un vilain virus
Dernière réponse : dans Sécurité
salut a tous
bon jespere que ceux qui me lirons vont bien car moi c est pas trop le top je vien de me chopper un mechant virus et la c est pas la periode pour (ca ne l est jamais mais la quand meme )j ai été sur un site de confiance plutot moyenne pour aller télecharger un film (pour dire vrai ct pas du porno sinon je l aurait dit jurer![:)]( ":)")
et depuis sa jai des icone qui apparaissent sur la barre du bat des proposition d antivirus windows qui m ont pas l air de l etre et surtout pas moyen d avoir acces ni a mon bureaux ni a mes document ni a mes application ds le menu demarrer
je vien de faire un rapport hi jack this jespere vraiment que qq un pourra m aider merci d avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:21: VIRUS ALERT!, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Windows\system32\YUR4.exe
C:\Windows\system32\YURD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\funmrylo.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\funmrylo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: MySpaceCustomizer toolbar - {1ec9c976-8b7d-4507-b727-dfec440d576e} - C:\Program Files\MySpaceCustomizer\tbMySp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: peltodgx - {FB63658B-C7BB-4E34-B2DA-6C25BB2BCDE6} - C:\WINDOWS\peltodgx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [\YURA03.exe] C:\Windows\system32\YURA03.exe
O4 - HKLM\..\Run: [\YURA04.exe] C:\Windows\system32\YURA04.exe
O4 - HKLM\..\Run: [\YURA05.exe] C:\Windows\system32\YURA05.exe
O4 - HKLM\..\Run: [\YURA06.exe] C:\Windows\system32\YURA06.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [\YURA0C.exe] C:\Windows\system32\YURA0C.exe
O4 - HKLM\..\Run: [740189c4] rundll32.exe "C:\WINDOWS\system32\asonyrmw.dll",b
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKLM\..\Run: [\YUR15.exe] C:\Windows\system32\YUR15.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [\YURA03.exe] C:\Windows\system32\YURA03.exe
O4 - HKCU\..\Run: [\YURA04.exe] C:\Windows\system32\YURA04.exe
O4 - HKCU\..\Run: [\YURA05.exe] C:\Windows\system32\YURA05.exe
O4 - HKCU\..\Run: [\YURA06.exe] C:\Windows\system32\YURA06.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [SrvCfg] C:\WINDOWS\system32\funmrylo.exe
O4 - HKCU\..\Run: [\YURA0C.exe] C:\Windows\system32\YURA0C.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKCU\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [\YUR15.exe] C:\Windows\system32\YUR15.exe
O4 - HKLM\..\Policies\Explorer\Run: [xnnRCGKfRu] C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/pc/mywebex/tool/syscheck/ieatg...
O21 - SSODL: onfwbsak - {14824014-C7AE-4812-B9C3-C571E05FE603} - C:\WINDOWS\onfwbsak.dll
O21 - SSODL: rwlfsdmk - {F5A54495-7BCF-4DEA-8CE9-DD8FE435C327} - C:\WINDOWS\rwlfsdmk.dll
O21 - SSODL: winsetsrv - {094F8F54-65DC-E8B5-ABA6-05B573E593B3} - C:\Program Files\ziiugcc\winsetsrv.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
--
End of file - 10301 bytes
bon jespere que ceux qui me lirons vont bien car moi c est pas trop le top je vien de me chopper un mechant virus et la c est pas la periode pour (ca ne l est jamais mais la quand meme )j ai été sur un site de confiance plutot moyenne pour aller télecharger un film (pour dire vrai ct pas du porno sinon je l aurait dit jurer
et depuis sa jai des icone qui apparaissent sur la barre du bat des proposition d antivirus windows qui m ont pas l air de l etre et surtout pas moyen d avoir acces ni a mon bureaux ni a mes document ni a mes application ds le menu demarrer je vien de faire un rapport hi jack this jespere vraiment que qq un pourra m aider merci d avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:21: VIRUS ALERT!, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Windows\system32\YUR4.exe
C:\Windows\system32\YURD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\funmrylo.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\funmrylo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: MySpaceCustomizer toolbar - {1ec9c976-8b7d-4507-b727-dfec440d576e} - C:\Program Files\MySpaceCustomizer\tbMySp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: peltodgx - {FB63658B-C7BB-4E34-B2DA-6C25BB2BCDE6} - C:\WINDOWS\peltodgx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [\YURA03.exe] C:\Windows\system32\YURA03.exe
O4 - HKLM\..\Run: [\YURA04.exe] C:\Windows\system32\YURA04.exe
O4 - HKLM\..\Run: [\YURA05.exe] C:\Windows\system32\YURA05.exe
O4 - HKLM\..\Run: [\YURA06.exe] C:\Windows\system32\YURA06.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [\YURA0C.exe] C:\Windows\system32\YURA0C.exe
O4 - HKLM\..\Run: [740189c4] rundll32.exe "C:\WINDOWS\system32\asonyrmw.dll",b
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKLM\..\Run: [\YUR15.exe] C:\Windows\system32\YUR15.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [\YURA03.exe] C:\Windows\system32\YURA03.exe
O4 - HKCU\..\Run: [\YURA04.exe] C:\Windows\system32\YURA04.exe
O4 - HKCU\..\Run: [\YURA05.exe] C:\Windows\system32\YURA05.exe
O4 - HKCU\..\Run: [\YURA06.exe] C:\Windows\system32\YURA06.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [SrvCfg] C:\WINDOWS\system32\funmrylo.exe
O4 - HKCU\..\Run: [\YURA0C.exe] C:\Windows\system32\YURA0C.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKCU\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [\YUR15.exe] C:\Windows\system32\YUR15.exe
O4 - HKLM\..\Policies\Explorer\Run: [xnnRCGKfRu] C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/pc/mywebex/tool/syscheck/ieatg...
O21 - SSODL: onfwbsak - {14824014-C7AE-4812-B9C3-C571E05FE603} - C:\WINDOWS\onfwbsak.dll
O21 - SSODL: rwlfsdmk - {F5A54495-7BCF-4DEA-8CE9-DD8FE435C327} - C:\WINDOWS\rwlfsdmk.dll
O21 - SSODL: winsetsrv - {094F8F54-65DC-E8B5-ABA6-05B573E593B3} - C:\Program Files\ziiugcc\winsetsrv.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
--
End of file - 10301 bytes
Autres pages sur : vilain virus
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
salut angel dark je te remercie de prendre la peine de t occuper de moi ca fait vraiment plaisir .pour ce qui est du rapport combofix il est le suivant
ComboFix 08-09-28.05 - laurent 2008-09-30 13:07:06.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1356 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\laurent\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos.dat
C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos.exe
C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos_nav.dat
C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos_navps.dat
C:\Documents and Settings\laurent\Local Settings\Application Data\qwociuo_navfx.dat
C:\Documents and Settings\laurent\ravmonlog
C:\Program Files\FBrowserAdvisor
C:\Program Files\FBrowsingAdvisor
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
C:\Program Files\FBrowsingAdvisor\Logo.png
C:\Program Files\FBrowsingAdvisor\main.db
C:\Program Files\FBrowsingAdvisor\unins000.dat
C:\Program Files\FBrowsingAdvisor\unins000.exe
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.cpl
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV0.dat
C:\Program Files\MicroAV\MicroAV1.dat
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\WINDOWS\dfmlxbpkbgl.dll
C:\WINDOWS\enkr.exe
C:\WINDOWS\onfwbsak.dll
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\system32\_005753_.tmp.dll
C:\WINDOWS\system32\_005754_.tmp.dll
C:\WINDOWS\system32\_005755_.tmp.dll
C:\WINDOWS\system32\_005756_.tmp.dll
C:\WINDOWS\system32\_005763_.tmp.dll
C:\WINDOWS\system32\_005764_.tmp.dll
C:\WINDOWS\system32\_005765_.tmp.dll
C:\WINDOWS\system32\_005766_.tmp.dll
C:\WINDOWS\system32\_005768_.tmp.dll
C:\WINDOWS\system32\_005769_.tmp.dll
C:\WINDOWS\system32\_005772_.tmp.dll
C:\WINDOWS\system32\_005773_.tmp.dll
C:\WINDOWS\system32\_005775_.tmp.dll
C:\WINDOWS\system32\_005776_.tmp.dll
C:\WINDOWS\system32\_005777_.tmp.dll
C:\WINDOWS\system32\_005779_.tmp.dll
C:\WINDOWS\system32\_005782_.tmp.dll
C:\WINDOWS\system32\_005783_.tmp.dll
C:\WINDOWS\system32\_005787_.tmp.dll
C:\WINDOWS\system32\_005788_.tmp.dll
C:\WINDOWS\system32\_005790_.tmp.dll
C:\WINDOWS\system32\_005793_.tmp.dll
C:\WINDOWS\system32\_005795_.tmp.dll
C:\WINDOWS\system32\_005796_.tmp.dll
C:\WINDOWS\system32\_005797_.tmp.dll
C:\WINDOWS\system32\_005798_.tmp.dll
C:\WINDOWS\system32\_005799_.tmp.dll
C:\WINDOWS\system32\_005802_.tmp.dll
C:\WINDOWS\system32\_005803_.tmp.dll
C:\WINDOWS\system32\_005804_.tmp.dll
C:\WINDOWS\system32\_005805_.tmp.dll
C:\WINDOWS\system32\_005806_.tmp.dll
C:\WINDOWS\system32\_005811_.tmp.dll
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\byXQHwXr.dll
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\rXwHQXyb.ini
C:\WINDOWS\system32\rXwHQXyb.ini2
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\ssqNGATj.dll
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\urqNGxVm.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\x
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.
2008-09-30 13:02 . 2008-09-29 05:55 74,752 --a------ C:\WINDOWS\system32\YUR19.exe
2008-09-30 05:23 . 2008-09-30 05:23 86,016 --a------ C:\WINDOWS\system32\nedqjydw.exe
2008-09-30 04:58 . 2008-09-30 04:58 <REP> d-------- C:\Program Files\Trend Micro
2008-09-30 04:44 . 2008-09-30 13:13 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-30 04:34 . 2008-09-30 01:28 <REP> d-------- C:\SDFix
2008-09-30 03:50 . 2008-09-30 03:50 945,223 ---hs---- C:\WINDOWS\system32\wmrynosa.ini
2008-09-30 03:50 . 2008-09-30 03:50 80,000 --a------ C:\WINDOWS\system32\asonyrmw.dll
2008-09-30 03:44 . 2008-09-30 03:44 <REP> d-------- C:\Program Files\ziiugcc
2008-09-30 03:44 . 2008-09-30 03:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tybmfktk
2008-09-30 03:44 . 2008-09-30 03:44 86,016 --a------ C:\WINDOWS\system32\funmrylo.exe
2008-09-30 03:43 . 2008-09-29 05:55 165,376 --a------ C:\WINDOWS\system32\MicroAV.cpl
2008-09-30 03:43 . 2008-09-30 00:22 86,016 --a------ C:\WINDOWS\fbxrqtwn.exe
2008-09-25 21:21 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-25 21:21 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-09-25 21:21 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-09-25 21:21 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-09-25 16:05 . 2008-09-25 16:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-25 16:05 . 2008-09-25 16:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-20 01:32 . 2008-06-23 18:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-20 01:32 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-20 01:32 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-20 01:32 . 2008-06-23 18:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-20 01:32 . 2008-06-23 18:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-20 01:32 . 2008-06-23 18:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-20 01:32 . 2008-06-23 18:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-20 01:32 . 2008-06-23 18:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-20 01:32 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-11 01:21 . 2008-09-11 03:28 <REP> d-------- C:\Documents and Settings\laurent\Application Data\DivX
2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Program Files\Yahoo!
2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Program Files\DivX
2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Yahoo!
2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-06 03:14 . 2008-09-06 03:14 <REP> d-------- C:\Program Files\Eek! Records
2008-08-24 01:05 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-08-07 11:18 . 2008-08-07 11:18 268 --ah----- C:\sqmdata02.sqm
2008-08-07 11:18 . 2008-08-07 11:18 244 --ah----- C:\sqmnoopt02.sqm
2008-08-07 02:24 . 2008-08-07 02:24 268 --ah----- C:\sqmdata01.sqm
2008-08-07 02:24 . 2008-08-07 02:24 244 --ah----- C:\sqmnoopt01.sqm
2008-08-06 22:19 . 2008-08-06 22:19 268 --ah----- C:\sqmdata00.sqm
2008-08-06 22:19 . 2008-08-06 22:19 244 --ah----- C:\sqmnoopt00.sqm
2008-08-04 18:13 . 2007-08-24 15:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-08-04 18:13 . 2007-09-17 14:38 102,400 --a------ C:\WINDOWS\system32\TG_VIEW0607.DLL
2008-08-04 18:13 . 2007-09-17 14:38 90,112 --a------ C:\WINDOWS\system32\TG_SYNC.DLL
2008-08-03 04:15 . 2008-08-04 18:39 65 --a------ C:\WINDOWS\FISHUI.INI
2008-08-03 02:40 . 2008-08-03 02:40 <REP> d-------- C:\Program Files\MyFree Codec
2008-08-03 02:39 . 2008-08-03 02:39 <REP> d-------- C:\Program Files\Samsung
2008-08-03 02:39 . 2008-08-03 02:39 <REP> d-------- C:\Program Files\MarkAny
2008-08-03 02:39 . 2008-08-03 02:39 <REP> d-------- C:\Documents and Settings\laurent\Application Data\DataCast
2008-08-03 02:39 . 2003-04-18 16:46 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2008-08-02 15:30 . 2008-08-02 15:30 <REP> d-------- C:\Program Files\CDBurnerXP
2008-08-02 15:30 . 2008-08-02 15:30 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Canneverbe_Limited
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 02:44 --------- d-----w C:\Program Files\Google
2008-09-30 02:27 --------- d-----w C:\Program Files\Piolet
2008-09-30 01:53 --------- d-----w C:\Program Files\SWiSHmax
2008-09-29 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-23 16:06 --------- d-----w C:\Documents and Settings\laurent\Application Data\uTorrent
2008-09-04 14:40 --------- d-----w C:\Program Files\FruityLoops 3.56
2008-08-03 00:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 21:14 669 ----a-w C:\Documents and Settings\laurent\Application Data\waver_2.95.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-30 171448]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 4354048]
"SrvCfg"="C:\WINDOWS\system32\funmrylo.exe" [2008-09-30 86016]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"cmdmon"="C:\WINDOWS\system32\nedqjydw.exe" [2008-09-30 86016]
"\YUR19.exe"="C:\Windows\system32\YUR19.exe" [2008-09-29 74752]
"InfoSmartCfg"="C:\WINDOWS\system32\uxojatsj.exe" [2008-09-30 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-12-13 91136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 160768]
"Piolet"="C:\Program Files\Piolet\Piolet.exe" [2007-04-13 5988352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"740189c4"="C:\WINDOWS\system32\asonyrmw.dll" [2008-09-30 80000]
"\YUR19.exe"="C:\Windows\system32\YUR19.exe" [2008-09-29 74752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"xnnRCGKfRu"="C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe" [2008-09-30 69632]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"winsetsrv"= {094F8F54-65DC-E8B5-ABA6-05B573E593B3} - C:\Program Files\ziiugcc\winsetsrv.dll [2008-09-30 131072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Piolet]
--a------ 2007-04-13 11:52 5988352 C:\Program Files\Piolet\Piolet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-30 04:44 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Piolet\\Piolet.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16929:TCP"= 16929:TCP:NortonAV
"13944:TCP"= 13944:TCP:NortonAV
"12170:TCP"= 12170:TCP:NortonAV
"15283:TCP"= 15283:TCP:NortonAV
"18959:TCP"= 18959:TCP:NortonAV
R2 MAudioUSBService;M-Audio USB Installer;C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe [2005-12-02 49152]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R3 emuumidi;E-MU USB-MIDI Driver;C:\WINDOWS\system32\drivers\emuumidi.sys [2005-04-27 36736]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);C:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 102528]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0966F3D5-C170-42B2-91CC-DBFDC77E9625} - C:\WINDOWS\system32\urqNGxVm.dll
BHO-{8142B71F-87DB-4779-8DBA-38FF50DB0443} - C:\WINDOWS\system32\byXQHwXr.dll
BHO-{9B328671-93CD-48EA-831C-F64CA64D52E1} - C:\WINDOWS\dfmlxbpkbgl.dll
Toolbar-{FB63658B-C7BB-4E34-B2DA-6C25BB2BCDE6} - C:\WINDOWS\peltodgx.dll
HKCU-Run-msmwuos - c:\documents and settings\laurent\local settings\application data\msmwuos.exe
HKCU-Run-\YURA03.exe - C:\Windows\system32\YURA03.exe
HKCU-Run-\YURA04.exe - C:\Windows\system32\YURA04.exe
HKCU-Run-\YURA05.exe - C:\Windows\system32\YURA05.exe
HKCU-Run-\YURA06.exe - C:\Windows\system32\YURA06.exe
HKCU-Run-\YURA0C.exe - C:\Windows\system32\YURA0C.exe
HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKCU-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKCU-Run-\YURD.exe - C:\Windows\system32\YURD.exe
HKCU-Run-\YUR15.exe - C:\Windows\system32\YUR15.exe
HKLM-Run-\YURA03.exe - C:\Windows\system32\YURA03.exe
HKLM-Run-\YURA04.exe - C:\Windows\system32\YURA04.exe
HKLM-Run-\YURA05.exe - C:\Windows\system32\YURA05.exe
HKLM-Run-\YURA06.exe - C:\Windows\system32\YURA06.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
HKLM-Run-\YURA0C.exe - C:\Windows\system32\YURA0C.exe
HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKLM-Run-\YURD.exe - C:\Windows\system32\YURD.exe
HKLM-Run-\YUR15.exe - C:\Windows\system32\YUR15.exe
ShellExecuteHooks-{0966F3D5-C170-42B2-91CC-DBFDC77E9625} - C:\WINDOWS\system32\urqNGxVm.dll
Notify-dimsntfy - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\laurent\Application Data\Mozilla\Firefox\Profiles\xul0e161.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 13:13:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\WINDOWS\system32\uxojatsj.exe 86016 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-30 13:16:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-30 11:16:55
Avant-CF: 17ÿ935ÿ732ÿ736 octets libres
Après-CF: 17,910,353,920 octets libres
350 --- E O F --- 2007-07-19 01:05:50
ComboFix 08-09-28.05 - laurent 2008-09-30 13:07:06.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1356 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\laurent\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos.dat
C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos.exe
C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos_nav.dat
C:\Documents and Settings\laurent\Local Settings\Application Data\msmwuos_navps.dat
C:\Documents and Settings\laurent\Local Settings\Application Data\qwociuo_navfx.dat
C:\Documents and Settings\laurent\ravmonlog
C:\Program Files\FBrowserAdvisor
C:\Program Files\FBrowsingAdvisor
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
C:\Program Files\FBrowsingAdvisor\Logo.png
C:\Program Files\FBrowsingAdvisor\main.db
C:\Program Files\FBrowsingAdvisor\unins000.dat
C:\Program Files\FBrowsingAdvisor\unins000.exe
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.cpl
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV0.dat
C:\Program Files\MicroAV\MicroAV1.dat
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\WINDOWS\dfmlxbpkbgl.dll
C:\WINDOWS\enkr.exe
C:\WINDOWS\onfwbsak.dll
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\system32\_005753_.tmp.dll
C:\WINDOWS\system32\_005754_.tmp.dll
C:\WINDOWS\system32\_005755_.tmp.dll
C:\WINDOWS\system32\_005756_.tmp.dll
C:\WINDOWS\system32\_005763_.tmp.dll
C:\WINDOWS\system32\_005764_.tmp.dll
C:\WINDOWS\system32\_005765_.tmp.dll
C:\WINDOWS\system32\_005766_.tmp.dll
C:\WINDOWS\system32\_005768_.tmp.dll
C:\WINDOWS\system32\_005769_.tmp.dll
C:\WINDOWS\system32\_005772_.tmp.dll
C:\WINDOWS\system32\_005773_.tmp.dll
C:\WINDOWS\system32\_005775_.tmp.dll
C:\WINDOWS\system32\_005776_.tmp.dll
C:\WINDOWS\system32\_005777_.tmp.dll
C:\WINDOWS\system32\_005779_.tmp.dll
C:\WINDOWS\system32\_005782_.tmp.dll
C:\WINDOWS\system32\_005783_.tmp.dll
C:\WINDOWS\system32\_005787_.tmp.dll
C:\WINDOWS\system32\_005788_.tmp.dll
C:\WINDOWS\system32\_005790_.tmp.dll
C:\WINDOWS\system32\_005793_.tmp.dll
C:\WINDOWS\system32\_005795_.tmp.dll
C:\WINDOWS\system32\_005796_.tmp.dll
C:\WINDOWS\system32\_005797_.tmp.dll
C:\WINDOWS\system32\_005798_.tmp.dll
C:\WINDOWS\system32\_005799_.tmp.dll
C:\WINDOWS\system32\_005802_.tmp.dll
C:\WINDOWS\system32\_005803_.tmp.dll
C:\WINDOWS\system32\_005804_.tmp.dll
C:\WINDOWS\system32\_005805_.tmp.dll
C:\WINDOWS\system32\_005806_.tmp.dll
C:\WINDOWS\system32\_005811_.tmp.dll
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\byXQHwXr.dll
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\rXwHQXyb.ini
C:\WINDOWS\system32\rXwHQXyb.ini2
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\ssqNGATj.dll
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\urqNGxVm.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\x
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.
2008-09-30 13:02 . 2008-09-29 05:55 74,752 --a------ C:\WINDOWS\system32\YUR19.exe
2008-09-30 05:23 . 2008-09-30 05:23 86,016 --a------ C:\WINDOWS\system32\nedqjydw.exe
2008-09-30 04:58 . 2008-09-30 04:58 <REP> d-------- C:\Program Files\Trend Micro
2008-09-30 04:44 . 2008-09-30 13:13 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-30 04:34 . 2008-09-30 01:28 <REP> d-------- C:\SDFix
2008-09-30 03:50 . 2008-09-30 03:50 945,223 ---hs---- C:\WINDOWS\system32\wmrynosa.ini
2008-09-30 03:50 . 2008-09-30 03:50 80,000 --a------ C:\WINDOWS\system32\asonyrmw.dll
2008-09-30 03:44 . 2008-09-30 03:44 <REP> d-------- C:\Program Files\ziiugcc
2008-09-30 03:44 . 2008-09-30 03:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tybmfktk
2008-09-30 03:44 . 2008-09-30 03:44 86,016 --a------ C:\WINDOWS\system32\funmrylo.exe
2008-09-30 03:43 . 2008-09-29 05:55 165,376 --a------ C:\WINDOWS\system32\MicroAV.cpl
2008-09-30 03:43 . 2008-09-30 00:22 86,016 --a------ C:\WINDOWS\fbxrqtwn.exe
2008-09-25 21:21 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-25 21:21 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-09-25 21:21 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-09-25 21:21 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-09-25 16:05 . 2008-09-25 16:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-25 16:05 . 2008-09-25 16:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-20 01:32 . 2008-06-23 18:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-20 01:32 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-20 01:32 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-20 01:32 . 2008-06-23 18:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-20 01:32 . 2008-06-23 18:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-20 01:32 . 2008-06-23 18:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-20 01:32 . 2008-06-23 18:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-20 01:32 . 2008-06-23 18:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-20 01:32 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-11 01:21 . 2008-09-11 03:28 <REP> d-------- C:\Documents and Settings\laurent\Application Data\DivX
2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Program Files\Yahoo!
2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Program Files\DivX
2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Yahoo!
2008-09-11 01:15 . 2008-09-11 01:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-06 03:14 . 2008-09-06 03:14 <REP> d-------- C:\Program Files\Eek! Records
2008-08-24 01:05 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-08-07 11:18 . 2008-08-07 11:18 268 --ah----- C:\sqmdata02.sqm
2008-08-07 11:18 . 2008-08-07 11:18 244 --ah----- C:\sqmnoopt02.sqm
2008-08-07 02:24 . 2008-08-07 02:24 268 --ah----- C:\sqmdata01.sqm
2008-08-07 02:24 . 2008-08-07 02:24 244 --ah----- C:\sqmnoopt01.sqm
2008-08-06 22:19 . 2008-08-06 22:19 268 --ah----- C:\sqmdata00.sqm
2008-08-06 22:19 . 2008-08-06 22:19 244 --ah----- C:\sqmnoopt00.sqm
2008-08-04 18:13 . 2007-08-24 15:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-08-04 18:13 . 2007-09-17 14:38 102,400 --a------ C:\WINDOWS\system32\TG_VIEW0607.DLL
2008-08-04 18:13 . 2007-09-17 14:38 90,112 --a------ C:\WINDOWS\system32\TG_SYNC.DLL
2008-08-03 04:15 . 2008-08-04 18:39 65 --a------ C:\WINDOWS\FISHUI.INI
2008-08-03 02:40 . 2008-08-03 02:40 <REP> d-------- C:\Program Files\MyFree Codec
2008-08-03 02:39 . 2008-08-03 02:39 <REP> d-------- C:\Program Files\Samsung
2008-08-03 02:39 . 2008-08-03 02:39 <REP> d-------- C:\Program Files\MarkAny
2008-08-03 02:39 . 2008-08-03 02:39 <REP> d-------- C:\Documents and Settings\laurent\Application Data\DataCast
2008-08-03 02:39 . 2003-04-18 16:46 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2008-08-02 15:30 . 2008-08-02 15:30 <REP> d-------- C:\Program Files\CDBurnerXP
2008-08-02 15:30 . 2008-08-02 15:30 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Canneverbe_Limited
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 02:44 --------- d-----w C:\Program Files\Google
2008-09-30 02:27 --------- d-----w C:\Program Files\Piolet
2008-09-30 01:53 --------- d-----w C:\Program Files\SWiSHmax
2008-09-29 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-23 16:06 --------- d-----w C:\Documents and Settings\laurent\Application Data\uTorrent
2008-09-04 14:40 --------- d-----w C:\Program Files\FruityLoops 3.56
2008-08-03 00:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 21:14 669 ----a-w C:\Documents and Settings\laurent\Application Data\waver_2.95.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-30 171448]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 4354048]
"SrvCfg"="C:\WINDOWS\system32\funmrylo.exe" [2008-09-30 86016]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"cmdmon"="C:\WINDOWS\system32\nedqjydw.exe" [2008-09-30 86016]
"\YUR19.exe"="C:\Windows\system32\YUR19.exe" [2008-09-29 74752]
"InfoSmartCfg"="C:\WINDOWS\system32\uxojatsj.exe" [2008-09-30 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-12-13 91136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 160768]
"Piolet"="C:\Program Files\Piolet\Piolet.exe" [2007-04-13 5988352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"740189c4"="C:\WINDOWS\system32\asonyrmw.dll" [2008-09-30 80000]
"\YUR19.exe"="C:\Windows\system32\YUR19.exe" [2008-09-29 74752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"xnnRCGKfRu"="C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe" [2008-09-30 69632]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"winsetsrv"= {094F8F54-65DC-E8B5-ABA6-05B573E593B3} - C:\Program Files\ziiugcc\winsetsrv.dll [2008-09-30 131072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Piolet]
--a------ 2007-04-13 11:52 5988352 C:\Program Files\Piolet\Piolet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-30 04:44 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Piolet\\Piolet.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16929:TCP"= 16929:TCP:NortonAV
"13944:TCP"= 13944:TCP:NortonAV
"12170:TCP"= 12170:TCP:NortonAV
"15283:TCP"= 15283:TCP:NortonAV
"18959:TCP"= 18959:TCP:NortonAV
R2 MAudioUSBService;M-Audio USB Installer;C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe [2005-12-02 49152]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R3 emuumidi;E-MU USB-MIDI Driver;C:\WINDOWS\system32\drivers\emuumidi.sys [2005-04-27 36736]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);C:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 102528]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0966F3D5-C170-42B2-91CC-DBFDC77E9625} - C:\WINDOWS\system32\urqNGxVm.dll
BHO-{8142B71F-87DB-4779-8DBA-38FF50DB0443} - C:\WINDOWS\system32\byXQHwXr.dll
BHO-{9B328671-93CD-48EA-831C-F64CA64D52E1} - C:\WINDOWS\dfmlxbpkbgl.dll
Toolbar-{FB63658B-C7BB-4E34-B2DA-6C25BB2BCDE6} - C:\WINDOWS\peltodgx.dll
HKCU-Run-msmwuos - c:\documents and settings\laurent\local settings\application data\msmwuos.exe
HKCU-Run-\YURA03.exe - C:\Windows\system32\YURA03.exe
HKCU-Run-\YURA04.exe - C:\Windows\system32\YURA04.exe
HKCU-Run-\YURA05.exe - C:\Windows\system32\YURA05.exe
HKCU-Run-\YURA06.exe - C:\Windows\system32\YURA06.exe
HKCU-Run-\YURA0C.exe - C:\Windows\system32\YURA0C.exe
HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKCU-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKCU-Run-\YURD.exe - C:\Windows\system32\YURD.exe
HKCU-Run-\YUR15.exe - C:\Windows\system32\YUR15.exe
HKLM-Run-\YURA03.exe - C:\Windows\system32\YURA03.exe
HKLM-Run-\YURA04.exe - C:\Windows\system32\YURA04.exe
HKLM-Run-\YURA05.exe - C:\Windows\system32\YURA05.exe
HKLM-Run-\YURA06.exe - C:\Windows\system32\YURA06.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
HKLM-Run-\YURA0C.exe - C:\Windows\system32\YURA0C.exe
HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKLM-Run-\YURD.exe - C:\Windows\system32\YURD.exe
HKLM-Run-\YUR15.exe - C:\Windows\system32\YUR15.exe
ShellExecuteHooks-{0966F3D5-C170-42B2-91CC-DBFDC77E9625} - C:\WINDOWS\system32\urqNGxVm.dll
Notify-dimsntfy - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\laurent\Application Data\Mozilla\Firefox\Profiles\xul0e161.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 13:13:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\WINDOWS\system32\uxojatsj.exe 86016 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-30 13:16:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-30 11:16:55
Avant-CF: 17ÿ935ÿ732ÿ736 octets libres
Après-CF: 17,910,353,920 octets libres
350 --- E O F --- 2007-07-19 01:05:50
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
re angel dark j ai fait ske tu ma demander ca a mis pas mal de tps mais les choses sont a présent bien meilleur je t envoie quand meme le rapport de malware pour que tu y jette un oeil . quoi kil arrive je tient a te remercier du temps que tu a passer a m aider tu n était pas obligé mais tu as été tres reactif et apparement tres efficace merciiiii
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1222
Windows 5.1.2600 Service Pack 2
30/09/2008 15:15:21
mbam-log-2008-09-30 (15-15-21).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 146561
Temps écoulé: 1 hour(s), 17 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 22
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 41
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{094F8F54-65DC-E8B5-ABA6-05B573E593B3} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.bgos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\740189c4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\winsetsrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srvcfg (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmdmon (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\admsmart (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xnnrcgkfru (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur18.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur18.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-648-4620504-23456) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\asonyrmw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmrynosa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\ziiugcc\winsetsrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\funmrylo.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nedqjydw.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwnwpmxk.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\FBrowsingAdvisor\XPCOMEvents.dll.vir (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\enkr.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\rwlfsdmk.dll.vir (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXQHwXr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqNGATj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqNGxVm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027531.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027548.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027592.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027629.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027630.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027631.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.exe (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\fbxrqtwn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1222
Windows 5.1.2600 Service Pack 2
30/09/2008 15:15:21
mbam-log-2008-09-30 (15-15-21).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 146561
Temps écoulé: 1 hour(s), 17 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 22
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 41
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{094F8F54-65DC-E8B5-ABA6-05B573E593B3} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.bgos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\740189c4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\winsetsrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srvcfg (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmdmon (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\admsmart (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xnnrcgkfru (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur18.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur18.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-648-4620504-23456) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\asonyrmw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmrynosa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\ziiugcc\winsetsrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\funmrylo.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nedqjydw.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwnwpmxk.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\tybmfktk\nuxajupy.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\FBrowsingAdvisor\XPCOMEvents.dll.vir (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\enkr.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\rwlfsdmk.dll.vir (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXQHwXr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqNGATj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqNGxVm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027531.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027548.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027592.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027629.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027630.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05FF7701-55CB-4BEA-BBAC-55A18E60933C}\RP139\A0027631.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.exe (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\fbxrqtwn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus Runit.exe ?
- ForumComment savoir si on a des virus sur son ordinateur ?
- SolutionsConseil pour un anti-virus efficace et gratuit
- ForumMon ordinateur a plusieurs fonctions bloquées par un virus, comment le supprimer? help svp!!!
- ForumVirus brontok A.10
- ForumVirus envoyant des mails
- SolutionsComment enlever un virus sur windows live messenger
- ForumVirus sur ma clef USB
- SolutionsVirus sur ma clef USB
- Voir plus
