Sujet Précédent Sujet Suivant

Conhook-AW

Fermé
papasiam - 13 oct. 2007 à 10:40
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 22 oct. 2007 à 22:50
Bonjour, salut
j'ai un souci mon PC est infecté par des viruss genre conhook-aw win32 ou encore agent LBX et autre virus
malgré la réinstallation de windows et le formage du disque système les virus sont toujours présent que faire?
si le PC est hors connexion rien ne se produit mais dès que je suis online avast pète un plomb.
aidez moi s'ilvous plait
A voir également:
  • Conhook-AW
  • Aw cleaner - Télécharger - Antivirus & Antimalwares

43 réponses

Précédent
Réponse 21 / 43
papasiam
17 oct. 2007 à 18:57
Bonjour,
plateforme windows XP version 2002



rapport bitfender



BitDefender Online Scanner



Scan report generated at: Wed, Oct 17, 2007 - 18:34:15





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
00:12:29

Files
48643

Folders
1368

Boot Sectors
4

Archives
707

Packed Files
2602




Results

Identified Viruses
21

Infected Files
77

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
74




Engines Info

Virus Definitions
827053

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\ZitöuN\Bureau\catchme.zip=>awvvs.dll
Detected with: Adware.Virtumonde.GGX

C:\Documents and Settings\ZitöuN\Bureau\catchme.zip=>awvvs.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\catchme.zip=>awvvs.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\catchme.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awtqnnk.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awtqnnk.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awtqnnk.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awvtqrr.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awvtqrr.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awvtqrr.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/ddabbay.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/ddabbay.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/ddabbay.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/explorer.exe
Infected with: Backdoor.IrcBot.HA

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/explorer.exe
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/explorer.exe
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/Isass.exe
Infected with: Backdoor.Irc.Sdbot.KC

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/Isass.exe
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/Isass.exe
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/jkhfgfe.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/jkhfgfe.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/jkhfgfe.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/mljjggd.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/mljjggd.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/mljjggd.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/movedfile.ren
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/movedfile.ren
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/movedfile.ren
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/myphotos.zip=>img0919.jpg-www.photoalbums.com
Infected with: Win32.Worm.Agent.PYK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/myphotos.zip=>img0919.jpg-www.photoalbums.com
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/myphotos.zip=>img0919.jpg-www.photoalbums.com
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/myphotos.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/NOTEPAD.exe
Infected with: Trojan.Peed.Gen

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/NOTEPAD.exe
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/NOTEPAD.exe
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/pmnljkk.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/pmnljkk.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/pmnljkk.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/services.exe
Infected with: Win32.Worm.Agent.PYK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/services.exe
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/services.exe
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/spooIsv.exe
Infected with: DeepScan:Generic.Sdbot.75617447

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/spooIsv.exe
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/spooIsv.exe
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vtsqpmn.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vtsqpmn.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vtsqpmn.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vturpmn.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vturpmn.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vturpmn.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Local Settings\Temporary Internet Files\Content.IE5\TS90PZWH\valera[1]
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\ZitöuN\Local Settings\Temporary Internet Files\Content.IE5\TS90PZWH\valera[1]
Disinfection failed

C:\Documents and Settings\ZitöuN\Local Settings\Temporary Internet Files\Content.IE5\TS90PZWH\valera[1]
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\awvvs.dll.vir
Detected with: Adware.Virtumonde.GGX

C:\qoobox\Quarantine\C\WINDOWS\system32\awvvs.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\awvvs.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ojwjqywd.exe.vir
Infected with: Trojan.Clicker.Agent.NP

C:\qoobox\Quarantine\C\WINDOWS\system32\ojwjqywd.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ojwjqywd.exe.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\vtsqr.exe.vir
Infected with: Trojan.Vundo.CQ

C:\qoobox\Quarantine\C\WINDOWS\system32\vtsqr.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\vtsqr.exe.vir
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003442.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003442.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003442.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003447.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003447.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003447.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003448.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003448.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003448.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003449.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003449.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003449.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003450.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003450.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003450.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003451.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003451.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003451.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003452.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003452.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003452.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003453.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003453.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003453.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003459.exe
Infected with: Win32.Worm.Agent.PYK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003459.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003459.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003460.exe
Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003460.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003460.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003461.exe
Infected with: Backdoor.IrcBot.HA

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003461.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003461.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003462.exe
Infected with: Backdoor.Irc.Sdbot.KC

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003462.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003462.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003463.exe
Infected with: DeepScan:Generic.Sdbot.75617447

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003463.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003463.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003464.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003464.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003464.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003473.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003473.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003473.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003474.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003474.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003474.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003475.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003475.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003475.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003477.exe
Infected with: Backdoor.IrcBot.HA

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003477.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003477.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003478.exe
Infected with: Backdoor.Irc.Sdbot.KC

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003478.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003478.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003479.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003479.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003479.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003481.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003481.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003481.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003483.exe
Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003483.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003483.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003484.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003484.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003484.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003487.exe
Infected with: Win32.Worm.Agent.PYK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003487.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003487.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003488.exe
Infected with: DeepScan:Generic.Sdbot.75617447

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003488.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003488.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003489.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003489.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003489.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003490.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003490.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003490.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003519.exe
Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003519.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003519.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003525.exe
Infected with: Trojan.Vundo.CQ

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003525.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003525.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003526.exe
Infected with: Trojan.Clicker.Agent.NP

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003526.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003526.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003528.dll
Detected with: Adware.Virtumonde.GGX

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003528.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003528.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003536.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003536.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003536.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0004539.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0004539.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0004539.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005540.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005540.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005540.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005560.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005560.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005560.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005571.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005571.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005571.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0006571.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0006571.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0006571.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007571.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007571.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007571.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007588.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007588.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007588.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007602.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007602.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007602.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007618.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007618.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007618.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007625.exe
Infected with: DeepScan:Generic.Sdbot.8D95A9B2

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007625.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007625.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0009629.dll
Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0009629.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0009629.dll
Deleted

C:\WINDOWS\system32\ccwd.exe
Infected with: DeepScan:Generic.Sdbot.E66AA03A

C:\WINDOWS\system32\ccwd.exe
Disinfection failed

C:\WINDOWS\system32\ccwd.exe
Delete failed

C:\WINDOWS\system32\dllcache\frehost.exe
Infected with: Backdoor.SdBot.DEXI

C:\WINDOWS\system32\dllcache\frehost.exe
Deleted

C:\WINDOWS\system32\hmm.exe
Infected with: Backdoor.RBot.XII

C:\WINDOWS\system32\hmm.exe
Disinfection failed

C:\WINDOWS\system32\hmm.exe
Deleted

C:\WINDOWS\system32\mzjr.exe
Infected with: Backdoor.Irc.Sdbot.KC

C:\WINDOWS\system32\mzjr.exe
Disinfection failed

C:\WINDOWS\system32\mzjr.exe
Deleted

C:\WINDOWS\system32\psure.exe
Infected with: DeepScan:Generic.Malware.I!FMBg.4354F436

C:\WINDOWS\system32\psure.exe
Disinfection failed

C:\WINDOWS\system32\psure.exe
Deleted

C:\WINDOWS\system32\rdriv.sys
Infected with: Trojan.Rootkit.L

C:\WINDOWS\system32\rdriv.sys
Disinfection failed

C:\WINDOWS\system32\rdriv.sys
Deleted

C:\WINDOWS\system32\re1.exe
Infected with: Trojan.Peed.Gen

C:\WINDOWS\system32\re1.exe
Disinfection failed

C:\WINDOWS\system32\re1.exe
Deleted

C:\WINDOWS\system32\sstqp.dll
Detected with: Adware.Virtumonde.GGX

C:\WINDOWS\system32\sstqp.dll
Disinfection failed

C:\WINDOWS\system32\sstqp.dll
Delete failed

C:\WINDOWS\system32\windowsys.com
Infected with: DeepScan:Generic.Sdbot.1DEB6006

C:\WINDOWS\system32\windowsys.com
Disinfection failed

C:\WINDOWS\system32\windowsys.com
Deleted

C:\WINDOWS\system32\yfoy.exe
Infected with: Trojan.Dropper.Sramler.C

C:\WINDOWS\system32\yfoy.exe
Deleted

C:\WINDOWS\xyk.exe
Infected with: Backdoor.RBot.XII

C:\WINDOWS\xyk.exe
Disinfection failed

C:\WINDOWS\xyk.exe
Delete failed

C:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Infected with: DeepScan:Generic.Sdbot.1DEB6006

C:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Disinfection failed

C:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Deleted

D:\_OTMoveIt\MovedFiles\WINDOWS\System32\msms.exe
Infected with: DeepScan:Generic.Sdbot.8D95A9B2

D:\_OTMoveIt\MovedFiles\WINDOWS\System32\msms.exe
Disinfection failed

D:\_OTMoveIt\MovedFiles\WINDOWS\System32\msms.exe
Deleted

D:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Infected with: DeepScan:Generic.Sdbot.1DEB6006

D:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Disinfection failed

D:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Deleted




sinon kerio detecte




C:\WINDOWS\xyk.exe

une fentre s'ouvre encore et encore des que je la ferme
avast vient de la detecte win32:trojan-gen {other}
0
Réponse 22 / 43
Utilisateur anonyme
17 oct. 2007 à 18:58
Bonjour,
plateforme windows XP version 2002



rapport bitfender



BitDefender Online Scanner



Scan report generated at: Wed, Oct 17, 2007 - 18:34:15





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
00:12:29

Files
48643

Folders
1368

Boot Sectors
4

Archives
707

Packed Files
2602




Results

Identified Viruses
21

Infected Files
77

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
74




Engines Info

Virus Definitions
827053

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\ZitöuN\Bureau\catchme.zip=>awvvs.dll
Detected with: Adware.Virtumonde.GGX

C:\Documents and Settings\ZitöuN\Bureau\catchme.zip=>awvvs.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\catchme.zip=>awvvs.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\catchme.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awtqnnk.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awtqnnk.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awtqnnk.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awvtqrr.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awvtqrr.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/awvtqrr.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/ddabbay.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/ddabbay.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/ddabbay.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/explorer.exe
Infected with: Backdoor.IrcBot.HA

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/explorer.exe
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/explorer.exe
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/Isass.exe
Infected with: Backdoor.Irc.Sdbot.KC

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/Isass.exe
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/Isass.exe
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/jkhfgfe.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/jkhfgfe.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/jkhfgfe.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/mljjggd.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/mljjggd.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/mljjggd.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/movedfile.ren
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/movedfile.ren
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/movedfile.ren
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/myphotos.zip=>img0919.jpg-www.photoalbums.com
Infected with: Win32.Worm.Agent.PYK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/myphotos.zip=>img0919.jpg-www.photoalbums.com
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/myphotos.zip=>img0919.jpg-www.photoalbums.com
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/myphotos.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/NOTEPAD.exe
Infected with: Trojan.Peed.Gen

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/NOTEPAD.exe
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/NOTEPAD.exe
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/pmnljkk.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/pmnljkk.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/pmnljkk.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/services.exe
Infected with: Win32.Worm.Agent.PYK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/services.exe
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/services.exe
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/spooIsv.exe
Infected with: DeepScan:Generic.Sdbot.75617447

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/spooIsv.exe
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/spooIsv.exe
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vtsqpmn.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vtsqpmn.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vtsqpmn.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vturpmn.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vturpmn.dll
Disinfection failed

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip=>backups/vturpmn.dll
Deleted

C:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\ZitöuN\Local Settings\Temporary Internet Files\Content.IE5\TS90PZWH\valera[1]
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\ZitöuN\Local Settings\Temporary Internet Files\Content.IE5\TS90PZWH\valera[1]
Disinfection failed

C:\Documents and Settings\ZitöuN\Local Settings\Temporary Internet Files\Content.IE5\TS90PZWH\valera[1]
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\awvvs.dll.vir
Detected with: Adware.Virtumonde.GGX

C:\qoobox\Quarantine\C\WINDOWS\system32\awvvs.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\awvvs.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ojwjqywd.exe.vir
Infected with: Trojan.Clicker.Agent.NP

C:\qoobox\Quarantine\C\WINDOWS\system32\ojwjqywd.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ojwjqywd.exe.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\vtsqr.exe.vir
Infected with: Trojan.Vundo.CQ

C:\qoobox\Quarantine\C\WINDOWS\system32\vtsqr.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\vtsqr.exe.vir
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003442.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003442.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003442.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003447.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003447.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003447.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003448.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003448.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003448.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003449.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003449.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003449.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003450.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003450.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003450.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003451.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003451.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003451.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003452.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003452.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003452.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003453.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003453.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003453.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003459.exe
Infected with: Win32.Worm.Agent.PYK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003459.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003459.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003460.exe
Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003460.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003460.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003461.exe
Infected with: Backdoor.IrcBot.HA

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003461.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003461.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003462.exe
Infected with: Backdoor.Irc.Sdbot.KC

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003462.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003462.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003463.exe
Infected with: DeepScan:Generic.Sdbot.75617447

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003463.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003463.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003464.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003464.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003464.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003473.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003473.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003473.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003474.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003474.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003474.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003475.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003475.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003475.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003477.exe
Infected with: Backdoor.IrcBot.HA

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003477.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003477.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003478.exe
Infected with: Backdoor.Irc.Sdbot.KC

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003478.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003478.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003479.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003479.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003479.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003481.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003481.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003481.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003483.exe
Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003483.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003483.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003484.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003484.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003484.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003487.exe
Infected with: Win32.Worm.Agent.PYK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003487.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003487.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003488.exe
Infected with: DeepScan:Generic.Sdbot.75617447

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003488.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003488.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003489.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003489.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003489.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003490.dll
Infected with: Trojan.Downloader.Conhook.AK

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003490.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003490.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003519.exe
Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003519.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP6\A0003519.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003525.exe
Infected with: Trojan.Vundo.CQ

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003525.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003525.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003526.exe
Infected with: Trojan.Clicker.Agent.NP

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003526.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003526.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003528.dll
Detected with: Adware.Virtumonde.GGX

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003528.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003528.dll
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003536.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003536.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP7\A0003536.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0004539.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0004539.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0004539.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005540.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005540.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005540.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005560.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005560.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005560.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005571.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005571.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0005571.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0006571.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0006571.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0006571.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007571.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007571.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007571.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007588.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007588.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007588.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007602.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007602.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP8\A0007602.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007618.sys
Infected with: Trojan.Rootkit.L

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007618.sys
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007618.sys
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007625.exe
Infected with: DeepScan:Generic.Sdbot.8D95A9B2

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007625.exe
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0007625.exe
Deleted

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0009629.dll
Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0009629.dll
Disinfection failed

C:\System Volume Information\_restore{13CE2BE8-4FF5-4594-A4B3-E3F276F99F80}\RP9\A0009629.dll
Deleted

C:\WINDOWS\system32\ccwd.exe
Infected with: DeepScan:Generic.Sdbot.E66AA03A

C:\WINDOWS\system32\ccwd.exe
Disinfection failed

C:\WINDOWS\system32\ccwd.exe
Delete failed

C:\WINDOWS\system32\dllcache\frehost.exe
Infected with: Backdoor.SdBot.DEXI

C:\WINDOWS\system32\dllcache\frehost.exe
Deleted

C:\WINDOWS\system32\hmm.exe
Infected with: Backdoor.RBot.XII

C:\WINDOWS\system32\hmm.exe
Disinfection failed

C:\WINDOWS\system32\hmm.exe
Deleted

C:\WINDOWS\system32\mzjr.exe
Infected with: Backdoor.Irc.Sdbot.KC

C:\WINDOWS\system32\mzjr.exe
Disinfection failed

C:\WINDOWS\system32\mzjr.exe
Deleted

C:\WINDOWS\system32\psure.exe
Infected with: DeepScan:Generic.Malware.I!FMBg.4354F436

C:\WINDOWS\system32\psure.exe
Disinfection failed

C:\WINDOWS\system32\psure.exe
Deleted

C:\WINDOWS\system32\rdriv.sys
Infected with: Trojan.Rootkit.L

C:\WINDOWS\system32\rdriv.sys
Disinfection failed

C:\WINDOWS\system32\rdriv.sys
Deleted

C:\WINDOWS\system32\re1.exe
Infected with: Trojan.Peed.Gen

C:\WINDOWS\system32\re1.exe
Disinfection failed

C:\WINDOWS\system32\re1.exe
Deleted

C:\WINDOWS\system32\sstqp.dll
Detected with: Adware.Virtumonde.GGX

C:\WINDOWS\system32\sstqp.dll
Disinfection failed

C:\WINDOWS\system32\sstqp.dll
Delete failed

C:\WINDOWS\system32\windowsys.com
Infected with: DeepScan:Generic.Sdbot.1DEB6006

C:\WINDOWS\system32\windowsys.com
Disinfection failed

C:\WINDOWS\system32\windowsys.com
Deleted

C:\WINDOWS\system32\yfoy.exe
Infected with: Trojan.Dropper.Sramler.C

C:\WINDOWS\system32\yfoy.exe
Deleted

C:\WINDOWS\xyk.exe
Infected with: Backdoor.RBot.XII

C:\WINDOWS\xyk.exe
Disinfection failed

C:\WINDOWS\xyk.exe
Delete failed

C:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Infected with: DeepScan:Generic.Sdbot.1DEB6006

C:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Disinfection failed

C:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Deleted

D:\_OTMoveIt\MovedFiles\WINDOWS\System32\msms.exe
Infected with: DeepScan:Generic.Sdbot.8D95A9B2

D:\_OTMoveIt\MovedFiles\WINDOWS\System32\msms.exe
Disinfection failed

D:\_OTMoveIt\MovedFiles\WINDOWS\System32\msms.exe
Deleted

D:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Infected with: DeepScan:Generic.Sdbot.1DEB6006

D:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Disinfection failed

D:\_OTMoveIt\MovedFiles\WINDOWS\windowsys.com
Deleted




sinon kerio detecte




C:\WINDOWS\xyk.exe

une fentre s'ouvre encore et encore des que je la ferme
avast vient de la detecte win32:trojan-gen {other}


sinon un autre antivirus autre que avast et gratuit??????????????????
0
Réponse 23 / 43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
17 oct. 2007 à 19:11
bonsoir papasiam,

fais ceci :

Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
puis
tu redemarre le pc et click droit post de travail puis,
propriété, tu clique sur onglet restauration système
tu décoche la case désactiver la restauration et applique

apres :

nettoie tes fichiers temporaires avec ceci : atf cleaner, regarde le tuto...

https://freewares-tutos.blogspot.com/2006/10/atf-cleaner.html

et :

anti virus : antivir

https://www.malekal.com/avira-free-security-antivirus-gratuit/

telecharge le mais ne l´installe pas de suite et regarde bien le tutorial, imprime le si possible.

deconnecte toi du net et desinstale avast par le panneau de configuration

instal antivir en suivant le tutoriel de malekal morte.

au moment de faire la mise a jour de la base viral reconnect toi au net

et fais un scan complet de ton pc avec et post le rapport une fois terminé...
0
Réponse 24 / 43
papasiam
17 oct. 2007 à 21:29
Bonjour,
AntiVir PersonalEdition Classic
Report file date: mercredi 17 octobre 2007 21:16

Scanning for 887614 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: ZitöuN
Computer name: HOMESWEETHOME

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.91 687104 Bytes 16/10/2007 19:13:44
ANTIVIR3.VDF : 7.0.0.101 52736 Bytes 17/10/2007 19:13:44
AVEWIN32.DLL : 7.6.0.23 2753024 Bytes 17/10/2007 19:13:44
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 17 octobre 2007 21:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SATARaid.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'ccwd.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\System32\ccwd.exe'
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'sstray.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'ccwd.exe' has been terminated
C:\WINDOWS\System32\ccwd.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.538196
[INFO] The file was moved to '478d6001.qua'!

33 processes with 32 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\uvppdsob.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\uvppdsob.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\VundoFix Backups\gebcyxx.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47786040.qua'!
C:\VundoFix Backups\pmnoljj.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4784604a.qua'!
C:\VundoFix Backups\tuvutuv.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '478c6059.qua'!
C:\VundoFix Backups\tuvvsst.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '478c6060.qua'!
C:\WINDOWS\system32\bfgfuxg.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.34816
[INFO] The file was moved to '477d60b6.qua'!
C:\WINDOWS\system32\gebcyxx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\lrzwr.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '479060e1.qua'!
C:\WINDOWS\system32\pgbinuea.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\sstqp.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\uvppdsob.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
Begin scan in 'D:\'
Begin scan in 'A:\'
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: mercredi 17 octobre 2007 21:23
Used time: 07:32 min

The scan has been done completely.

1264 Scanning directories
39109 Files were scanned
12 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
39097 Files not concerned
715 Archives were scanned
6 Warnings
0 Notes

et voila
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
17 oct. 2007 à 21:52
on continue

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\uvppdsob.dll
C:\WINDOWS\system32\gebcyxx.dll
C:\WINDOWS\system32\pgbinuea.dll
C:\WINDOWS\system32\sstqp.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

post un nouveau un hijack this aussi
0
Réponse 26 / 43
papasiam
18 oct. 2007 à 09:58
Bonjour,
File/Folder C:\WINDOWS\system32\uvppdsob.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\gebcyxx.dll
C:\WINDOWS\system32\gebcyxx.dll NOT unregistered.
C:\WINDOWS\system32\gebcyxx.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\pgbinuea.dll
C:\WINDOWS\system32\pgbinuea.dll NOT unregistered.
C:\WINDOWS\system32\pgbinuea.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\sstqp.dll scheduled to be moved on reboot.
File/Folder not found.

Created on 10/18/2007 09:50:28




et


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53:05, on 18/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7DDFEDA0-0A0E-4EC6-ADEE-22B582202A3F} - C:\WINDOWS\System32\sstqp.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\pgbinuea.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\iikemcij.dll
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\System32\gebcyxx.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\iikemcij.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Insecure] ccwd.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\uvppdsob.dll",sitypnow
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Windows Insecure] ccwd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Insecure] ccwd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SATARaid.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: c_1tat - c_1tat.dll (file missing)
O20 - Winlogon Notify: iikemcij - C:\WINDOWS\SYSTEM32\iikemcij.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe (file missing)
0
Réponse 27 / 43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
18 oct. 2007 à 11:10
bonjour

corriace ton infection ;-(

* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\System32\sstqp.dll
C:\WINDOWS\System32\iikemcij.dll
C:\WINDOWS\SYSTEM32\iikemcij.dll
C:\WINDOWS\system32\uvppdsob.dll
C:\WINDOWS\system32\gebcyxx.dll
C:\WINDOWS\system32\pgbinuea.dll

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix

tu ne peux pas retirer le bip d´antivir...

post un nouveau hijack this avec le rapport vundo des que tu as fini.
0
Réponse 28 / 43
papasiam
18 oct. 2007 à 11:40
Bonjour,
pas de rapport pour VundoFix cela dit kerio a arrété de detecte les fichiers que tu m'as fait ajoutés




hijackthis




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:41, on 18/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8942E16B-EA5C-4800-9E92-B600B3A54D64} - C:\WINDOWS\System32\sstqp.dll (file missing)
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\System32\gebcyxx.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Insecure] ccwd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Windows Insecure] ccwd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Insecure] ccwd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SATARaid.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: c_1tat - c_1tat.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe (file missing)
0
Réponse 29 / 43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
18 oct. 2007 à 12:01
re,

ok on avance

avec hijack this coche et fix les lignes ci dessous:

O2 - BHO: (no name) - {8942E16B-EA5C-4800-9E92-B600B3A54D64} - C:\WINDOWS\System32\sstqp.dll (file missing)
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\System32\gebcyxx.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Windows Insecure] ccwd.exe
O4 - HKLM\..\RunServices: [Windows Insecure] ccwd.exe
O4 - HKCU\..\Run: [Windows Insecure] ccwd.exe
O20 - Winlogon Notify: c_1tat - c_1tat.dll (file missing)
O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe (file missing)

click sur demarrer, sur execute, puis dans la boite de dialogue tape : services.msc et ok dans la nouvelle fenetre des services recherche ce service et arrete le : NOTEPAD

avec ot_move it :

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\System32\ccwd.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

post le rapport de ot_move it et un nouveau hijack this stp
0
Réponse 30 / 43
papasiam
18 oct. 2007 à 12:11
Bonjour,


File/Folder C:\WINDOWS\System32\ccwd.exe not found.

Created on 10/18/2007 12:09:34



et



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:01, on 18/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\OTMoveIt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SATARaid.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
0
Réponse 31 / 43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
18 oct. 2007 à 12:13
File/Folder C:\WINDOWS\System32\ccwd.exe not found...

et qu´est ce que je dois deviner?
0
Réponse 32 / 43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
18 oct. 2007 à 12:15
ca y est j´ai vu ;-) merci
0
Réponse 33 / 43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
18 oct. 2007 à 12:25
oui enfin...

il faudrait refaire un scan en ligne, car vu comme tu etais infecté on est jamais trop prudent.

https://www.bitdefender.com/toolbox/

Clique sur "I agree" et suis la manip.
0
Réponse 34 / 43
papasiam
18 oct. 2007 à 15:08
Bonjour,
BitDefender Online Scanner



Scan report generated at: Thu, Oct 18, 2007 - 15:08:06





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
00:09:35

Files
40515

Folders
1303

Boot Sectors
4

Archives
697

Packed Files
2534




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
827154

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\system32\o
Infected with: Generic.Botget.31BFE34F

C:\WINDOWS\system32\o
Deleted
0
Réponse 35 / 43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
18 oct. 2007 à 15:47
re,

des alertes d´antivir?

attends genre une 15aines de minutes et post le rapport de diaghelp si tu es encore la:

http://www.malekal.com/DiagHelp/DiagHelp.php
0
Réponse 36 / 43
papasiam
18 oct. 2007 à 16:34
Bonjour,
DiagHelp version v1.2 - http://www.malekal.com
excute le 18/10/2007 à 16:32:50,98


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->18/10/2007 16:32:46
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->18/10/2007 16:32:40
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->18/10/2007 16:32:24
C:\WINDOWS\prefetch\QUICKTIMEPLAYER.EXE-280B4828.pf -->18/10/2007 16:09:15
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->18/10/2007 16:08:48
C:\WINDOWS\prefetch\AVCENTER.EXE-058B10AA.pf -->18/10/2007 16:02:16
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->18/10/2007 15:43:30
C:\WINDOWS\prefetch\GUARDGUI.EXE-2C20A958.pf -->18/10/2007 15:04:41
C:\WINDOWS\prefetch\UPD81.BPX-0C69427E.pf -->18/10/2007 14:58:22
C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf -->18/10/2007 14:42:05

C:\WINDOWS\System32\drivers\avipbb.sys -->17/10/2007 21:13:44
C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11
C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:19
C:\WINDOWS\System32\drivers\ssmdrv.sys -->01/03/2007 10:34:36
C:\WINDOWS\System32\drivers\khips.sys -->26/09/2005 11:05:06
C:\WINDOWS\System32\drivers\fwdrv.sys -->26/09/2005 11:05:06
C:\WINDOWS\System32\drivers\nvmcp.sys -->13/08/2003 03:45:00

C:\WINDOWS\System32\iikemcij.dllbox -->18/10/2007 11:33:41
C:\WINDOWS\System32\pqtss.ini -->18/10/2007 11:33:39
C:\WINDOWS\System32\CONFIG.NT -->17/10/2007 21:06:05
C:\WINDOWS\System32\bosdppvu.ini -->17/10/2007 20:55:42
C:\WINDOWS\System32\idqbtedn.exe -->17/10/2007 19:02:35
C:\WINDOWS\System32\pqtss.bak2 -->17/10/2007 19:01:23
C:\WINDOWS\System32\c_1tat.dns -->16/10/2007 19:08:18
C:\WINDOWS\System32\iymtmrdm.dllbox -->15/10/2007 19:08:15
C:\WINDOWS\System32\PerfStringBackup.INI -->14/10/2007 21:15:57
C:\WINDOWS\System32\perfh00C.dat -->14/10/2007 21:15:57
C:\WINDOWS\System32\perfh009.dat -->14/10/2007 21:15:57
C:\WINDOWS\System32\perfc00C.dat -->14/10/2007 21:15:57
C:\WINDOWS\System32\perfc009.dat -->14/10/2007 21:15:57
C:\WINDOWS\System32\pqtss.bak1 -->14/10/2007 21:15:54
C:\WINDOWS\System32\vwjpydfd.exe -->14/10/2007 05:30:08
C:\WINDOWS\System32\h323log.txt -->13/10/2007 16:08:54
C:\WINDOWS\System32\wfcjy.exe -->13/10/2007 16:00:12
C:\WINDOWS\System32\tmp.txt -->13/10/2007 15:59:12
C:\WINDOWS\System32\tmp.reg -->13/10/2007 15:59:12
C:\WINDOWS\System32\xnccn.exe -->13/10/2007 15:52:18
C:\WINDOWS\System32\NVU001.nvu -->13/10/2007 15:31:22
C:\WINDOWS\System32\ati64hlp.stb -->13/10/2007 15:26:54
C:\WINDOWS\System32\wmpscheme.xml -->13/10/2007 15:17:41
C:\WINDOWS\System32\wpa.dbl -->13/10/2007 15:17:32
C:\WINDOWS\System32\FNTCACHE.DAT -->13/10/2007 15:15:06

C:\WINDOWS\QTFont.qfn -->18/10/2007 16:09:11
C:\WINDOWS\0.log -->18/10/2007 14:09:19
C:\WINDOWS\bootstat.dat -->18/10/2007 14:09:00
C:\WINDOWS\SchedLgU.Txt -->18/10/2007 12:25:44
C:\WINDOWS\wiadebug.log -->18/10/2007 12:06:47
C:\WINDOWS\wiaservc.log -->18/10/2007 11:38:02
C:\WINDOWS\cookies.ini -->17/10/2007 20:52:43
C:\WINDOWS\setupapi.log -->17/10/2007 18:20:57
C:\WINDOWS\MEMORY.DMP -->16/10/2007 18:48:08
C:\WINDOWS\system.ini -->16/10/2007 18:19:41
C:\WINDOWS\ntbtlog.txt -->14/10/2007 19:26:43
C:\WINDOWS\Sti_Trace.log -->13/10/2007 16:07:28
C:\WINDOWS\regopt.log -->13/10/2007 16:06:00
C:\WINDOWS\ODBC.INI -->13/10/2007 15:41:14
C:\WINDOWS\QTFont.for -->13/10/2007 15:36:33


MD5 des fichiers sensibles
tcpip.sys e7774698bb0d14b0710a9a31e209f9b6
ndis.sys 3efd4f59ba0a340de0a3ab984001dbf7
null.sys 73c1e1f395918bc2c6dd67af7591a3ad
svchost.exe 333a4db8410d8e24db06d6aebecdc7c2

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1CE2-A967

Répertoire de C:\WINDOWS\temp

18/10/2007 14:14 0 KPF-4-5-916-T-0-0.exe
1 fichier(s) 0 octets
0 Rép(s) 16 518 971 392 octets libres

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1CE2-A967

Répertoire de C:\WINDOWS\system32

28/08/2001 14:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 16 518 967 296 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1CE2-A967

Répertoire de C:\WINDOWS\Downloaded Program Files

17/10/2007 18:20 <REP> .
17/10/2007 18:20 <REP> ..
07/12/2004 16:07 32 bdcore.dll
01/03/2005 14:08 118 784 bdupd.dll
13/10/2007 15:12 65 desktop.ini
01/03/2005 14:08 53 248 ipsupd.dll
09/03/2005 15:42 6 742 lang.ini
07/12/2004 16:07 32 libfn.dll
18/02/2005 16:22 126 live.ini
01/06/2006 02:57 1 331 oscan8.inf
01/06/2006 02:54 471 040 oscan8.ocx
31/05/2006 04:15 10 oscan81.ocx_x
09/03/2005 15:43 6 828 scanoptions.tsi
11/06/2007 12:21 5 021 swflash.inf
12 fichier(s) 663 259 octets

Total des fichiers listés :
12 fichier(s) 663 259 octets
2 Rép(s) 16 518 967 296 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\WINDOWS\\System32\\msms.exe"="C:\\WINDOWS\\System32\\msms.exe:*:Enabled:mackfy.exe"
"C:\\WINDOWS\\xyk.exe"="C:\\WINDOWS\\xyk.exe:*:Enabled:Webcam Monitoring Service for Win32"


Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 16:33:36
Windows 5.1.2600 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
168 - alg.exe
292 - kpf4ss.exe
332 - kpf4gui.exe
524 - kpf4gui.exe
716 - csrss.exe
740 - winlogon.exe
784 - services.exe
796 - lsass.exe
976 - svchost.exe
1076 - svchost.exe
1348 - svchost.exe
1532 - explorer.exe
1668 - avguard.exe
1716 - IEXPLORE.EXE
1792 - atiptaxx.exe
1816 - avgnt.exe
1868 - SATARaid.exe
3368 - cmd.exe

Total number of processes = 19
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D0000 - \WINDOWS\system32\ntoskrnl.exe
806B5000 - \WINDOWS\system32\hal.dll
F7D2F000 - \WINDOWS\system32\KDCOM.DLL
F7C3F000 - \WINDOWS\system32\BOOTVID.dll
F77E2000 - ACPI.sys
F7D31000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F782F000 - pci.sys
F783F000 - isapnp.sys
F784F000 - ohci1394.sys
F785F000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
F7DF7000 - pciide.sys
F7AAF000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F786F000 - MountMgr.sys
F77C3000 - ftdisk.sys
F7D33000 - dmload.sys
F779F000 - dmio.sys
F7AB7000 - PartMgr.sys
F787F000 - VolSnap.sys
F7789000 - atapi.sys
F7773000 - si3112r.sys
F775D000 - \WINDOWS\system32\drivers\SCSIPORT.SYS
F7C43000 - SiWinAcc.sys
F788F000 - disk.sys
F789F000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F774B000 - sr.sys
F78AF000 - avgntmgr.sys
F7737000 - KSecDD.sys
F76B4000 - Ntfs.sys
F768C000 - NDIS.sys
F78BF000 - sbp2port.sys
F7ABF000 - nv_agp.sys
F7672000 - Mup.sys
F797F000 - \SystemRoot\System32\DRIVERS\processr.sys
F7CD7000 - \SystemRoot\System32\DRIVERS\usbohci.sys
F75E8000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F75D6000 - \SystemRoot\System32\DRIVERS\NVENET.sys
F798F000 - \SystemRoot\system32\drivers\nvax.sys
F799F000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F79AF000 - \SystemRoot\System32\DRIVERS\redbook.sys
F75B6000 - \SystemRoot\System32\DRIVERS\ks.sys
F79BF000 - \SystemRoot\System32\Drivers\Imapi.SYS
F79CF000 - \SystemRoot\System32\DRIVERS\nic1394.sys
F750A000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys
F79DF000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F7AEF000 - \SystemRoot\System32\DRIVERS\fdc.sys
F79EF000 - \SystemRoot\System32\DRIVERS\serial.sys
F7CE3000 - \SystemRoot\System32\DRIVERS\serenum.sys
F74F7000 - \SystemRoot\System32\DRIVERS\parport.sys
F79FF000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7AF7000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7AFF000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7E5C000 - \SystemRoot\system32\drivers\msmpu401.sys
F7436000 - \SystemRoot\system32\drivers\portcls.sys
F7A0F000 - \SystemRoot\system32\drivers\drmk.sys
F7CE7000 - \SystemRoot\System32\DRIVERS\gameenum.sys
F7E5D000 - \SystemRoot\System32\DRIVERS\audstub.sys
F7A1F000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7CEB000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F7420000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F7A2F000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F7A3F000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7CEF000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F740F000 - \SystemRoot\System32\DRIVERS\psched.sys
F7A4F000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F7B07000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F7B0F000 - \SystemRoot\System32\DRIVERS\raspti.sys
F728A000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F7A5F000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7E8B000 - \SystemRoot\System32\DRIVERS\swenum.sys
F7268000 - \SystemRoot\System32\DRIVERS\update.sys
F7A7F000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7D3B000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F7A8F000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F71F3000 - \SystemRoot\system32\drivers\nvapu.sys
F7102000 - \SystemRoot\system32\drivers\nvmcp.sys
F70F1000 - \SystemRoot\system32\drivers\nvarm.sys
F7B1F000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F791F000 - \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys
F7D41000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7F1A000 - \SystemRoot\System32\Drivers\Null.SYS
F7D43000 - \SystemRoot\System32\Drivers\Beep.SYS
F7B37000 - \SystemRoot\System32\drivers\vga.sys
F7D45000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7D47000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
A2EFF000 - \SystemRoot\system32\drivers\fwdrv.sys
F7B3F000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7B47000 - \SystemRoot\System32\Drivers\Npfs.SYS
F761D000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F792F000 - \SystemRoot\System32\DRIVERS\ipsec.sys
A2EAF000 - \SystemRoot\System32\DRIVERS\tcpip.sys
A2E8A000 - \SystemRoot\System32\DRIVERS\netbt.sys
F793F000 - \SystemRoot\System32\DRIVERS\netbios.sys
F7B4F000 - \SystemRoot\System32\DRIVERS\ssmdrv.sys
A2E62000 - \SystemRoot\System32\DRIVERS\rdbss.sys
A2DFE000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
A2DEA000 - \SystemRoot\system32\drivers\khips.sys
F794F000 - \SystemRoot\System32\Drivers\Fips.SYS
F795F000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F796F000 - \SystemRoot\System32\DRIVERS\arp1394.sys
F74E7000 - \SystemRoot\System32\DRIVERS\avipbb.sys
F74A7000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F7403000 - \SystemRoot\System32\Drivers\dump_diskdump.sys
A2DAC000 - \SystemRoot\System32\Drivers\dump_si3112r.sys
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
F73EF000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F7F7F000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9B8000 - \SystemRoot\System32\ati2dvag.dll
BFA06000 - \SystemRoot\System32\ati3duag.dll
A2C4C000 - \SystemRoot\System32\drivers\afd.sys
A2CE8000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
A2958000 - \SystemRoot\System32\Drivers\Fastfat.SYS
A2944000 - \SystemRoot\system32\drivers\wdmaud.sys
A2B3C000 - \SystemRoot\system32\drivers\sysaudio.sys
A264E000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F7DCF000 - \SystemRoot\System32\Drivers\ParVdm.SYS
A24E5000 - \SystemRoot\System32\DRIVERS\srv.sys
A2392000 - \SystemRoot\System32\DRIVERS\ipnat.sys
A20C4000 - \SystemRoot\system32\drivers\kmixer.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F7E4C000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 121

Liste des programmes installes

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.7 - Français
Archiveur WinRAR
ATI Control Panel
ATI Display Driver
ATI HydraVision
Avira AntiVir PersonalEdition Classic
HijackThis 2.0.2
K-Lite Codec Pack 2.80 Full
Kerio Personal Firewall
NVIDIA nForce Drivers
QuickTime
QuickTime
SATARaid
SLD Codec Pack
WebFldrs XP
Windows XP Hotfix (SP1) [See Q312370 for more information]



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1CE2-A967

Répertoire de C:\Program Files

17/10/2007 21:09 <REP> .
17/10/2007 21:09 <REP> ..
13/10/2007 15:33 <REP> Adobe
13/10/2007 15:35 <REP> Alwil Software
13/10/2007 15:23 <REP> ATI Technologies
17/10/2007 21:09 <REP> Avira
13/10/2007 15:10 <REP> ComPlus Applications
13/10/2007 15:34 <REP> Fichiers communs
13/10/2007 15:33 <REP> Free
17/10/2007 19:02 339 968 Hammer.dll
13/10/2007 15:12 <REP> Internet Explorer
16/10/2007 18:17 <REP> Kerio
13/10/2007 16:25 <REP> K-Lite Codec Pack
13/10/2007 15:17 <REP> Messenger
13/10/2007 15:12 <REP> microsoft frontpage
13/10/2007 15:11 <REP> Movie Maker
13/10/2007 15:10 <REP> MSN
13/10/2007 15:10 <REP> MSN Gaming Zone
13/10/2007 15:11 <REP> NetMeeting
13/10/2007 15:11 <REP> Outlook Express
13/10/2007 15:36 <REP> QuickTime
13/10/2007 15:10 <REP> Services en ligne
13/10/2007 15:30 <REP> Silicon Image
13/10/2007 16:24 <REP> SLD Codec Pack
13/10/2007 15:17 <REP> Windows Media Player
13/10/2007 15:10 <REP> Windows NT
16/10/2007 18:13 <REP> WinRAR
13/10/2007 15:12 <REP> xerox
1 fichier(s) 339 968 octets
27 Rép(s) 16 518 885 376 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1CE2-A967

Répertoire de C:\Program Files\fichiers communs

13/10/2007 15:34 <REP> .
13/10/2007 15:34 <REP> ..
13/10/2007 15:34 <REP> Adobe
13/10/2007 15:36 <REP> InstallShield
13/10/2007 15:17 <REP> Microsoft Shared
13/10/2007 15:11 <REP> MSSoap
13/10/2007 16:06 <REP> ODBC
13/10/2007 15:11 <REP> Services
13/10/2007 16:06 <REP> SpeechEngines
13/10/2007 15:11 <REP> System
0 fichier(s) 0 octets
10 Rép(s) 16 518 885 376 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1CE2-A967

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

13/10/2007 15:17 <REP> .
13/10/2007 15:17 <REP> ..
18/05/2001 17:57 561 209 MSONSEXT.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 16 518 885 376 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1CE2-A967

Répertoire de C:\

17/10/2007 20:52 50 688 ATF-Cleaner.exe
16/10/2007 18:27 210 432 OTMoveIt.exe
15/10/2007 19:06 115 200 VundoFix.exe
3 fichier(s) 376 320 octets
0 Rép(s) 16 518 877 184 octets libres




c:\Documents and Settings\ZitöuN\Application Data\Microsoft\Installer\{333BECA0-DED8-4139-A516-8D9E44E22669}\ARPPRODUCTICON.exe
c:\Documents and Settings\ZitöuN\Application Data\Microsoft\Installer\{333BECA0-DED8-4139-A516-8D9E44E22669}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
c:\Documents and Settings\ZitöuN\Application Data\Microsoft\Installer\{333BECA0-DED8-4139-A516-8D9E44E22669}\NewShortcut3_8315396A5EA1419DBEC4978284BDF556.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\ZitöuN\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\ZitöuN\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\catchme.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\cliptext.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\download.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\ERUNT.EXE
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\FixPath.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\isadmin.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\LS.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\MD5File.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\moveex.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\Process.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\procs.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\psservice.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\RegDACL.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\regedit.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\RestartIt!.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\sc.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\SF.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\shutdown.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\swreg.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\swsc.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\unzip.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\WINMSG.EXE
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\zip.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\Replace\W2K.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\apps\Replace\XP.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\attrib.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\find.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\findstr.exe
c:\Documents and Settings\ZitöuN\Bureau\sss\SDFix\backups\regedit.exe
c:\Documents and Settings\ZitöuN\Local Settings\Temp\qrjatydi.exe
c:\Documents and Settings\ZitöuN\Local Settings\Temp\RarSFX0\basic\preupd.exe
c:\Documents and Settings\ZitöuN\Local Settings\Temp\RarSFX0\basic\sched.exe
c:\Documents and Settings\ZitöuN\Local Settings\Temp\RarSFX0\basic\setup.exe
c:\Documents and Settings\ZitöuN\Local Settings\Temp\RarSFX0\basic\update.exe
c:\Documents and Settings\ZitöuN\Local Settings\Temp\RarSFX0\basic\wsctool.exe

****** Fin du rapport DiagHelp




pas d'alertes antivir depuis une bonne heure
0
Réponse 37 / 43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
18 oct. 2007 à 21:39
bonsoir,

j´ai du m´absenter tout a l´heure...

bon c´est rassurant, tout ca...

on reste comme ca pour le moment et tu me dis apres le week end par exemple?!
0
Réponse 38 / 43
papasiam
19 oct. 2007 à 11:43
Bonjour,
ok mais ^pour l'instant tout va bien
une alerte seulement de la part de kerioun ver dans C:\Système volume information\....\A0000150.exe tentative d'acces rejeter par kerio je te tiens au courant mille merci encore pour ton aide et ta disponibilité merci du fond de mon PC.
0
Réponse 39 / 43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
19 oct. 2007 à 15:44
bonjour,

Désactive ta restauration système:
Pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriété;
Dans la nouvelle fenetre click sur l´onglet restauration systèm;
Coche la case désactiver la restauration et applique.
puis tu redemarre le pc et
Click droit sur poste de travail, dans l´arborescence sur propriété;
Dans la nouvelle fenetre click sur l´onglet restauration systèm;
Décoche la case désactiver la restauration et applique.

Tiens moi au courant de l´evolution du coeur de ton pc, alors;-)
0
Réponse 40 / 43
papasiam
22 oct. 2007 à 19:38
Bonjour,
le WE c bien passer le PC est denouveau stable
sinon comment faire pour que kerio accpte le freeplayer sans etre desactivé, car quand kerio est désactivé ca marche mais avec ca marche pas!!!!!!!!!!!!!!!!

que faire?
merci trois cents milles fois
0

Discussions similaires

Qui a un tableau de conversion Volt et Watt ?
tweety -
Moi -

10 réponses
Que veut dire ? Awww! Yay!
Malvine142 -
Fishou -

3 réponses
probléme de pilote wireless module AW-NB047H
Utilisateur anonyme -
Utilisateur anonyme -

23 réponses
Telecommande TV Samsung pour UE32H4000 AW
sirius341 -
baladur13 -

1 réponse
Rsync - Depuis un FTP sur AW s3
pcsystemd -
pcsystemd -

5 réponses