Infecté par adware virtumonde

Fermé

bibiz - 7 avril 2008 à 18:42
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 - 18 avril 2008 à 13:10

Bonjour,

Mon antivirus NOD32 a détecté le virus adware virtumonde et ne peut le supprimer

Besoin d'aide car mon PC est mon outil de travail, et l'arrivée de pubs intempestives pendant le bouleau n'est pas top

Merci de votre aide

voici l'analyse de hijackthis :

Scan saved at 18:39:42, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\msn.com
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis_199.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKLM\..\Run: [4400c3ae] rundll32.exe "C:\WINDOWS\system32\elfwsmvc.dll",b
O4 - HKLM\..\Run: [BM4733f032] Rundll32.exe "C:\WINDOWS\system32\umfjwlqo.dll",s
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

A voir également:

Infecté par adware virtumonde
Adware cleaner - Télécharger - Antivirus & Antimalwares
L'ordinateur d'arthur a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? ✓ - Forum Virus
Virus non détecté par mon anti-virus ? ✓ - Forum Antivirus
L'ordinateur de mustapha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
Adware crossrider ✓ - Forum Virus

47 réponses

Réponse 1 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
7 avril 2008 à 18:55

salut à toi bibiz

Télécharge Combofix (de sUBs) sur ton Bureau. http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

Réponse 2 / 47

bibiz
7 avril 2008 à 19:44

voici le rapport combofix

merci d'avance de ton aide

ComboFix 08-04-06.1 - BIBIZ 2008-04-07 19:23:24.1 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\curity~1
C:\Program Files\curity~1\??curity\
C:\WINDOWS\BM4733f032.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alnkalhp.dll
C:\WINDOWS\system32\awtuSIbC.dll
C:\WINDOWS\system32\cbmwlwnm.ini
C:\WINDOWS\system32\cbXQjhEU.dll
C:\WINDOWS\system32\CeMSAcdd.ini
C:\WINDOWS\system32\CeMSAcdd.ini2
C:\WINDOWS\system32\cvmswfle.ini
C:\WINDOWS\system32\cxulcqnn.dll
C:\WINDOWS\system32\ddcASMeC.dll
C:\WINDOWS\system32\elfwsmvc.dll
C:\WINDOWS\system32\fccddeDT.dll
C:\WINDOWS\system32\gkvjjmbu.dll
C:\WINDOWS\system32\koiktoaq.dll
C:\WINDOWS\system32\ljJyVPFY.dll
C:\WINDOWS\system32\mlJASKEV.dll
C:\WINDOWS\system32\mnwlwmbc.dll
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\oyictlrg.dll
C:\WINDOWS\system32\ppjyxkoq.ini
C:\WINDOWS\system32\ppjyxkoq.ini2
C:\WINDOWS\system32\ppjyxkoq.tmp
C:\WINDOWS\system32\qoMfcdAs.dll
C:\WINDOWS\system32\QsYHNnpo.ini
C:\WINDOWS\system32\QsYHNnpo.ini2
C:\WINDOWS\system32\rfaehgbw.dll
C:\WINDOWS\system32\rqRLdAPi.dll
C:\WINDOWS\system32\sfyhcxyg.dll
C:\WINDOWS\system32\ssqNFXpn.dll
C:\WINDOWS\system32\sysdm.exe
C:\WINDOWS\system32\tuvVOHxX.dll
C:\WINDOWS\system32\umfjwlqo.dll
C:\WINDOWS\system32\urqrsrr.dll
C:\WINDOWS\system32\wvUoPgDt.dll
C:\WINDOWS\system32\xhcafvet.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.

2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 16:55 --------- d-----w C:\Program Files\Palm
2008-04-01 16:46 --------- d-----w C:\Program Files\emule
2008-02-09 15:53 --------- d-----w C:\Program Files\ESET
.

------- Sigcheck -------

2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll

2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 18:23 282624]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-07-20 19:05 921600]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Windows live Messenger"="msn.com" [2008-03-17 14:40 442598 C:\WINDOWS\msn.com]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
urqrsrr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.tscc"= tsccvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 19:33:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-07 19:37:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 17:37:23
Pre-Run: 30,959,906,816 octets libres
Post-Run: 31,152,525,312 octets libres

Réponse 3 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
7 avril 2008 à 20:17

copie colle le texte ci dessous.

files::
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini

folder::
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

bibiz
7 avril 2008 à 20:48

Rapport de COMBOFIX :

ComboFix 08-04-06.1 - BIBIZ 2008-04-07 20:38:22.2 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.

2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 16:55 --------- d-----w C:\Program Files\Palm
2008-04-01 16:46 --------- d-----w C:\Program Files\emule
2008-02-09 15:53 --------- d-----w C:\Program Files\ESET
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.

------- Sigcheck -------

2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll

2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 18:23 282624]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-07-20 19:05 921600]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Windows live Messenger"="msn.com" [2008-03-17 14:40 442598 C:\WINDOWS\msn.com]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]

C:\Documents and Settings\BIBIZ\Menu D‚marrer\Programmes\D‚marrage\
Palm Registration.lnk - C:\Program Files\Palm\register.exe [2006-11-04 15:41:28 2494464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
urqrsrr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.tscc"= tsccvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 20:42:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Temps d'accomplissement: 2008-04-07 20:44:05
ComboFix-quarantined-files.txt 2008-04-07 18:43:37
ComboFix2.txt 2008-04-07 17:37:52
Pre-Run: 31,147,909,120 octets libres
Post-Run: 31,139,090,432 octets libres

Rapport dehijackthis

Logfile of HijackThis v1.99.1
Scan saved at 20:45, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: urqrsrr - urqrsrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Réponse 4 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
7 avril 2008 à 20:59

on va faire autrement supprime ta version de combofix en premier et ta version hijackthis.

1/ Télécharge VundoFix.exe :http://www.atribune.org/ccount/click.php?id=4

Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok

Poste le rapport qui se trouve dans C:\vundofix.txt

2/ Télécharge Combofix (par sUBs) sur ton Bureau.http://download.bleepingcomputer.com/sUBs/ComboFix.exe (Tuto)http://mickael.barroux.free.fr/securite/combofix.php
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

3)Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : http://www.infos-du-net.com/forum/271838-11-tuto-utiliser-hijackthis

bibiz
7 avril 2008 à 21:24

Aucun fichier infecté suivant vundofix voici le scan, la suite arrive :

Beginning removal...

VundoFix V7.0.3

Scan started at 21:15:11 07/04/2008

Listing files found while scanning....

No infected files were found.

bibiz
7 avril 2008 à 21:31

Combofix se lance mais ne fait pas comme tout a lheure, il se coupe juste après son lancement

sinon voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: urqrsrr - urqrsrr.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
7 avril 2008 à 22:01

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES : http://dcangeldark.blogspot.com/2008/02/hijackthis-202-corriger-des-lignes.html

O20 - Winlogon Notify: urqrsrr - urqrsrr.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt!

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Télécharge sur ton bureau : http://www.malekal.com/download/clean.zip (de Malekal) >Tuto<:http://mickael.barroux.free.fr/securite/clean.php
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/toolscleaner 34055291 avis opinions.php3

Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

* Clique sur Recherche et laisse le scan agir ...
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

une fois que tu as fais tout ça tu redémarre ton pc et tu garde juste tools cleaner il nous servira tout à l'heure.

bibiz
7 avril 2008 à 22:40

Voici le rapport :

C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04072008_221330

Voici le rapport :

Veuillez svp envoyer le fichier C:\upload_moi_PC.tar.gz a l'adresse http://upload.malekal.com

D'ailleurs il ne veut pas me le prendre, le fichier est invalide ??????

Suite des rapports :

07/04/2008 a 22:21:26,31

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files

Dernier rapport :

-->- Recherche:

C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\Clean: trouvé !
C:\Documents and Settings\BIBIZ\Bureau\clean\Clean: trouvé !
C:\Documents and Settings\BIBIZ\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe: trouvé !
C:\Documents and Settings\BIBIZ\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\BIBIZ\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe: supprimé !
C:\Documents and Settings\BIBIZ\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: Erreur de suppression !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\BIBIZ\Bureau\Clean: Erreur de suppression !
C:\Documents and Settings\BIBIZ\Bureau\clean\Clean: Erreur de suppression !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Réponse 6 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
7 avril 2008 à 22:59

ok très bien retélécharge hijacktis dans les liens plus haut.

e , on va regarder si il en reste

Télécharge ComboFix [:eric_71] ici:http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Un rapport est généré , Copie / Colle le dans ta réponse
Tu peux aussi trouver ce rapport ici : C:\Combofix.txt

et après ça tu me refais un hijackthis.

bibiz
7 avril 2008 à 23:10

Combofix ne se lance pas, il s'arrete juste après l'apparition de la fenêtre bleu ????? Que faire

Sinon voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Réponse 7 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
7 avril 2008 à 23:37

Relance HijackThis, clique sur "do a system scan only", coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Redémarre le PC

et enfin pour finir

Télécharge AVG Anti-Spyware Installes-le.https://www.avg.com/en-ww/free-antivirus-download
Si le lien ne fonctionne pas : >Clique ici:https://filehippo.com/download_avg_antispyware/
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment. Fais un clique droit en bas à droite sur l'îcone d'avg, et désactive la case pour démarrer avec windows.
Redémarre en mode sans échec:http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions" en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.

Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.https://www.kaspersky.fr/downloads (Tuto:http://www.infos-du-net.com/forum/267224-11-scan-ligne-kaspersky
Autorise les active x.
Clique sur Démarrer Online Scanner.

Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.

bibiz
8 avril 2008 à 19:28

Bonjour mon sauveur informatique
je t'envois les différents rapport que tu m'as demandé hier soir

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:26 08/04/2008

+ Résultat de l'analyse:

C:\Documents and Settings\BIBIZ\Cookies\bibiz@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@cetelem.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BIBIZ\Cookies\bibiz@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.

Fin du rapport

Réponse 8 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
8 avril 2008 à 19:31

salut bibiz

tu me refais un dernier rapport hijackthis stp.

bibiz
8 avril 2008 à 21:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\msn.com
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKLM\..\Run: [BM4733f032] Rundll32.exe "C:\WINDOWS\system32\ygrmjxil.dll",s
O4 - HKLM\..\Run: [4400c3ae] rundll32.exe "C:\WINDOWS\system32\wkypdudw.dll",b
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Réponse 9 / 47

bibiz
8 avril 2008 à 21:00

Je fais le dernier scan que tu m'as demandé hier ( kaperski )et ensuite je te file le hijackthis

Réponse 10 / 47

bibiz
8 avril 2008 à 21:21

KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 08, 2008 9:17:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/04/2008
Kaspersky Anti-Virus database records: 690384
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 37190
Number of viruses found: 35
Number of infected objects: 171
Number of suspicious objects: 0
Duration of the scan process: 01:40:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\BIBIZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\MSHist012008040820080409\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BIBIZ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\1OLKEBAA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fe skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\B03JSWBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\B4ACO2BA.NQF Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\ESET\infected\BCP1WIAA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\BNM1IKDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\FT0M2SCA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF RarSFX: infected - 5 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF PE-Crypt.XorPE: infected - 5 skipped
C:\Program Files\ESET\infected\GCSEBIAA.NQF Infected: Backdoor.Win32.IRCBot.cgh skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\HOFYZ3CA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\J1OOA0CA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ex skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KVOSHMAA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\NAELT2DA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\O5XUQIDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\PBL1WQAA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\PLQERLAA.NQF Infected: Backdoor.Win32.IRCBot.byq skipped
C:\Program Files\ESET\infected\R1E0IYBA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\S34IPFAA.NQF Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\Program Files\ESET\infected\SWUVYVDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\USOFWMBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\ESET\infected\V3RRN4BA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ey skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.404Search.l skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\Y1LAKQCA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\Y2W2U5BA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\YQ5A1IAA.NQF Infected: not-a-virus:AdWare.Win32.Ucmore.g skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137550.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137551.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137552.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137553.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137554.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137594.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP304\A0138954.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138990.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138991.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138992.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138993.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwy skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138994.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138996.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138998.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139000.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139001.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mef skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP307\change.log Object is locked skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/alnkalhp.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/awtuSIbC.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/cbXQjhEU.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/fccddeDT.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/gkvjjmbu.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ljJyVPFY.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mlJASKEV.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mnwlwmbc.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/oyictlrg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/qoMfcdAs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ssqNFXpn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/tuvVOHxX.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/wvUoPgDt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/ddcASMeC.dll Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqrsrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz GZIP: infected - 19 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cbXQiifg.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\efcDVmJA.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\qcsnqqhh.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\tuvUMeDv.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqQgEtQ.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqrsrr.V00dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V01dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V02dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V03dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.Vdll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wkypdudw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ygrmjxil.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Réponse 11 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
9 avril 2008 à 00:26

re bibiz

hou là il y en à encore

Copie le texte en gras ci-dessous:

files::
C:\WINDOWS\system32\urqrsrr.V03dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.Vdll

folder::
C:\Program Files\Palm\register.exe [2006-11-04 15:41:28 2494464]
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-22 15:41]

registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=
"Ouso"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iconcache"=
"QuickTime Task"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]
urqrsrr.dll

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

si combofix ne réagit pas poste juste un hijackthis.

Réponse 12 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
9 avril 2008 à 00:54

comme je ne suis pas là demain soir
ensuite tu fais ça.

Télécharge SDFix:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Guide d'utilisation : http://mickael.barroux.free.fr/securite/sdfix.php

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

* Redémarre ton ordinateur
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.

Déroule la liste des instructions ci-dessous :

* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

N.B.:
- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
- Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

+ nouveau rapport hijackthis.

bibiz
9 avril 2008 à 19:04

Slt

voici les différents rapport que tu m'as demandé

ComboFix 08-04-08.10 - BIBIZ 2008-04-09 18:33:01.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.49 [GMT 2:00]
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM4733f032.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXQiifg.dll
C:\WINDOWS\system32\efcBsQGX.dll
C:\WINDOWS\system32\efcDVmJA.dll
C:\WINDOWS\system32\geBtTKCr.dll
C:\WINDOWS\system32\nnnKbCvu.dll
C:\WINDOWS\system32\nnnoPJbC.dll
C:\WINDOWS\system32\pmnkLDUo.dll
C:\WINDOWS\system32\qcsnqqhh.dll
C:\WINDOWS\system32\urqPiJax.dll
C:\WINDOWS\system32\urqQgEtQ.dll
C:\WINDOWS\system32\vDeMUvut.ini
C:\WINDOWS\system32\vDeMUvut.ini2
C:\WINDOWS\system32\wdudpykw.ini
C:\WINDOWS\system32\wkypdudw.dll
C:\WINDOWS\system32\wvUoOIYq.dll
C:\WINDOWS\system32\ygrmjxil.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 19:49 . 2008-04-08 19:49 269,824 --a------ C:\WINDOWS\system32\tuvUMeDv.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 22:22 . 2008-04-07 22:22 3,957,818 --a------ C:\upload_moi_PC.tar.gz
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 15:53 --------- d-----w C:\Program Files\ESET
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.

------- Sigcheck -------

2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll

2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BEF4ADC-BE4F-460D-A75B-6F61955A744A}]
2008-04-08 19:49 269824 --a------ C:\WINDOWS\system32\tuvUMeDv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-07-20 19:05 921600]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Windows live Messenger"="msn.com" [2008-03-17 14:40 442598 C:\WINDOWS\msn.com]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 18:45:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-09 18:52:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 16:52:02
Pre-Run: 31,052,193,792 octets libres
Post-Run: 31,287,939,072 octets libres

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\msn.com
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Réponse 13 / 47

bibiz
9 avril 2008 à 19:43

[b]SDFix: Version 1.168 /b
Run by BIBIZ on 09/04/2008 at 19:19

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\BIBIZ\Bureau\SDFix

[b]Checking Services /b:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files /b:

No Trojan Files Found

Removing Temp Files

[b]ADS Check /b:

[b]Final Check /b:

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 19:30:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:bc89086c
"s2"=dword:037cb4f3
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:81,1e,9d,04,fe,bb,55,88,06,d1,95,1a,2c,e7,7d,a3,ec,e5,7f,cc,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:81,1e,9d,04,fe,bb,55,88,06,d1,95,1a,2c,e7,7d,a3,ec,e5,7f,cc,7a,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files /b:

File Backups: - C:\DOCUME~1\BIBIZ\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Mon 17 Mar 2008 442,598 ..SHR --- "C:\WINDOWS\msn.com"
Wed 4 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sat 16 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

[b]Finished!/b

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Réponse 14 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
10 avril 2008 à 17:19

salut bibiz

Comment ce porte ton pc?

refais une analyse avec kaspersky et envois moi le rapport suivie d'un autre hijackthis.

télécharge ToolsCleaner sur ton bureau.
une fois installé tu fais "rechercher"
et ensuite tu fais supprimé.

tu fais l'analyse kaspersky et l'hijackthis avant tools cleaner.

on arrive au bout.

Réponse 15 / 47

bibiz
10 avril 2008 à 20:20

Slt je crois que les rapports ne sont pas de bonnes nouvelles

KASPERSKY ONLINE SCANNER REPORT
Thursday, April 10, 2008 8:16:27 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/04/2008
Kaspersky Anti-Virus database records: 696026
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 34863
Number of viruses found: 35
Number of infected objects: 192
Number of suspicious objects: 0
Duration of the scan process: 01:13:48

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\BIBIZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\MSHist012008041020080411\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BIBIZ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\1OLKEBAA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\1ZOEVNDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fe skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\20I4XYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\2DRNFEDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\45HNCDCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4NNMPEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\4UJ1PJBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\B03JSWBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\B4ACO2BA.NQF Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\ESET\infected\BCP1WIAA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\BNM1IKDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\FBQ42PCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\FT0M2SCA.NQF Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF RarSFX: infected - 5 skipped
C:\Program Files\ESET\infected\G11IZAAA.NQF PE-Crypt.XorPE: infected - 5 skipped
C:\Program Files\ESET\infected\GCSEBIAA.NQF Infected: Backdoor.Win32.IRCBot.cgh skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\HN2JLTCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\HOFYZ3CA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\J1OOA0CA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.fj skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ex skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\JACLVSBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\KEMNDKCA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\KVOSHMAA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\NAELT2DA.NQF Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\ESET\infected\O5XUQIDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\P31M2FBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\PBL1WQAA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\PLQERLAA.NQF Infected: Backdoor.Win32.IRCBot.byq skipped
C:\Program Files\ESET\infected\R1E0IYBA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\R2F3J2CA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\S34IPFAA.NQF Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\Program Files\ESET\infected\SWUVYVDA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\TIN1XMDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\USOFWMBA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\ESET\infected\V3RRN4BA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W2JCLWBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.ey skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\W3SOHEBA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.404Search.l skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\W3YOS1AA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.gx skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\XLL5WYDA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\Y1LAKQCA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\Y2W2U5BA.NQF Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\ESET\infected\YQ5A1IAA.NQF Infected: not-a-virus:AdWare.Win32.Ucmore.g skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQiifg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcBsQGX.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcDVmJA.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\geBtTKCr.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnKbCvu.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnoPJbC.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkLDUo.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qcsnqqhh.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPiJax.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wkypdudw.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUoOIYq.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ygrmjxil.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqQgEtQ.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137550.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137551.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137552.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137553.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137554.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP296\A0137594.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP304\A0138954.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138990.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138991.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138992.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138993.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwy skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138994.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138996.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138998.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0138999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139000.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139001.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mef skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP305\A0139009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140406.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140407.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140408.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140409.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140410.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140411.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140412.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140413.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140414.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140415.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140416.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP308\A0140417.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6372183C-91D5-41BD-AA8A-F7FDA4A8A8D7}\RP309\change.log Object is locked skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/internet.exe Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/alnkalhp.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/awtuSIbC.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/cbXQjhEU.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/fccddeDT.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/gkvjjmbu.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ljJyVPFY.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mlJASKEV.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/mnwlwmbc.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/oyictlrg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/qoMfcdAs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ssqNFXpn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lud skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/tuvVOHxX.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mde skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/wvUoPgDt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/ddcASMeC.dll Infected: Packed.Win32.Monder.gen skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqrsrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-04-07_193244.18.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz/upload_moi.tar Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\upload_moi_PC.tar.gz GZIP: infected - 19 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\tuvUMeDv.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqrsrr.V00dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V01dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V02dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.V03dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\urqrsrr.Vdll Infected: not-a-virus:AdWare.Win32.Virtumonde.kts skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\BIBIZ\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Agendatronic Alarm] C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ouso] "C:\PROGRA~1\CURITY~1\explorer.exe" -vt yazb
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Réponse 16 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
10 avril 2008 à 21:13

ok

voilà ce que tu va faire tu fais comme l'autre foid copie/colle dans combofix n'oublie pas de renomer le bloc note.

files::
C:\WINDOWS\system32\urqrsrr.V03dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\urqrsrr.Vdll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\wuaueng.dll.mui
C:\WINDOWS\system32\wuapi.dll.mui
C:\WINDOWS\system32\wuaucpl.cpl.mui
C:\WINDOWS\system32\wucltui.dll.mui
C:\WINDOWS\system32\wups2.dll
C:\WINDOWS\memo.ini

folder::
C:\Program Files\ESET

registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BEF4ADC-BE4F-460D-A75B-6F61955A744A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=
"Ouso"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iconcache"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

on va devoir faire en plusieurs fois.
envois le rapport après.

Réponse 17 / 47

bibiz
10 avril 2008 à 21:44

le voici

bon courage

ComboFix 08-04-08.10 - BIBIZ 2008-04-10 21:22:29.4 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ESET
C:\Program Files\ESET\cache\CACHE.NDB
C:\Program Files\ESET\dmon.dll
C:\Program Files\ESET\emon.dll
C:\Program Files\ESET\eset.chm
C:\Program Files\ESET\infected\[u]0[/u]4IPD4DA.NQF
C:\Program Files\ESET\infected\[u]0[/u]4IPD4DA.NQI
C:\Program Files\ESET\infected\1BDOHTCA.NQF
C:\Program Files\ESET\infected\1BDOHTCA.NQI
C:\Program Files\ESET\infected\1JP1DNAA.NQF
C:\Program Files\ESET\infected\1JP1DNAA.NQI
C:\Program Files\ESET\infected\1OLKEBAA.NQF
C:\Program Files\ESET\infected\1OLKEBAA.NQI
C:\Program Files\ESET\infected\1SCXXADA.NQF
C:\Program Files\ESET\infected\1SCXXADA.NQI
C:\Program Files\ESET\infected\1ZOEVNDA.NQF
C:\Program Files\ESET\infected\1ZOEVNDA.NQI
C:\Program Files\ESET\infected\20I4XYDA.NQF
C:\Program Files\ESET\infected\20I4XYDA.NQI
C:\Program Files\ESET\infected\2DRNFEDA.NQF
C:\Program Files\ESET\infected\2DRNFEDA.NQI
C:\Program Files\ESET\infected\2WIJO0BA.NQF
C:\Program Files\ESET\infected\2WIJO0BA.NQI
C:\Program Files\ESET\infected\45HNCDCA.NQF
C:\Program Files\ESET\infected\45HNCDCA.NQI
C:\Program Files\ESET\infected\4NNMPEBA.NQF
C:\Program Files\ESET\infected\4NNMPEBA.NQI
C:\Program Files\ESET\infected\4UJ1PJBA.NQF
C:\Program Files\ESET\infected\4UJ1PJBA.NQI
C:\Program Files\ESET\infected\B03JSWBA.NQF
C:\Program Files\ESET\infected\B03JSWBA.NQI
C:\Program Files\ESET\infected\B4ACO2BA.NQF
C:\Program Files\ESET\infected\B4ACO2BA.NQI
C:\Program Files\ESET\infected\BCP1WIAA.NQF
C:\Program Files\ESET\infected\BCP1WIAA.NQI
C:\Program Files\ESET\infected\BNM1IKDA.NQF
C:\Program Files\ESET\infected\BNM1IKDA.NQI
C:\Program Files\ESET\infected\CUENZ2AA.NQF
C:\Program Files\ESET\infected\CUENZ2AA.NQI
C:\Program Files\ESET\infected\DHNOM3AA.NQF
C:\Program Files\ESET\infected\DHNOM3AA.NQI
C:\Program Files\ESET\infected\FBQ42PCA.NQF
C:\Program Files\ESET\infected\FBQ42PCA.NQI
C:\Program Files\ESET\infected\FT0M2SCA.NQF
C:\Program Files\ESET\infected\FT0M2SCA.NQI
C:\Program Files\ESET\infected\G11IZAAA.NQF
C:\Program Files\ESET\infected\G11IZAAA.NQI
C:\Program Files\ESET\infected\GCSEBIAA.NQF
C:\Program Files\ESET\infected\GCSEBIAA.NQI
C:\Program Files\ESET\infected\HN2JLTCA.NQF
C:\Program Files\ESET\infected\HN2JLTCA.NQI
C:\Program Files\ESET\infected\HOFYZ3CA.NQF
C:\Program Files\ESET\infected\HOFYZ3CA.NQI
C:\Program Files\ESET\infected\J1OOA0CA.NQF
C:\Program Files\ESET\infected\J1OOA0CA.NQI
C:\Program Files\ESET\infected\JACLVSBA.NQF
C:\Program Files\ESET\infected\JACLVSBA.NQI
C:\Program Files\ESET\infected\K40TG3CA.NQF
C:\Program Files\ESET\infected\K40TG3CA.NQI
C:\Program Files\ESET\infected\KEMNDKCA.NQF
C:\Program Files\ESET\infected\KEMNDKCA.NQI
C:\Program Files\ESET\infected\KVOSHMAA.NQF
C:\Program Files\ESET\infected\KVOSHMAA.NQI
C:\Program Files\ESET\infected\NAELT2DA.NQF
C:\Program Files\ESET\infected\NAELT2DA.NQI
C:\Program Files\ESET\infected\O5XUQIDA.NQF
C:\Program Files\ESET\infected\O5XUQIDA.NQI
C:\Program Files\ESET\infected\P31M2FBA.NQF
C:\Program Files\ESET\infected\P31M2FBA.NQI
C:\Program Files\ESET\infected\PBL1WQAA.NQF
C:\Program Files\ESET\infected\PBL1WQAA.NQI
C:\Program Files\ESET\infected\PLQERLAA.NQF
C:\Program Files\ESET\infected\PLQERLAA.NQI
C:\Program Files\ESET\infected\R1E0IYBA.NQF
C:\Program Files\ESET\infected\R1E0IYBA.NQI
C:\Program Files\ESET\infected\R2F3J2CA.NQF
C:\Program Files\ESET\infected\R2F3J2CA.NQI
C:\Program Files\ESET\infected\S34IPFAA.NQF
C:\Program Files\ESET\infected\S34IPFAA.NQI
C:\Program Files\ESET\infected\SWUVYVDA.NQF
C:\Program Files\ESET\infected\SWUVYVDA.NQI
C:\Program Files\ESET\infected\TIN1XMDA.NQF
C:\Program Files\ESET\infected\TIN1XMDA.NQI
C:\Program Files\ESET\infected\U1G3V0BA.NQF
C:\Program Files\ESET\infected\U1G3V0BA.NQI
C:\Program Files\ESET\infected\USOFWMBA.NQF
C:\Program Files\ESET\infected\USOFWMBA.NQI
C:\Program Files\ESET\infected\V3RRN4BA.NQF
C:\Program Files\ESET\infected\V3RRN4BA.NQI
C:\Program Files\ESET\infected\VENIVLAA.NQF
C:\Program Files\ESET\infected\VENIVLAA.NQI
C:\Program Files\ESET\infected\W2JCLWBA.NQF
C:\Program Files\ESET\infected\W2JCLWBA.NQI
C:\Program Files\ESET\infected\W3SOHEBA.NQF
C:\Program Files\ESET\infected\W3SOHEBA.NQI
C:\Program Files\ESET\infected\W3YOS1AA.NQF
C:\Program Files\ESET\infected\W3YOS1AA.NQI
C:\Program Files\ESET\infected\XLL5WYDA.NQF
C:\Program Files\ESET\infected\XLL5WYDA.NQI
C:\Program Files\ESET\infected\Y1LAKQCA.NQF
C:\Program Files\ESET\infected\Y1LAKQCA.NQI
C:\Program Files\ESET\infected\Y2W2U5BA.NQF
C:\Program Files\ESET\infected\Y2W2U5BA.NQI
C:\Program Files\ESET\infected\YQ5A1IAA.NQF
C:\Program Files\ESET\infected\YQ5A1IAA.NQI
C:\Program Files\ESET\Install\advheur.nup
C:\Program Files\ESET\Install\archs.nup
C:\Program Files\ESET\Install\charon.nup
C:\Program Files\ESET\Install\engine.nup
C:\Program Files\ESET\Install\main.dll
C:\Program Files\ESET\Install\mainlang.dll
C:\Program Files\ESET\Install\mfc42.dll
C:\Program Files\ESET\Install\mfc42u.dll
C:\Program Files\ESET\Install\msvcrt.dll
C:\Program Files\ESET\Install\ntbasefr.nup
C:\Program Files\ESET\Install\ntinetfr.nup
C:\Program Files\ESET\Install\ntstdfr.nup
C:\Program Files\ESET\Install\pwscan.nup
C:\Program Files\ESET\Install\readme.txt
C:\Program Files\ESET\Install\setup.exe
C:\Program Files\ESET\Install\setup.xml
C:\Program Files\ESET\Install\utilmod.nup
C:\Program Files\ESET\logs\nod32\NDL1512.DAT
C:\Program Files\ESET\logs\nod32\NDL15810.DAT
C:\Program Files\ESET\logs\nod32\NDL16826.DAT
C:\Program Files\ESET\logs\nod32\NDL18402.DAT
C:\Program Files\ESET\logs\nod32\NDL19071.DAT
C:\Program Files\ESET\logs\nod32\NDL19213.DAT
C:\Program Files\ESET\logs\nod32\NDL19456.DAT
C:\Program Files\ESET\logs\nod32\NDL20816.DAT
C:\Program Files\ESET\logs\nod32\NDL22273.DAT
C:\Program Files\ESET\logs\nod32\NDL22468.DAT
C:\Program Files\ESET\logs\nod32\NDL22718.DAT
C:\Program Files\ESET\logs\nod32\NDL24100.DAT
C:\Program Files\ESET\logs\nod32\NDL24197.DAT
C:\Program Files\ESET\logs\nod32\NDL24310.DAT
C:\Program Files\ESET\logs\nod32\NDL2517.DAT
C:\Program Files\ESET\logs\nod32\NDL26910.DAT
C:\Program Files\ESET\logs\nod32\NDL28780.DAT
C:\Program Files\ESET\logs\nod32\NDL29787.DAT
C:\Program Files\ESET\logs\nod32\NDL30198.DAT
C:\Program Files\ESET\logs\nod32\NDL30269.DAT
C:\Program Files\ESET\logs\nod32\NDL31454.DAT
C:\Program Files\ESET\logs\nod32\NDL31513.DAT
C:\Program Files\ESET\logs\nod32\NDL32262.DAT
C:\Program Files\ESET\logs\nod32\NDL3697.DAT
C:\Program Files\ESET\logs\nod32\NDL4514.DAT
C:\Program Files\ESET\logs\nod32\NDL5701.DAT
C:\Program Files\ESET\logs\nod32\NDL6484.DAT
C:\Program Files\ESET\logs\nod32\NDL7460.DAT
C:\Program Files\ESET\logs\nod32\NDL945.DAT
C:\Program Files\ESET\logs\nod32\NDL9537.DAT
C:\Program Files\ESET\logs\virlog.dat
C:\Program Files\ESET\logs\warnlog.dat
C:\Program Files\ESET\nod.ovl
C:\Program Files\ESET\nod32.002
C:\Program Files\ESET\nod32.003
C:\Program Files\ESET\nod32.004
C:\Program Files\ESET\nod32.005
C:\Program Files\ESET\nod32.006
C:\Program Files\ESET\nod32.007
C:\Program Files\ESET\nod32.chm
C:\Program Files\ESET\nod32.exe
C:\Program Files\ESET\nod32.log
C:\Program Files\ESET\nod32api.dll
C:\Program Files\ESET\nod32ari.dll
C:\Program Files\ESET\nod32aui.dll
C:\Program Files\ESET\nod32fix.reg
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\ESET\nod32krr.dll
C:\Program Files\ESET\nod32kui.chm
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\ESET\nod32r.dll
C:\Program Files\ESET\nod32rui.dll
C:\Program Files\ESET\nodshex.dll
C:\Program Files\ESET\nodshex64.dll
C:\Program Files\ESET\pr_amon.dll
C:\Program Files\ESET\pr_dmon.dll
C:\Program Files\ESET\pr_emon.dll
C:\Program Files\ESET\pr_imon.dll
C:\Program Files\ESET\pr_nod32.dll
C:\Program Files\ESET\pr_upd.dll
C:\Program Files\ESET\ps_amon.dll
C:\Program Files\ESET\ps_amon64.dll
C:\Program Files\ESET\ps_dmon.dll
C:\Program Files\ESET\ps_emon.dll
C:\Program Files\ESET\ps_nod32.dll
C:\Program Files\ESET\ps_upd.dll
C:\Program Files\ESET\pu_amon.chm
C:\Program Files\ESET\pu_amon.dll
C:\Program Files\ESET\pu_dmon.chm
C:\Program Files\ESET\pu_dmon.dll
C:\Program Files\ESET\pu_emon.chm
C:\Program Files\ESET\pu_emon.dll
C:\Program Files\ESET\pu_imon.chm
C:\Program Files\ESET\pu_imon.dll
C:\Program Files\ESET\pu_nod32.dll
C:\Program Files\ESET\pu_upd.chm
C:\Program Files\ESET\pu_upd.dll
C:\Program Files\ESET\readme.txt
C:\Program Files\ESET\Setup\[u]0[/u]0\krnstp.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\krnstpr.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\krnvis.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\pr_upd.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\ps_upd.dll
C:\Program Files\ESET\Setup\[u]0[/u]0\pu_upd.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\ps_amon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\ps_dmon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\ps_nod32.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\pu_amon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\pu_dmon.dll
C:\Program Files\ESET\Setup\[u]0[/u]1\pu_nod32.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\imon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pr_emon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pr_imon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\ps_emon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pu_emon.dll
C:\Program Files\ESET\Setup\[u]0[/u]2\pu_imon.dll
C:\Program Files\ESET\Setup\main.dll
C:\Program Files\ESET\Setup\mainlang.dll
C:\Program Files\ESET\Setup\setup.exe
C:\Program Files\ESET\Setup\uninst.xml
C:\Program Files\ESET\sporder.dll
C:\Program Files\ESET\unins000.dat
C:\Program Files\ESET\unins000.exe
C:\Program Files\ESET\updfiles\lastupd.ver
C:\Program Files\ESET\updfiles\nod0A35.nup
C:\Program Files\ESET\updfiles\nod103E.nup
C:\Program Files\ESET\updfiles\nod25F0.nup
C:\Program Files\ESET\updfiles\nod290C.nup
C:\Program Files\ESET\updfiles\nod29E5.nup
C:\Program Files\ESET\updfiles\nod2B25.nup
C:\Program Files\ESET\updfiles\nod3320.nup
C:\Program Files\ESET\updfiles\nod3777.nup
C:\Program Files\ESET\updfiles\nod44F2.nup
C:\Program Files\ESET\updfiles\nod44F7.nup
C:\Program Files\ESET\updfiles\nod4D81.nup
C:\Program Files\ESET\updfiles\nod5B99.nup
C:\Program Files\ESET\updfiles\nod6A59.nup
C:\Program Files\ESET\updfiles\nod7A71.nup
C:\Program Files\ESET\updfiles\nod7CA6.nup
C:\Program Files\ESET\updfiles\upd.ver
C:\Program Files\ESET\updfiles\upd0904.ver
C:\Program Files\ESET\updfiles\upd14D6.ver
C:\Program Files\ESET\updfiles\upd297F.ver
C:\Program Files\ESET\updfiles\upd346D.ver
C:\Program Files\ESET\updfiles\upd37DF.ver
C:\Program Files\ESET\updfiles\upd440C.ver
C:\Program Files\ESET\updfiles\upd4DD9.ver
C:\Program Files\ESET\updfiles\upd4FCC.ver
C:\Program Files\ESET\updfiles\upd5C87.ver
C:\Program Files\ESET\updfiles\upd68BD.ver
C:\Program Files\ESET\updfiles\upd68C2.ver
C:\Program Files\ESET\updfiles\upd6B2E.ver
C:\WINDOWS\system32\tuvUMeDv.dll
C:\WINDOWS\system32\vDeMUvut.ini
C:\WINDOWS\system32\vDeMUvut.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 22:22 . 2008-04-07 22:22 3,957,818 --a------ C:\upload_moi_PC.tar.gz
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll

2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_18.51.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-09 17:15:42 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:42 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-09 17:15:29 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:29 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 21:34:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-10 21:40:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 19:40:31
ComboFix2.txt 2008-04-09 16:52:21
Pre-Run: 32,698,007,552 octets libres
Post-Run: 32,705,687,552 octets libres

Réponse 18 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
10 avril 2008 à 22:00

on continue

sacrée infection

files::
C:\WINDOWS\system32\urqrsrr.Vdll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\urqrsrr.V03dll

registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

Réponse 19 / 47

bibiz
10 avril 2008 à 22:14

ComboFix 08-04-08.10 - BIBIZ 2008-04-10 22:07:38.5 - NTFSx86
Endroit: C:\Documents and Settings\BIBIZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BIBIZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-09 19:15 . 2008-04-09 19:15 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 19:57 . 2008-04-08 19:57 3,648 --a------ C:\WINDOWS\system32\xoefhbnc.dll
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 18:45 . 2008-04-08 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 23:53 . 2008-04-07 23:53 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\Grisoft
2008-04-07 23:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 22:22 . 2008-04-07 22:22 3,957,818 --a------ C:\upload_moi_PC.tar.gz
2008-04-07 21:28 . 2008-04-07 22:36 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 22:40 . 2008-04-06 22:40 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V03dll
2008-04-01 19:17 . 2008-04-02 21:56 1,603,801 ---hs---- C:\WINDOWS\system32\yvueupcp.ini
2008-03-30 19:03 . 2008-03-30 19:57 52,224 --------- C:\internet.exe
2008-03-30 18:18 . 2008-03-30 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 17:44 . 2008-03-30 16:33 1,583,766 ---hs---- C:\WINDOWS\system32\ynpbdttg.ini
2008-03-28 20:01 . 2008-03-30 17:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 20:01 . 2008-03-28 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V02dll
2008-03-28 00:19 . 2008-03-28 00:19 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V01dll
2008-03-28 00:18 . 2008-03-28 00:18 38,400 --a------ C:\WINDOWS\system32\urqrsrr.V00dll
2008-03-27 23:24 . 2008-03-27 23:24 38,400 --a------ C:\WINDOWS\system32\urqrsrr.Vdll
2008-03-19 22:53 . 2008-03-19 22:54 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\AVG7
2008-03-19 22:52 . 2008-03-19 22:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-19 22:50 . 2008-03-20 00:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-18 00:38 . 2008-03-19 00:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-18 00:36 . 2008-04-01 19:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-18 00:34 . 2008-03-18 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 00:32 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-18 00:32 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-18 00:32 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-18 00:32 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-18 00:32 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 23:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-17 19:48 . 2008-03-17 19:48 24 --a------ C:\WINDOWS\memo.ini
2008-03-17 16:56 . 2008-03-17 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agendis
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Program Files\RibMonTech
2008-03-17 16:38 . 2008-03-17 16:38 <REP> d-------- C:\Documents and Settings\BIBIZ\WINDOWS
2008-03-17 16:38 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-17 16:33 . 2008-03-17 16:33 <REP> d-------- C:\Documents and Settings\BIBIZ\Application Data\3M
2008-03-17 13:56 . 2008-03-17 14:40 442,598 -r-hs---- C:\WINDOWS\msn.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.

------- Sigcheck -------

2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-05-10 07:24 1140224 0a0e231628db3acf0a279ee3153762b7 C:\WINDOWS\system32\wininet.dll

2005-04-07 20:47 3198464 a4ea226247f09ed257d03fbca0af8174 C:\WINDOWS\explorer.exe
2005-04-07 20:47 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_18.51.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-09 17:15:42 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:42 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-09 08:45:49 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-09 17:15:29 4,669,440 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-09 17:15:29 458,752 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Ouso"="C:\PROGRA~1\CURITY~1\explorer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 13:14 19520]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 13:14 49216]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 10:30 524288]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"iconcache"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"CARPService"="carpserv.exe" [2003-03-19 14:00 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Agendatronic Alarm"="C:\PROGRA~1\RIBMON~1\AGENDA~1\AlarmClock\AlarmClock.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 BulkUsb;VK700 USB Driver;C:\WINDOWS\system32\Drivers\VK700_USB.sys [2005-06-08 18:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 22:11:03
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Temps d'accomplissement: 2008-04-10 22:13:19
ComboFix-quarantined-files.txt 2008-04-10 20:12:44
ComboFix2.txt 2008-04-09 16:52:21
Pre-Run: 32,630,079,488 octets libres
Post-Run: 32,621,473,792 octets libres

Réponse 20 / 47

ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
10 avril 2008 à 23:03

c'est repartis

files::
C:\WINDOWS\system32\urqrsrr.Vdll
C:\WINDOWS\system32\urqrsrr.V00dll
C:\WINDOWS\system32\urqrsrr.V01dll
C:\WINDOWS\system32\urqrsrr.V02dll
C:\WINDOWS\system32\ynpbdttg.ini
C:\WINDOWS\system32\yvueupcp.ini
C:\WINDOWS\system32\urqrsrr.V03dll

folder::
C:\Documents and Settings\BIBIZ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Historique\History.IE5\MSHist012008040820080409\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BIBIZ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BIBIZ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\upload_moi_PC.tar.gz
C:\QooBox\Quarantine\catchme2008-04-09_184426.09.zip/Documents and Settings/BIBIZ/Bureau/catchme.zip/urqQgEtQ.dll Infected: Packed.Win32.Monder.gen skipped

registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgEtQ]
urqQgEtQ.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"
"iconcache"=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ouso"="
ccleaner"=

Discussions similaires

adware.pokki

Menace détectée TrojanSMS-PA sur Google Huawei/Android

Virus détecté

Win32:Adware-gen [Adw]

y a t'il des virus qu'avast ne detecte pas

Discussions similaires

Newsletters