Sujet Précédent Sujet Suivant

Infecté par adware virtumonde

bibiz -  
ludsfa Messages postés 1287 Statut Membre -
Bonjour,

Mon antivirus NOD32 a détecté le virus adware virtumonde et ne peut le supprimer

Besoin d'aide car mon PC est mon outil de travail, et l'arrivée de pubs intempestives pendant le bouleau n'est pas top

Merci de votre aide

voici l'analyse de hijackthis :

Scan saved at 18:39:42, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\msn.com
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis_199.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKLM\..\Run: [4400c3ae] rundll32.exe "C:\WINDOWS\system32\elfwsmvc.dll",b
O4 - HKLM\..\Run: [BM4733f032] Rundll32.exe "C:\WINDOWS\system32\umfjwlqo.dll",s
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
A voir également:

47 réponses

Précédent
Réponse 21 / 47
bibiz
 
ComboFix 08-04-08.10 - BIBIZ 2008-04-10 23:08:49.6 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\upload_moi_PC.tar.gz\

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 22:22 . 2008-04-07 22:22 3,957,818 --a------ C:\upload_moi_PC.tar.gz
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.

------- Sigcheck -------

2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll

2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_18.51.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-09 17:15:42 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:42 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-09 17:15:29 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:29 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 23:11:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Temps d'accomplissement: 2008-04-10 23:13:56
ComboFix-quarantined-files.txt 2008-04-10 21:13:33
ComboFix2.txt 2008-04-09 16:52:21
Pre-Run: 32,660,254,720 octets libres
Post-Run: 32,651,137,024 octets libres
0
Réponse 22 / 47
ludsfa Messages postés 1287 Statut Membre 15
 
Télécharge Clean [:eric_71:4] http://www.malekal.com/download/clean.zip

décompresse-le sur ton bureau ( extraire tous les fichiers) , tu obtient un dossier clean
Ouvre le dossier clean, double-clique sur clean.cmd ( le .cmd peut ne pas apparaitre )
choisis l'option 1 puis patiente

si tu peux refais une analyse kaspersky quand tu aura le temp
0
Réponse 23 / 47
bibiz
 
Slt,

je te fourni le rapport kaspersky qui est encore bien rempli

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 1:51:12 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 699549
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 35316
Number of viruses found: 37
Number of infected objects: 178
Number of suspicious objects: 0
Duration of the scan process: 01:10:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\BIBIZ\Bureau\clean\clean\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Documents and Settings\BIBIZ\Bureau\clean.zip/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Documents and Settings\BIBIZ\Bureau\clean.zip ZIP: infected - 1 skipped
C:\Documents and Settings\BIBIZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\MSHist012008041220080413\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BIBIZ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\eMule\Temp\001.part Object is locked skipped
C:\Program Files\eMule\Temp\002.part Object is locked skipped
C:\Program Files\eMule\Temp\003.part Object is locked skipped
C:\Program Files\eMule\Temp\004.part Object is locked skipped
C:\Program Files\eMule\Temp\005.part Object is locked skipped
C:\Program Files\eMule\Temp\006.part Object is locked skipped
C:\Program Files\eMule\Temp\007.part Object is locked skipped
C:\Program Files\eMule\Temp\009.part Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\1OLKEBAA.NQF.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\1ZOEVNDA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\1ZOEVNDA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\1ZOEVNDA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\1ZOEVNDA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\1ZOEVNDA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\20I4XYDA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\20I4XYDA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fe skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\20I4XYDA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\20I4XYDA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\20I4XYDA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\2DRNFEDA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\2DRNFEDA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\2DRNFEDA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\2DRNFEDA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\2DRNFEDA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\45HNCDCA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\45HNCDCA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\45HNCDCA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\45HNCDCA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\45HNCDCA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4NNMPEBA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4NNMPEBA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4NNMPEBA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4NNMPEBA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4NNMPEBA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4UJ1PJBA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4UJ1PJBA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4UJ1PJBA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4UJ1PJBA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4UJ1PJBA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\B03JSWBA.NQF.vir Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\B4ACO2BA.NQF.vir Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\BCP1WIAA.NQF.vir Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\BNM1IKDA.NQF.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\FBQ42PCA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\FBQ42PCA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\FBQ42PCA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\FBQ42PCA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\FBQ42PCA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\FT0M2SCA.NQF.vir Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\G11IZAAA.NQF.vir/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\G11IZAAA.NQF.vir/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\G11IZAAA.NQF.vir/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\G11IZAAA.NQF.vir/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\G11IZAAA.NQF.vir/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\G11IZAAA.NQF.vir RarSFX: infected - 5 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\G11IZAAA.NQF.vir PE-Crypt.XorPE: infected - 5 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\GCSEBIAA.NQF.vir Infected: Backdoor.Win32.IRCBot.cgh skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\HN2JLTCA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\HN2JLTCA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\HN2JLTCA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\HN2JLTCA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\HN2JLTCA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\HOFYZ3CA.NQF.vir Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\J1OOA0CA.NQF.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\JACLVSBA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\JACLVSBA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ex skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\JACLVSBA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\JACLVSBA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\JACLVSBA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\KEMNDKCA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\KEMNDKCA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\KEMNDKCA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\KEMNDKCA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\KEMNDKCA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\KVOSHMAA.NQF.vir Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\NAELT2DA.NQF.vir Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\O5XUQIDA.NQF.vir Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\P31M2FBA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\P31M2FBA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\P31M2FBA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\P31M2FBA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\P31M2FBA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\PBL1WQAA.NQF.vir Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\PLQERLAA.NQF.vir Infected: Backdoor.Win32.IRCBot.byq skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\R1E0IYBA.NQF.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\R2F3J2CA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\R2F3J2CA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\R2F3J2CA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\R2F3J2CA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\R2F3J2CA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\S34IPFAA.NQF.vir Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\SWUVYVDA.NQF.vir Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\TIN1XMDA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\TIN1XMDA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\TIN1XMDA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\TIN1XMDA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\TIN1XMDA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\USOFWMBA.NQF.vir Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\V3RRN4BA.NQF.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W2JCLWBA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W2JCLWBA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W2JCLWBA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W2JCLWBA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W2JCLWBA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W3SOHEBA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W3SOHEBA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ey skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W3SOHEBA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W3SOHEBA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W3SOHEBA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W3YOS1AA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.404Search.l skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W3YOS1AA.NQF.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W3YOS1AA.NQF.vir PE-Crypt.XorPE: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\XLL5WYDA.NQF.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\XLL5WYDA.NQF.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\XLL5WYDA.NQF.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\XLL5WYDA.NQF.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\XLL5WYDA.NQF.vir PE-Crypt.XorPE: infected - 3 skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\Y1LAKQCA.NQF.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\Y2W2U5BA.NQF.vir Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\QooBox\Quarantine\C\Program Files\ESET\infected\YQ5A1IAA.NQF.vir Infected: not-a-virus:AdWare.Win32.Ucmore.g skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQiifg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcBsQGX.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcDVmJA.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\geBtTKCr.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnKbCvu.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnoPJbC.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkLDUo.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qcsnqqhh.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPiJax.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wkypdudw.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUoOIYq.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ygrmjxil.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqQgEtQ.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip ZIP: infected - 2 skipped
C:\QooBox\Quarantine\catchme2008-04-10_213427.60.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/tuvUMeDv.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-10_213427.60.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-10_213427.60.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137550.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137551.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137552.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137553.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137554.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137594.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP304\A0138954.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138990.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138991.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138992.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138993.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwy skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138994.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138996.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138998.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139000.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139001.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mef skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140406.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140407.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140408.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140409.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140410.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140411.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140412.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140413.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140414.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140415.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140416.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140417.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP312\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\urqrsrr.V00dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V01dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V02dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V03dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.Vdll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xoefhbnc.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
0
Réponse 24 / 47
ludsfa Messages postés 1287 Statut Membre 15
 
ok meme opération


files::
C:\WINDOWS\system32\urqrsrr.V03dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.Vdll

folder::
C:\Program Files\ESET

registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=
"Agendatronic Alarm"="
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll


ensuite tu désinstalle nod 32 et tu le remplace par antivir voici le lien ci_dessous ta première analyse avec antivir tu la faits en mode sans echec.envois moi le rapport de l'analyse à la fin du scan .

https://www.malekal.com/avira-free-security-antivirus-gratuit/

envois moi le rapport combofix juste après .
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 47
ludsfa Messages postés 1287 Statut Membre 15
 
bibiz je dois m'absenter fais tout ce que je t'ai demandé dans l'ordre et je regarderai tes rapports ce soir.
soit patient ça va etre long.
0
Réponse 26 / 47
bibiz
 
j'ai d'abord fait un COMBOFIX et ensuite Antivir

Est ce le bonne ordre?

AntiVir PersonalEdition Classic
Report file date: samedi 12 avril 2008 17:07

Scanning for 1198942 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: BIBIZ
Computer name: PC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:59:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 14:59:58
ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 14:59:59
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 12/04/2008 14:59:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 12/04/2008 14:59:59
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 12 avril 2008 17:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'winword.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\internet.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4874d0b9.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip
[0] Archive type: ZIP
--> Documents and Settings/BIBIZ/Bureau/catchme.zip
[1] Archive type: ZIP
--> urqQgEtQ.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4874d935.qua'!
C:\QooBox\Quarantine\catchme2008-04-10_213427.60.zip
[0] Archive type: ZIP
--> Documents and Settings/BIBIZ/Bureau/catchme.zip
[1] Archive type: ZIP
--> tuvUMeDv.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4874d939.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\1OLKEBAA.NQF.vir
[DETECTION] Is the Trojan horse TR/Vundo.AG
[INFO] The file was moved to '484cd935.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\1ZOEVNDA.NQF.vir
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.AS.2
[INFO] The file was moved to '484fd949.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\2DRNFEDA.NQF.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.AK.29
[INFO] The file was moved to '4852d933.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\45HNCDCA.NQF.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.AK.23
[INFO] The file was moved to '4848d925.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4NNMPEBA.NQF.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.AK.5
[INFO] The file was moved to '484ed93e.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\4UJ1PJBA.NQF.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.AK.22
[INFO] The file was moved to '484ad946.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\BCP1WIAA.NQF.vir
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.23296.36
[INFO] The file was moved to '4850d935.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\FBQ42PCA.NQF.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.AK.25
[INFO] The file was moved to '4851d935.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\FT0M2SCA.NQF.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4830d948.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\GCSEBIAA.NQF.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4853d938.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\HN2JLTCA.NQF.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.AK.3
[INFO] The file was moved to '4832d943.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\HOFYZ3CA.NQF.vir
[DETECTION] Is the Trojan horse TR/Dldr.PurtiScan.B
[INFO] The file was moved to '4846d945.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\KEMNDKCA.NQF.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityAd.DV
[INFO] The file was moved to '484dd93c.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\NAELT2DA.NQF.vir
[DETECTION] Is the Trojan horse TR/Dldr.PurtiScan.B
[INFO] The file was moved to '4845d939.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\P31M2FBA.NQF.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.AK.26
[INFO] The file was moved to '4831d92b.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\PLQERLAA.NQF.vir
[DETECTION] Is the Trojan horse TR/Injector.AM.1
[INFO] The file was moved to '4851d946.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\R1E0IYBA.NQF.vir
[DETECTION] Is the Trojan horse TR/Vundo.AG
[INFO] The file was moved to '4845d92b.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\V3RRN4BA.NQF.vir
[DETECTION] Is the Trojan horse TR/Vundo.AG
[INFO] The file was moved to '4852d92e.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W2JCLWBA.NQF.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.AK.28
[INFO] The file was moved to '484ad92e.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\W3SOHEBA.NQF.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.AK.4
[INFO] The file was moved to '4853d930.qua'!
C:\QooBox\Quarantine\C\Program Files\ESET\infected\Y1LAKQCA.NQF.vir
[DETECTION] Is the Trojan horse TR/Vundo.AG
[INFO] The file was moved to '484cd92f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQiifg.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4858d968.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\efcBsQGX.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4863d96c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\efcDVmJA.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '49e25aad.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\geBtTKCr.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4842d96c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnKbCvu.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '486ed975.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnoPJbC.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '49ef5ab6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkLDUo.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '486ed977.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qcsnqqhh.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4873d96b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvUMeDv.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4876d97e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPiJax.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4871d97b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\urqQgEtQ.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '49f05abc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wkypdudw.dll.vir
[DETECTION] Is the Trojan horse TR/PCK.Monder.83520
[INFO] The file was moved to '4879d975.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUoOIYq.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4855d980.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ygrmjxil.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4872d972.qua'!
C:\WINDOWS\msn.com
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.441856.2
[INFO] The file was moved to '486ed986.qua'!
C:\WINDOWS\system32\xoefhbnc.dll
[DETECTION] Is the Trojan horse TR/Agent.3648.1
[INFO] The file was moved to '4865dea7.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: samedi 12 avril 2008 18:09
Used time: 1:01:59 min

The scan has been done completely.

3207 Scanning directories
219160 Files were scanned
39 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
40 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
219121 Files not concerned
835 Archives were scanned
2 Warnings
0 Notes

ComboFix 08-04-08.10 - BIBIZ 2008-04-12 16:23:09.7 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 12:12 . 2008-04-12 13:40 <REP> d-------- C:\Program Files\eMule
2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.

------- Sigcheck -------

2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll

2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_18.51.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-09 17:15:42 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000001\NTUSER.DAT
+ 2008-04-09 17:15:42 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-09 17:15:29 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\NTUSER.DAT
+ 2008-04-09 17:15:29 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 16:27:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Temps d'accomplissement: 2008-04-12 16:29:33
ComboFix-quarantined-files.txt 2008-04-12 14:29:05
ComboFix2.txt 2008-04-09 16:52:21
Pre-Run: 32,441,237,504 octets libres
Post-Run: 32,431,529,984 octets libres
0
Réponse 27 / 47
ludsfa Messages postés 1287 Statut Membre 15
 
oui c'est le bonne ordre

Vide la QUARANTINE d'Antivir en faisant : clic-droit sur antivir > start antivir > quarantine >
Selectionne ce qui s'y trouve via clic-droit > puis "delete" (ce pour chacun éventuellement).

en image:https://www.malekal.com/avira-free-security-antivirus-gratuit/#mozTocId563382

ensuite refais un hijackthis.
0
Réponse 28 / 47
bibiz
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: urqQgEtQ - urqQgEtQ.dll (file missing)
O20 - Winlogon Notify: urqrsrr - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
0
Réponse 29 / 47
ludsfa Messages postés 1287 Statut Membre 15
 
tu n'as pas désinstallé nod 32?

désinstalle le entiérement.
si tu as un souci dit le moi.
0
Réponse 30 / 47
bibiz
 
je l'ai pourtant bien désinstallé "panneau de config/ajout et suppri progr"

je n'ai rien dans mes rpogrammes

comment faire?????
0
Réponse 31 / 47
bibiz
 
je dois m'absenter

merci de ton aide et de ton temps passé pour mon problème

bonne soirée
0
Réponse 32 / 47
ludsfa Messages postés 1287 Statut Membre 15
 
« NOD32 peut être désinstallé directement à partir du menu Démarrer - Programmes (Tous les programmes) - Eset - Désinstaller, ou via Démarrer - Panneau de configuration - Ajout/suppression de programmes.

j'ai trouvé ça essaye de trouver eset dans ajout suppression en attendent je cherche un solution.
0
bibiz
 
Slt

En effet il me reste un dossier ESET dans "tous les programmes", je vais sur désinstaller, mais il me demande de rechercher manuellement le raccourci manquant setup.exe

Du coup je ne peux le désinstaller car je ne trouve pas ce setup

Besoin d'aide pour la suite

merci
0
Réponse 33 / 47
ludsfa Messages postés 1287 Statut Membre 15
 
attend on va faire autrement.même opération

copie colle le texte en gras dans combofix.


files::
C:\WINDOWS\memo.ini
C:\WINDOWS\system32\urqrsrr.Vdll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\urqrsrr.V03dll
C:\WINDOWS\system32\xoefhbnc.dll
C:\WINDOWS\system32\wbem\Repository

folder::
C:\QooBox
C:\Program Files\Eset\nod32kui.exe
C\Program Files\ESET

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="
"FastUser"="

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

0
Réponse 34 / 47
bibiz
 
ComboFix 08-04-08.10 - BIBIZ 2008-04-13 16:17:31.8 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\QooBox
C:\QooBox\BackEnv\appdata.folder.dat
C:\QooBox\BackEnv\cache.folder.dat
C:\QooBox\BackEnv\desktop.folder.dat
C:\QooBox\BackEnv\favorites.folder.dat
C:\QooBox\BackEnv\localappdata.folder.dat
C:\QooBox\BackEnv\localsettings.folder.dat
C:\QooBox\BackEnv\mypictures.folder.dat
C:\QooBox\BackEnv\personal.folder.dat
C:\QooBox\BackEnv\profiles.folder.dat
C:\QooBox\BackEnv\programs.folder.dat
C:\QooBox\BackEnv\SetPath.bat
C:\QooBox\BackEnv\startmenu.folder.dat
C:\QooBox\BackEnv\startup.folder.dat
C:\QooBox\BackEnv\SysPath.dat
C:\QooBox\BackEnv\templates.folder.dat
C:\QooBox\CFScript_used_2008-04-09@18.32.txt
C:\QooBox\CFScript_used_2008-04-10@21.22.txt
C:\QooBox\CFScript_used_2008-04-10@22.07.txt
C:\QooBox\CFScript_used_2008-04-10@23.08.txt
C:\QooBox\CFScript_used_2008-04-12@16.23.txt
C:\QooBox\CFScript_used_2008-04-13@16.17.txt
C:\QooBox\ComboFix-quarantined-files.txt
C:\QooBox\ComboFix2.txt
C:\QooBox\lastrun\drevB.dat
C:\QooBox\snapshot@2008-04-09_18.51.09.59.dat
C:\QooBox\snapshot@2008-04-09_18.51.09.59_B.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 16:54 . 2008-04-12 16:54 <REP> d-------- C:\Program Files\Avira
2008-04-12 16:54 . 2008-04-12 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-12 12:12 . 2008-04-12 13:40 <REP> d-------- C:\Program Files\eMule
2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.

------- Sigcheck -------

2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll

2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 18:23 282624]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-12 16:59 249896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 16:23:47
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Temps d'accomplissement: 2008-04-13 16:25:54
ComboFix-quarantined-files.txt 2008-04-13 14:25:25
Pre-Run: 32,416,653,312 octets libres
Post-Run: 32,451,739,648 octets libres
0
Réponse 35 / 47
ludsfa Messages postés 1287 Statut Membre 15
 
bien bibiz

repasse encore une fois le script dans combofix.
0
Réponse 36 / 47
bibiz
 
ComboFix 08-04-08.10 - BIBIZ 2008-04-13 16:41:19.9 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\QooBox
C:\QooBox\BackEnv\appdata.folder.dat
C:\QooBox\BackEnv\cache.folder.dat
C:\QooBox\BackEnv\desktop.folder.dat
C:\QooBox\BackEnv\favorites.folder.dat
C:\QooBox\BackEnv\localappdata.folder.dat
C:\QooBox\BackEnv\localsettings.folder.dat
C:\QooBox\BackEnv\mypictures.folder.dat
C:\QooBox\BackEnv\personal.folder.dat
C:\QooBox\BackEnv\profiles.folder.dat
C:\QooBox\BackEnv\programs.folder.dat
C:\QooBox\BackEnv\SetPath.bat
C:\QooBox\BackEnv\startmenu.folder.dat
C:\QooBox\BackEnv\startup.folder.dat
C:\QooBox\BackEnv\SysPath.dat
C:\QooBox\BackEnv\templates.folder.dat
C:\QooBox\CFScript_used_2008-04-13@16.41.txt
C:\QooBox\ComboFix-quarantined-files.txt
C:\QooBox\lastrun\drevB.dat
C:\QooBox\snapshot@2008-04-13_16.25.00,29.dat
C:\QooBox\snapshot@2008-04-13_16.25.00,29_B.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 16:54 . 2008-04-12 16:54 <REP> d-------- C:\Program Files\Avira
2008-04-12 16:54 . 2008-04-12 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-12 12:12 . 2008-04-12 13:40 <REP> d-------- C:\Program Files\eMule
2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.

------- Sigcheck -------

2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll

2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 18:23 282624]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-12 16:59 249896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 16:44:21
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
.
Temps d'accomplissement: 2008-04-13 16:45:57
ComboFix-quarantined-files.txt 2008-04-13 14:45:36
Pre-Run: 32,548,048,896 octets libres
Post-Run: 32,540,258,304 octets libres
0
Réponse 37 / 47
ludsfa Messages postés 1287 Statut Membre 15
 
bien

repasse ce script cette fois ci.

files::
C:\WINDOWS\system32\urqrsrr.V03dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.Vdll

folder::
C:\Program Files\Palm\register.exe [2006-11-04 15:41:28 2494464]
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]

registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=
"Ouso"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iconcache"=
"QuickTime Task"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
urqrsrr.dll
0
Réponse 38 / 47
bibiz
 
ComboFix 08-04-08.10 - BIBIZ 2008-04-13 17:03:42.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.68 [GMT 2:00]
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 16:54 . 2008-04-12 16:54 <REP> d-------- C:\Program Files\Avira
2008-04-12 16:54 . 2008-04-12 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-12 12:12 . 2008-04-12 13:40 <REP> d-------- C:\Program Files\eMule
2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.

------- Sigcheck -------

2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll

2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 18:23 282624]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-12 16:59 249896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 17:06:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Temps d'accomplissement: 2008-04-13 17:08:04
ComboFix-quarantined-files.txt 2008-04-13 15:07:41
Pre-Run: 32,527,581,184 octets libres
Post-Run: 32,519,110,656 octets libres
0
Réponse 39 / 47
ludsfa Messages postés 1287 Statut Membre 15
 
bon c'est pas mal.

refais une analyse avec antivir en mode sans echec et à chaque fois qu'il détecte un virus tu fais "delete" ce qui veux dire supprimé en français.

ensuite tu m'enverras le rapport.

c'est quand même une sacrée infection.
0
Réponse 40 / 47
bibiz
 
AntiVir PersonalEdition Classic
Report file date: dimanche 13 avril 2008 20:45

Scanning for 1198942 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: BIBIZ
Computer name: PC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:59:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 14:59:58
ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 14:59:59
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 12/04/2008 14:59:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 12/04/2008 14:59:59
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 13 avril 2008 20:45

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: dimanche 13 avril 2008 21:43
Used time: 57:52 min

The scan has been done completely.

3195 Scanning directories
218598 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
218598 Files not concerned
818 Archives were scanned
2 Warnings
0 Notes
0

Discussions similaires

adware.pokki
SuperFun -
SuperFun -

9 réponses
Comment supprimer pokki
cathykiki17 -
DianeA1 -

24 réponses
Win32:Adware-gen [Adw]
nico -
nico -

98 réponses
desinstaller pokki
Bowze -
Bowze -

2 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses