06 22:19 . 2008-08-06 22:19 244 --ah----- C:\sqmnoopt00.sqm
    2008-08-04 18:13 . 2007-08-24 15:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
    2008-08-04 18:13 . 2007-09-17 14:38 102,400 --a------ C:\WINDOWS\system32\TG_VIEW0607.DLL
    2008-08-04 18:13 . 2007-09-17 14:38 90,112 --a------ C:\WINDOWS\system32\TG_SYNC.DLL
    2008-08-03 04:15 . 2008-08-04 18:39 65 --a------ C:\WINDOWS\FISHUI.INI
    2008-08-03 02:40 . 2008-08-03 02:40 <REP> d-------- C:\Program Files\MyFree Codec
    2008-08-03 02:39 . 2008-08-03 02:39 <REP> d-------- C:\Program Files\Samsung
    2008-08-03 02:39 . 2008-08-03 02:39 <REP> d-------- C:\Program Files\MarkAny
    2008-08-03 02:39 . 2008-08-03 02:39 <REP> d-------- C:\Documents and Settings\laurent\Application Data\DataCast
    2008-08-03 02:39 . 2003-04-18 16:46 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
    2008-08-02 15:30 . 2008-08-02 15:30 <REP> d-------- C:\Program Files\CDBurnerXP
    2008-08-02 15:30 . 2008-08-02 15:30 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Canneverbe_Limited

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-30 02:44 --------- d-----w C:\Program Files\Google
    2008-09-30 02:27 --------- d-----w C:\Program Files\Piolet
    2008-09-30 01:53 --------- d-----w C:\Program Files\SWiSHmax
    2008-09-29 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-09-23 16:06 --------- d-----w C:\Documents and Settings\laurent\Application Data\uTorrent
    2008-09-04 14:40 --------- d-----w C:\Program Files\FruityLoops 3.56
    2008-08-03 00:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-08 21:14 669 ----a-w C:\Documents and Settings\laurent\Application Data\waver_2.95.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
    "AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-30 171448]
    "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 4354048]
    "SrvCfg"="C:\WINDOWS\system32\funmrylo.exe" [2008-09-30 86016]
    "RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
    "cmdmon"="C:\WINDOWS\system32\nedqjydw.exe" [2008-09-30 86016]
    "\YUR19.exe"="C:\Windows\system32\YUR19.exe" [2008-09-29 74752]
    "InfoSmartCfg"="C:\WINDOWS\system32\uxojatsj.exe" [2008-09-30 86016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-12-13 91136]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 160768]
    "Piolet"="C:\Program Files\Piolet\Piolet.exe" [2007-04-13 5988352]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
    "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
    "MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
    "740189c4"="C:\WINDOWS\system32\asonyrmw.dll" [2008-09-30 80000]
    "\YUR19.exe"="C:\Windows\system32\YUR19.exe" [2008-09-29 74752]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "xnnRCGKfRu"="C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe" [2008-09-30 69632]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "winsetsrv"= {094F8F54-65DC-E8B5-ABA6-05B573E593B3} - C:\Program Files\ziiugcc\winsetsrv.dll [2008-09-30 131072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Piolet]
    --a------ 2007-04-13 11:52 5988352 C:\Program Files\Piolet\Piolet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2008-09-30 04:44 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Piolet\\Piolet.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\WINDOWS\\system32\\muzapp.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16929:TCP"= 16929:TCP:NortonAV
    "13944:TCP"= 13944:TCP:NortonAV
    "12170:TCP"= 12170:TCP:NortonAV
    "15283:TCP"= 15283:TCP:NortonAV
    "18959:TCP"= 18959:TCP:NortonAV

    R2 MAudioUSBService;M-Audio USB Installer;C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe [2005-12-02 49152]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
    R3 emuumidi;E-MU USB-MIDI Driver;C:\WINDOWS\system32\drivers\emuumidi.sys [2005-04-27 36736]
    R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);C:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 102528]
    R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0966F3D5-C170-42B2-91CC-DBFDC77E9625} - C:\WINDOWS\system32\urqNGxVm.dll
    BHO-{8142B71F-87DB-4779-8DBA-38FF50DB0443} - C:\WINDOWS\system32\byXQHwXr.dll
    BHO-{9B328671-93CD-48EA-831C-F64CA64D52E1} - C:\WINDOWS\dfmlxbpkbgl.dll
    Toolbar-{FB63658B-C7BB-4E34-B2DA-6C25BB2BCDE6} - C:\WINDOWS\peltodgx.dll
    HKCU-Run-msmwuos - c:\documents and settings\laurent\local settings\application data\msmwuos.exe
    HKCU-Run-\YURA03.exe - C:\Windows\system32\YURA03.exe
    HKCU-Run-\YURA04.exe - C:\Windows\system32\YURA04.exe
    HKCU-Run-\YURA05.exe - C:\Windows\system32\YURA05.exe
    HKCU-Run-\YURA06.exe - C:\Windows\system32\YURA06.exe
    HKCU-Run-\YURA0C.exe - C:\Windows\system32\YURA0C.exe
    HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
    HKCU-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
    HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
    HKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
    HKCU-Run-\YURD.exe - C:\Windows\system32\YURD.exe
    HKCU-Run-\YUR15.exe - C:\Windows\system32\YUR15.exe
    HKLM-Run-\YURA03.exe - C:\Windows\system32\YURA03.exe
    HKLM-Run-\YURA04.exe - C:\Windows\system32\YURA04.exe
    HKLM-Run-\YURA05.exe - C:\Windows\system32\YURA05.exe
    HKLM-Run-\YURA06.exe - C:\Windows\system32\YURA06.exe
    HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
    HKLM-Run-\YURA0C.exe - C:\Windows\system32\YURA0C.exe
    HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
    HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
    HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
    HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
    HKLM-Run-\YURD.exe - C:\Windows\system32\YURD.exe
    HKLM-Run-\YUR15.exe - C:\Windows\system32\YUR15.exe
    ShellExecuteHooks-{0966F3D5-C170-42B2-91CC-DBFDC77E9625} - C:\WINDOWS\system32\urqNGxVm.dll
    Notify-dimsntfy - (no file)


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\laurent\Application Data\Mozilla\Firefox\Profiles\xul0e161.default\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-30 13:13:46
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    C:\WINDOWS\system32\uxojatsj.exe 86016 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\RtlGina2.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\ComboFix\pv.cfexe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-30 13:16:58 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-09-30 11:16:55

    Avant-CF: 17ÿ935ÿ732ÿ736 octets libres
    Après-CF: 17,910,353,920 octets libres

    350 --- E O F --- 2007-07-19 01:05:50
    Contenus similaires
    a b 8 Sécurité
    30 Septembre 2008 13:37:22

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    30 Septembre 2008 15:24:42

    re angel dark j ai fait ske tu ma demander ca a mis pas mal de tps mais les choses sont a présent bien meilleur je t envoie quand meme le rapport de malware pour que tu y jette un oeil . quoi kil arrive je tient a te remercier du temps que tu a passer a m aider tu n était pas obligé mais tu as été tres reactif et apparement tres efficace merciiiii

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1222
    Windows 5.1.2600 Service Pack 2

    30/09/2008 15:15:21
    mbam-log-2008-09-30 (15-15-21).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 146561
    Temps écoulé: 1 hour(s), 17 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 8
    Valeur(s) du Registre infectée(s): 22
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 41

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{094F8F54-65DC-E8B5-ABA6-05B573E593B3} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\peltodgx.bgos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\740189c4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\winsetsrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srvcfg (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmdmon (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\admsmart (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xnnrcgkfru (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur18.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur18.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-648-4620504-23456) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\asonyrmw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wmrynosa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Program Files\ziiugcc\winsetsrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\funmrylo.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nedqjydw.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dwnwpmxk.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\FBrowsingAdvisor\XPCOMEvents.dll.vir (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\enkr.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\rwlfsdmk.dll.vir (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byXQHwXr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ssqNGATj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\urqNGxVm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027531.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027548.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027592.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027629.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027630.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027631.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAV\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAV\MicroAV.exe (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\YUR2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\YUR3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\fbxrqtwn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    30 Septembre 2008 17:48:48

    Merci d'écrire correctement !
    Refais un scan Combofix.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS