Sujet Précédent Sujet Suivant

Infection win32.virut.56

totoche04 Messages postés 11 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Je vient de finir un scan avec dr.web et il a trouver pas mal de fichier infecté, mais impossible de désinfecter ou mettre en quarante la case reste grise une personne a déja eu à faire a se virus ? voici mon rapport dr.web

amd_dc_opt.exe;c:\program files\amd\dual-core optimizer;Win32.Virut.56;Cured.;
msmsgs.exe;c:\program files\messenger;Win32.Virut.56;Cured.;
setup50.exe;c:\program files\outlook express;Win32.Virut.56;Cured.;
unlockerassistant.exe;c:\program files\unlocker;Win32.Virut.56;Cured.;
ventrilo 2.1.4.exe;c:\program files\ventrilomix;Win32.Virut.56;Cured.;
alcmtr.exe;c:\windows;Win32.Virut.56;Cured.;
explorer.exe;c:\windows;Win32.Virut.56;Cured.;
unregmp2.exe;c:\windows\inf;Win32.Virut.56;Cured.;
xpnetdiag.exe;c:\windows\network diagnostic;Win32.Virut.56;Cured.;
rthdcpl.exe;c:\windows;Win32.Virut.56;Cured.;
alg.exe;c:\windows\system32;Win32.Virut.56;Cured.;
cisvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
clipsrv.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ctfmon.exe;c:\windows\system32;Win32.Virut.56;Cured.;
dllhost.exe;c:\windows\system32;Win32.Virut.56;Cured.;
dmadmin.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ie4uinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;
imapi.exe;c:\windows\system32;Win32.Virut.56;Cured.;
locator.exe;c:\windows\system32;Win32.Virut.56;Cured.;
logon.scr;c:\windows\system32;Win32.Virut.56;Cured.;
logonui.exe;c:\windows\system32;Win32.Virut.56;Cured.;
mnmsrvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
msdtc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
msiexec.exe;c:\windows\system32;Win32.Virut.56;Cured.;
netdde.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ntsd.exe;c:\windows\system32;Win32.Virut.56;Cured.;
regsvr32.exe;c:\windows\system32;Win32.Virut.56;Cured.;
rsvp.exe;c:\windows\system32;Win32.Virut.56;Cured.;
rundll32.exe;c:\windows\system32;Win32.Virut.56;Cured.;
scardsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
sessmgr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
shmgrate.exe;c:\windows\system32;Win32.Virut.56;Cured.;
smlogsvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
spoolsv.exe;c:\windows\system32;Win32.Virut.56;Cured.;
tlntsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ups.exe;c:\windows\system32;Win32.Virut.56;Cured.;
userinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;
vssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
winmgmt.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;
wmiapsrv.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;
accwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
actmovie.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ahui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
arp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
aspichk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
asr_fmt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
asr_ldm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
asr_pfu.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
at.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
atmadm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
attrib.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
auditusr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
blastcln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
bootcfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
bootok.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
bootvrfy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cabarc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cacls.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
CapabilityTable.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
charmap.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ChCfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
chkdsk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
chkntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cidaemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cipher.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ckcnv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cleanmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cliconfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
clipbrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmdl32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmmon32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmstp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
comp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
compact.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
conime.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
control.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
convert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dcomcnfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ddeshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
defrag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dfrgfat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dfrgntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
diantz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
diskpart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
diskperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dllhst3g.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dmremote.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
doskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dplaysvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dpnsvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dpvsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
driverquery.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
drwtsn32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dumprep.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dvdplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dvdupgrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dwwin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dxdiag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
esentutl.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eudcedit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eventcreate.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eventtriggers.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eventvwr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
expand.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
extrac32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
find.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
findstr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
finger.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fixmapi.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fltMc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fontview.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
forcedos.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
freecell.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fsquirt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fsutil.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
getmac.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
gpresult.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
gpupdate.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
grpconv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
help.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
hostname.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
iexpress.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipconfig.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipsec6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipv6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipxroute.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
label.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lights.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lnkstub.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
logman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
logoff.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lpq.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lpr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
magnify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
makecab.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
migpwd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mmc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mmcperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mobsync.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mountvol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mplay32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mpnotify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mqbkup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mqsvc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mqtgsvc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mrinfo.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
msg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mshearts.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mshta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mspaint.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
msswchx.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mstinit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mstsc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
napstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
narrator.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nbtstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nddeapir.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
net.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
net1.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
netsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
netsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
netstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
notepad.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nslookup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ntbackup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ntvdm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvcolor.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvuide.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvuninst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvunrm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nwscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
odbcad32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
odbcconf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
openfiles.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
osk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
osuninst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
packager.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
pathping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
pentnt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
perfmon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ping6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
pintool.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
powercfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
print.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
progman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
proquota.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
proxycfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qappsrv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qfecheck.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qprocess.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rasautou.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rasdial.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rasphone.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rcimlby.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rcp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rdpclip.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rdsaddin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rdshost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
recover.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
reg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
regedt32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
regini.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
regwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
relog.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
replace.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
reset.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rexec.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
route.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
routemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsmsink.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsmui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsnotify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsopprov.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rtcshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
runas.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
runonce.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
savedump.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
schtasks.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
scrnsave.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sdbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
secedit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sethc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
setup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
setupn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sfc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
shadow.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
shrpubw.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
shutdown.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sigverif.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
skeys.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
smbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sndrec32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sndvol32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sort.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
spider.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
spnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ss3dfo.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssbezier.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssflwbox.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssmarque.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssmypics.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssmyst.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sspipes.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssstars.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sstext3d.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
stimon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
subst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
syncapp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
syskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sysocmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
systeminfo.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
systray.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
taskkill.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tasklist.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
taskman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
taskmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tcmsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tcpsvcs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
telnet.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tlntadmn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tlntsess.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tracerpt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tracert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tracert6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tsdiscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tskill.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tsshutdn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
typeperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
unlodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
upnpcont.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
utilman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
verifier.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
vssadmin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
w32tm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wextract.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wiaacmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winhlp32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winmine.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winmsd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winver.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wpabaln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wpnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
write.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wupdmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
xcopy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
comrepl.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.;
comrereg.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.;
nppagent.exe;C:\WINDOWS\system32\npp;Win32.Virut.56;Cured.;
msoobe.exe;C:\WINDOWS\system32\oobe;Win32.Virut.56;Cured.;
oobebaln.exe;C:\WINDOWS\system32\oobe;Win32.Virut.56;Cured.;
rstrui.exe;C:\WINDOWS\system32\Restore;Win32.Virut.56;Cured.;
srdiag.exe;C:\WINDOWS\system32\Restore;Win32.Virut.56;Cured.;
E_FAMTCAE.EXE;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;
E_FARNCAE.EXE;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;
E_FATICAE.EXE;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;
E_FBCSCAE.EXE;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;
E_FHUTCAE.EXE;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;
E_FPRECAE.EXE;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;
E_S40RP7.EXE;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;
migload.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;
migwiz.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;
migwiza.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;
mofcomp.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
scrcons.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
unsecapp.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
wbemtest.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
wmiadap.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
wmic.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
wmiprvse.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
devcon.exe;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp;Win32.Virut.56;Cured.;
i4jdel0.exe;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp;Win32.Virut.56;Cured.;
war3_Install.exe;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp;Win32.Virut.56;Cured.;
i4jdel.exe;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e4j5.tmp_dir27805;Win32.Virut.56;Cured.;
i4jdel.exe;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e4j92.tmp_dir13375;Win32.Virut.56;Cured.;
setup.exe;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\O&O Defrag Professional;Win32.Virut.56;Cured.;
war3.exe;C:\;Win32.Virut.56;Cured.;

25 réponses

  • 1
  • 2
Réponse 1 / 25
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt pour virut c'est pas gagné il faut en général formater mais surtout lors d'enregistrement ne pas mettre de fichier au format .scr et .exe sinon cela revient!

sinon tenter ceci:

https://www.malekal.com/supprimer-win32virut/
1
Réponse 2 / 25
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
je pense que seul un formatage peut resoudre le souci

mais si tu formate il ne faut surtout pas remettre des sauvegarde contenant un fichier .exe ou .scr!!! sinon l'infection se redeveloppe

bref sauvegarde tes photos... mais surtout pas des sauvegarde contenant un fichier .exe ou .scr!

ou tenter un scan avec escan antivirus

http://www.malekal.com/tutorial_eScan_antivirus_toolkit.php
1
Réponse 3 / 25
eZula Messages postés 3509 Statut Contributeur 392
 
Je crois que ton salut est dans le formatage.
0
Réponse 4 / 25
totoche04 Messages postés 11 Statut Membre
 
J'ai formater il y a deux jours :'(

Je vais essayer la 2iem méthode donner sur http://www.commentcamarche.net/faq/sujet 16138 comment supprimer virut

après cela je verrais pour un rererere formatage
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Salut

Il me semble que virut reste même après plusieurs formatage... !

Si tu me permet un truc EZULA ^^

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 6 / 25
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
T'as encore des cracks sur ton pc ?
0
Réponse 7 / 25
totoche04 Messages postés 11 Statut Membre
 
Bonjour merci pour ta réponse voici le log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-03-06 12:59:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 63 GB (88%) free of 72 GB
Total RAM: 3071 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:01 PM, on 3/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\oodtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
C:\Program Files\Garena\Garena.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_SC4.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
0
Réponse 8 / 25
totoche04 Messages postés 11 Statut Membre
 
Salut kevin comment ca des crack ? pour les jeux ? j'utilise juste un no cd pour warcraft3
0
Réponse 9 / 25
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Arffffffffffffffffffffffffffffffff !!!

T'es mal barré !

Toolbar infecter,pas mal de fichiers et je parirais que t'as aussi des fichiers source windows infecté...

▶ Télécharge Combofix de sUBs

▶ et enregistre le sur le Bureau.

▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

▶ Je te conseille d'installer la console de récupération !!

ensuite envois le rapport et refais un nouveau rapport hijackthis stp

Edit : désolé eZula de t'avoir piqué le topique mais c'était plus fort que moi xD

Le mot virut m'as donner envie de relevé le defis ^^
0
Réponse 10 / 25
totoche04 Messages postés 11 Statut Membre
 
merci pour ton aide voici le rapport

ComboFix 09-03-04.01 - Administrator 2009-03-06 13:07:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2178 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC2.dll

[COLOR=RED] c:\windows\system32\spoolsv.exe . . . is infected!!/COLOR

[COLOR=RED] c:\windows\explorer.exe . . . is infected!!/COLOR

Le rapport hijackthis

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-03-06 13:10:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 63 GB (88%) free of 72 GB
Total RAM: 3071 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:58 PM, on 3/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Garena\Garena.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
0
Réponse 11 / 25
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
le log de combofix est pas entié
0
Réponse 12 / 25
totoche04 Messages postés 11 Statut Membre
 
désoler mauvais copy past voici

ComboFix 09-03-04.01 - Administrator 2009-03-06 13:07:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2178 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC2.dll

[COLOR=RED] c:\windows\system32\spoolsv.exe . . . is infected!!/COLOR

[COLOR=RED] c:\windows\explorer.exe . . . is infected!!/COLOR

.
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-06 12:59 . 2009-03-06 13:00 <DIR> d-------- C:\rsit
2009-03-06 12:59 . 2009-03-06 13:00 <DIR> d-------- c:\program files\trend micro
2009-03-06 12:19 . 2009-03-06 12:19 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb
2009-03-06 10:35 . 2009-03-06 10:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\EPSON
2009-03-06 10:34 . 2009-03-06 10:34 <DIR> d-------- c:\windows\LastGood
2009-03-06 10:34 . 2009-03-06 10:34 <DIR> d-------- c:\program files\EPSON
2009-03-06 10:34 . 2006-12-08 11:04 76,800 --a------ c:\windows\system32\E_FLBCAE.DLL
2009-03-06 10:34 . 2006-04-19 11:00 62,976 --a------ c:\windows\system32\E_FD4BCAE.DLL
2009-03-06 10:34 . 2004-09-11 05:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-03-05 22:24 . 2009-03-05 22:24 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-05 22:24 . 2009-03-05 22:24 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-05 22:24 . 2009-03-05 22:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-05 22:24 . 2009-03-05 22:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-05 21:19 . 2009-03-06 10:24 <DIR> d-------- c:\program files\Steam
2009-03-05 13:33 . 2009-03-05 13:33 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-05 10:02 . 2009-03-05 10:02 100,514 --a------ c:\windows\system32\4D.tmp
2009-03-05 09:56 . 2009-03-05 09:56 84 --a------ c:\windows\system32\4B.tmp
2009-03-04 18:32 . 2009-03-04 18:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Avira
2009-03-04 18:27 . 2009-03-04 18:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Octoshape
2009-03-04 15:01 . 2009-03-04 15:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-04 14:55 . 2009-03-04 14:55 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-04 14:55 . 2009-03-04 14:55 <DIR> d-------- c:\program files\Adobe Media Player
2009-03-04 14:50 . 2009-03-04 14:50 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-04 14:49 . 2009-03-04 14:54 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-04 12:46 . 2009-03-06 12:35 471,040 --a------ C:\war3.exe
2009-03-04 12:37 . 2009-03-05 22:39 <DIR> d-------- c:\program files\Warcraft III
2009-03-04 12:09 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\Administrator\Contacts
2009-03-04 12:08 . 2009-03-04 12:08 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-04 12:08 . 2009-03-04 12:08 <DIR> d-------- c:\program files\MSN Messenger
2009-03-04 12:02 . 2009-03-04 12:02 <DIR> d-------- c:\program files\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 20:33 8,192 ----a-w c:\windows\system32\winhlp32.exe
2009-03-06 20:33 5,632 ----a-w c:\windows\system32\write.exe
2009-03-06 20:33 5,632 ----a-w c:\windows\system32\winver.exe
2009-03-06 20:33 32,256 ----a-w c:\windows\system32\wupdmgr.exe
2009-03-06 20:33 32,256 ----a-w c:\windows\system32\wpabaln.exe
2009-03-06 20:33 30,720 ----a-w c:\windows\system32\xcopy.exe
2009-03-06 20:33 155,648 ----a-w c:\windows\system32\wscript.exe
2009-03-06 20:33 119,808 ----a-w c:\windows\system32\winmine.exe
2009-03-06 20:33 11,776 ----a-w c:\windows\system32\winmsd.exe
2009-03-06 20:33 11,264 ----a-w c:\windows\system32\wpnpinst.exe
2009-03-06 20:31 9,728 ----a-w c:\windows\system32\sfc.exe
2009-03-06 20:30 9,216 ----a-w c:\windows\system32\proxycfg.exe
2009-03-06 20:29 98,304 ----a-w c:\windows\system32\makecab.exe
2009-03-06 20:28 9,216 ----a-w c:\windows\system32\finger.exe
2009-03-06 20:27 98,304 ----a-w c:\windows\system32\ahui.exe
2009-03-06 20:22 95,744 ----a-w c:\windows\system32\scardsvr.exe
2009-03-06 20:21 69,632 ----a-w c:\windows\Alcmtr.exe
2009-03-06 20:21 1,051,136 ----a-w c:\windows\explorer.exe
2009-03-06 18:26 --------- d-----w c:\program files\Garena
2009-03-05 17:54 50,968 ----a-w c:\windows\system32\avgfwdx.dll
2009-03-05 17:54 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-05 17:54 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2009-03-05 17:54 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-03-05 17:54 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-05 17:54 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-05 17:54 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-05 09:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-03-04 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-04 17:46 --------- d-----w c:\documents and settings\Administrator\Application Data\Ventrilo
2009-03-04 17:32 --------- d-----w c:\program files\AVG
2009-03-04 17:26 --------- d-----w c:\program files\AMD
2009-03-04 17:19 --------- d-----w c:\program files\AskSearch
2009-03-04 17:19 --------- d-----w c:\program files\AskBarDis
2009-03-04 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-03-04 17:18 --------- d-----w c:\program files\Vuze
2009-03-04 17:18 --------- d-----w c:\program files\Common Files\i4j_jres
2009-03-04 17:15 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-04 17:15 --------- d-----w c:\program files\DAEMON Tools Lite
2009-03-04 17:11 --------- d-----w c:\program files\NVIDIA Corporation
2009-03-04 17:11 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-04 17:10 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-04 17:10 --------- d-----w c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-03-04 17:09 --------- d-----w c:\program files\OO Software
2009-03-04 17:08 335,872 ----a-w c:\windows\HideWin.exe
2009-03-04 17:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-04 17:08 --------- d-----w c:\program files\Realtek
2009-03-04 17:07 --------- d-----w c:\program files\VentriloMIX
2009-03-04 17:00 --------- d-----w c:\program files\Unlocker
2009-03-04 17:00 --------- d-----w c:\program files\Microsoft PowerToys
2009-03-04 17:00 --------- d-----w c:\program files\HashTab Shell Extension
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-30 11:29 453,152 ------w c:\windows\system32\nvusmb.exe
2008-12-30 11:29 122,880 ----a-w c:\windows\system32\NVCOSMB.DLL
2008-12-30 04:52 990,208 ----a-w c:\windows\system32\syssetup.dll
2008-12-30 04:52 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-12-30 04:52 140,288 ----a-w c:\windows\system32\sfc_os.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
.

------- Sigcheck -------

2008-12-29 20:52 361600 5ae1c2695f6523ad98b948f2887d8c5e c:\windows\system32\drivers\tcpip.sys

2009-03-06 12:21 1051136 2c67e09df367f78920b09effe0a2293e c:\windows\explorer.exe

2009-03-06 12:22 32768 fd5b45c2bb6f77d4457bd233574679f0 c:\windows\system32\ctfmon.exe

2009-03-06 12:22 75264 86b7f9391acb432de4a4a7990f7df275 c:\windows\system32\spoolsv.exe

2009-03-06 12:22 26112 d74bd6587b7e038992c9ae10f0511115 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 18:40 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-03-06 32768]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Octoshape Streaming Services"="c:\documents and settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-12 70936]
"Steam"="c:\program files\steam\steam.exe" [2009-03-05 1410296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-03-06 33280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-15 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-15 86016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2009-03-06 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-05 1601304]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"nwiz"="nwiz.exe" [2008-08-15 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-06 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-05 09:54 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"d:\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-04 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-04 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-04 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-03-04 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-03-04 258305]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-03-04 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-03-04 234888]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-03-04 41217]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-05 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-05 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-05 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-04 29208]
R3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CIS3.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CIS3.tmp [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-04 29208]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32
*NewlyCreated* - GARENAPENGINE
*Deregistered* - DwShield0000283F
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bopuckvw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 13:08:17
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CIS3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E160EC45410196C74A762B2012E850C73695297F24F17BC3464EDC047D4ED41A38E66D52F144A48678AEB303C36C93493D234F6DC2BF78923866C6C4076FCCC6527DBCFB3617A48D79ED2F7DDA333530041A4A36C772744E9AFACEEF11D0BFDA38227F7316039B6EB88E29888FB37465F6D1AEB63C8F87547B03316617223DC63C87BEC19B05B04D67A015709E5634E0C7D57920AF0B6A14AC28935F9708778EEE13643FD88EB1E378E74853C7FA7732EA6808F6B2D27D8E45467D63141946C928E0C39CDF039081A5D9FAA751F3697B1AFC9C92DA44FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794DDA77D75AF33965218A8A6E2F2EFC89703D12F7128A5A8D12363EFD6E66A745269EE19D5F05C9CDC38B7111F872B2F7781E7E08ACF714903700C3317C15C9F2BA2E8E4432DA416217595A1AF4A5563285E7092915EE7CA74D55E9CFBEB2ADFD2525CB0EEF6F65E29505CA84256BD134273FC3652975E4B6AA8FEDE8BF04EE2D8E42211BBC113D7F2EF3C3C36A8896FCE40AE81C823FEEC1CDEA5F002C198DDC3EAA75EC0E80EE5701EF4B4A1A431ADCE663FED280CC559B6969F8F4B322A070C9A6D34CAA74F7107C6DFAFCB8F8289B32EF8BC534286B7588ECB378CFA7A9B9FCD09F1D7A112E591FDE38D31161E3EE481BAEB67986638972B9FAD9B39D45A5E7EA53D1CD96537DD79017482C4F68F3DEF77452E465F0D7A7322F782EB57079C4F7EFD7F3C2E56AE92C8CDA50D57C18C2CB7D02C683F6EFD9471627F79F569A484E3DF1D15A4BE39C6E2C5B2C75C9E150D15DC15FBA69491DCBB7B8528754CB387BD53C395D36BA7B808CDF3AEF5F38E0E41FB53E58DBE9AC14897BBA6F180F9E5830CF7D29B5D182E071B6C5FE914A2CCFC05046DBB326E5AEBCC7B82D9599C4E430371472F999B91C2274F5C4FD3F10E2111F83DCFB15C621476D3B2F02EB5989E731B4F18A83A6F312E868C140D10B6987EB766BA0BA13A4233080DCC5BD03B4A5E95AC30176CF9DB322C3AF81D0153626F79DAC30B746689678D51D7BF6FD48F87330528F5210962F7149413E6429091CA2CF08384FA0D93B90F9DD1BE87254BF67B6103D83993F509BFABCA4E4344CE39F0E668CE52FB9A95EB75CEC101907079A9B01A598B39DCB269F75C3E64E3D3AA1D5AB3450BA170A8B444B132B822021EAEC19793E23C7105FCD3D9247F8AF0D03B4FFBC4A713F7683354390201059A3A2D4CFBA87B0223D61BFBA6715D7688A087ACAAB021872B0A5E5672A11E0B66647C671BBD881372BF98957C1C3F0B1255753E7CEF63D9150967DEBF8CC828297A29921D7AAF20F79DFDA3671DD64F1A6CA83304ECCD8CD6"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\avsda.dll

- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\avsda.dll
.
Completion time: 2009-03-06 13:09:07
ComboFix-quarantined-files.txt 2009-03-06 21:09:04

Pre-Run: 66,047,770,624 bytes free
Post-Run: 66,394,255,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff /usepmtimer

250
0
Réponse 13 / 25
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

Une fois sauvegardé sur ton bureau, double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
* Redémarre ton ordinateur
* Après avoir entendu l’ordinateur biper lors du démarrage, mais avant que l’icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.

Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.

* Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau.
* Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

TUTO Si besoin

Je reviens vers 3h30

A+
0
Réponse 14 / 25
totoche04 Messages postés 11 Statut Membre
 
Re voila le rapport de sdfix

[b]SDFix: Version 1.240 [/b]
Run by Administrator on Fri 03/06/2009 at 01:30 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\2.tmp - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\WINDOWS\system32\14.tmp - Deleted

Removing Temp Files

[b]ADS Check [/b]:
0
Réponse 15 / 25
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Arff

Refais un coup de drweb stp

A+
0
Réponse 16 / 25
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Salut ;

pour virut c'est pas gagné il faut en général formater

Je sais mais j'esperé pouvoir le defucké :-(. C'est mal barré :-(
0
Réponse 17 / 25
totoche04 Messages postés 11 Statut Membre
 
apres un scan avec AVPTool en mode sans echec voila le rapport je post celui de drweb juste après

----------
Scanned: 323039
Detected: 189
Untreated: 0
Start time: 3/6/2009 3:14:47 PM
Duration: 00:52:11
Finish time: 3/6/2009 4:56:30 PM

Detected
--------
Status Object
------ ------
disinfected: virus Virus.Win32.Virut.ce File: c:\windows\regedit.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\windows media player\wmplayer.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\outlook express\wab.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\windows\hh.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\windows\winhlp32.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\windows nt\hypertrm.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\internet explorer\iexplore.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\windows nt\accessories\wordpad.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\windows\notepad.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\netmeeting\conf.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\windows nt\dialer.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\windows\pchealth\helpctr\binaries\helpctr.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\internet explorer\connection wizard\icwconn1.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\internet explorer\connection wizard\icwconn2.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\internet explorer\connection wizard\inetwiz.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\internet explorer\connection wizard\isignup.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\movie maker\moviemk.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\k-lite codec pack\media player classic\mplayerc.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\windows\pchealth\helpctr\binaries\msconfig.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\outlook express\msimn.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\common files\microsoft shared\msinfo\msinfo32.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\windows nt\pinball\pinball.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\outlook express\wabmig.exe
disinfected: virus Virus.Win32.Virut.ce File: c:\program files\winrar\winrar.exe
deleted: Trojan program Trojan.Win32.Inject.prr File: C:\Documents and Settings\Administrator\reader_s.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\6ZK0OJHM.Q7T\96VTA2RL.GHJ\fast..tion_70e7d13bb83f253e_0000.0001_8eaf9275e39788a8\FasterPing.exe
deleted: Trojan program Backdoor.Win32.Agent.adql File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3XC7R72V\ge[1].txt
deleted: Trojan program Trojan.Win32.Inject.prr File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8KF0Y53I\abb[1].txt
disinfected: virus Virus.Win32.Virut.ce File: C:\nVidia Forceware\Xtreme-G 177.92 XP 32bit\nvcolor.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\nVidia Forceware\Xtreme-G 177.92 XP 32bit\nvepclnt.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Adobe\Adobe Device Central CS4\LogTransport2.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Adobe\Adobe Dreamweaver CS4\LogTransport2.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Adobe\Adobe Extension Manager CS4\Replace.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\java-rmi.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\java.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\javacpl.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\javaw.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\keytool.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\kinit.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\klist.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\ktab.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\orbd.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\pack200.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\policytool.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\rmid.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\rmiregistry.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\servertool.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\tnameserv.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\i4j_jres\jre1\bin\unpack200.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver2.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Garena\update.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Internet Explorer\iedw.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\K-Lite Codec Pack\Real\settings.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Microsoft PowerToys\PowerCalc.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\NetMeeting\cb32.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\NetMeeting\wb32.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\openssl.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\CapabilityTable.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nCLI.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\webui.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\webuir.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\cgi-bin\nCGI.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\cgi-bin\ncgir.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\cgi-bin\nlog.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Outlook Express\oemig50.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Realtek\Audio\InstallShield\Alcmtr.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Realtek\Audio\InstallShield\AlcWzrd.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Realtek\Audio\InstallShield\ChCfg.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Realtek\Audio\InstallShield\MicCal.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Realtek\Audio\InstallShield\RTLCPL.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Realtek\Audio\InstallShield\RtlUpd.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Realtek\Audio\InstallShield\RtlUpd64.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Realtek\Audio\InstallShield\SkyTel.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Realtek\Audio\InstallShield\SoundMan.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Steam\steamapps\thirox_cs@hotmail.com\counter-strike\hlds.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Unlocker\Unlocker.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\VentriloMIX\TeamSpeakRC2 2.0.32.60.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\VentriloMIX\Ventrilo 2.2.0.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\VentriloMIX\Ventrilo 2.3.0.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\VentriloMIX\VentriloMIX.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Vuze\.install4j\i4jdel.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Warcraft III\v1.21a Loader\Files\war3.exe
deleted: Trojan program Trojan.Win32.LipGame.cd File: C:\Program Files\Warcraft III\v1.21a Loader\Files\worldedit.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Warcraft III\v1.21a Loader\Original Files\Frozen Throne.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Warcraft III\v1.21a Loader\Original Files\Warcraft III.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Warcraft III\v1.21a Loader\Original Files\World Editor.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Windows Media Player\migrate.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\Windows Media Player\setup_wm.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\WinRAR\Rar.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\WinRAR\RarExtLoader.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\WinRAR\Uninstall.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\Program Files\WinRAR\UnRAR.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\catchme.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\dummy.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\editreg.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\Cghtme.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\cliptext.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\CSweg.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\download.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\ERUNT.EXE
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\FixPath.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\LS.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\MD5File.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\moveex.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\Process.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\procs.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\psservice.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\RestartIt!.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\sc.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\sed.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\SF.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\shutdown.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\Swreg.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\swsc.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\UnRAR.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\unzip.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\vfind.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\WINMSG.EXE
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\zip.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\SDFix\apps\Replace\regedit.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\alcwzrd.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\HideWin.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\MicCal.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\modifyPE.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\NIRCMD.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RTLCPL.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RtlUpd.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\sed.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SkyTel.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoundMan.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SWREG.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SWSC.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SWXCACLS.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\TASKMAN.EXE
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\twunk_32.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\VFIND.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\zip.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\msagent\agentsvr.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\mui\muisetup.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\NLDRV\005\nvudisp.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\NLDRV\007\nvunrm.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\NLDRV\010\rtkupd.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\NLDRV\012\nvunrm.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe
disinfected: virus Virus.Win32.Virut.ce File: C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe
deleted: Trojan program Trojan.Win32.Inject.prr File: C:\WINDOWS\system32\reader_s.exe
disinfected: virus Virus.Win32.Virut.ce File: D:\Azureus Downloads\Indiana.Jones.4.FRENCH\DEVENIR RICHE FACILEMENT ET GRATUITEMENT GRACE A INTERNET ET SMARTBARRE\XuMouse.exe
disinfected: virus Virus.Win32.Virut.ce File: D:\Warcraft III\BNUpdate.exe
disinfected: virus Virus.Win32.Virut.ce File: D:\Warcraft III\Frozen Throne.exe
disinfected: virus Virus.Win32.Virut.ce File: D:\Warcraft III\war3.exe
disinfected: virus Virus.Win32.Virut.ce File: D:\Warcraft III\Warcraft III.exe
disinfected: virus Virus.Win32.Virut.ce File: D:\Warcraft III\World Editor.exe
disinfected: virus Virus.Win32.Virut.ce File: D:\Warcraft III\worldedit.exe
disinfected: virus Virus.Win32.Virut.ce File: E:\WAR_VO_French.exe
disinfected: virus Virus.Win32.Virut.ce File: E:\Programmes\Adobe CS4\Dreamweaver\Adobe CS4\payloads\AdobeAMP-mul\Adobe AIR\Versions\1.0\Resources\template.exe

Events
------
Time Name Status Reason
---- ---- ------ ------
3/6/2009 3:15:01 PM File: c:\windows\regedit.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:01 PM File: c:\windows\regedit.exe not disinfected postponed
3/6/2009 3:15:01 PM File: c:\program files\windows media player\wmplayer.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:01 PM File: c:\program files\windows media player\wmplayer.exe not disinfected postponed
3/6/2009 3:15:02 PM File: c:\program files\outlook express\wab.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:02 PM File: c:\program files\outlook express\wab.exe not disinfected postponed
3/6/2009 3:15:02 PM File: c:\windows\hh.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:02 PM File: c:\windows\hh.exe not disinfected postponed
3/6/2009 3:15:02 PM File: c:\windows\winhlp32.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:02 PM File: c:\windows\winhlp32.exe not disinfected postponed
3/6/2009 3:15:02 PM File: c:\program files\windows nt\hypertrm.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:02 PM File: c:\program files\windows nt\hypertrm.exe not disinfected postponed
3/6/2009 3:15:02 PM File: c:\program files\internet explorer\iexplore.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:02 PM File: c:\program files\internet explorer\iexplore.exe not disinfected postponed
3/6/2009 3:15:04 PM File: C:\WINDOWS\regedit.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:04 PM File: C:\WINDOWS\regedit.exe not disinfected postponed
3/6/2009 3:15:04 PM File: c:\program files\windows nt\accessories\wordpad.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:04 PM File: c:\program files\windows nt\accessories\wordpad.exe not disinfected postponed
3/6/2009 3:15:04 PM File: c:\windows\notepad.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:04 PM File: c:\windows\notepad.exe not disinfected postponed
3/6/2009 3:15:46 PM File: c:\program files\netmeeting\conf.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:46 PM File: c:\program files\netmeeting\conf.exe not disinfected postponed
3/6/2009 3:15:47 PM File: c:\program files\windows nt\dialer.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:47 PM File: c:\program files\windows nt\dialer.exe not disinfected postponed
3/6/2009 3:15:47 PM File: c:\windows\pchealth\helpctr\binaries\helpctr.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:48 PM File: c:\windows\pchealth\helpctr\binaries\helpctr.exe not disinfected postponed
3/6/2009 3:15:49 PM File: c:\program files\internet explorer\connection wizard\icwconn1.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:49 PM File: c:\program files\internet explorer\connection wizard\icwconn1.exe not disinfected postponed
3/6/2009 3:15:49 PM File: c:\program files\internet explorer\connection wizard\icwconn2.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:49 PM File: c:\program files\internet explorer\connection wizard\icwconn2.exe not disinfected postponed
3/6/2009 3:15:49 PM File: c:\program files\internet explorer\connection wizard\inetwiz.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:49 PM File: c:\program files\internet explorer\connection wizard\inetwiz.exe not disinfected postponed
3/6/2009 3:15:49 PM File: c:\program files\internet explorer\connection wizard\isignup.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:50 PM File: c:\program files\internet explorer\connection wizard\isignup.exe not disinfected postponed
3/6/2009 3:15:50 PM File: c:\program files\movie maker\moviemk.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:51 PM File: c:\program files\movie maker\moviemk.exe not disinfected postponed
3/6/2009 3:15:52 PM File: c:\program files\k-lite codec pack\media player classic\mplayerc.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:52 PM File: c:\program files\k-lite codec pack\media player classic\mplayerc.exe not disinfected postponed
3/6/2009 3:15:53 PM File: c:\windows\pchealth\helpctr\binaries\msconfig.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:53 PM File: c:\windows\pchealth\helpctr\binaries\msconfig.exe not disinfected postponed
3/6/2009 3:15:53 PM File: c:\program files\outlook express\msimn.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:53 PM File: c:\program files\outlook express\msimn.exe not disinfected postponed
3/6/2009 3:15:53 PM File: c:\program files\common files\microsoft shared\msinfo\msinfo32.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:53 PM File: c:\program files\common files\microsoft shared\msinfo\msinfo32.exe not disinfected postponed
3/6/2009 3:15:53 PM File: c:\program files\windows nt\pinball\pinball.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:53 PM File: c:\program files\windows nt\pinball\pinball.exe not disinfected postponed
3/6/2009 3:15:54 PM File: c:\program files\outlook express\wabmig.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:54 PM File: c:\program files\outlook express\wabmig.exe not disinfected postponed
3/6/2009 3:15:54 PM File: c:\program files\winrar\winrar.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:15:54 PM File: c:\program files\winrar\winrar.exe not disinfected postponed
3/6/2009 3:16:38 PM File: c:\windows\regedit.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:38 PM File: c:\windows\regedit.exe not disinfected postponed
3/6/2009 3:16:39 PM File: c:\program files\windows media player\wmplayer.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:39 PM File: c:\program files\windows media player\wmplayer.exe not disinfected postponed
3/6/2009 3:16:39 PM File: c:\program files\outlook express\wab.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:39 PM File: c:\program files\outlook express\wab.exe not disinfected postponed
3/6/2009 3:16:39 PM File: c:\windows\hh.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:39 PM File: c:\windows\hh.exe not disinfected postponed
3/6/2009 3:16:39 PM File: c:\windows\winhlp32.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:39 PM File: c:\windows\winhlp32.exe not disinfected postponed
3/6/2009 3:16:39 PM File: c:\program files\windows nt\hypertrm.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:39 PM File: c:\program files\windows nt\hypertrm.exe not disinfected postponed
3/6/2009 3:16:39 PM File: c:\program files\internet explorer\iexplore.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:39 PM File: c:\program files\internet explorer\iexplore.exe not disinfected postponed
3/6/2009 3:16:40 PM File: C:\WINDOWS\regedit.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:40 PM File: C:\WINDOWS\regedit.exe not disinfected postponed
3/6/2009 3:16:40 PM File: c:\program files\windows nt\accessories\wordpad.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:40 PM File: c:\program files\windows nt\accessories\wordpad.exe not disinfected postponed
3/6/2009 3:16:40 PM File: c:\windows\notepad.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:40 PM File: c:\windows\notepad.exe not disinfected postponed
3/6/2009 3:16:58 PM File: c:\program files\netmeeting\conf.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:58 PM File: c:\program files\netmeeting\conf.exe not disinfected postponed
3/6/2009 3:16:58 PM File: c:\program files\windows nt\dialer.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:58 PM File: c:\program files\windows nt\dialer.exe not disinfected postponed
3/6/2009 3:16:58 PM File: c:\windows\pchealth\helpctr\binaries\helpctr.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:58 PM File: c:\windows\pchealth\helpctr\binaries\helpctr.exe not disinfected postponed
3/6/2009 3:16:59 PM File: c:\program files\internet explorer\connection wizard\icwconn1.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:59 PM File: c:\program files\internet explorer\connection wizard\icwconn1.exe not disinfected postponed
3/6/2009 3:16:59 PM File: c:\program files\internet explorer\connection wizard\icwconn2.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:59 PM File: c:\program files\internet explorer\connection wizard\icwconn2.exe not disinfected postponed
3/6/2009 3:16:59 PM File: c:\program files\internet explorer\connection wizard\inetwiz.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:59 PM File: c:\program files\internet explorer\connection wizard\inetwiz.exe not disinfected postponed
3/6/2009 3:16:59 PM File: c:\program files\internet explorer\connection wizard\isignup.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:59 PM File: c:\program files\internet explorer\connection wizard\isignup.exe not disinfected postponed
3/6/2009 3:16:59 PM File: c:\program files\movie maker\moviemk.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:59 PM File: c:\program files\movie maker\moviemk.exe not disinfected postponed
3/6/2009 3:16:59 PM File: c:\program files\k-lite codec pack\media player classic\mplayerc.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:59 PM File: c:\program files\k-lite codec pack\media player classic\mplayerc.exe not disinfected postponed
3/6/2009 3:16:59 PM File: c:\windows\pchealth\helpctr\binaries\msconfig.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:59 PM File: c:\windows\pchealth\helpctr\binaries\msconfig.exe not disinfected postponed
3/6/2009 3:16:59 PM File: c:\program files\outlook express\msimn.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:59 PM File: c:\program files\outlook express\msimn.exe not disinfected postponed
3/6/2009 3:16:59 PM File: c:\program files\common files\microsoft shared\msinfo\msinfo32.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:16:59 PM File: c:\program files\common files\microsoft shared\msinfo\msinfo32.exe not disinfected postponed
3/6/2009 3:17:00 PM File: c:\program files\windows nt\pinball\pinball.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:17:00 PM File: c:\program files\windows nt\pinball\pinball.exe not disinfected postponed
3/6/2009 3:17:00 PM File: c:\program files\outlook express\wabmig.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:17:00 PM File: c:\program files\outlook express\wabmig.exe not disinfected postponed
3/6/2009 3:17:00 PM File: c:\program files\winrar\winrar.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:17:00 PM File: c:\program files\winrar\winrar.exe not disinfected postponed
3/6/2009 3:17:17 PM File: C:\Documents and Settings\Administrator\reader_s.exe detected Trojan program 'Trojan.Win32.Inject.prr'
3/6/2009 3:17:17 PM File: C:\Documents and Settings\Administrator\reader_s.exe not disinfected postponed
3/6/2009 3:17:28 PM File: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:17:28 PM File: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe not disinfected postponed
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{0C4CAF06-F885-4FA9-AC16-D76F6F4400A3} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{1D4351AB-6991-492C-A761-6D40AA1A8519} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{2C1ECFE3-498E-46E9-8E9A-0DED5F1D9058} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{2D1CC0EF-042D-4BBB-A268-4CBEB79A9D54} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{49CDB656-5409-4E09-86A0-94B865D68F4D} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{780E706D-B3D8-4F2E-B99D-59B96328B632} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{883904A2-637B-4C96-BE18-1C3EB7620CFC} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{A1879FFC-00EE-453C-AC76-1445ED3858AB} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{B46A8B18-5209-407D-8587-21CEBD8AAFF1} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{D312F074-6081-4215-A8EF-9C4FB952CA61} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{DEB24DD8-23B3-468D-8AC5-CBF71F7AE604} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/{E3D03849-6F1D-431D-B824-4F693E6CF6C6} password protected
3/6/2009 3:17:34 PM File: C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2009 - 22-35-56.SBU/backup.db password protected
3/6/2009 3:18:29 PM File: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\6ZK0OJHM.Q7T\96VTA2RL.GHJ\fast..tion_70e7d13bb83f253e_0000.0001_8eaf9275e39788a8\FasterPing.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:18:29 PM File: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\6ZK0OJHM.Q7T\96VTA2RL.GHJ\fast..tion_70e7d13bb83f253e_0000.0001_8eaf9275e39788a8\FasterPing.exe not disinfected postponed
3/6/2009 3:18:32 PM File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3XC7R72V\ge[1].txt detected Trojan program 'Backdoor.Win32.Agent.adql'
3/6/2009 3:18:32 PM File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3XC7R72V\ge[1].txt not disinfected postponed
3/6/2009 3:18:32 PM File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8KF0Y53I\abb[1].txt detected Trojan program 'Trojan.Win32.Inject.prr'
3/6/2009 3:18:32 PM File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8KF0Y53I\abb[1].txt not disinfected postponed
3/6/2009 3:19:09 PM File: C:\nVidia Forceware\Xtreme-G 177.92 XP 32bit\nvcolor.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:19:09 PM File: C:\nVidia Forceware\Xtreme-G 177.92 XP 32bit\nvcolor.exe not disinfected postponed
3/6/2009 3:19:12 PM File: C:\nVidia Forceware\Xtreme-G 177.92 XP 32bit\nvepclnt.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:19:12 PM File: C:\nVidia Forceware\Xtreme-G 177.92 XP 32bit\nvepclnt.exe not disinfected postponed
3/6/2009 3:19:58 PM File: C:\Program Files\Adobe\Adobe Device Central CS4\LogTransport2.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:19:58 PM File: C:\Program Files\Adobe\Adobe Device Central CS4\LogTransport2.exe not disinfected postponed
3/6/2009 3:20:26 PM File: C:\Program Files\Adobe\Adobe Dreamweaver CS4\LogTransport2.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:20:26 PM File: C:\Program Files\Adobe\Adobe Dreamweaver CS4\LogTransport2.exe not disinfected postponed
3/6/2009 3:23:53 PM File: C:\Program Files\Adobe\Adobe Extension Manager CS4\Replace.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:23:53 PM File: C:\Program Files\Adobe\Adobe Extension Manager CS4\Replace.exe not disinfected postponed
3/6/2009 3:27:20 PM File: C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:20 PM File: C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe not disinfected postponed
3/6/2009 3:27:22 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\java-rmi.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:22 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\java-rmi.exe not disinfected postponed
3/6/2009 3:27:22 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\java.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:22 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\java.exe not disinfected postponed
3/6/2009 3:27:22 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\javacpl.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:22 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\javacpl.exe not disinfected postponed
3/6/2009 3:27:22 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\javaw.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:22 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\javaw.exe not disinfected postponed
3/6/2009 3:27:23 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\keytool.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:23 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\keytool.exe not disinfected postponed
3/6/2009 3:27:23 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\kinit.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:23 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\kinit.exe not disinfected postponed
3/6/2009 3:27:23 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\klist.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:23 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\klist.exe not disinfected postponed
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\ktab.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\ktab.exe not disinfected postponed
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\orbd.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\orbd.exe not disinfected postponed
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\pack200.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\pack200.exe not disinfected postponed
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\policytool.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\policytool.exe not disinfected postponed
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\rmid.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\rmid.exe not disinfected postponed
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\rmiregistry.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:24 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\rmiregistry.exe not disinfected postponed
3/6/2009 3:27:25 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\servertool.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:25 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\servertool.exe not disinfected postponed
3/6/2009 3:27:25 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\tnameserv.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:25 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\tnameserv.exe not disinfected postponed
3/6/2009 3:27:25 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\unpack200.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:27:25 PM File: C:\Program Files\Common Files\i4j_jres\jre1\bin\unpack200.exe not disinfected postponed
3/6/2009 3:28:41 PM File: C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:28:41 PM File: C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe not disinfected postponed
3/6/2009 3:28:41 PM File: C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver2.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:28:42 PM File: C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver2.exe not disinfected postponed
3/6/2009 3:28:42 PM File: C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:28:42 PM File: C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe not disinfected postponed
3/6/2009 3:28:43 PM File: C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:28:43 PM File: C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe not disinfected postponed
3/6/2009 3:28:44 PM File: C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:28:44 PM File: C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe not disinfected postponed
3/6/2009 3:28:44 PM File: C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:28:44 PM File: C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe not disinfected postponed
3/6/2009 3:29:01 PM File: C:\Program Files\Garena\mdata.ggz/mh.xml password protected
3/6/2009 3:29:01 PM File: C:\Program Files\Garena\update.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:01 PM File: C:\Program Files\Garena\update.exe not disinfected postponed
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\cn.ggz/default_cn.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\cn.ggz/dota65x_cn.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\cn.ggz/dota648b_cn.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\cn.ggz/lang.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\cn.ggz/server.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\cn_s.ggz/lang.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\cn_s.ggz/server.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\en.ggz/default.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\en.ggz/dota65x.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\en.ggz/dota648b.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\en.ggz/lang.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\en.ggz/server.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\en_s.ggz/lang.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\en_s.ggz/server.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\id_s.ggz/server.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\tw.ggz/default_tw.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\tw.ggz/dota65x_tw.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\tw.ggz/dota648b_tw.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\tw.ggz/lang.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\tw.ggz/server.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\tw_s.ggz/lang.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\GarenaTV\tw_s.ggz/server.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\Languages\FPSGame.dll.cn/lang.xml password protected
3/6/2009 3:29:02 PM File: C:\Program Files\Garena\Languages\FPSGame.dll.en/lang.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\FPSGame.dll.tw/lang.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\Garena.exe.br/Garena.exe.br.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\Garena.exe.cn/Garena.exe.cn.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\Garena.exe.en/Garena.exe.en.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\Garena.exe.id/Garena.exe.id.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\Garena.exe.ru/Garena.exe.ru.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\Garena.exe.sp/Garena.exe.sp.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\Garena.exe.th/Garena.exe.th.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\Garena.exe.tw/Garena.exe.tw.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\Garena.exe.vn/Garena.exe.vn.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\GarenaTV_UI.dll.cn/lang.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\GarenaTV_UI.dll.cn/server.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\GarenaTV_UI.dll.en/lang.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\GarenaTV_UI.dll.en/server.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\GarenaTV_UI.dll.id/server.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\GarenaTV_UI.dll.tw/lang.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\GarenaTV_UI.dll.tw/server.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\update.exe.cn/update.exe.cn.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\update.exe.tw/update.exe.tw.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\update2.exe.cn/update2.exe.cn.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\update2.exe.tw/update2.exe.tw.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\WC3Ass.dll.cn/lang.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\WC3Ass.dll.en/lang.xml password protected
3/6/2009 3:29:03 PM File: C:\Program Files\Garena\Languages\WC3Ass.dll.tw/lang.xml password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/ProgressBarBgH.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/ProgressBarBgV.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/ProgressBarH.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/ProgressBarV.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/ScrollBarArrows.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/ScrollBarArrowsHBg.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/ScrollNews.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/shop_gm.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/shop_gm_type.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/shop_magic_item.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/Skin.xml password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/split_h.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/split_v.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/splitter_h.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/Tab.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/TabBg.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/ui.xml password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/Window.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/skinmsn.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/usertype/0.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/usertype/1.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/usertype/100.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/usertype/11.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/usertype/2.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/usertype/3.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/usertype/4.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/usertype/5.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/usertype/6.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/usertype/Thumbs.db password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/Arrow_Down.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/Arrow_Up.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/Button.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/comment_header.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/GameIconsBig.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/goldmem.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/Header.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/login_gg_logo.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/login_header_bar.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/Logo.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/menu.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/messagetab.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/Others.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/outbar_lab.bmp password protected
3/6/2009 3:29:04 PM File: C:\Program Files\Garena\Skin\Skin.ggz/panel.bmp password protected
3/6/2009 3:29:06 PM File: C:\Program Files\Internet Explorer\iedw.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:06 PM File: C:\Program Files\Internet Explorer\iedw.exe not disinfected postponed
3/6/2009 3:29:06 PM File: C:\Program Files\Internet Explorer\IEXPLORE.EXE detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:06 PM File: C:\Program Files\Internet Explorer\IEXPLORE.EXE not disinfected postponed
3/6/2009 3:29:06 PM File: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:06 PM File: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe not disinfected postponed
3/6/2009 3:29:06 PM File: C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:06 PM File: C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe not disinfected postponed
3/6/2009 3:29:07 PM File: C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:07 PM File: C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe not disinfected postponed
3/6/2009 3:29:07 PM File: C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:07 PM File: C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe not disinfected postponed
3/6/2009 3:29:07 PM File: C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:07 PM File: C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe not disinfected postponed
3/6/2009 3:29:07 PM File: C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:07 PM File: C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe not disinfected postponed
3/6/2009 3:29:12 PM File: C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:12 PM File: C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe not disinfected postponed
3/6/2009 3:29:13 PM File: C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:13 PM File: C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe not disinfected postponed
3/6/2009 3:29:14 PM File: C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:14 PM File: C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe not disinfected postponed
3/6/2009 3:29:14 PM File: C:\Program Files\K-Lite Codec Pack\Real\settings.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:14 PM File: C:\Program Files\K-Lite Codec Pack\Real\settings.exe not disinfected postponed
3/6/2009 3:29:19 PM File: C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:19 PM File: C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe not disinfected postponed
3/6/2009 3:29:19 PM File: C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:19 PM File: C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe not disinfected postponed
3/6/2009 3:29:19 PM File: C:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:19 PM File: C:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe not disinfected postponed
3/6/2009 3:29:19 PM File: C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:19 PM File: C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe not disinfected postponed
3/6/2009 3:29:20 PM File: C:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:20 PM File: C:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe not disinfected postponed
3/6/2009 3:29:21 PM File: C:\Program Files\Microsoft PowerToys\PowerCalc.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:21 PM File: C:\Program Files\Microsoft PowerToys\PowerCalc.exe not disinfected postponed
3/6/2009 3:29:21 PM File: C:\Program Files\Movie Maker\moviemk.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:21 PM File: C:\Program Files\Movie Maker\moviemk.exe not disinfected postponed
3/6/2009 3:29:48 PM File: C:\Program Files\NetMeeting\cb32.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:48 PM File: C:\Program Files\NetMeeting\cb32.exe not disinfected postponed
3/6/2009 3:29:48 PM File: C:\Program Files\NetMeeting\conf.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:48 PM File: C:\Program Files\NetMeeting\conf.exe not disinfected postponed
3/6/2009 3:29:48 PM File: C:\Program Files\NetMeeting\wb32.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:48 PM File: C:\Program Files\NetMeeting\wb32.exe not disinfected postponed
3/6/2009 3:29:49 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\openssl.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:49 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\openssl.exe not disinfected postponed
3/6/2009 3:29:50 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\CapabilityTable.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:50 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\CapabilityTable.exe not disinfected postponed
3/6/2009 3:29:50 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nCLI.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:50 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nCLI.exe not disinfected postponed
3/6/2009 3:29:51 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\webui.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:51 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\webui.exe not disinfected postponed
3/6/2009 3:29:51 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\webuir.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:51 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\webuir.exe not disinfected postponed
3/6/2009 3:29:51 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\cgi-bin\nCGI.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:51 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\cgi-bin\nCGI.exe not disinfected postponed
3/6/2009 3:29:51 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\cgi-bin\ncgir.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:51 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\cgi-bin\ncgir.exe not disinfected postponed
3/6/2009 3:29:51 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\cgi-bin\nlog.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:29:51 PM File: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\cgi-bin\nlog.exe not disinfected postponed
3/6/2009 3:30:05 PM File: C:\Program Files\Outlook Express\msimn.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:05 PM File: C:\Program Files\Outlook Express\msimn.exe not disinfected postponed
3/6/2009 3:30:06 PM File: C:\Program Files\Outlook Express\oemig50.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:06 PM File: C:\Program Files\Outlook Express\oemig50.exe not disinfected postponed
3/6/2009 3:30:06 PM File: C:\Program Files\Outlook Express\wab.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:06 PM File: C:\Program Files\Outlook Express\wab.exe not disinfected postponed
3/6/2009 3:30:06 PM File: C:\Program Files\Outlook Express\wabmig.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:06 PM File: C:\Program Files\Outlook Express\wabmig.exe not disinfected postponed
3/6/2009 3:30:06 PM File: C:\Program Files\Realtek\Audio\InstallShield\Alcmtr.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:06 PM File: C:\Program Files\Realtek\Audio\InstallShield\Alcmtr.exe not disinfected postponed
3/6/2009 3:30:06 PM File: C:\Program Files\Realtek\Audio\InstallShield\AlcWzrd.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:06 PM File: C:\Program Files\Realtek\Audio\InstallShield\AlcWzrd.exe not disinfected postponed
3/6/2009 3:30:06 PM File: C:\Program Files\Realtek\Audio\InstallShield\ChCfg.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:06 PM File: C:\Program Files\Realtek\Audio\InstallShield\ChCfg.exe not disinfected postponed
3/6/2009 3:30:08 PM File: C:\Program Files\Realtek\Audio\InstallShield\MicCal.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:08 PM File: C:\Program Files\Realtek\Audio\InstallShield\MicCal.exe not disinfected postponed
3/6/2009 3:30:08 PM File: C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:09 PM File: C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe not disinfected postponed
3/6/2009 3:30:10 PM File: C:\Program Files\Realtek\Audio\InstallShield\RTLCPL.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:10 PM File: C:\Program Files\Realtek\Audio\InstallShield\RTLCPL.exe not disinfected postponed
3/6/2009 3:30:10 PM File: C:\Program Files\Realtek\Audio\InstallShield\RtlUpd.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:10 PM File: C:\Program Files\Realtek\Audio\InstallShield\RtlUpd.exe not disinfected postponed
3/6/2009 3:30:11 PM File: C:\Program Files\Realtek\Audio\InstallShield\RtlUpd64.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:11 PM File: C:\Program Files\Realtek\Audio\InstallShield\RtlUpd64.exe not disinfected postponed
3/6/2009 3:30:11 PM File: C:\Program Files\Realtek\Audio\InstallShield\SkyTel.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:11 PM File: C:\Program Files\Realtek\Audio\InstallShield\SkyTel.exe not disinfected postponed
3/6/2009 3:30:11 PM File: C:\Program Files\Realtek\Audio\InstallShield\SoundMan.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:11 PM File: C:\Program Files\Realtek\Audio\InstallShield\SoundMan.exe not disinfected postponed
3/6/2009 3:30:28 PM File: C:\Program Files\Steam\steamapps\thirox_cs@hotmail.com\counter-strike\hlds.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:28 PM File: C:\Program Files\Steam\steamapps\thirox_cs@hotmail.com\counter-strike\hlds.exe not disinfected postponed
3/6/2009 3:30:39 PM File: C:\Program Files\Unlocker\Unlocker.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:39 PM File: C:\Program Files\Unlocker\Unlocker.exe not disinfected postponed
3/6/2009 3:30:39 PM File: C:\Program Files\VentriloMIX\TeamSpeakRC2 2.0.32.60.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:39 PM File: C:\Program Files\VentriloMIX\TeamSpeakRC2 2.0.32.60.exe not disinfected postponed
3/6/2009 3:30:40 PM File: C:\Program Files\VentriloMIX\Ventrilo 2.2.0.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:40 PM File: C:\Program Files\VentriloMIX\Ventrilo 2.2.0.exe not disinfected postponed
3/6/2009 3:30:40 PM File: C:\Program Files\VentriloMIX\Ventrilo 2.3.0.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:40 PM File: C:\Program Files\VentriloMIX\Ventrilo 2.3.0.exe not disinfected postponed
3/6/2009 3:30:40 PM File: C:\Program Files\VentriloMIX\VentriloMIX.exe detected virus 'Virus.Win32.Virut.ce'
3/6/2009 3:30:40 PM File: C:\Program Files\Ve
0
Réponse 18 / 25
totoche04 Messages postés 11 Statut Membre
 
no virus found pour dr.web donc pas de rapport après le scan d'avptool je pense qu'il a nettoyer pas mal de choses
0
Réponse 19 / 25
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Re, tu peux refaire un combofix stp
0
Réponse 20 / 25
totoche04 Messages postés 11 Statut Membre
 
Oui voila et encore merci pour ton aide

ComboFix 09-03-04.01 - Administrator 2009-03-06 17:33:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2304 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

[COLOR=RED] C:\WINDOWS\system32\spoolsv.exe . . . is infected!![/COLOR]

[COLOR=RED] C:\WINDOWS\explorer.exe . . . is infected!![/COLOR]

[COLOR=RED] C:\WINDOWS\system32\spoolsv.exe . . . is infected!![/COLOR]

[COLOR=RED] C:\WINDOWS\explorer.exe . . . is infected!![/COLOR]

.
((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-06 17:29 . 2009-03-06 17:29 389,120 --a------ C:\WINDOWS\system32\CF18331.exe
2009-03-06 13:31 . 2009-03-06 13:31 <DIR> d-------- C:\WINDOWS\system32\xircom
2009-03-06 13:31 . 2009-03-06 13:31 <DIR> d-------- C:\Program Files\microsoft frontpage
2009-03-06 13:29 . 2009-03-06 13:29 <DIR> d-------- C:\WINDOWS\ERUNT
2009-03-06 13:29 . 2009-03-06 13:29 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2009-03-06 13:24 . 2009-03-06 13:41 <DIR> d-------- C:\SDFix
2009-03-06 12:59 . 2009-03-06 13:00 <DIR> d-------- C:\rsit
2009-03-06 12:59 . 2009-03-06 13:10 <DIR> d-------- C:\Program Files\trend micro
2009-03-06 12:19 . 2009-03-06 12:19 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2009-03-06 10:35 . 2009-03-06 10:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2009-03-06 10:34 . 2009-03-06 10:34 <DIR> d-------- C:\Program Files\EPSON
2009-03-06 10:34 . 2006-12-08 11:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2009-03-06 10:34 . 2006-04-19 11:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2009-03-06 10:34 . 2004-09-11 05:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2009-03-05 22:24 . 2009-03-05 22:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2009-03-05 22:24 . 2009-03-05 22:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-05 22:24 . 2009-03-05 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-05 22:24 . 2009-03-05 22:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-05 21:19 . 2009-03-06 16:12 <DIR> d-------- C:\Program Files\Steam
2009-03-05 13:33 . 2009-03-05 13:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2009-03-05 10:02 . 2009-03-05 10:02 100,514 --a------ C:\WINDOWS\system32\4D.tmp
2009-03-05 09:56 . 2009-03-05 09:56 84 --a------ C:\WINDOWS\system32\4B.tmp
2009-03-04 18:32 . 2009-03-04 18:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avira
2009-03-04 18:27 . 2009-03-04 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Octoshape
2009-03-04 15:01 . 2009-03-04 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-03-04 14:55 . 2009-03-04 14:55 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2009-03-04 14:55 . 2009-03-04 14:55 <DIR> d-------- C:\Program Files\Adobe Media Player
2009-03-04 14:50 . 2009-03-04 14:50 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2009-03-04 14:49 . 2009-03-04 14:54 <DIR> d-------- C:\Program Files\Common Files\Adobe
2009-03-04 12:46 . 2009-03-06 12:35 471,040 --a------ C:\war3.exe
2009-03-04 12:37 . 2009-03-05 22:39 <DIR> d-------- C:\Program Files\Warcraft III
2009-03-04 12:09 . 2009-03-04 12:11 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2009-03-04 12:08 . 2009-03-04 12:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2009-03-04 12:08 . 2009-03-04 12:08 <DIR> d-------- C:\Program Files\MSN Messenger
2009-03-04 12:02 . 2009-03-04 12:02 <DIR> d-------- C:\Program Files\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 00:27 --------- d-----w C:\Program Files\Garena
2009-03-07 00:03 769,536 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
2009-03-07 00:03 69,632 ----a-w C:\WINDOWS\NOTEPAD.EXE
2009-03-07 00:03 284,160 ----a-w C:\WINDOWS\winhlp32.exe
2009-03-07 00:03 170,496 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
2009-03-07 00:03 146,944 ----a-w C:\WINDOWS\regedit.exe
2009-03-07 00:03 11,264 ----a-w C:\WINDOWS\hh.exe
2009-03-06 20:33 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe
2009-03-06 20:33 5,632 ----a-w C:\WINDOWS\system32\write.exe
2009-03-06 20:33 5,632 ----a-w C:\WINDOWS\system32\winver.exe
2009-03-06 20:33 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
2009-03-06 20:33 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe
2009-03-06 20:33 30,720 ----a-w C:\WINDOWS\system32\xcopy.exe
2009-03-06 20:33 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2009-03-06 20:33 119,808 ----a-w C:\WINDOWS\system32\winmine.exe
2009-03-06 20:33 11,776 ----a-w C:\WINDOWS\system32\winmsd.exe
2009-03-06 20:33 11,264 ----a-w C:\WINDOWS\system32\wpnpinst.exe
2009-03-06 20:31 9,728 ----a-w C:\WINDOWS\system32\sfc.exe
2009-03-06 20:30 9,216 ----a-w C:\WINDOWS\system32\proxycfg.exe
2009-03-06 20:29 98,304 ----a-w C:\WINDOWS\system32\makecab.exe
2009-03-06 20:28 9,216 ----a-w C:\WINDOWS\system32\finger.exe
2009-03-06 20:27 98,304 ----a-w C:\WINDOWS\system32\ahui.exe
2009-03-06 20:22 95,744 ----a-w C:\WINDOWS\system32\scardsvr.exe
2009-03-06 20:21 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2009-03-06 20:21 1,051,136 ----a-w C:\WINDOWS\explorer.exe
2009-03-05 17:54 50,968 ----a-w C:\WINDOWS\system32\avgfwdx.dll
2009-03-05 17:54 325,128 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2009-03-05 17:54 29,208 ----a-w C:\WINDOWS\system32\drivers\avgfwdx.sys
2009-03-05 17:54 12,552 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys
2009-03-05 17:54 107,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2009-03-05 17:54 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2009-03-05 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2009-03-05 09:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2009-03-04 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2009-03-04 17:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ventrilo
2009-03-04 17:32 --------- d-----w C:\Program Files\AVG
2009-03-04 17:26 --------- d-----w C:\Program Files\AMD
2009-03-04 17:19 --------- d-----w C:\Program Files\AskSearch
2009-03-04 17:19 --------- d-----w C:\Program Files\AskBarDis
2009-03-04 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2009-03-04 17:18 --------- d-----w C:\Program Files\Vuze
2009-03-04 17:18 --------- d-----w C:\Program Files\Common Files\i4j_jres
2009-03-04 17:15 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2009-03-04 17:15 --------- d-----w C:\Program Files\DAEMON Tools Lite
2009-03-04 17:11 --------- d-----w C:\Program Files\NVIDIA Corporation
2009-03-04 17:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2009-03-04 17:10 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2009-03-04 17:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2009-03-04 17:09 --------- d-----w C:\Program Files\OO Software
2009-03-04 17:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-03-04 17:08 --------- d-----w C:\Program Files\Realtek
2009-03-04 17:07 --------- d-----w C:\Program Files\VentriloMIX
2009-03-04 17:00 --------- d-----w C:\Program Files\Unlocker
2009-03-04 17:00 --------- d-----w C:\Program Files\Microsoft PowerToys
2009-03-04 17:00 --------- d-----w C:\Program Files\HashTab Shell Extension
2009-02-09 18:56 67,584 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-12-30 11:29 453,152 ------w C:\WINDOWS\system32\nvusmb.exe
2008-12-30 11:29 122,880 ----a-w C:\WINDOWS\system32\NVCOSMB.DLL
2008-12-30 04:52 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-12-30 04:52 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-12-30 04:52 140,288 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-12-11 00:33 86,016 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-12-07 18:08 795,648 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w C:\WINDOWS\system32\xvidvfw.dll
.

------- Sigcheck -------

2008-12-29 20:52 361600 5ae1c2695f6523ad98b948f2887d8c5e C:\WINDOWS\system32\drivers\tcpip.sys

2009-03-06 12:21 1051136 2c67e09df367f78920b09effe0a2293e C:\WINDOWS\explorer.exe

2009-03-06 12:22 32768 fd5b45c2bb6f77d4457bd233574679f0 C:\WINDOWS\system32\ctfmon.exe

2009-03-06 12:22 75264 86b7f9391acb432de4a4a7990f7df275 C:\WINDOWS\system32\spoolsv.exe

2009-03-06 12:22 26112 d74bd6587b7e038992c9ae10f0511115 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 18:40 333192 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 18:40 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 18:40 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 07:02 490952]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2009-03-06 12:22 32768]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"Octoshape Streaming Services"="C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-12 05:42 70936]
"Steam"="c:\program files\steam\steam.exe" [2009-03-05 21:19 1410296]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 11:43 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2009-03-06 12:21 33280]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-08-15 23:22 13570048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-08-15 23:22 86016]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-06-28 23:01 2512128]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2009-03-06 12:20 77824]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-03-05 09:54 1601304]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 13:28 266497]
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 07:58 611712]
"nwiz"="nwiz.exe" [2008-08-15 23:22 1657376 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-06 12:22 16874496 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 02:00 99840 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 09:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-05 09:54 10520 C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
0

Discussions similaires

win32:virut
mathieu12345 -
Destrio5 -

19 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses