Analyse de Combofix

Résolu
dejavu3419 Messages postés 87 Date d'inscription   Statut Membre Dernière intervention   -  
 Utilisateur anonyme -
Bonjour,

Je viens de faire un scan avec Combofix dont le log ainsi que le rapport des fichiers quarantinés ci-dessous. Qq'un remarque une signe de défaillance ou la nécessité de faire un autre ajustements?

Voici le log:

ComboFix 11-12-03.01 - oem 03.12.2011 14:52:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1502.1111 [GMT 2:00]
Running from: c:\documents and settings\oem\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
[i] ADS - WINDOWS: deleted 192 bytes in 1 streams. /i
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\oem\Application Data\PriceGong
c:\documents and settings\oem\Application Data\PriceGong\Data\1.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\2350.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\450.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\a.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\b.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\c.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\d.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\e.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\f.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\g.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\h.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\i.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\j.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\k.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\l.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\m.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\oem\Application Data\PriceGong\Data\n.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\o.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\p.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\q.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\r.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\s.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\t.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\u.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\v.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\w.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\x.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\y.txt
c:\documents and settings\oem\Application Data\PriceGong\Data\z.txt
C:\install.exe
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{0F03B43F-DBEA-4821-AD2C-2BFE90BD1805}\RP55\A0056267.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 12:19 . 2011-12-03 12:27 -------- d-----w- C:\UsbFix
2011-11-30 23:00 . 2011-12-02 19:59 -------- d-----w- c:\documents and settings\oem\Application Data\DMCache
2011-11-30 23:00 . 2011-12-02 15:16 -------- d-----w- c:\documents and settings\oem\Application Data\IDM
2011-11-30 23:00 . 2011-11-30 23:00 -------- d-----w- c:\program files\Internet Download Manager
2011-11-30 22:48 . 2011-11-30 22:48 -------- d-----w- c:\documents and settings\oem\Application Data\ProgSense
2011-11-30 22:48 . 2011-11-30 22:52 -------- d-----w- C:\downloads
2011-11-30 22:48 . 2011-11-30 22:48 -------- d-----w- c:\documents and settings\oem\Application Data\GrabPro
2011-11-30 22:47 . 2011-11-30 22:58 -------- d-----w- c:\documents and settings\oem\Application Data\Orbit
2011-11-29 01:05 . 2011-11-29 01:05 -------- d-----w- c:\documents and settings\oem\Application Data\Tiffen
2011-11-29 01:03 . 2011-11-29 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Tiffen
2011-11-29 01:03 . 2011-11-29 01:03 -------- d-----w- c:\program files\Tiffen
2011-11-28 21:53 . 2011-11-28 21:53 -------- d-----w- c:\documents and settings\oem\Application Data\onOne Software
2011-11-28 21:44 . 2011-05-17 08:40 66560 ----a-w- c:\windows\system32\nlssrv32.exe
2011-11-28 21:44 . 2011-05-17 08:40 227840 ----a-w- c:\windows\system32\Deco_32.dll
2011-11-28 21:21 . 2011-11-28 21:21 -------- d-----w- c:\documents and settings\oem\Application Data\Alien Skin
2011-11-28 21:20 . 2011-11-28 21:20 -------- d-----w- c:\documents and settings\oem\Local Settings\Application Data\Alien Skin
2011-11-28 21:20 . 2011-11-28 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-11-28 21:15 . 2011-11-28 21:15 -------- d-----w- c:\program files\Alien Skin
2011-11-28 21:15 . 2011-11-28 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Alien Skin
2011-11-28 19:54 . 2011-11-28 19:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{36C464EA-C47D-4366-99A3-E7F497E996C9}
2011-11-28 19:53 . 2011-11-28 19:54 -------- d-----w- c:\program files\Common Files\Topaz Labs
2011-11-28 19:53 . 2011-11-28 19:53 -------- d-----w- c:\program files\Topaz Labs
2011-11-28 19:50 . 2011-11-28 19:50 -------- d-----w- c:\documents and settings\oem\Local Settings\Application Data\PackageAware
2011-11-28 18:45 . 2011-11-28 18:45 -------- d-----w- c:\documents and settings\oem\Local Settings\Application Data\realtech_VR
2011-11-28 18:40 . 2011-11-28 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\realtech VR
2011-11-28 18:28 . 2011-11-28 18:28 -------- d-----w- c:\program files\realtech VR
2011-11-28 15:24 . 2011-11-28 15:25 -------- d-----w- c:\windows\system32\Adobe
2011-11-20 18:16 . 2001-11-21 17:12 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-11-20 18:16 . 2001-11-21 17:12 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-11-20 18:16 . 2008-04-13 09:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-11-20 18:16 . 2008-04-13 09:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-11-20 18:05 . 2011-11-20 18:11 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-11-19 21:14 . 2011-11-19 21:14 -------- d-----w- c:\documents and settings\oem\Application Data\OpenCandy
2011-11-19 21:12 . 2011-11-20 13:00 -------- d-----w- c:\documents and settings\oem\Application Data\DAEMON Tools Lite
2011-11-19 21:12 . 2011-11-19 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2011-11-19 20:31 . 2011-11-19 20:31 -------- d-----w- c:\program files\Lavalys
2011-11-14 13:39 . 2011-07-06 13:14 101616 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-11-13 21:25 . 2011-11-13 21:25 -------- d-----w- c:\program files\Common Files\Spigot
2011-11-13 21:23 . 2011-11-27 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-11-13 21:23 . 2011-11-13 21:23 -------- d-----w- c:\program files\YouTube Downloader
2011-11-13 21:15 . 2011-11-13 21:15 -------- d-----w- c:\windows\Sun
2011-11-13 21:02 . 2011-11-13 21:02 -------- d-----w- c:\program files\Common Files\Java
2011-11-13 21:01 . 2011-11-13 21:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-13 21:01 . 2011-11-13 21:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-13 21:00 . 2011-11-13 21:00 -------- d-----w- c:\program files\Java
2011-11-12 12:19 . 2011-11-14 21:17 -------- d-----w- c:\documents and settings\oem\Application Data\Skype
2011-11-12 12:19 . 2011-11-12 12:20 -------- d-----r- c:\program files\Skype
2011-11-12 12:19 . 2011-11-12 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-11-03 21:19 . 2011-11-09 20:50 -------- d-----w- c:\documents and settings\oem\Application Data\Intelli-studio
2011-11-03 16:01 . 2011-11-11 23:12 -------- d-----w- c:\documents and settings\oem\Application Data\Adobe Mini Bridge CS5
2011-11-03 16:01 . 2011-11-03 16:01 -------- d-----w- c:\documents and settings\oem\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-11-03 15:58 . 2011-11-03 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-11-03 15:44 . 2011-11-03 15:44 -------- d-----w- c:\program files\Adobe Media Player
2011-11-03 15:40 . 2011-11-03 15:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 12:26 . 2011-12-03 12:26 7826942 ----a-w- C:\UsbFix_Upload_Me_XX-3Q9NHVVP84FC.zip
2011-10-06 18:49 . 2011-07-01 19:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-11 14:44 . 2011-07-01 18:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-05-09 1443072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 06:00 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-12-16 08:27 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-12-16 08:27 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:00 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [09.05.2008 06:42 33800]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [14.11.2011 15:39 101616]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [15.05.2008 23:53 472320]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [03.07.2011 23:19 36608]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 13:37 517096]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\AdobeAAMUpdater-1.0-XX-3Q9NHVVP84FC-oem.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-11-03 01:44]
.
.
------- Supplementary Scan -------
.
IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{91401DA5-BB67-400D-B42F-55D20E27FBEA}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\oem\Application Data\Mozilla\Firefox\Profiles\gc33k189.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-AutoStartNPSAgent - c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 15:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3216)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-03 15:04:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-03 13:04
.
Pre-Run: 8.092.020.736 bayt bo?
Post-Run: 8.000.774.144 bayt bo?
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 08F702A6102647120A592EC5BCC73CF6

Le rapport des fichiers quarantinés:

2011-12-03 13:03:52 . 2011-12-03 13:03:52 648 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-TkBellExe.reg.dat
2011-12-03 13:03:51 . 2011-12-03 13:03:51 664 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AutoStartNPSAgent.reg.dat
2011-12-03 13:03:33 . 2011-12-03 13:03:34 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NPSStartup.reg.dat
2011-12-03 13:03:32 . 2011-12-03 13:03:32 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-AdobeBridge.reg.dat
2011-12-03 12:56:14 . 2011-12-03 12:56:14 276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2011-12-03 12:56:07 . 2011-12-03 12:56:07 7,457 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-03 12:31:44 . 2011-12-03 12:46:26 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-07-20 14:06:48 . 2011-08-25 15:27:49 2,440 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\mru.xml.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 2,227 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\1.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 10,157 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\a.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 10,630 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\b.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 12,106 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\c.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 7,067 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\d.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 7,675 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\e.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 4,707 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\f.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 5,267 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\g.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 3,928 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\h.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 3,922 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\i.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 2,102 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\j.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 2,656 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\k.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 5,737 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\l.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 8,433 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\m.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 2,824 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\n.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 3,269 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\o.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 7,699 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\p.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 421 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\q.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 3,142 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\r.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 14,364 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\s.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 8,036 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\t.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 1,414 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\u.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 2,247 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\v.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 2,868 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\w.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 298 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\x.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 763 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\y.txt.vir
2011-07-17 22:16:10 . 2011-07-17 22:16:10 907 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\z.txt.vir
2011-07-04 20:20:57 . 2011-07-04 20:20:57 2,076 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\2229.txt.vir
2011-07-04 19:23:51 . 2011-07-04 19:23:51 520 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\2350.txt.vir
2011-07-04 19:23:45 . 2011-07-15 18:20:24 1,844 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\450.txt.vir
2011-06-29 07:25:58 . 2011-07-20 13:47:54 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\oem\Application Data\PriceGong\Data\wlu.txt.vir
2008-04-14 06:00:56 . 2008-04-14 06:00:56 26,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir
2007-11-07 06:03:18 . 2007-11-07 06:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir

Merci


A voir également:

55 réponses

Précédent
Réponse 41 / 55
dejavu3419
 
Toute a l'heure j'etais en train d'installer online armor,
j'ai eu comme message IDStore.dll missing. Comment on pourrait remedier a ça?
0
Réponse 42 / 55
Utilisateur anonyme
 
oui qui te donnait ce message ?
0
Réponse 43 / 55
dejavu3419 Messages postés 87 Date d'inscription   Statut Membre Dernière intervention  
 
Salut,

C'est online armor qui a passé une boite de dialogue contenant ce message.
0
Réponse 44 / 55
Utilisateur anonyme
 
il t'a donné que le nom du fichiel ou le chemmin avec ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 55
dejavu3419 Messages postés 87 Date d'inscription   Statut Membre Dernière intervention  
 
Je viens de relancer l'installation pour verifier s'il parle du chemin mais il en dit rien.
Par ailleurs, cette fois-ci, il a affiché le dialogue de meme type mais avec un autre fichier dll qui manque.
" The program can't start because msctfp.dll is missing from your computer."
0
Réponse 46 / 55
Utilisateur anonyme
 
d'ailleurs je ne comprends pas Nod32 ne contient pas deja un parefeu ?
0
Réponse 47 / 55
dejavu3419 Messages postés 87 Date d'inscription   Statut Membre Dernière intervention  
 
Si, il en a un parefeu Nod32.

Mais je me demande, si ces fichiers qui manquent poseraient d'autres probleme dans le futur.
0
Réponse 48 / 55
dejavu3419 Messages postés 87 Date d'inscription   Statut Membre Dernière intervention  
 
Qu'est-ce que tu penses si je restore le systeme a une date inferieure et faire les procdures de desinfection a nouveau?
0
Réponse 49 / 55
Utilisateur anonyme
 
non salut

desole pour l attente

je pense que c est nod32 qui empechait l 'installe correcte de onbline Armor (au final tu n'en as pas besoin :) )
0
Réponse 50 / 55
dejavu3419 Messages postés 87 Date d'inscription   Statut Membre Dernière intervention  
 
Salut,

Par contre, apparamment y a encore des virus dans l'ordi. Online armor a constaté des " physical drive, 0,1,2,3.. ainsi de suite une dizaine.

Je fais quoi?
0
Réponse 51 / 55
Utilisateur anonyme
 
ben là dit comme ca je ne comprends pas

tu peux faire une capture ?
0
Réponse 52 / 55
dejavu3419 Messages postés 87 Date d'inscription   Statut Membre Dernière intervention  
 
Je pense apparemment pas possible, online armor les a bloqué, ils sont cachés quelques parts.
0
Réponse 53 / 55
Utilisateur anonyme
 
je ne comprends pas ce que tu veux dire
0
Réponse 54 / 55
dejavu3419 Messages postés 87 Date d'inscription   Statut Membre Dernière intervention  
 
Je m'explique,

Online armor a affiché une boite de dialogue disant si je voulais permettre ces fichier nommés " physicaldrive0, physicaldrive1, ainsi de suite" de s'activer dans mon ordi."
J'ai choisi "NON", depuis ils sont pas doigtés par online armor.
J'ai surfé un peu sur google et apparemment ceux sont des virus, malware etc.
0
Réponse 55 / 55
Utilisateur anonyme
 
tu as rebranché des trucs sur usb qui viennent d'on sait pas où ?
0

Discussions similaires

" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Échec de l'analyse anti virus.
alice1414 -
bazfile -

3 réponses
Huawei P8 Lite "nouveau tag ajouté"
ArianeKathleen -
Mn -

25 réponses
Nouveau tag ajouté - Utilité
Eerfers -
madmyke -

1 réponse