Infecté par adware virtumonde
Fermé
bibiz
-
7 avril 2008 à 18:42
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 - 18 avril 2008 à 13:10
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 - 18 avril 2008 à 13:10
A voir également:
- Infecté par adware virtumonde
- Adware cleaner - Télécharger - Antivirus & Antimalwares
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? ✓ - Forum Virus
- Virus non détecté par mon anti-virus ? ✓ - Forum Antivirus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- Adware crossrider ✓ - Forum Virus
47 réponses
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
7 avril 2008 à 18:55
7 avril 2008 à 18:55
salut à toi bibiz
Télécharge Combofix (de sUBs) sur ton Bureau. http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
Télécharge Combofix (de sUBs) sur ton Bureau. http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
voici le rapport combofix
merci d'avance de ton aide
ComboFix 08-04-06.1 - BIBIZ 2008-04-07 19:23:24.1 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\curity~1
C:\Program Files\curity~1\??curity\
C:\WINDOWS\BM4733f032.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alnkalhp.dll
C:\WINDOWS\system32\awtuSIbC.dll
C:\WINDOWS\system32\cbmwlwnm.ini
C:\WINDOWS\system32\cbXQjhEU.dll
C:\WINDOWS\system32\CeMSAcdd.ini
C:\WINDOWS\system32\CeMSAcdd.ini2
C:\WINDOWS\system32\cvmswfle.ini
C:\WINDOWS\system32\cxulcqnn.dll
C:\WINDOWS\system32\ddcASMeC.dll
C:\WINDOWS\system32\elfwsmvc.dll
C:\WINDOWS\system32\fccddeDT.dll
C:\WINDOWS\system32\gkvjjmbu.dll
C:\WINDOWS\system32\koiktoaq.dll
C:\WINDOWS\system32\ljJyVPFY.dll
C:\WINDOWS\system32\mlJASKEV.dll
C:\WINDOWS\system32\mnwlwmbc.dll
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\oyictlrg.dll
C:\WINDOWS\system32\ppjyxkoq.ini
C:\WINDOWS\system32\ppjyxkoq.ini2
C:\WINDOWS\system32\ppjyxkoq.tmp
C:\WINDOWS\system32\qoMfcdAs.dll
C:\WINDOWS\system32\QsYHNnpo.ini
C:\WINDOWS\system32\QsYHNnpo.ini2
C:\WINDOWS\system32\rfaehgbw.dll
C:\WINDOWS\system32\rqRLdAPi.dll
C:\WINDOWS\system32\sfyhcxyg.dll
C:\WINDOWS\system32\ssqNFXpn.dll
C:\WINDOWS\system32\sysdm.exe
C:\WINDOWS\system32\tuvVOHxX.dll
C:\WINDOWS\system32\umfjwlqo.dll
C:\WINDOWS\system32\urqrsrr.dll
C:\WINDOWS\system32\wvUoPgDt.dll
C:\WINDOWS\system32\xhcafvet.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 16:55 --------- d-----w C:\Program Files\Palm
2008-04-01 16:46 --------- d-----w C:\Program Files\emule
2008-02-09 15:53 --------- d-----w C:\Program Files\ESET
.
------- Sigcheck -------
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll
2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 18:23 282624]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-07-20 19:05 921600]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Windows live Messenger"="msn.com" [2008-03-17 14:40 442598 C:\WINDOWS\msn.com]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
urqrsrr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.tscc"= tsccvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 19:33:05
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-07 19:37:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 17:37:23
Pre-Run: 30,959,906,816 octets libres
Post-Run: 31,152,525,312 octets libres
merci d'avance de ton aide
ComboFix 08-04-06.1 - BIBIZ 2008-04-07 19:23:24.1 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\curity~1
C:\Program Files\curity~1\??curity\
C:\WINDOWS\BM4733f032.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alnkalhp.dll
C:\WINDOWS\system32\awtuSIbC.dll
C:\WINDOWS\system32\cbmwlwnm.ini
C:\WINDOWS\system32\cbXQjhEU.dll
C:\WINDOWS\system32\CeMSAcdd.ini
C:\WINDOWS\system32\CeMSAcdd.ini2
C:\WINDOWS\system32\cvmswfle.ini
C:\WINDOWS\system32\cxulcqnn.dll
C:\WINDOWS\system32\ddcASMeC.dll
C:\WINDOWS\system32\elfwsmvc.dll
C:\WINDOWS\system32\fccddeDT.dll
C:\WINDOWS\system32\gkvjjmbu.dll
C:\WINDOWS\system32\koiktoaq.dll
C:\WINDOWS\system32\ljJyVPFY.dll
C:\WINDOWS\system32\mlJASKEV.dll
C:\WINDOWS\system32\mnwlwmbc.dll
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\oyictlrg.dll
C:\WINDOWS\system32\ppjyxkoq.ini
C:\WINDOWS\system32\ppjyxkoq.ini2
C:\WINDOWS\system32\ppjyxkoq.tmp
C:\WINDOWS\system32\qoMfcdAs.dll
C:\WINDOWS\system32\QsYHNnpo.ini
C:\WINDOWS\system32\QsYHNnpo.ini2
C:\WINDOWS\system32\rfaehgbw.dll
C:\WINDOWS\system32\rqRLdAPi.dll
C:\WINDOWS\system32\sfyhcxyg.dll
C:\WINDOWS\system32\ssqNFXpn.dll
C:\WINDOWS\system32\sysdm.exe
C:\WINDOWS\system32\tuvVOHxX.dll
C:\WINDOWS\system32\umfjwlqo.dll
C:\WINDOWS\system32\urqrsrr.dll
C:\WINDOWS\system32\wvUoPgDt.dll
C:\WINDOWS\system32\xhcafvet.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 16:55 --------- d-----w C:\Program Files\Palm
2008-04-01 16:46 --------- d-----w C:\Program Files\emule
2008-02-09 15:53 --------- d-----w C:\Program Files\ESET
.
------- Sigcheck -------
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll
2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 18:23 282624]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-07-20 19:05 921600]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Windows live Messenger"="msn.com" [2008-03-17 14:40 442598 C:\WINDOWS\msn.com]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
urqrsrr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.tscc"= tsccvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 19:33:05
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-07 19:37:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 17:37:23
Pre-Run: 30,959,906,816 octets libres
Post-Run: 31,152,525,312 octets libres
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
7 avril 2008 à 20:17
7 avril 2008 à 20:17
copie colle le texte ci dessous.
files::
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini
folder::
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
files::
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini
folder::
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Rapport de COMBOFIX :
ComboFix 08-04-06.1 - BIBIZ 2008-04-07 20:38:22.2 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 16:55 --------- d-----w C:\Program Files\Palm
2008-04-01 16:46 --------- d-----w C:\Program Files\emule
2008-02-09 15:53 --------- d-----w C:\Program Files\ESET
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.
------- Sigcheck -------
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll
2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 18:23 282624]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-07-20 19:05 921600]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Windows live Messenger"="msn.com" [2008-03-17 14:40 442598 C:\WINDOWS\msn.com]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
C:\Documents and Settings\BIBIZ\Menu D‚marrer\Programmes\D‚marrage\
Palm Registration.lnk - C:\Program Files\Palm\register.exe [2006-11-04 15:41:28 2494464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
urqrsrr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.tscc"= tsccvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 20:42:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Temps d'accomplissement: 2008-04-07 20:44:05
ComboFix-quarantined-files.txt 2008-04-07 18:43:37
ComboFix2.txt 2008-04-07 17:37:52
Pre-Run: 31,147,909,120 octets libres
Post-Run: 31,139,090,432 octets libres
Rapport dehijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20:45, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: urqrsrr - urqrsrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
ComboFix 08-04-06.1 - BIBIZ 2008-04-07 20:38:22.2 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 16:55 --------- d-----w C:\Program Files\Palm
2008-04-01 16:46 --------- d-----w C:\Program Files\emule
2008-02-09 15:53 --------- d-----w C:\Program Files\ESET
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.
------- Sigcheck -------
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll
2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 18:23 282624]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-07-20 19:05 921600]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Windows live Messenger"="msn.com" [2008-03-17 14:40 442598 C:\WINDOWS\msn.com]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
C:\Documents and Settings\BIBIZ\Menu D‚marrer\Programmes\D‚marrage\
Palm Registration.lnk - C:\Program Files\Palm\register.exe [2006-11-04 15:41:28 2494464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
urqrsrr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.tscc"= tsccvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 20:42:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Temps d'accomplissement: 2008-04-07 20:44:05
ComboFix-quarantined-files.txt 2008-04-07 18:43:37
ComboFix2.txt 2008-04-07 17:37:52
Pre-Run: 31,147,909,120 octets libres
Post-Run: 31,139,090,432 octets libres
Rapport dehijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20:45, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: urqrsrr - urqrsrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
7 avril 2008 à 20:59
7 avril 2008 à 20:59
on va faire autrement supprime ta version de combofix en premier et ta version hijackthis.
1/ Télécharge VundoFix.exe :http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
2/ Télécharge Combofix (par sUBs) sur ton Bureau.http://download.bleepingcomputer.com/sUBs/ComboFix.exe (Tuto)http://mickael.barroux.free.fr/securite/combofix.php
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
3)Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : http://www.infos-du-net.com/forum/271838-11-tuto-utiliser-hijackthis
1/ Télécharge VundoFix.exe :http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
2/ Télécharge Combofix (par sUBs) sur ton Bureau.http://download.bleepingcomputer.com/sUBs/ComboFix.exe (Tuto)http://mickael.barroux.free.fr/securite/combofix.php
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
3)Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : http://www.infos-du-net.com/forum/271838-11-tuto-utiliser-hijackthis
Combofix se lance mais ne fait pas comme tout a lheure, il se coupe juste après son lancement
sinon voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: urqrsrr - urqrsrr.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
sinon voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: urqrsrr - urqrsrr.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
7 avril 2008 à 22:01
7 avril 2008 à 22:01
Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES : http://dcangeldark.blogspot.com/2008/02/hijackthis-202-corriger-des-lignes.html
O20 - Winlogon Notify: urqrsrr - urqrsrr.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Télécharge sur ton bureau : http://www.malekal.com/download/clean.zip (de Malekal) >Tuto<:http://mickael.barroux.free.fr/securite/clean.php
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt
Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/toolscleaner 34055291 avis opinions.php3
Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.
* Clique sur Recherche et laisse le scan agir ...
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
une fois que tu as fais tout ça tu redémarre ton pc et tu garde juste tools cleaner il nous servira tout à l'heure.
O20 - Winlogon Notify: urqrsrr - urqrsrr.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Télécharge sur ton bureau : http://www.malekal.com/download/clean.zip (de Malekal) >Tuto<:http://mickael.barroux.free.fr/securite/clean.php
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt
Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/toolscleaner 34055291 avis opinions.php3
Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.
* Clique sur Recherche et laisse le scan agir ...
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
une fois que tu as fais tout ça tu redémarre ton pc et tu garde juste tools cleaner il nous servira tout à l'heure.
Voici le rapport :
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04072008_221330
Voici le rapport :
Veuillez svp envoyer le fichier C:\upload_moi_PC.tar.gz a l'adresse http://upload.malekal.com
D'ailleurs il ne veut pas me le prendre, le fichier est invalide ??????
Suite des rapports :
07/04/2008 a 22:21:26,31
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
Dernier rapport :
-->- Recherche:
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\Clean: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\clean\Clean: trouvé !
C:\Documents and Settings\BIBIZ\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe: trouvé !
C:\Documents and Settings\BIBIZ\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\BIBIZ\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe: supprimé !
C:\Documents and Settings\BIBIZ\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: Erreur de suppression !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\Clean: Erreur de suppression !
C:\Documents and Settings\BIBIZ\Bureau\clean\Clean: Erreur de suppression !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04072008_221330
Voici le rapport :
Veuillez svp envoyer le fichier C:\upload_moi_PC.tar.gz a l'adresse http://upload.malekal.com
D'ailleurs il ne veut pas me le prendre, le fichier est invalide ??????
Suite des rapports :
07/04/2008 a 22:21:26,31
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
Dernier rapport :
-->- Recherche:
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\Clean: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\clean\Clean: trouvé !
C:\Documents and Settings\BIBIZ\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe: trouvé !
C:\Documents and Settings\BIBIZ\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\BIBIZ\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe: supprimé !
C:\Documents and Settings\BIBIZ\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: Erreur de suppression !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\Clean: Erreur de suppression !
C:\Documents and Settings\BIBIZ\Bureau\clean\Clean: Erreur de suppression !
C:\Program Files\Trend Micro\HijackThis: supprimé !
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
7 avril 2008 à 22:59
7 avril 2008 à 22:59
ok très bien retélécharge hijacktis dans les liens plus haut.
e , on va regarder si il en reste
Télécharge ComboFix [:eric_71] ici:http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !
Un rapport est généré , Copie / Colle le dans ta réponse
Tu peux aussi trouver ce rapport ici : C:\Combofix.txt
et après ça tu me refais un hijackthis.
e , on va regarder si il en reste
Télécharge ComboFix [:eric_71] ici:http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !
Un rapport est généré , Copie / Colle le dans ta réponse
Tu peux aussi trouver ce rapport ici : C:\Combofix.txt
et après ça tu me refais un hijackthis.
Combofix ne se lance pas, il s'arrete juste après l'apparition de la fenêtre bleu ????? Que faire
Sinon voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
Sinon voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
7 avril 2008 à 23:37
7 avril 2008 à 23:37
Relance HijackThis, clique sur "do a system scan only", coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Redémarre le PC
et enfin pour finir
Télécharge AVG Anti-Spyware Installes-le.https://www.avg.com/en-ww/free-antivirus-download
Si le lien ne fonctionne pas : >Clique ici:https://filehippo.com/download_avg_antispyware/
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment. Fais un clique droit en bas à droite sur l'îcone d'avg, et désactive la case pour démarrer avec windows.
Redémarre en mode sans échec:http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions" en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.https://www.kaspersky.fr/downloads (Tuto:http://www.infos-du-net.com/forum/267224-11-scan-ligne-kaspersky
Autorise les active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Redémarre le PC
et enfin pour finir
Télécharge AVG Anti-Spyware Installes-le.https://www.avg.com/en-ww/free-antivirus-download
Si le lien ne fonctionne pas : >Clique ici:https://filehippo.com/download_avg_antispyware/
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment. Fais un clique droit en bas à droite sur l'îcone d'avg, et désactive la case pour démarrer avec windows.
Redémarre en mode sans échec:http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions" en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.https://www.kaspersky.fr/downloads (Tuto:http://www.infos-du-net.com/forum/267224-11-scan-ligne-kaspersky
Autorise les active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.
Bonjour mon sauveur informatique
je t'envois les différents rapport que tu m'as demandé hier soir
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 18:26 08/04/2008
+ Résultat de l'analyse:
C:\Documents and Settings\BIBIZ\Cookies\bibiz@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@cetelem.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
Fin du rapport
je t'envois les différents rapport que tu m'as demandé hier soir
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 18:26 08/04/2008
+ Résultat de l'analyse:
C:\Documents and Settings\BIBIZ\Cookies\bibiz@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@cetelem.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
Fin du rapport
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
8 avril 2008 à 19:31
8 avril 2008 à 19:31
salut bibiz
tu me refais un dernier rapport hijackthis stp.
tu me refais un dernier rapport hijackthis stp.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKLM\..\Run: [BM4733f032] Rundll32.exe "C:\WINDOWS\system32\ygrmjxil.dll",s
O4 - HKLM\..\Run: [4400c3ae] rundll32.exe "C:\WINDOWS\system32\wkypdudw.dll",b
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
Scan saved at 21:23, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKLM\..\Run: [BM4733f032] Rundll32.exe "C:\WINDOWS\system32\ygrmjxil.dll",s
O4 - HKLM\..\Run: [4400c3ae] rundll32.exe "C:\WINDOWS\system32\wkypdudw.dll",b
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 08, 2008 9:17:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/04/2008
Kaspersky Anti-Virus database records: 690384
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 37190
Number of viruses found: 35
Number of infected objects: 171
Number of suspicious objects: 0
Duration of the scan process: 01:40:56
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\BIBIZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\MSHist012008040820080409\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BIBIZ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\1OLKEBAA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fe skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\B03JSWBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\B4ACO2BA.NQF Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\ESET\infected\BCP1WIAA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\BNM1IKDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\FT0M2SCA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF RarSFX: infected - 5 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF PE-Crypt.XorPE: infected - 5 skipped
C:\Program Files\ESET\infected\GCSEBIAA.NQF Infected: Backdoor.Win32.IRCBot.cgh skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\HOFYZ3CA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\J1OOA0CA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ex skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KVOSHMAA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\NAELT2DA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\O5XUQIDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\PBL1WQAA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\PLQERLAA.NQF Infected: Backdoor.Win32.IRCBot.byq skipped
C:\Program Files\ESET\infected\R1E0IYBA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\S34IPFAA.NQF Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\Program Files\ESET\infected\SWUVYVDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\USOFWMBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\ESET\infected\V3RRN4BA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ey skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.404Search.l skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\Y1LAKQCA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\Y2W2U5BA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\YQ5A1IAA.NQF Infected: not-a-virus:AdWare.Win32.Ucmore.g skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137550.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137551.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137552.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137553.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137554.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137594.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP304\A0138954.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138990.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138991.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138992.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138993.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwy skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138994.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138996.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138998.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139000.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139001.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mef skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP307\change.log Object is locked skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/alnkalhp.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/awtuSIbC.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/cbXQjhEU.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/fccddeDT.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/gkvjjmbu.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ljJyVPFY.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mlJASKEV.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mnwlwmbc.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/oyictlrg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/qoMfcdAs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ssqNFXpn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/tuvVOHxX.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/wvUoPgDt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/ddcASMeC.dll Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqrsrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz GZIP: infected - 19 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cbXQiifg.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\efcDVmJA.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\qcsnqqhh.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\tuvUMeDv.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqQgEtQ.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqrsrr.V00dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V01dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V02dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V03dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.Vdll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wkypdudw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ygrmjxil.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Tuesday, April 08, 2008 9:17:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/04/2008
Kaspersky Anti-Virus database records: 690384
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 37190
Number of viruses found: 35
Number of infected objects: 171
Number of suspicious objects: 0
Duration of the scan process: 01:40:56
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\BIBIZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\MSHist012008040820080409\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BIBIZ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\1OLKEBAA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fe skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\B03JSWBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\B4ACO2BA.NQF Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\ESET\infected\BCP1WIAA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\BNM1IKDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\FT0M2SCA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF RarSFX: infected - 5 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF PE-Crypt.XorPE: infected - 5 skipped
C:\Program Files\ESET\infected\GCSEBIAA.NQF Infected: Backdoor.Win32.IRCBot.cgh skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\HOFYZ3CA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\J1OOA0CA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ex skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KVOSHMAA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\NAELT2DA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\O5XUQIDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\PBL1WQAA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\PLQERLAA.NQF Infected: Backdoor.Win32.IRCBot.byq skipped
C:\Program Files\ESET\infected\R1E0IYBA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\S34IPFAA.NQF Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\Program Files\ESET\infected\SWUVYVDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\USOFWMBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\ESET\infected\V3RRN4BA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ey skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.404Search.l skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\Y1LAKQCA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\Y2W2U5BA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\YQ5A1IAA.NQF Infected: not-a-virus:AdWare.Win32.Ucmore.g skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137550.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137551.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137552.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137553.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137554.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137594.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP304\A0138954.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138990.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138991.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138992.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138993.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwy skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138994.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138996.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138998.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139000.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139001.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mef skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP307\change.log Object is locked skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/alnkalhp.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/awtuSIbC.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/cbXQjhEU.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/fccddeDT.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/gkvjjmbu.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ljJyVPFY.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mlJASKEV.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mnwlwmbc.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/oyictlrg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/qoMfcdAs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ssqNFXpn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/tuvVOHxX.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/wvUoPgDt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/ddcASMeC.dll Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqrsrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz GZIP: infected - 19 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cbXQiifg.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\efcDVmJA.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\qcsnqqhh.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\tuvUMeDv.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqQgEtQ.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqrsrr.V00dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V01dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V02dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V03dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.Vdll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wkypdudw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ygrmjxil.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
9 avril 2008 à 00:26
9 avril 2008 à 00:26
re bibiz
hou là il y en à encore
Copie le texte en gras ci-dessous:
files::
C:\WINDOWS\system32\urqrsrr.V03dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.Vdll
folder::
C:\Program Files\Palm\register.exe [2006-11-04 15:41:28 2494464]
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=
"Ouso"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iconcache"=
"QuickTime Task"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
urqrsrr.dll
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
si combofix ne réagit pas poste juste un hijackthis.
hou là il y en à encore
Copie le texte en gras ci-dessous:
files::
C:\WINDOWS\system32\urqrsrr.V03dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.Vdll
folder::
C:\Program Files\Palm\register.exe [2006-11-04 15:41:28 2494464]
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=
"Ouso"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iconcache"=
"QuickTime Task"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
urqrsrr.dll
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
si combofix ne réagit pas poste juste un hijackthis.
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
9 avril 2008 à 00:54
9 avril 2008 à 00:54
comme je ne suis pas là demain soir
ensuite tu fais ça.
Télécharge SDFix:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Guide d'utilisation : http://mickael.barroux.free.fr/securite/sdfix.php
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
* Redémarre ton ordinateur
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
N.B.:
- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
- Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.
+ nouveau rapport hijackthis.
ensuite tu fais ça.
Télécharge SDFix:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Guide d'utilisation : http://mickael.barroux.free.fr/securite/sdfix.php
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
* Redémarre ton ordinateur
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
N.B.:
- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
- Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.
+ nouveau rapport hijackthis.
Slt
voici les différents rapport que tu m'as demandé
ComboFix 08-04-08.10 - BIBIZ 2008-04-09 18:33:01.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.49 [GMT 2:00]
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM4733f032.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXQiifg.dll
C:\WINDOWS\system32\efcBsQGX.dll
C:\WINDOWS\system32\efcDVmJA.dll
C:\WINDOWS\system32\geBtTKCr.dll
C:\WINDOWS\system32\nnnKbCvu.dll
C:\WINDOWS\system32\nnnoPJbC.dll
C:\WINDOWS\system32\pmnkLDUo.dll
C:\WINDOWS\system32\qcsnqqhh.dll
C:\WINDOWS\system32\urqPiJax.dll
C:\WINDOWS\system32\urqQgEtQ.dll
C:\WINDOWS\system32\vDeMUvut.ini
C:\WINDOWS\system32\vDeMUvut.ini2
C:\WINDOWS\system32\wdudpykw.ini
C:\WINDOWS\system32\wkypdudw.dll
C:\WINDOWS\system32\wvUoOIYq.dll
C:\WINDOWS\system32\ygrmjxil.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.
2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 19:49 . 2008-04-08 19:49 269,824 --a------ C:\WINDOWS\system32\tuvUMeDv.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 22:22 . 2008-04-07 22:22 3,957,818 --a------ C:\upload_moi_PC.tar.gz
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 15:53 --------- d-----w C:\Program Files\ESET
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.
------- Sigcheck -------
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll
2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BEF4ADC-BE4F-460D-A75B-6F61955A744A}]
2008-04-08 19:49 269824 --a------ C:\WINDOWS\system32\tuvUMeDv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-07-20 19:05 921600]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Windows live Messenger"="msn.com" [2008-03-17 14:40 442598 C:\WINDOWS\msn.com]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 18:45:29
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-09 18:52:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 16:52:02
Pre-Run: 31,052,193,792 octets libres
Post-Run: 31,287,939,072 octets libres
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\msn.com
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
voici les différents rapport que tu m'as demandé
ComboFix 08-04-08.10 - BIBIZ 2008-04-09 18:33:01.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.49 [GMT 2:00]
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM4733f032.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXQiifg.dll
C:\WINDOWS\system32\efcBsQGX.dll
C:\WINDOWS\system32\efcDVmJA.dll
C:\WINDOWS\system32\geBtTKCr.dll
C:\WINDOWS\system32\nnnKbCvu.dll
C:\WINDOWS\system32\nnnoPJbC.dll
C:\WINDOWS\system32\pmnkLDUo.dll
C:\WINDOWS\system32\qcsnqqhh.dll
C:\WINDOWS\system32\urqPiJax.dll
C:\WINDOWS\system32\urqQgEtQ.dll
C:\WINDOWS\system32\vDeMUvut.ini
C:\WINDOWS\system32\vDeMUvut.ini2
C:\WINDOWS\system32\wdudpykw.ini
C:\WINDOWS\system32\wkypdudw.dll
C:\WINDOWS\system32\wvUoOIYq.dll
C:\WINDOWS\system32\ygrmjxil.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.
2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 19:49 . 2008-04-08 19:49 269,824 --a------ C:\WINDOWS\system32\tuvUMeDv.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 22:22 . 2008-04-07 22:22 3,957,818 --a------ C:\upload_moi_PC.tar.gz
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 15:53 --------- d-----w C:\Program Files\ESET
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.
------- Sigcheck -------
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll
2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BEF4ADC-BE4F-460D-A75B-6F61955A744A}]
2008-04-08 19:49 269824 --a------ C:\WINDOWS\system32\tuvUMeDv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-07-20 19:05 921600]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Windows live Messenger"="msn.com" [2008-03-17 14:40 442598 C:\WINDOWS\msn.com]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 18:45:29
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-09 18:52:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 16:52:02
Pre-Run: 31,052,193,792 octets libres
Post-Run: 31,287,939,072 octets libres
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\msn.com
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
[b]SDFix: Version 1.168 /b
Run by BIBIZ on 09/04/2008 at 19:19
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\BIBIZ\Bureau\SDFix
[b]Checking Services /b:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files /b:
No Trojan Files Found
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 19:30:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:bc89086c
"s2"=dword:037cb4f3
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:81,1e,9d,04,fe,bb,55,88,06,d1,95,1a,2c,e7,7d,a3,ec,e5,7f,cc,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:81,1e,9d,04,fe,bb,55,88,06,d1,95,1a,2c,e7,7d,a3,ec,e5,7f,cc,7a,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files /b:
File Backups: - C:\DOCUME~1\BIBIZ\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes /b:
Mon 17 Mar 2008 442,598 ..SHR --- "C:\WINDOWS\msn.com"
Wed 4 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sat 16 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
[b]Finished!/b
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
Run by BIBIZ on 09/04/2008 at 19:19
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\BIBIZ\Bureau\SDFix
[b]Checking Services /b:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files /b:
No Trojan Files Found
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 19:30:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:bc89086c
"s2"=dword:037cb4f3
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:81,1e,9d,04,fe,bb,55,88,06,d1,95,1a,2c,e7,7d,a3,ec,e5,7f,cc,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:81,1e,9d,04,fe,bb,55,88,06,d1,95,1a,2c,e7,7d,a3,ec,e5,7f,cc,7a,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files /b:
File Backups: - C:\DOCUME~1\BIBIZ\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes /b:
Mon 17 Mar 2008 442,598 ..SHR --- "C:\WINDOWS\msn.com"
Wed 4 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sat 16 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
[b]Finished!/b
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
10 avril 2008 à 17:19
10 avril 2008 à 17:19
salut bibiz
Comment ce porte ton pc?
refais une analyse avec kaspersky et envois moi le rapport suivie d'un autre hijackthis.
télécharge ToolsCleaner sur ton bureau.
une fois installé tu fais "rechercher"
et ensuite tu fais supprimé.
tu fais l'analyse kaspersky et l'hijackthis avant tools cleaner.
on arrive au bout.
Comment ce porte ton pc?
refais une analyse avec kaspersky et envois moi le rapport suivie d'un autre hijackthis.
télécharge ToolsCleaner sur ton bureau.
une fois installé tu fais "rechercher"
et ensuite tu fais supprimé.
tu fais l'analyse kaspersky et l'hijackthis avant tools cleaner.
on arrive au bout.
Slt je crois que les rapports ne sont pas de bonnes nouvelles
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 10, 2008 8:16:27 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/04/2008
Kaspersky Anti-Virus database records: 696026
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 34863
Number of viruses found: 35
Number of infected objects: 192
Number of suspicious objects: 0
Duration of the scan process: 01:13:48
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\BIBIZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\MSHist012008041020080411\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BIBIZ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\1OLKEBAA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fe skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\B03JSWBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\B4ACO2BA.NQF Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\ESET\infected\BCP1WIAA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\BNM1IKDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\FT0M2SCA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF RarSFX: infected - 5 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF PE-Crypt.XorPE: infected - 5 skipped
C:\Program Files\ESET\infected\GCSEBIAA.NQF Infected: Backdoor.Win32.IRCBot.cgh skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\HOFYZ3CA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\J1OOA0CA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ex skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KVOSHMAA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\NAELT2DA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\O5XUQIDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\PBL1WQAA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\PLQERLAA.NQF Infected: Backdoor.Win32.IRCBot.byq skipped
C:\Program Files\ESET\infected\R1E0IYBA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\S34IPFAA.NQF Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\Program Files\ESET\infected\SWUVYVDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\USOFWMBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\ESET\infected\V3RRN4BA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ey skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.404Search.l skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\Y1LAKQCA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\Y2W2U5BA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\YQ5A1IAA.NQF Infected: not-a-virus:AdWare.Win32.Ucmore.g skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQiifg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcBsQGX.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcDVmJA.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\geBtTKCr.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnKbCvu.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnoPJbC.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkLDUo.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qcsnqqhh.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPiJax.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wkypdudw.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUoOIYq.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ygrmjxil.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqQgEtQ.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137550.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137551.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137552.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137553.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137554.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137594.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP304\A0138954.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138990.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138991.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138992.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138993.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwy skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138994.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138996.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138998.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139000.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139001.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mef skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140406.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140407.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140408.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140409.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140410.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140411.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140412.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140413.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140414.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140415.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140416.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140417.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP309\change.log Object is locked skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/alnkalhp.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/awtuSIbC.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/cbXQjhEU.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/fccddeDT.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/gkvjjmbu.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ljJyVPFY.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mlJASKEV.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mnwlwmbc.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/oyictlrg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/qoMfcdAs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ssqNFXpn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/tuvVOHxX.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/wvUoPgDt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/ddcASMeC.dll Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqrsrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz GZIP: infected - 19 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\tuvUMeDv.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqrsrr.V00dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V01dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V02dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V03dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.Vdll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 10, 2008 8:16:27 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/04/2008
Kaspersky Anti-Virus database records: 696026
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 34863
Number of viruses found: 35
Number of infected objects: 192
Number of suspicious objects: 0
Duration of the scan process: 01:13:48
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\BIBIZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\MSHist012008041020080411\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BIBIZ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\1OLKEBAA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fe skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\B03JSWBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\B4ACO2BA.NQF Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\ESET\infected\BCP1WIAA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\BNM1IKDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\FT0M2SCA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF RarSFX: infected - 5 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF PE-Crypt.XorPE: infected - 5 skipped
C:\Program Files\ESET\infected\GCSEBIAA.NQF Infected: Backdoor.Win32.IRCBot.cgh skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\HOFYZ3CA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\J1OOA0CA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ex skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KVOSHMAA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\NAELT2DA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\O5XUQIDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\PBL1WQAA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\PLQERLAA.NQF Infected: Backdoor.Win32.IRCBot.byq skipped
C:\Program Files\ESET\infected\R1E0IYBA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\S34IPFAA.NQF Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\Program Files\ESET\infected\SWUVYVDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\USOFWMBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\ESET\infected\V3RRN4BA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ey skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.404Search.l skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\Y1LAKQCA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\Y2W2U5BA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\YQ5A1IAA.NQF Infected: not-a-virus:AdWare.Win32.Ucmore.g skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQiifg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcBsQGX.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcDVmJA.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\geBtTKCr.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnKbCvu.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnoPJbC.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkLDUo.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qcsnqqhh.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPiJax.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wkypdudw.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUoOIYq.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ygrmjxil.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqQgEtQ.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137550.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137551.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137552.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137553.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137554.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137594.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP304\A0138954.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138990.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138991.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138992.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138993.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwy skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138994.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138996.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138998.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139000.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139001.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mef skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140406.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140407.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140408.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140409.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140410.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140411.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140412.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140413.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140414.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140415.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140416.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140417.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP309\change.log Object is locked skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/alnkalhp.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/awtuSIbC.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/cbXQjhEU.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/fccddeDT.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/gkvjjmbu.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ljJyVPFY.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mlJASKEV.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mnwlwmbc.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/oyictlrg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/qoMfcdAs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ssqNFXpn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/tuvVOHxX.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/wvUoPgDt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/ddcASMeC.dll Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqrsrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz GZIP: infected - 19 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\tuvUMeDv.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqrsrr.V00dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V01dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V02dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V03dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.Vdll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
10 avril 2008 à 21:13
10 avril 2008 à 21:13
ok
voilà ce que tu va faire tu fais comme l'autre foid copie/colle dans combofix n'oublie pas de renomer le bloc note.
files::
C:\WINDOWS\system32\urqrsrr.V03dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\urqrsrr.Vdll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\wuaueng.dll.mui
C:\WINDOWS\system32\wuapi.dll.mui
C:\WINDOWS\system32\wuaucpl.cpl.mui
C:\WINDOWS\system32\wucltui.dll.mui
C:\WINDOWS\system32\wups2.dll
C:\WINDOWS\memo.ini
folder::
C:\Program Files\ESET
registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BEF4ADC-BE4F-460D-A75B-6F61955A744A}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=
"Ouso"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iconcache"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
on va devoir faire en plusieurs fois.
envois le rapport après.
voilà ce que tu va faire tu fais comme l'autre foid copie/colle dans combofix n'oublie pas de renomer le bloc note.
files::
C:\WINDOWS\system32\urqrsrr.V03dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\urqrsrr.Vdll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\wuaueng.dll.mui
C:\WINDOWS\system32\wuapi.dll.mui
C:\WINDOWS\system32\wuaucpl.cpl.mui
C:\WINDOWS\system32\wucltui.dll.mui
C:\WINDOWS\system32\wups2.dll
C:\WINDOWS\memo.ini
folder::
C:\Program Files\ESET
registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BEF4ADC-BE4F-460D-A75B-6F61955A744A}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=
"Ouso"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iconcache"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
on va devoir faire en plusieurs fois.
envois le rapport après.
le voici
bon courage
ComboFix 08-04-08.10 - BIBIZ 2008-04-10 21:22:29.4 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ESET
C:\Program Files\ESET\cache\CACHE.NDB
C:\Program Files\ESET\dmon.dll
C:\Program Files\ESET\emon.dll
C:\Program Files\ESET\eset.chm
C:\Program Files\ESET\infected\[u]0[/u]4IPD4DA.NQF
C:\Program Files\ESET\infected\[u]0[/u]4IPD4DA.NQI
C:\Program Files\ESET\infected\1BDOHTCA.NQF
C:\Program Files\ESET\infected\1BDOHTCA.NQI
C:\Program Files\ESET\infected\1JP1DNAA.NQF
C:\Program Files\ESET\infected\1JP1DNAA.NQI
C:\Program Files\ESET\infected\1OLKEBAA.NQF
C:\Program Files\ESET\infected\1OLKEBAA.NQI
C:\Program Files\ESET\infected\1SCXXADA.NQF
C:\Program Files\ESET\infected\1SCXXADA.NQI
C:\Program Files\ESET\infected\1ZOEVNDA.NQF
C:\Program Files\ESET\infected\1ZOEVNDA.NQI
C:\Program Files\ESET\infected\20I4XYDA.NQF
C:\Program Files\ESET\infected\20I4XYDA.NQI
C:\Program Files\ESET\infected\2DRNFEDA.NQF
C:\Program Files\ESET\infected\2DRNFEDA.NQI
C:\Program Files\ESET\infected\2WIJO0BA.NQF
C:\Program Files\ESET\infected\2WIJO0BA.NQI
C:\Program Files\ESET\infected\45HNCDCA.NQF
C:\Program Files\ESET\infected\45HNCDCA.NQI
C:\Program Files\ESET\infected\4NNMPEBA.NQF
C:\Program Files\ESET\infected\4NNMPEBA.NQI
C:\Program Files\ESET\infected\4UJ1PJBA.NQF
C:\Program Files\ESET\infected\4UJ1PJBA.NQI
C:\Program Files\ESET\infected\B03JSWBA.NQF
C:\Program Files\ESET\infected\B03JSWBA.NQI
C:\Program Files\ESET\infected\B4ACO2BA.NQF
C:\Program Files\ESET\infected\B4ACO2BA.NQI
C:\Program Files\ESET\infected\BCP1WIAA.NQF
C:\Program Files\ESET\infected\BCP1WIAA.NQI
C:\Program Files\ESET\infected\BNM1IKDA.NQF
C:\Program Files\ESET\infected\BNM1IKDA.NQI
C:\Program Files\ESET\infected\CUENZ2AA.NQF
C:\Program Files\ESET\infected\CUENZ2AA.NQI
C:\Program Files\ESET\infected\DHNOM3AA.NQF
C:\Program Files\ESET\infected\DHNOM3AA.NQI
C:\Program Files\ESET\infected\FBQ42PCA.NQF
C:\Program Files\ESET\infected\FBQ42PCA.NQI
C:\Program Files\ESET\infected\FT0M2SCA.NQF
C:\Program Files\ESET\infected\FT0M2SCA.NQI
C:\Program Files\ESET\infected\G11IZAAA.NQF
C:\Program Files\ESET\infected\G11IZAAA.NQI
C:\Program Files\ESET\infected\GCSEBIAA.NQF
C:\Program Files\ESET\infected\GCSEBIAA.NQI
C:\Program Files\ESET\infected\HN2JLTCA.NQF
C:\Program Files\ESET\infected\HN2JLTCA.NQI
C:\Program Files\ESET\infected\HOFYZ3CA.NQF
C:\Program Files\ESET\infected\HOFYZ3CA.NQI
C:\Program Files\ESET\infected\J1OOA0CA.NQF
C:\Program Files\ESET\infected\J1OOA0CA.NQI
C:\Program Files\ESET\infected\JACLVSBA.NQF
C:\Program Files\ESET\infected\JACLVSBA.NQI
C:\Program Files\ESET\infected\K40TG3CA.NQF
C:\Program Files\ESET\infected\K40TG3CA.NQI
C:\Program Files\ESET\infected\KEMNDKCA.NQF
C:\Program Files\ESET\infected\KEMNDKCA.NQI
C:\Program Files\ESET\infected\KVOSHMAA.NQF
C:\Program Files\ESET\infected\KVOSHMAA.NQI
C:\Program Files\ESET\infected\NAELT2DA.NQF
C:\Program Files\ESET\infected\NAELT2DA.NQI
C:\Program Files\ESET\infected\O5XUQIDA.NQF
C:\Program Files\ESET\infected\O5XUQIDA.NQI
C:\Program Files\ESET\infected\P31M2FBA.NQF
C:\Program Files\ESET\infected\P31M2FBA.NQI
C:\Program Files\ESET\infected\PBL1WQAA.NQF
C:\Program Files\ESET\infected\PBL1WQAA.NQI
C:\Program Files\ESET\infected\PLQERLAA.NQF
C:\Program Files\ESET\infected\PLQERLAA.NQI
C:\Program Files\ESET\infected\R1E0IYBA.NQF
C:\Program Files\ESET\infected\R1E0IYBA.NQI
C:\Program Files\ESET\infected\R2F3J2CA.NQF
C:\Program Files\ESET\infected\R2F3J2CA.NQI
C:\Program Files\ESET\infected\S34IPFAA.NQF
C:\Program Files\ESET\infected\S34IPFAA.NQI
C:\Program Files\ESET\infected\SWUVYVDA.NQF
C:\Program Files\ESET\infected\SWUVYVDA.NQI
C:\Program Files\ESET\infected\TIN1XMDA.NQF
C:\Program Files\ESET\infected\TIN1XMDA.NQI
C:\Program Files\ESET\infected\U1G3V0BA.NQF
C:\Program Files\ESET\infected\U1G3V0BA.NQI
C:\Program Files\ESET\infected\USOFWMBA.NQF
C:\Program Files\ESET\infected\USOFWMBA.NQI
C:\Program Files\ESET\infected\V3RRN4BA.NQF
C:\Program Files\ESET\infected\V3RRN4BA.NQI
C:\Program Files\ESET\infected\VENIVLAA.NQF
C:\Program Files\ESET\infected\VENIVLAA.NQI
C:\Program Files\ESET\infected\W2JCLWBA.NQF
C:\Program Files\ESET\infected\W2JCLWBA.NQI
C:\Program Files\ESET\infected\W3SOHEBA.NQF
C:\Program Files\ESET\infected\W3SOHEBA.NQI
C:\Program Files\ESET\infected\W3YOS1AA.NQF
C:\Program Files\ESET\infected\W3YOS1AA.NQI
C:\Program Files\ESET\infected\XLL5WYDA.NQF
C:\Program Files\ESET\infected\XLL5WYDA.NQI
C:\Program Files\ESET\infected\Y1LAKQCA.NQF
C:\Program Files\ESET\infected\Y1LAKQCA.NQI
C:\Program Files\ESET\infected\Y2W2U5BA.NQF
C:\Program Files\ESET\infected\Y2W2U5BA.NQI
C:\Program Files\ESET\infected\YQ5A1IAA.NQF
C:\Program Files\ESET\infected\YQ5A1IAA.NQI
C:\Program Files\ESET\Install\advheur.nup
C:\Program Files\ESET\Install\archs.nup
C:\Program Files\ESET\Install\charon.nup
C:\Program Files\ESET\Install\engine.nup
C:\Program Files\ESET\Install\main.dll
C:\Program Files\ESET\Install\mainlang.dll
C:\Program Files\ESET\Install\mfc42.dll
C:\Program Files\ESET\Install\mfc42u.dll
C:\Program Files\ESET\Install\msvcrt.dll
C:\Program Files\ESET\Install\ntbasefr.nup
C:\Program Files\ESET\Install\ntinetfr.nup
C:\Program Files\ESET\Install\ntstdfr.nup
C:\Program Files\ESET\Install\pwscan.nup
C:\Program Files\ESET\Install\readme.txt
C:\Program Files\ESET\Install\setup.exe
C:\Program Files\ESET\Install\setup.xml
C:\Program Files\ESET\Install\utilmod.nup
C:\Program Files\ESET\logs\nod32\NDL1512.DAT
C:\Program Files\ESET\logs\nod32\NDL15810.DAT
C:\Program Files\ESET\logs\nod32\NDL16826.DAT
C:\Program Files\ESET\logs\nod32\NDL18402.DAT
C:\Program Files\ESET\logs\nod32\NDL19071.DAT
C:\Program Files\ESET\logs\nod32\NDL19213.DAT
C:\Program Files\ESET\logs\nod32\NDL19456.DAT
C:\Program Files\ESET\logs\nod32\NDL20816.DAT
C:\Program Files\ESET\logs\nod32\NDL22273.DAT
C:\Program Files\ESET\logs\nod32\NDL22468.DAT
C:\Program Files\ESET\logs\nod32\NDL22718.DAT
C:\Program Files\ESET\logs\nod32\NDL24100.DAT
C:\Program Files\ESET\logs\nod32\NDL24197.DAT
C:\Program Files\ESET\logs\nod32\NDL24310.DAT
C:\Program Files\ESET\logs\nod32\NDL2517.DAT
C:\Program Files\ESET\logs\nod32\NDL26910.DAT
C:\Program Files\ESET\logs\nod32\NDL28780.DAT
C:\Program Files\ESET\logs\nod32\NDL29787.DAT
C:\Program Files\ESET\logs\nod32\NDL30198.DAT
C:\Program Files\ESET\logs\nod32\NDL30269.DAT
C:\Program Files\ESET\logs\nod32\NDL31454.DAT
C:\Program Files\ESET\logs\nod32\NDL31513.DAT
C:\Program Files\ESET\logs\nod32\NDL32262.DAT
C:\Program Files\ESET\logs\nod32\NDL3697.DAT
C:\Program Files\ESET\logs\nod32\NDL4514.DAT
C:\Program Files\ESET\logs\nod32\NDL5701.DAT
C:\Program Files\ESET\logs\nod32\NDL6484.DAT
C:\Program Files\ESET\logs\nod32\NDL7460.DAT
C:\Program Files\ESET\logs\nod32\NDL945.DAT
C:\Program Files\ESET\logs\nod32\NDL9537.DAT
C:\Program Files\ESET\logs\virlog.dat
C:\Program Files\ESET\logs\warnlog.dat
C:\Program Files\ESET\nod.ovl
C:\Program Files\ESET\nod32.002
C:\Program Files\ESET\nod32.003
C:\Program Files\ESET\nod32.004
C:\Program Files\ESET\nod32.005
C:\Program Files\ESET\nod32.006
C:\Program Files\ESET\nod32.007
C:\Program Files\ESET\nod32.chm
C:\Program Files\ESET\nod32.exe
C:\Program Files\ESET\nod32.log
C:\Program Files\ESET\nod32api.dll
C:\Program Files\ESET\nod32ari.dll
C:\Program Files\ESET\nod32aui.dll
C:\Program Files\ESET\nod32fix.reg
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\ESET\nod32krr.dll
C:\Program Files\ESET\nod32kui.chm
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\ESET\nod32r.dll
C:\Program Files\ESET\nod32rui.dll
C:\Program Files\ESET\nodshex.dll
C:\Program Files\ESET\nodshex64.dll
C:\Program Files\ESET\pr_amon.dll
C:\Program Files\ESET\pr_dmon.dll
C:\Program Files\ESET\pr_emon.dll
C:\Program Files\ESET\pr_imon.dll
C:\Program Files\ESET\pr_nod32.dll
C:\Program Files\ESET\pr_upd.dll
C:\Program Files\ESET\ps_amon.dll
C:\Program Files\ESET\ps_amon64.dll
C:\Program Files\ESET\ps_dmon.dll
C:\Program Files\ESET\ps_emon.dll
C:\Program Files\ESET\ps_nod32.dll
C:\Program Files\ESET\ps_upd.dll
C:\Program Files\ESET\pu_amon.chm
C:\Program Files\ESET\pu_amon.dll
C:\Program Files\ESET\pu_dmon.chm
C:\Program Files\ESET\pu_dmon.dll
C:\Program Files\ESET\pu_emon.chm
C:\Program Files\ESET\pu_emon.dll
C:\Program Files\ESET\pu_imon.chm
C:\Program Files\ESET\pu_imon.dll
C:\Program Files\ESET\pu_nod32.dll
C:\Program Files\ESET\pu_upd.chm
C:\Program Files\ESET\pu_upd.dll
C:\Program Files\ESET\readme.txt
C:\Program Files\ESET\Setup\[u]0[/u]0\krnstp.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\krnstpr.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\krnvis.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\pr_upd.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\ps_upd.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\pu_upd.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\ps_amon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\ps_dmon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\ps_nod32.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\pu_amon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\pu_dmon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\pu_nod32.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\imon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pr_emon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pr_imon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\ps_emon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pu_emon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pu_imon.dll
C:\Program Files\ESET\Setup\main.dll
C:\Program Files\ESET\Setup\mainlang.dll
C:\Program Files\ESET\Setup\setup.exe
C:\Program Files\ESET\Setup\uninst.xml
C:\Program Files\ESET\sporder.dll
C:\Program Files\ESET\unins000.dat
C:\Program Files\ESET\unins000.exe
C:\Program Files\ESET\updfiles\lastupd.ver
C:\Program Files\ESET\updfiles\nod0A35.nup
C:\Program Files\ESET\updfiles\nod103E.nup
C:\Program Files\ESET\updfiles\nod25F0.nup
C:\Program Files\ESET\updfiles\nod290C.nup
C:\Program Files\ESET\updfiles\nod29E5.nup
C:\Program Files\ESET\updfiles\nod2B25.nup
C:\Program Files\ESET\updfiles\nod3320.nup
C:\Program Files\ESET\updfiles\nod3777.nup
C:\Program Files\ESET\updfiles\nod44F2.nup
C:\Program Files\ESET\updfiles\nod44F7.nup
C:\Program Files\ESET\updfiles\nod4D81.nup
C:\Program Files\ESET\updfiles\nod5B99.nup
C:\Program Files\ESET\updfiles\nod6A59.nup
C:\Program Files\ESET\updfiles\nod7A71.nup
C:\Program Files\ESET\updfiles\nod7CA6.nup
C:\Program Files\ESET\updfiles\upd.ver
C:\Program Files\ESET\updfiles\upd0904.ver
C:\Program Files\ESET\updfiles\upd14D6.ver
C:\Program Files\ESET\updfiles\upd297F.ver
C:\Program Files\ESET\updfiles\upd346D.ver
C:\Program Files\ESET\updfiles\upd37DF.ver
C:\Program Files\ESET\updfiles\upd440C.ver
C:\Program Files\ESET\updfiles\upd4DD9.ver
C:\Program Files\ESET\updfiles\upd4FCC.ver
C:\Program Files\ESET\updfiles\upd5C87.ver
C:\Program Files\ESET\updfiles\upd68BD.ver
C:\Program Files\ESET\updfiles\upd68C2.ver
C:\Program Files\ESET\updfiles\upd6B2E.ver
C:\WINDOWS\system32\tuvUMeDv.dll
C:\WINDOWS\system32\vDeMUvut.ini
C:\WINDOWS\system32\vDeMUvut.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.
2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 22:22 . 2008-04-07 22:22 3,957,818 --a------ C:\upload_moi_PC.tar.gz
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll
2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_18.51.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-09 17:15:42 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:42 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-09 17:15:29 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:29 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 21:34:46
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-10 21:40:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 19:40:31
ComboFix2.txt 2008-04-09 16:52:21
Pre-Run: 32,698,007,552 octets libres
Post-Run: 32,705,687,552 octets libres
bon courage
ComboFix 08-04-08.10 - BIBIZ 2008-04-10 21:22:29.4 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ESET
C:\Program Files\ESET\cache\CACHE.NDB
C:\Program Files\ESET\dmon.dll
C:\Program Files\ESET\emon.dll
C:\Program Files\ESET\eset.chm
C:\Program Files\ESET\infected\[u]0[/u]4IPD4DA.NQF
C:\Program Files\ESET\infected\[u]0[/u]4IPD4DA.NQI
C:\Program Files\ESET\infected\1BDOHTCA.NQF
C:\Program Files\ESET\infected\1BDOHTCA.NQI
C:\Program Files\ESET\infected\1JP1DNAA.NQF
C:\Program Files\ESET\infected\1JP1DNAA.NQI
C:\Program Files\ESET\infected\1OLKEBAA.NQF
C:\Program Files\ESET\infected\1OLKEBAA.NQI
C:\Program Files\ESET\infected\1SCXXADA.NQF
C:\Program Files\ESET\infected\1SCXXADA.NQI
C:\Program Files\ESET\infected\1ZOEVNDA.NQF
C:\Program Files\ESET\infected\1ZOEVNDA.NQI
C:\Program Files\ESET\infected\20I4XYDA.NQF
C:\Program Files\ESET\infected\20I4XYDA.NQI
C:\Program Files\ESET\infected\2DRNFEDA.NQF
C:\Program Files\ESET\infected\2DRNFEDA.NQI
C:\Program Files\ESET\infected\2WIJO0BA.NQF
C:\Program Files\ESET\infected\2WIJO0BA.NQI
C:\Program Files\ESET\infected\45HNCDCA.NQF
C:\Program Files\ESET\infected\45HNCDCA.NQI
C:\Program Files\ESET\infected\4NNMPEBA.NQF
C:\Program Files\ESET\infected\4NNMPEBA.NQI
C:\Program Files\ESET\infected\4UJ1PJBA.NQF
C:\Program Files\ESET\infected\4UJ1PJBA.NQI
C:\Program Files\ESET\infected\B03JSWBA.NQF
C:\Program Files\ESET\infected\B03JSWBA.NQI
C:\Program Files\ESET\infected\B4ACO2BA.NQF
C:\Program Files\ESET\infected\B4ACO2BA.NQI
C:\Program Files\ESET\infected\BCP1WIAA.NQF
C:\Program Files\ESET\infected\BCP1WIAA.NQI
C:\Program Files\ESET\infected\BNM1IKDA.NQF
C:\Program Files\ESET\infected\BNM1IKDA.NQI
C:\Program Files\ESET\infected\CUENZ2AA.NQF
C:\Program Files\ESET\infected\CUENZ2AA.NQI
C:\Program Files\ESET\infected\DHNOM3AA.NQF
C:\Program Files\ESET\infected\DHNOM3AA.NQI
C:\Program Files\ESET\infected\FBQ42PCA.NQF
C:\Program Files\ESET\infected\FBQ42PCA.NQI
C:\Program Files\ESET\infected\FT0M2SCA.NQF
C:\Program Files\ESET\infected\FT0M2SCA.NQI
C:\Program Files\ESET\infected\G11IZAAA.NQF
C:\Program Files\ESET\infected\G11IZAAA.NQI
C:\Program Files\ESET\infected\GCSEBIAA.NQF
C:\Program Files\ESET\infected\GCSEBIAA.NQI
C:\Program Files\ESET\infected\HN2JLTCA.NQF
C:\Program Files\ESET\infected\HN2JLTCA.NQI
C:\Program Files\ESET\infected\HOFYZ3CA.NQF
C:\Program Files\ESET\infected\HOFYZ3CA.NQI
C:\Program Files\ESET\infected\J1OOA0CA.NQF
C:\Program Files\ESET\infected\J1OOA0CA.NQI
C:\Program Files\ESET\infected\JACLVSBA.NQF
C:\Program Files\ESET\infected\JACLVSBA.NQI
C:\Program Files\ESET\infected\K40TG3CA.NQF
C:\Program Files\ESET\infected\K40TG3CA.NQI
C:\Program Files\ESET\infected\KEMNDKCA.NQF
C:\Program Files\ESET\infected\KEMNDKCA.NQI
C:\Program Files\ESET\infected\KVOSHMAA.NQF
C:\Program Files\ESET\infected\KVOSHMAA.NQI
C:\Program Files\ESET\infected\NAELT2DA.NQF
C:\Program Files\ESET\infected\NAELT2DA.NQI
C:\Program Files\ESET\infected\O5XUQIDA.NQF
C:\Program Files\ESET\infected\O5XUQIDA.NQI
C:\Program Files\ESET\infected\P31M2FBA.NQF
C:\Program Files\ESET\infected\P31M2FBA.NQI
C:\Program Files\ESET\infected\PBL1WQAA.NQF
C:\Program Files\ESET\infected\PBL1WQAA.NQI
C:\Program Files\ESET\infected\PLQERLAA.NQF
C:\Program Files\ESET\infected\PLQERLAA.NQI
C:\Program Files\ESET\infected\R1E0IYBA.NQF
C:\Program Files\ESET\infected\R1E0IYBA.NQI
C:\Program Files\ESET\infected\R2F3J2CA.NQF
C:\Program Files\ESET\infected\R2F3J2CA.NQI
C:\Program Files\ESET\infected\S34IPFAA.NQF
C:\Program Files\ESET\infected\S34IPFAA.NQI
C:\Program Files\ESET\infected\SWUVYVDA.NQF
C:\Program Files\ESET\infected\SWUVYVDA.NQI
C:\Program Files\ESET\infected\TIN1XMDA.NQF
C:\Program Files\ESET\infected\TIN1XMDA.NQI
C:\Program Files\ESET\infected\U1G3V0BA.NQF
C:\Program Files\ESET\infected\U1G3V0BA.NQI
C:\Program Files\ESET\infected\USOFWMBA.NQF
C:\Program Files\ESET\infected\USOFWMBA.NQI
C:\Program Files\ESET\infected\V3RRN4BA.NQF
C:\Program Files\ESET\infected\V3RRN4BA.NQI
C:\Program Files\ESET\infected\VENIVLAA.NQF
C:\Program Files\ESET\infected\VENIVLAA.NQI
C:\Program Files\ESET\infected\W2JCLWBA.NQF
C:\Program Files\ESET\infected\W2JCLWBA.NQI
C:\Program Files\ESET\infected\W3SOHEBA.NQF
C:\Program Files\ESET\infected\W3SOHEBA.NQI
C:\Program Files\ESET\infected\W3YOS1AA.NQF
C:\Program Files\ESET\infected\W3YOS1AA.NQI
C:\Program Files\ESET\infected\XLL5WYDA.NQF
C:\Program Files\ESET\infected\XLL5WYDA.NQI
C:\Program Files\ESET\infected\Y1LAKQCA.NQF
C:\Program Files\ESET\infected\Y1LAKQCA.NQI
C:\Program Files\ESET\infected\Y2W2U5BA.NQF
C:\Program Files\ESET\infected\Y2W2U5BA.NQI
C:\Program Files\ESET\infected\YQ5A1IAA.NQF
C:\Program Files\ESET\infected\YQ5A1IAA.NQI
C:\Program Files\ESET\Install\advheur.nup
C:\Program Files\ESET\Install\archs.nup
C:\Program Files\ESET\Install\charon.nup
C:\Program Files\ESET\Install\engine.nup
C:\Program Files\ESET\Install\main.dll
C:\Program Files\ESET\Install\mainlang.dll
C:\Program Files\ESET\Install\mfc42.dll
C:\Program Files\ESET\Install\mfc42u.dll
C:\Program Files\ESET\Install\msvcrt.dll
C:\Program Files\ESET\Install\ntbasefr.nup
C:\Program Files\ESET\Install\ntinetfr.nup
C:\Program Files\ESET\Install\ntstdfr.nup
C:\Program Files\ESET\Install\pwscan.nup
C:\Program Files\ESET\Install\readme.txt
C:\Program Files\ESET\Install\setup.exe
C:\Program Files\ESET\Install\setup.xml
C:\Program Files\ESET\Install\utilmod.nup
C:\Program Files\ESET\logs\nod32\NDL1512.DAT
C:\Program Files\ESET\logs\nod32\NDL15810.DAT
C:\Program Files\ESET\logs\nod32\NDL16826.DAT
C:\Program Files\ESET\logs\nod32\NDL18402.DAT
C:\Program Files\ESET\logs\nod32\NDL19071.DAT
C:\Program Files\ESET\logs\nod32\NDL19213.DAT
C:\Program Files\ESET\logs\nod32\NDL19456.DAT
C:\Program Files\ESET\logs\nod32\NDL20816.DAT
C:\Program Files\ESET\logs\nod32\NDL22273.DAT
C:\Program Files\ESET\logs\nod32\NDL22468.DAT
C:\Program Files\ESET\logs\nod32\NDL22718.DAT
C:\Program Files\ESET\logs\nod32\NDL24100.DAT
C:\Program Files\ESET\logs\nod32\NDL24197.DAT
C:\Program Files\ESET\logs\nod32\NDL24310.DAT
C:\Program Files\ESET\logs\nod32\NDL2517.DAT
C:\Program Files\ESET\logs\nod32\NDL26910.DAT
C:\Program Files\ESET\logs\nod32\NDL28780.DAT
C:\Program Files\ESET\logs\nod32\NDL29787.DAT
C:\Program Files\ESET\logs\nod32\NDL30198.DAT
C:\Program Files\ESET\logs\nod32\NDL30269.DAT
C:\Program Files\ESET\logs\nod32\NDL31454.DAT
C:\Program Files\ESET\logs\nod32\NDL31513.DAT
C:\Program Files\ESET\logs\nod32\NDL32262.DAT
C:\Program Files\ESET\logs\nod32\NDL3697.DAT
C:\Program Files\ESET\logs\nod32\NDL4514.DAT
C:\Program Files\ESET\logs\nod32\NDL5701.DAT
C:\Program Files\ESET\logs\nod32\NDL6484.DAT
C:\Program Files\ESET\logs\nod32\NDL7460.DAT
C:\Program Files\ESET\logs\nod32\NDL945.DAT
C:\Program Files\ESET\logs\nod32\NDL9537.DAT
C:\Program Files\ESET\logs\virlog.dat
C:\Program Files\ESET\logs\warnlog.dat
C:\Program Files\ESET\nod.ovl
C:\Program Files\ESET\nod32.002
C:\Program Files\ESET\nod32.003
C:\Program Files\ESET\nod32.004
C:\Program Files\ESET\nod32.005
C:\Program Files\ESET\nod32.006
C:\Program Files\ESET\nod32.007
C:\Program Files\ESET\nod32.chm
C:\Program Files\ESET\nod32.exe
C:\Program Files\ESET\nod32.log
C:\Program Files\ESET\nod32api.dll
C:\Program Files\ESET\nod32ari.dll
C:\Program Files\ESET\nod32aui.dll
C:\Program Files\ESET\nod32fix.reg
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\ESET\nod32krr.dll
C:\Program Files\ESET\nod32kui.chm
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\ESET\nod32r.dll
C:\Program Files\ESET\nod32rui.dll
C:\Program Files\ESET\nodshex.dll
C:\Program Files\ESET\nodshex64.dll
C:\Program Files\ESET\pr_amon.dll
C:\Program Files\ESET\pr_dmon.dll
C:\Program Files\ESET\pr_emon.dll
C:\Program Files\ESET\pr_imon.dll
C:\Program Files\ESET\pr_nod32.dll
C:\Program Files\ESET\pr_upd.dll
C:\Program Files\ESET\ps_amon.dll
C:\Program Files\ESET\ps_amon64.dll
C:\Program Files\ESET\ps_dmon.dll
C:\Program Files\ESET\ps_emon.dll
C:\Program Files\ESET\ps_nod32.dll
C:\Program Files\ESET\ps_upd.dll
C:\Program Files\ESET\pu_amon.chm
C:\Program Files\ESET\pu_amon.dll
C:\Program Files\ESET\pu_dmon.chm
C:\Program Files\ESET\pu_dmon.dll
C:\Program Files\ESET\pu_emon.chm
C:\Program Files\ESET\pu_emon.dll
C:\Program Files\ESET\pu_imon.chm
C:\Program Files\ESET\pu_imon.dll
C:\Program Files\ESET\pu_nod32.dll
C:\Program Files\ESET\pu_upd.chm
C:\Program Files\ESET\pu_upd.dll
C:\Program Files\ESET\readme.txt
C:\Program Files\ESET\Setup\[u]0[/u]0\krnstp.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\krnstpr.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\krnvis.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\pr_upd.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\ps_upd.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\pu_upd.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\ps_amon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\ps_dmon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\ps_nod32.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\pu_amon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\pu_dmon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\pu_nod32.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\imon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pr_emon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pr_imon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\ps_emon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pu_emon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pu_imon.dll
C:\Program Files\ESET\Setup\main.dll
C:\Program Files\ESET\Setup\mainlang.dll
C:\Program Files\ESET\Setup\setup.exe
C:\Program Files\ESET\Setup\uninst.xml
C:\Program Files\ESET\sporder.dll
C:\Program Files\ESET\unins000.dat
C:\Program Files\ESET\unins000.exe
C:\Program Files\ESET\updfiles\lastupd.ver
C:\Program Files\ESET\updfiles\nod0A35.nup
C:\Program Files\ESET\updfiles\nod103E.nup
C:\Program Files\ESET\updfiles\nod25F0.nup
C:\Program Files\ESET\updfiles\nod290C.nup
C:\Program Files\ESET\updfiles\nod29E5.nup
C:\Program Files\ESET\updfiles\nod2B25.nup
C:\Program Files\ESET\updfiles\nod3320.nup
C:\Program Files\ESET\updfiles\nod3777.nup
C:\Program Files\ESET\updfiles\nod44F2.nup
C:\Program Files\ESET\updfiles\nod44F7.nup
C:\Program Files\ESET\updfiles\nod4D81.nup
C:\Program Files\ESET\updfiles\nod5B99.nup
C:\Program Files\ESET\updfiles\nod6A59.nup
C:\Program Files\ESET\updfiles\nod7A71.nup
C:\Program Files\ESET\updfiles\nod7CA6.nup
C:\Program Files\ESET\updfiles\upd.ver
C:\Program Files\ESET\updfiles\upd0904.ver
C:\Program Files\ESET\updfiles\upd14D6.ver
C:\Program Files\ESET\updfiles\upd297F.ver
C:\Program Files\ESET\updfiles\upd346D.ver
C:\Program Files\ESET\updfiles\upd37DF.ver
C:\Program Files\ESET\updfiles\upd440C.ver
C:\Program Files\ESET\updfiles\upd4DD9.ver
C:\Program Files\ESET\updfiles\upd4FCC.ver
C:\Program Files\ESET\updfiles\upd5C87.ver
C:\Program Files\ESET\updfiles\upd68BD.ver
C:\Program Files\ESET\updfiles\upd68C2.ver
C:\Program Files\ESET\updfiles\upd6B2E.ver
C:\WINDOWS\system32\tuvUMeDv.dll
C:\WINDOWS\system32\vDeMUvut.ini
C:\WINDOWS\system32\vDeMUvut.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.
2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 22:22 . 2008-04-07 22:22 3,957,818 --a------ C:\upload_moi_PC.tar.gz
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll
2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_18.51.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-09 17:15:42 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:42 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-09 17:15:29 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:29 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 21:34:46
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-10 21:40:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 19:40:31
ComboFix2.txt 2008-04-09 16:52:21
Pre-Run: 32,698,007,552 octets libres
Post-Run: 32,705,687,552 octets libres
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
10 avril 2008 à 22:00
10 avril 2008 à 22:00
on continue
sacrée infection
files::
C:\WINDOWS\system32\urqrsrr.Vdll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\urqrsrr.V03dll
registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
sacrée infection
files::
C:\WINDOWS\system32\urqrsrr.Vdll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\urqrsrr.V03dll
registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
ComboFix 08-04-08.10 - BIBIZ 2008-04-10 22:07:38.5 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.
2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 22:22 . 2008-04-07 22:22 3,957,818 --a------ C:\upload_moi_PC.tar.gz
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.
------- Sigcheck -------
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll
2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_18.51.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-09 17:15:42 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:42 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-09 17:15:29 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:29 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 22:11:03
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Temps d'accomplissement: 2008-04-10 22:13:19
ComboFix-quarantined-files.txt 2008-04-10 20:12:44
ComboFix2.txt 2008-04-09 16:52:21
Pre-Run: 32,630,079,488 octets libres
Post-Run: 32,621,473,792 octets libres
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.
2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 22:22 . 2008-04-07 22:22 3,957,818 --a------ C:\upload_moi_PC.tar.gz
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.
------- Sigcheck -------
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll
2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_18.51.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-09 17:15:42 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:42 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-09 17:15:29 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:29 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 22:11:03
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Temps d'accomplissement: 2008-04-10 22:13:19
ComboFix-quarantined-files.txt 2008-04-10 20:12:44
ComboFix2.txt 2008-04-09 16:52:21
Pre-Run: 32,630,079,488 octets libres
Post-Run: 32,621,473,792 octets libres
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
10 avril 2008 à 23:03
10 avril 2008 à 23:03
c'est repartis
files::
C:\WINDOWS\system32\urqrsrr.Vdll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\urqrsrr.V03dll
folder::
C:\Documents and Settings\BIBIZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\MSHist012008040820080409\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BIBIZ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\upload_moi_PC.tar.gz
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqQgEtQ.dll Infected: Packed.Win32.Monder.gen skipped
registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"
"iconcache"=
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ouso"="
ccleaner"=
files::
C:\WINDOWS\system32\urqrsrr.Vdll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\urqrsrr.V03dll
folder::
C:\Documents and Settings\BIBIZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\MSHist012008040820080409\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BIBIZ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\upload_moi_PC.tar.gz
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqQgEtQ.dll Infected: Packed.Win32.Monder.gen skipped
registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"
"iconcache"=
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ouso"="
ccleaner"=