Sujet Précédent Sujet Suivant

Message d'erreur "C:\widows\eksplorasi.exe

Résolu/Fermé
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010 - 11 août 2008 à 23:46
 Utilisateur anonyme - 21 août 2008 à 00:11
Bonjour,
mon ordinateur bug au démarrage j'ai un message du type windows ne trouve pas le fichier C:\widows\eksplorasi.exe et un autre qui me dit explorer.exe : pas de disque (ce message apparait constamment) et je dois lancer manuellement le explorer.exe merci de bien vouloir m'aider

10 réponses

Réponse 1 / 10
Utilisateur anonyme
12 août 2008 à 00:08
Bonsoir,
c'est une crasse....

Commence par poster un rapport HijackThis stp,
>Télécharge HiJackThis : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
- Lance Hijackthis, sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie stp, par collier/coller, ton log Hijackthis sur le forum,

;)

A+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
12 août 2008 à 00:31
bonsoir

Voila le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:10, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AntivirusFiable\pgs.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\% ^ ^ % %%^%^ ^% %^%%%%%% % ^^^ % %^ ^^ .exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\% ^ ^ % %%^%^ ^% %^%%%%%% % ^^^ % %^ ^^ .exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [5c3d220f] rundll32.exe "C:\WINDOWS\system32\bhkivakb.dll",b
O4 - HKLM\..\Run: [BM5f0e1193] Rundll32.exe "C:\WINDOWS\system32\pqnaswgb.dll",s
O4 - HKLM\..\Run: [rtasks] C:\Program Files\AntivirusFiable\rtasks.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AntivirusFiable] C:\Program Files\AntivirusFiable\pgs.exe /min
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: desktop.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 2 / 10
mido
12 août 2008 à 00:13
bono_971,

Télécharge Hijackthis v2.0.2 : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Déconnectez vous d'Internet, installez le sur votre Bureau.

Lancer le et cliquez sur [Do a system scan and save a logfile].
Après le scan, le bloc-notes va s'ouvrir, affichant le rapport ...

Copiez/collez l'intégralité de ce rapport et postez le.
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
12 août 2008 à 00:33
bonsoir voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:10, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AntivirusFiable\pgs.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\% ^ ^ % %%^%^ ^% %^%%%%%% % ^^^ % %^ ^^ .exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\% ^ ^ % %%^%^ ^% %^%%%%%% % ^^^ % %^ ^^ .exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [5c3d220f] rundll32.exe "C:\WINDOWS\system32\bhkivakb.dll",b
O4 - HKLM\..\Run: [BM5f0e1193] Rundll32.exe "C:\WINDOWS\system32\pqnaswgb.dll",s
O4 - HKLM\..\Run: [rtasks] C:\Program Files\AntivirusFiable\rtasks.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AntivirusFiable] C:\Program Files\AntivirusFiable\pgs.exe /min
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: desktop.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
12 août 2008 à 00:54
bonsoir,

le lien : http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis/download n'est pas accessible peux tu m'en donner un autre stp? merci
0
Réponse 3 / 10
Utilisateur anonyme
12 août 2008 à 00:40
Bonsoir,

bon,
désolé Mido mais j'envoie la suite (si tu veux intervenir n'hésite surtout pas. Merci)

> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.


A+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
12 août 2008 à 03:58
bonsoir,
ça a été un peu long mais voila le rapport

ComboFix 08-08-10.06 - HP_Administrateur 2008-08-11 18:59:12.1 - NTFSx86
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiSpywareMaster
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiSpywareMaster\AntiSpywareMaster.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\HP_Administrateur\real.txt
C:\Documents and Settings\HP_Administrateur\ResErrors.log
C:\Program Files\CPV
C:\Program Files\Eroca
C:\Program Files\Eroca\Eroca.exe
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\Spcron\Spcron_old.dll
C:\Program Files\Svconr
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\inPV.exe
C:\Program Files\VirusGarde
C:\Program Files\VirusGarde\Config(2)\pgs.xml
C:\Program Files\VirusGarde\Dat(2)\Activate.dat
C:\Program Files\VirusGarde\Dat(2)\BkSites.dat
C:\Program Files\VirusGarde\Dat(2)\bnlink.dat
C:\Program Files\VirusGarde\Dat(2)\incmp.dat
C:\Program Files\VirusGarde\Dat(2)\index.dat
C:\Program Files\VirusGarde\Dat(2)\pv.dat
C:\Program Files\VirusGarde\Engines\AWBase\database\enemies.dat
C:\Program Files\VirusGarde\Engines\AWBase\vbpv.dat
C:\Program Files\VirusGarde\Engines\PGBase\vbpv.dat
C:\Program Files\VirusGarde\Engines\plugins\vbpv.dat
C:\Program Files\VirusGarde\Graphics\cross.gif
C:\Program Files\VirusGarde\Graphics\ga6p.gif
C:\Program Files\VirusGarde\Graphics\kb.url
C:\Program Files\VirusGarde\Graphics\Online.url
C:\Program Files\VirusGarde\Graphics\rm.url
C:\Program Files\VirusGarde\Graphics\Support.url
C:\Program Files\VirusGarde\LA(2)\lapv.dat
C:\Program Files\VirusGarde\LA(2)\License.rtf
C:\Program Files\VirusGarde\unins000.dat
C:\Program Files\VirusGarde\Up\ASupdater.dat
C:\Program Files\VirusGarde\Up\PGupdater.dat
C:\Program Files\VirusGarde\Up\UBupdater.dat
C:\Program Files\VirusGarde\Up\up.dat
C:\Program Files\VirusGarde\Up\updater.dat
C:\v.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\b999.exe
C:\WINDOWS\BM5f0e1193.txt
C:\WINDOWS\BM5f0e1193.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\dat.txt
C:\WINDOWS\explorer.exe.tmp
C:\WINDOWS\mrofinu1423.exe.tmp
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\% ^ ^ % %%^%^ ^% %^%%%%%% % ^^^ % %^ ^^ .exe
C:\WINDOWS\system32\acjuglwc.dll
C:\WINDOWS\system32\afmcwyst.ini
C:\WINDOWS\system32\afvtoxti.dll
C:\WINDOWS\system32\afykjiqe.dll
C:\WINDOWS\system32\amesjkpt.dll
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\aqkgewqd.dll
C:\WINDOWS\system32\augapjxo.dll
C:\WINDOWS\system32\avwfkyfw.dll
C:\WINDOWS\system32\awsltssj.dll
C:\WINDOWS\system32\awtrqqol.dll
C:\WINDOWS\system32\bdykbtmh.dll
C:\WINDOWS\system32\bhkivakb.dll
C:\WINDOWS\system32\bjskgmwk.ini
C:\WINDOWS\system32\bkavikhb.ini
C:\WINDOWS\system32\bmjwldwk.dll
C:\WINDOWS\system32\brkdvout.dll
C:\WINDOWS\system32\btkapnrf.dll
C:\WINDOWS\system32\butgmhfx.exe
C:\WINDOWS\system32\bvfofioq.dll
C:\WINDOWS\system32\bwryshcg.dll
C:\WINDOWS\system32\ccryqvyj.ini
C:\WINDOWS\system32\cdkggjmx.ini
C:\WINDOWS\system32\ceqntxxf.dll
C:\WINDOWS\system32\cjeqtpdu.dll
C:\WINDOWS\system32\cmlbmoet.exe
C:\WINDOWS\system32\ctshjant.dll
C:\WINDOWS\system32\cwlgujca.ini
C:\WINDOWS\system32\cyualelu.exe
C:\WINDOWS\system32\dbvfiemx.dll
C:\WINDOWS\system32\dgcpibei.dll
C:\WINDOWS\system32\dgsqkhcx.dll
C:\WINDOWS\system32\djvxmfrn.dll
C:\WINDOWS\system32\dmdmbeyb.dll
C:\WINDOWS\system32\dpjovmwv.dll
C:\WINDOWS\system32\drivers\fmtr.sys
C:\WINDOWS\system32\dsvkcbbm.ini
C:\WINDOWS\system32\dvjftimm.dll
C:\WINDOWS\system32\dyhafrmw.dll
C:\WINDOWS\system32\enqfkvkh.dll
C:\WINDOWS\system32\fchpdltm.dll
C:\WINDOWS\system32\fhgsoyll.exe
C:\WINDOWS\system32\fibihyup.dll
C:\WINDOWS\system32\fkidrahg.dll
C:\WINDOWS\system32\ftoiykra.dll
C:\WINDOWS\system32\fwjwwcni.ini
C:\WINDOWS\system32\fxxtnqec.ini
C:\WINDOWS\system32\gaynyowk.ini
C:\WINDOWS\system32\gcebuc.dll
C:\WINDOWS\system32\gdlojslk.dll
C:\WINDOWS\system32\gdrxyycl.dll
C:\WINDOWS\system32\gdvltnsp.ini
C:\WINDOWS\system32\gedxmlgm.dll
C:\WINDOWS\system32\gkmuktfu.dll
C:\WINDOWS\system32\goagdxry.dll
C:\WINDOWS\system32\gobmpsrl.dll
C:\WINDOWS\system32\gvifcovn.dll
C:\WINDOWS\system32\hddiqmua.exe
C:\WINDOWS\system32\hegmdedw.ini
C:\WINDOWS\system32\herftn.dll
C:\WINDOWS\system32\hfennvmy.dll
C:\WINDOWS\system32\hfxhevpr.ini
C:\WINDOWS\system32\hmtbkydb.ini
C:\WINDOWS\system32\hndpecdj.ini
C:\WINDOWS\system32\hrxwuwgr.dll
C:\WINDOWS\system32\huhrrtdp.ini
C:\WINDOWS\system32\ichotiiw.exe
C:\WINDOWS\system32\ihxcds.dll
C:\WINDOWS\system32\incwwjwf.dll
C:\WINDOWS\system32\inqtfckc.dll
C:\WINDOWS\system32\iqcqwthr.dll
C:\WINDOWS\system32\ivsksdex.ini
C:\WINDOWS\system32\iwpptnbo.dll
C:\WINDOWS\system32\iypbqwco.exe
C:\WINDOWS\system32\iyryteid.exe
C:\WINDOWS\system32\jbukawst.dll
C:\WINDOWS\system32\jckstqru.dll
C:\WINDOWS\system32\jdcepdnh.dll
C:\WINDOWS\system32\jdishe.dll
C:\WINDOWS\system32\jercccvs.dll
C:\WINDOWS\system32\jjkoyaho.dll
C:\WINDOWS\system32\jmcwobfy.dll
C:\WINDOWS\system32\jpmugrbm.dll
C:\WINDOWS\system32\jsstlswa.ini
C:\WINDOWS\system32\juwfwxtu.exe
C:\WINDOWS\system32\jyvqyrcc.dll
C:\WINDOWS\system32\kgxxtudh.dll
C:\WINDOWS\system32\kqcaxeve.dll
C:\WINDOWS\system32\kqojdbgq.ini
C:\WINDOWS\system32\kvoyxqnl.dll
C:\WINDOWS\system32\kwmgksjb.dll
C:\WINDOWS\system32\lbkotawm.dll
C:\WINDOWS\system32\lcnqedyl.dll
C:\WINDOWS\system32\lcyyxrdg.ini
C:\WINDOWS\system32\lfyfrufx.dll
C:\WINDOWS\system32\loqqrtwa.ini
C:\WINDOWS\system32\loqqrtwa.ini2
C:\WINDOWS\system32\lqzgpg.dll
C:\WINDOWS\system32\ltebhqfx.dll
C:\WINDOWS\system32\mbbckvsd.dll
C:\WINDOWS\system32\mbrgumpj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mglmxdeg.ini
C:\WINDOWS\system32\mocetv.dll
C:\WINDOWS\system32\mqrxbffy.dll
C:\WINDOWS\system32\mubetaus.dll
C:\WINDOWS\system32\nfltvbdu.dll
C:\WINDOWS\system32\ngyxdfrr.dll
C:\WINDOWS\system32\nlndhpsv.dll
C:\WINDOWS\system32\nlnmvbyk.dll
C:\WINDOWS\system32\nrfmxvjd.ini
C:\WINDOWS\system32\nxkjkslx.dll
C:\WINDOWS\system32\oavjchfv.dll
C:\WINDOWS\system32\oawvtasa.dll
C:\WINDOWS\system32\obntppwi.ini
C:\WINDOWS\system32\obnxvxcp.dll
C:\WINDOWS\system32\ohayokjj.ini
C:\WINDOWS\system32\olkxha.dll
C:\WINDOWS\system32\omytnhor.dll
C:\WINDOWS\system32\ooukuvtk.dll
C:\WINDOWS\system32\orgpsmyj.dll
C:\WINDOWS\system32\osecnndt.dll
C:\WINDOWS\system32\oupyswmq.ini
C:\WINDOWS\system32\ovhvvo.dll
C:\WINDOWS\system32\oxjpagua.ini
C:\WINDOWS\system32\pcxvxnbo.ini
C:\WINDOWS\system32\pdceseyr.dll
C:\WINDOWS\system32\pdtrrhuh.dll
C:\WINDOWS\system32\pgqjlehs.exe
C:\WINDOWS\system32\pqnaswgb.dll
C:\WINDOWS\system32\prrabsji.exe
C:\WINDOWS\system32\psmckeca.dll
C:\WINDOWS\system32\psntlvdg.dll
C:\WINDOWS\system32\puyhibif.ini
C:\WINDOWS\system32\qbmuwlhv.dll
C:\WINDOWS\system32\qgbdjoqk.dll
C:\WINDOWS\system32\qihcrafe.exe
C:\WINDOWS\system32\qjrqpcwk.dll
C:\WINDOWS\system32\qmtmkfrr.exe
C:\WINDOWS\system32\qmwsypuo.dll
C:\WINDOWS\system32\qngbvvok.exe
C:\WINDOWS\system32\qoifofvb.ini
C:\WINDOWS\system32\qsudnhcs.dll
C:\WINDOWS\system32\qtlypgsr.exe
C:\WINDOWS\system32\qtsekqhd.exe
C:\WINDOWS\system32\qwexcjab.dll
C:\WINDOWS\system32\real.txt
C:\WINDOWS\system32\rfpintks.dll
C:\WINDOWS\system32\rgwuwxrh.ini
C:\WINDOWS\system32\rmrvcmcr.exe
C:\WINDOWS\system32\rplhka.dll
C:\WINDOWS\system32\rpvehxfh.dll
C:\WINDOWS\system32\rrfpnkxk.dll
C:\WINDOWS\system32\rsnfbgkw.exe
C:\WINDOWS\system32\rtbydice.dll
C:\WINDOWS\system32\scdjao.dll
C:\WINDOWS\system32\sceaowpp.dll
C:\WINDOWS\system32\seqenscv.ini
C:\WINDOWS\system32\sloinlbi.dll
C:\WINDOWS\system32\snpqsmuj.dll
C:\WINDOWS\system32\spqcqtqh.dll
C:\WINDOWS\system32\ssgwweqt.dll
C:\WINDOWS\system32\suatebum.ini
C:\WINDOWS\system32\tcjmjtyb.dll
C:\WINDOWS\system32\tdnnceso.ini
C:\WINDOWS\system32\thlneuob.dll
C:\WINDOWS\system32\tmfbdiud.dll
C:\WINDOWS\system32\tnajhstc.ini
C:\WINDOWS\system32\tngqiyqh.exe
C:\WINDOWS\system32\tphewjph.dll
C:\WINDOWS\system32\tqewwgss.ini
C:\WINDOWS\system32\tswakubj.ini
C:\WINDOWS\system32\tsywcmfa.dll
C:\WINDOWS\system32\tuovdkrb.ini
C:\WINDOWS\system32\tuqxpene.dll
C:\WINDOWS\system32\tuvujlcd.dll
C:\WINDOWS\system32\uftkumkg.ini
C:\WINDOWS\system32\uiuhbckw.dll
C:\WINDOWS\system32\ujekjhgo.exe
C:\WINDOWS\system32\ukpthxiy.dll
C:\WINDOWS\system32\upiqytuj.dll
C:\WINDOWS\system32\uriftdrv.dll
C:\WINDOWS\system32\vcsneqes.dll
C:\WINDOWS\system32\vhhpyrkp.dll
C:\WINDOWS\system32\vhlwumbq.ini
C:\WINDOWS\system32\vmdrpxps.exe
C:\WINDOWS\system32\vqsgpviq.dll
C:\WINDOWS\system32\vrdtfiru.ini
C:\WINDOWS\system32\vrfifqnt.dll
C:\WINDOWS\system32\vrtooooh.dll
C:\WINDOWS\system32\vsbwybdq.dll
C:\WINDOWS\system32\vsqabhyu.exe
C:\WINDOWS\system32\vtblwebb.dll
C:\WINDOWS\system32\vvhrty.dll
C:\WINDOWS\system32\vwmvojpd.ini
C:\WINDOWS\system32\wbtdysjh.dll
C:\WINDOWS\system32\wdedmgeh.dll
C:\WINDOWS\system32\wdsukfir.dll
C:\WINDOWS\system32\whelaekr.dll
C:\WINDOWS\system32\winspool.dll
C:\WINDOWS\system32\wmbpdvoa.dll
C:\WINDOWS\system32\wqjouwtx.dll
C:\WINDOWS\system32\xckvwerd.dll
C:\WINDOWS\system32\xdbpxslt.dll
C:\WINDOWS\system32\xedsksvi.dll
C:\WINDOWS\system32\xeogbyns.dll
C:\WINDOWS\system32\xfqhbetl.ini
C:\WINDOWS\system32\xmeifvbd.ini
C:\WINDOWS\system32\xmjggkdc.dll
C:\WINDOWS\system32\xoehetdy.exe
C:\WINDOWS\system32\xrjmriwa.dll
C:\WINDOWS\system32\xuyllvsa.dll
C:\WINDOWS\system32\xvovueih.dll
C:\WINDOWS\system32\xwhdwnxi.dll
C:\WINDOWS\system32\yayxwtqo.dll
C:\WINDOWS\system32\yepfxtbx.dll
C:\WINDOWS\system32\yffbxrqm.ini
C:\WINDOWS\system32\ygxgywcs.exe
C:\WINDOWS\system32\yieufcnn.dll
C:\WINDOWS\system32\yixhtpku.ini
C:\WINDOWS\system32\ymvnnefh.ini
C:\WINDOWS\system32\yvwhwnec.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FMTR
-------\Service_fmtr


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))))))))
.

2008-08-11 17:43 . 2008-08-11 17:43 <REP> d-------- C:\Program Files\Trend Micro
2008-08-11 07:29 . 2008-08-11 07:29 2,112 --a------ C:\WINDOWS\system32\hsnfmrhh.exe
2008-08-10 07:33 . 2008-08-10 07:33 2,112 --a------ C:\WINDOWS\system32\mndaonuh.exe
2008-08-09 06:46 . 2008-08-09 06:46 2,112 --a------ C:\WINDOWS\system32\ufcinkpv.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 22:32 --------- d-----w C:\Program Files\AntivirusFiable
2008-08-10 09:48 --------- d-----w C:\Program Files\Yahoo!
2008-06-21 08:01 --------- d-----w C:\Program Files\Beach Soccer
2008-06-06 11:31 39,579 ----a-w C:\Documents and Settings\HP_Administrateur\vfcfjl.exe
2008-06-01 00:02 108,309 --sh--r C:\invwft2h.com
2008-05-23 11:27 107,568 --sh--r C:\tfk8.exe
2008-05-15 11:21 104,923 --sh--r C:\v.bat
2008-02-05 18:41 1,038 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\filterclsid.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A7F202E-AF91-4889-9DD5-2FE241085CC1}]
2007-08-08 19:46 139264 --a------ C:\Program Files\AntivirusFiable\Tools\pg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 10:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:07 1289000]
"AntivirusFiable"="C:\Program Files\AntivirusFiable\pgs.exe" [2007-10-12 00:26 1892352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 16:08 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 15:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 17:34 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 22:59 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 06:47 7573504]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 06:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 19:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 19:34 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 23:23 663552]
"ftutil2"="ftutil2.dll" [2004-06-07 11:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 02:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-04-28 06:47 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Documents and Settings\\HP_Administrateur\\Bureau\\My Mobile\\MyMobiler\\MyMobiler.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 10:00]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 21:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 21:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 21:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638a694a-2f6e-11dd-8e18-0018f3627d94}]
\Shell\AutoRun\command - D:\invwft2h.com
\Shell\explore\Command - D:\invwft2h.com
\Shell\open\Command - D:\invwft2h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eec3c0-3974-11dd-8e35-0018f3627d94}]
\Shell\AutoRun\command - D:\pa39xth.cmd
\Shell\explore\Command - D:\pa39xth.cmd
\Shell\open\Command - D:\pa39xth.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8734025b-a2bc-11dc-8cbc-0018f3627d94}]
\Shell\AutoRun\command - D:\pa39xth.cmd
\Shell\explore\Command - D:\pa39xth.cmd
\Shell\open\Command - D:\pa39xth.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89e36328-a8a8-11dc-8cca-0018f3627d94}]
\Shell\AutoRun\command - D:\v.bat
\Shell\explore\Command - D:\v.bat
\Shell\open\Command - D:\v.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad94bd46-48f6-11dd-8e61-0018f3627d94}]
\Shell\AutoRun\command - D:\pa39xth.cmd
\Shell\explore\Command - D:\pa39xth.cmd
\Shell\open\Command - D:\pa39xth.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c69fbb8f-0405-11dd-8dab-0018f3627d94}]
\Shell\AutoRun\command - K:\pa39xth.cmd
\Shell\explore\Command - K:\pa39xth.cmd
\Shell\open\Command - K:\pa39xth.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c83cbd81-e2c9-11dc-8d6e-0018f3627d94}]
\Shell\AutoRun\command - K:\v.exe
\Shell\explore\Command - K:\v.exe
\Shell\open\Command - K:\v.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-5c3d220f - C:\WINDOWS\system32\bhkivakb.dll
HKLM-Run-BM5f0e1193 - C:\WINDOWS\system32\pqnaswgb.dll
HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\yznjwzpl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 21:34:52
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-11 21:38:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-11 22:38:15

Pre-Run: 93,292,908,544 octets libres
Post-Run: 93,063,192,576 octets libres

440
0
Réponse 4 / 10
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
12 août 2008 à 12:19
bonjour,
je suis tjrs en galère avec mon ordi
ki peut me donner un coup de main?
merci
0
Utilisateur anonyme
12 août 2008 à 12:25
Salut,
je suis là.
Je te prépare la suite.
Je reviens dans une ou deux dizaines de minutes.

A+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010 > Utilisateur anonyme
12 août 2008 à 12:32
merci
je suis là j'attend ton coup de main
A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Utilisateur anonyme
12 août 2008 à 12:47
ok,
Tu es bien infecté....

Alors,
> Avec Combofix :
- Ferme tout tes navigateurs (donc copie ou imprime les instructions suivantes avant)
- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes : 

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638a694a-2f6e-11dd-8e18-0018f3627d94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eec3c0-3974-11dd-8e35-0018f3627d94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8734025b-a2bc-11dc-8cbc-0018f3627d94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89e36328-a8a8-11dc-8cca-0018f3627d94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad94bd46-48f6-11dd-8e61-0018f3627d94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c69fbb8f-0405-11dd-8dab-0018f3627d94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c83cbd81-e2c9-11dc-8d6e-0018f3627d94}]

File::
C:\WINDOWS\system32\hsnfmrhh.exe
C:\WINDOWS\system32\mndaonuh.exe
C:\WINDOWS\system32\ufcinkpv.exe 
C:\Documents and Settings\HP_Administrateur\vfcfjl.exe
C:\invwft2h.com
C:\tfk8.exe
C:\v.bat 
K:\v.exe 
K:\pa39xth.cmd
D:\pa39xth.cmd
D:\v.bat

- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image.
(Explications du glisser/coller : Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).
- Combofix va démarrer puis une fenêtre bleue va apparaître. Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1 puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.
PS : Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt





Ensuite,
>Ouvre ce lien http://siri.urz.free.fr/Fix/SmitfraudFix.php et télécharge SmitfraudFix (de S!RI).
- Regarde le tuto
- Exécute le programme et choisi l’option 1 (et uniquement).
Le programme va générer un rapport, copie/colle le sur le forum.





Après,
> Télécharge RavAntivirus d'Evosla sur ton bureau : http://ww25.evosla.com/compteur.php?soft=rav_antivirus
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir avant de lancer ce FIX
- Clique droit sur le fichier .ZIP, puis "Extraire vers" Bureau.
- Doucle-clique sur "RAV.exe" pour lancer le fix.
- Laisse le programme agir : il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
- En cas d'infections un rapport sera généré : poste le dans ta prochaine réponse stp.
- Ensuite : retire tes disques amovibles et redémarre le PC.



Poste pour finir un nouveau rapport HiJackT stp.

Puis on continue (il reste 2 voir 3 étapes au pire)



A+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
12 août 2008 à 13:58
salut
je t'envoie le rapport et je continue de suivre le reste de tes instructions en attendant la suite

ComboFix 08-08-10.06 - HP_Administrateur 2008-08-12 10:49:41.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.480 [GMT -1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Documents and Settings\HP_Administrateur\vfcfjl.exe
C:\invwft2h.com
C:\tfk8.exe
C:\v.bat
C:\WINDOWS\system32\hsnfmrhh.exe
C:\WINDOWS\system32\mndaonuh.exe
C:\WINDOWS\system32\ufcinkpv.exe
D:\pa39xth.cmd
D:\v.bat
K:\pa39xth.cmd
K:\v.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrateur\ResErrors.log
C:\Documents and Settings\HP_Administrateur\vfcfjl.exe
C:\invwft2h.com
C:\tfk8.exe
C:\v.bat
C:\WINDOWS\system32\hsnfmrhh.exe
C:\WINDOWS\system32\mndaonuh.exe
C:\WINDOWS\system32\ufcinkpv.exe
H:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))))))))
.

2008-08-11 17:43 . 2008-08-11 17:43 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 22:32 --------- d-----w C:\Program Files\AntivirusFiable
2008-08-10 09:48 --------- d-----w C:\Program Files\Yahoo!
2008-06-21 08:01 --------- d-----w C:\Program Files\Beach Soccer
2008-02-05 18:41 1,038 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\filterclsid.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A7F202E-AF91-4889-9DD5-2FE241085CC1}]
2007-08-08 19:46 139264 --a------ C:\Program Files\AntivirusFiable\Tools\pg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 10:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:07 1289000]
"AntivirusFiable"="C:\Program Files\AntivirusFiable\pgs.exe" [2007-10-12 00:26 1892352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 16:08 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 15:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 17:34 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 22:59 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 06:47 7573504]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 06:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 19:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 19:34 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 23:23 663552]
"ftutil2"="ftutil2.dll" [2004-06-07 11:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 02:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-04-28 06:47 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Documents and Settings\\HP_Administrateur\\Bureau\\My Mobile\\MyMobiler\\MyMobiler.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 10:00]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 21:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 21:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 21:59]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 10:52:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-12 10:55:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-12 11:55:22
ComboFix2.txt 2008-08-11 22:38:18

Pre-Run: 93,042,286,592 octets libres
Post-Run: 93,026,287,616 octets libres

131
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
12 août 2008 à 14:06
voila la suite de tes instructions le rapport est le suivant :

SmitFraudFix v2.335

Rapport fait à 11:02:30,93, 12/08/2008
Executé à partir de C:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AntivirusFiable\pgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBFD3344-EF7B-43C1-9250-F1B60165240B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBFD3344-EF7B-43C1-9250-F1B60165240B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FBFD3344-EF7B-43C1-9250-F1B60165240B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 6 / 10
Utilisateur anonyme
12 août 2008 à 14:59
Re,
très bien quand tu auras le rapport Ravantivirus puis le nouvel HiJackT on continue....

Au fait, comment va le PC ?


A+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
12 août 2008 à 15:16
merci le PC va bcp mieux il est nettement plus rapide
je continue je te tiens au courant
0
Utilisateur anonyme > bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
12 août 2008 à 15:18
OK,
tant mieux.
Par contre il faut suivre la désinfection jusqu'au bout sinon tout risque de revenir....


A+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010 > Utilisateur anonyme
12 août 2008 à 15:21
Ok
Voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:48, on 12/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AntivirusFiable\pgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\AntivirusFiable\Tools\pg.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AntivirusFiable] C:\Program Files\AntivirusFiable\pgs.exe /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: desktop.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010 > Utilisateur anonyme
12 août 2008 à 15:23
Par contre le rapport Ravantivirus je ne sais pas ou il se trouve
0
Réponse 7 / 10
Utilisateur anonyme
12 août 2008 à 19:13
Ok,

Alors,
je pensais que smitfraudfix s'en chargerait mais pas du tout, alors :
> Avec Combofix :
- Ferme tout tes navigateurs (donc copie ou imprime les instructions suivantes avant)
- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes : 

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A7F202E-AF91-4889-9DD5-2FE241085CC1}] 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"AntivirusFiable"=-

Folder::
C:\Program Files\AntivirusFiable

- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image.
(Explications du glisser/coller : Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).
- Combofix va démarrer puis une fenêtre bleue va apparaître. Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1 puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.
PS : Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt




Maintenant il te faut un vrai antivirus car AntivirusFiable était un rogue : https://forum.malekal.com/viewtopic.php?f=56&t=6213

Alors,
> Essaye d'installer Antivir : : ouvre ce lien, lis le tuto, télécharge Antivir et installe le
- Tu peux aussi télécharger Antivir ICI.
- Lance Antivir, fais les mises à jours, branche tous ton matériel de stockage sur le PC, puis lance un scan (si des virus sont découverts, mets les en quarantaine. Si tu ne peux pas alors supprime les).
- A la fin du scan clique sur 'report', enregistre ce rapport sur le bureau (fichier => enregistrer sous), puis fait un copier/coller de ce rapport dans ton prochain message.

> Relance ton PC




On continue ensuite le nettoyage avec :
> Les logiciels suivants (MalwareByte's Anti-Malware et Ccleaner) te seront utiles par la suite - ils sont à conserver...

> Télécharge MalwareByte's Anti-Malware :
- Installe le programme puis lance le stp.
NB : S'il te manque COMCTL32.OCX alors télécharge le ici
- Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour") puis ferme le programme.
NB : Si tu as besoin : Tuto

> Télécharge et installe Ccleaner :
- Fais les mises à jour puis ferme le programme.
Si besoin est tu trouveras des Tutoriaux : ici, ici et là.

> Télécharge Clean (de Malekal Morte) (différent de Ccleaner)


> Commence par faire un copier/coller de ce poste (cette manip.): (conseillé)
Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"),
puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte.
Sauvegarde le sur le bureau, tu pourras alors y avoir accès même déconnecté ou en mode sans échec.

> Démarre en mode sans échec sans passer par MSconfig: (image). Si problème : tuto ici

> Lance MalwareByte's Anti-Malware,
- Clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente...
- A la fin du scanne, clique sur "supprimer" (Si des éléments sont difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors)
- après suppression des infections : un rapport va être généré : sauvegarde le et poste le sur forum.

> Lance Ccleaner,
- Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé).
- Dans l'onglet "Nettoyeur" clique sur "Analyse".
- Une fois l'analyse terminée, clique sur "Lancer le Nettoyage".
- Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer.
N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau'
Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois).

> Pour Clean (encore en mode sans échec) :
- Double-clic sur clean.cmd
- Une fenêtre va apparaître, choisis l'option 2, suis les consignes et poste le rapport clean (Le rapport clean se trouve ici : C:\rapport_clean.txt)
NB : Si besoin : Tuto


> Relance ton PC en mode normal

> Relance Hijackthis :
Puis sélectionne < do a system scan and save a logfile >,
Et envoie moi, par collier/coller, ton log Hijackthis,




Bon courage,
Il restera une étape et on aura fini.
PS : poste bien tous les rapports stp.




A+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
13 août 2008 à 05:51
Bonsoir

Désolé je viens de rentrer j'ai commencé à suivre tes instructions voilà le 1er rapport :

ComboFix 08-08-12.01 - HP_Administrateur 2008-08-13 2:41:05.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.497 [GMT -1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrateur\ResErrors.log
C:\Program Files\AntivirusFiable
C:\Program Files\AntivirusFiable\Activate.exe
C:\Program Files\AntivirusFiable\Addons\aviebho.dll
C:\Program Files\AntivirusFiable\Addons\popupg.dll
C:\Program Files\AntivirusFiable\atf.exe
C:\Program Files\AntivirusFiable\avisup.exe
C:\Program Files\AntivirusFiable\Base\AWBase\database\enemies.dat
C:\Program Files\AntivirusFiable\Base\AWBase\vbpv.dat
C:\Program Files\AntivirusFiable\Base\PGBase\vbpv.dat
C:\Program Files\AntivirusFiable\Base\plugins\BORLNDMM.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANADWR.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANBCDR.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANDLDR.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANDOS1.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANEMUL.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANFUNC.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANKRNL.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANMCR1.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANOTHR.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANSCR.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANTOOL.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANTROJ.DLL
C:\Program Files\AntivirusFiable\Base\plugins\SCANWIN1.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UNACPU.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UNADBX.DLL
C:\Program Files\AntivirusFiable\Base\plugins\unamscan.dll
C:\Program Files\AntivirusFiable\Base\plugins\UNMIME.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UNPACK.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UNPACKS.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UNPACKS2.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UNPEPACK.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UpDate\UA27601.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UpDate\UA27602.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UpDate\UA27603.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UpDate\UA27604.DLL
C:\Program Files\AntivirusFiable\Base\plugins\UpDate\UADAILY.DLL
C:\Program Files\AntivirusFiable\Base\plugins\vbpv.dat
C:\Program Files\AntivirusFiable\Config\Activate.xml
C:\Program Files\AntivirusFiable\Config\pgs.xml
C:\Program Files\AntivirusFiable\Config\UnWiz.xml
C:\Program Files\AntivirusFiable\Dat\Activate.dat
C:\Program Files\AntivirusFiable\Dat\BkSites.dat
C:\Program Files\AntivirusFiable\Dat\HI.exe
C:\Program Files\AntivirusFiable\Dat\incmp.dat
C:\Program Files\AntivirusFiable\Dat\index.dat
C:\Program Files\AntivirusFiable\Dat\PGUpLst.dat
C:\Program Files\AntivirusFiable\Dat\ps.dat
C:\Program Files\AntivirusFiable\Dat\pv.dat
C:\Program Files\AntivirusFiable\Dat\sr.log
C:\Program Files\AntivirusFiable\Engines\AWBase\database\enemies.dat
C:\Program Files\AntivirusFiable\Engines\AWBase\vbpv.dat
C:\Program Files\AntivirusFiable\Engines\PGBase\vbpv.dat
C:\Program Files\AntivirusFiable\Engines\plugins\BORLNDMM.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANADWR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANBCDR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANDLDR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANDOS1.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANEMUL.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANFUNC.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANKRNL.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANMCR1.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANOTHR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANSCR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANTOOL.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANTROJ.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANWIN1.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UNACPU.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UNADBX.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\unamscan.dll
C:\Program Files\AntivirusFiable\Engines\plugins\UNMIME.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UNPACK.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UNPACKS.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UNPACKS2.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UNPEPACK.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UpDate\UA27601.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UpDate\UA27602.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UpDate\UA27603.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UpDate\UA27604.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\UpDate\UADAILY.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\vbpv.dat
C:\Program Files\AntivirusFiable\errors.log
C:\Program Files\AntivirusFiable\FMTR.sys
C:\Program Files\AntivirusFiable\fopf.sys
C:\Program Files\AntivirusFiable\fopnl.dll
C:\Program Files\AntivirusFiable\FWSettings.bin
C:\Program Files\AntivirusFiable\Graphics\cross.gif
C:\Program Files\AntivirusFiable\Graphics\ga6p.gif
C:\Program Files\AntivirusFiable\Graphics\kb.url
C:\Program Files\AntivirusFiable\Graphics\main.ico
C:\Program Files\AntivirusFiable\Graphics\mini.ico
C:\Program Files\AntivirusFiable\Graphics\Online.url
C:\Program Files\AntivirusFiable\Graphics\support.ico
C:\Program Files\AntivirusFiable\Graphics\Support.url
C:\Program Files\AntivirusFiable\Graphics\uninstall.ico
C:\Program Files\AntivirusFiable\history.db
C:\Program Files\AntivirusFiable\La\lapv.dat
C:\Program Files\AntivirusFiable\La\License.rtf
C:\Program Files\AntivirusFiable\La\Readme.rtf
C:\Program Files\AntivirusFiable\manual.pdf
C:\Program Files\AntivirusFiable\pgs.dmp
C:\Program Files\AntivirusFiable\pgs.exe
C:\Program Files\AntivirusFiable\res\cross.gif
C:\Program Files\AntivirusFiable\res\ga6p.gif
C:\Program Files\AntivirusFiable\res\kb.url
C:\Program Files\AntivirusFiable\res\main.ico
C:\Program Files\AntivirusFiable\res\mini.ico
C:\Program Files\AntivirusFiable\res\Online.url
C:\Program Files\AntivirusFiable\res\support.ico
C:\Program Files\AntivirusFiable\res\Support.url
C:\Program Files\AntivirusFiable\res\uninstall.ico
C:\Program Files\AntivirusFiable\ResErrors.log
C:\Program Files\AntivirusFiable\Restart.exe
C:\Program Files\AntivirusFiable\rpt.dll
C:\Program Files\AntivirusFiable\RTasks.exe
C:\Program Files\AntivirusFiable\scnkrnl.dll
C:\Program Files\AntivirusFiable\settings.ini
C:\Program Files\AntivirusFiable\sqlite3.dll
C:\Program Files\AntivirusFiable\sr.log
C:\Program Files\AntivirusFiable\Tools\aviebho.dll
C:\Program Files\AntivirusFiable\Tools\pg.dll
C:\Program Files\AntivirusFiable\unins000.dat
C:\Program Files\AntivirusFiable\unins000.exe
C:\Program Files\AntivirusFiable\unins001.dat
C:\Program Files\AntivirusFiable\unins001.exe
C:\Program Files\AntivirusFiable\unwizard.exe
C:\Program Files\AntivirusFiable\Up\ASupdater.dat
C:\Program Files\AntivirusFiable\Up\diagnosis.dat
C:\Program Files\AntivirusFiable\Up\Download\mjkrzyoa\enemies2710_bid99_md536212b772ab49ce17bbeb4b74c80e57b.exe
C:\Program Files\AntivirusFiable\Up\Download\pvgsiyfs\enemies2260.exe
C:\Program Files\AntivirusFiable\Up\Download\scnlxbvo\enemies2630.exe
C:\Program Files\AntivirusFiable\Up\Download\vvzjnzrp\vbpv.dat
C:\Program Files\AntivirusFiable\Up\errors.log
C:\Program Files\AntivirusFiable\Up\gup.exe
C:\Program Files\AntivirusFiable\Up\PGupdater.dat
C:\Program Files\AntivirusFiable\Up\UBupdater.dat
C:\Program Files\AntivirusFiable\Up\up.dat
C:\Program Files\AntivirusFiable\Up\UpdateData\upd0705122007.dat
C:\Program Files\AntivirusFiable\Up\UpdateData\upd0924062008.dat
C:\Program Files\AntivirusFiable\Up\UpdateData\upd0928042008.dat
C:\Program Files\AntivirusFiable\Up\UpdateData\upd1331012008.dat
C:\Program Files\AntivirusFiable\Up\UpdateData\upd1526052008.dat
C:\Program Files\AntivirusFiable\Up\UpdateData\upd1728032008.dat
C:\Program Files\AntivirusFiable\Up\UpdateData\upd1823022008.dat
C:\Program Files\AntivirusFiable\Up\UpdateData\upd2105012008.dat
C:\Program Files\AntivirusFiable\Up\updater.dat
C:\Program Files\AntivirusFiable\Update\ASupdater.dat
C:\Program Files\AntivirusFiable\Update\aviupd.exe
C:\Program Files\AntivirusFiable\Update\diagnosis.dat
C:\Program Files\AntivirusFiable\Update\Download\ngbkbpxw\enemies2110.exe
C:\Program Files\AntivirusFiable\Update\Download\ngbkbpxw\update.script
C:\Program Files\AntivirusFiable\Update\Download\ngbkbpxw\vbpv.dat
C:\Program Files\AntivirusFiable\Update\Download\ykmbdhep\enemies2110.exe
C:\Program Files\AntivirusFiable\Update\Download\ykmbdhep\update.script
C:\Program Files\AntivirusFiable\Update\Download\ykmbdhep\vbpv.dat
C:\Program Files\AntivirusFiable\Update\PGupdater.dat
C:\Program Files\AntivirusFiable\Update\UBupdater.dat
C:\Program Files\AntivirusFiable\Update\up.dat
C:\Program Files\AntivirusFiable\Update\UpdateData\upd1010102007.dat
C:\Program Files\AntivirusFiable\Update\UpdateData\upd1110112007.dat
C:\Program Files\AntivirusFiable\Update\UpdateData\upd2304092007.dat
C:\Program Files\AntivirusFiable\Update\updater.dat

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))))))))
.

2008-08-12 12:11 . 2008-08-12 12:11 173 --a------ C:\curr_ver.tmp
2008-08-12 11:02 . 2008-08-12 11:02 2,170 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-12 11:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-12 11:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-12 11:01 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-12 11:01 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-12 11:01 . 2008-08-11 18:07 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-12 11:01 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-12 11:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-12 11:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-12 11:01 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-12 10:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-12 10:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-12 10:53 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-11 17:43 . 2008-08-11 17:43 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 09:48 --------- d-----w C:\Program Files\Yahoo!
2008-06-21 08:01 --------- d-----w C:\Program Files\Beach Soccer
2008-02-05 18:41 1,038 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\filterclsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-11_21.37.59.50 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 10:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:07 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 16:08 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 15:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 17:34 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 22:59 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 06:47 7573504]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 06:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 19:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 19:34 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 23:23 663552]
"ftutil2"="ftutil2.dll" [2004-06-07 11:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 02:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-04-28 06:47 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Documents and Settings\\HP_Administrateur\\Bureau\\My Mobile\\MyMobiler\\MyMobiler.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 10:00]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 21:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 21:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 21:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9df780f7-4431-11dd-8e5b-0018f3627d94}]
\Shell\AutoRun\command - K:\pa39xth.cmd
\Shell\explore\Command - K:\pa39xth.cmd
\Shell\open\Command - K:\pa39xth.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5fdde50-671f-11dd-8e6d-0018f3627d94}]
\Shell\AutoRun\command - D:\pa39xth.cmd
\Shell\explore\Command - D:\pa39xth.cmd
\Shell\open\Command - D:\pa39xth.cmd
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 02:44:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-13 2:48:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-13 03:48:31
ComboFix2.txt 2008-08-12 11:55:28
ComboFix3.txt 2008-08-11 22:38:18

Pre-Run: 93,024,776,192 octets libres
Post-Run: 92,975,640,576 octets libres

290
0
Utilisateur anonyme > bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
13 août 2008 à 11:44
Bonjour Bono,
parfait.
Il reste juste encore une ou deux crasses d'après Combofix.

Quand tu auras la suite je suis preneur.

Bonne journée.
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010 > Utilisateur anonyme
13 août 2008 à 17:41
Salut DllD,
j'étais au boulot
je suis de retour
voila le rapport
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1046
Windows 5.1.2600 Service Pack 2

14:23:22 13/08/2008
mbam-log-8-13-2008 (14-23-22).txt

Type de recherche: Examen complet (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 148413
Temps écoulé: 29 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 104

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\cxjatsqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\AntivirusFiable\atf.exe.vir (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\AntivirusFiable\fopf.sys.vir (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\AntivirusFiable\Up\gup.exe.vir (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\AntivirusFiable\Update\aviupd.exe.vir (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Spcron\Spc.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Spcron\Spcron_old.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Svconr\Svconr.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Temporary\inPV.exe.vir (Trojan.BHO) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\b128.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\b148.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\b149.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\b152.exe.vir (Trojan.Insider) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\b155.exe.vir (Trojan.BHO) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\b156.exe.vir (Adware.Insider) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\b157.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\b999.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1423.exe.tmp.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\augapjxo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\brkdvout.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dmdmbeyb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\enqfkvkh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fibihyup.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gcebuc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gdrxyycl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gobmpsrl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\herftn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hfennvmy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hsnfmrhh.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ihxcds.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mbbckvsd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mndaonuh.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mqrxbffy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\obnxvxcp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\psntlvdg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rpvehxfh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssgwweqt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ufcinkpv.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xmjggkdc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yieufcnn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP151\A0069671.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP155\A0072756.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0073756.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0073761.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0074779.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP158\A0078323.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP158\A0078324.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP158\A0078332.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP158\A0078337.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP158\A0078338.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP158\A0078339.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP158\A0078340.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP158\A0078341.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP161\A0078389.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP162\A0079449.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0079550.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP164\A0079628.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP165\A0079660.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0079665.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0080804.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP173\A0082974.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP173\A0082975.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP173\A0082977.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP173\A0082978.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111349.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111350.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111351.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111352.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111362.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111363.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111364.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111365.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111366.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111367.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111368.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111369.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111375.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111381.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111399.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111402.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111405.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111407.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111411.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111415.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111418.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111444.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111446.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111455.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111483.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111526.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111535.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP210\A0111648.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP210\A0111649.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP210\A0111650.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP211\A0111758.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP211\A0111761.sys (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP211\A0111840.exe (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP211\A0111844.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
0
Utilisateur anonyme > bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
13 août 2008 à 17:53
Ok, très bien.

As tu installé Antivir et fait un scanne ? (après les mises à jour).
Poste alors le rapport stp.

Puis aussi celui de Clean (de malekal) et enfin un nouveau HijackT.


Bon courage.
On touche au but.
Comment va le PC aussi ?

+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010 > Utilisateur anonyme
14 août 2008 à 02:44
bonsoir,

le PC va de mieux en mieux il reprend des couleurs
voici le raport de l'anti virus



Avira AntiVir Personal
Report file date: mercredi 13 août 2008 21:37

Scanning for 1549254 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NOM-FB9B15D2723

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 11:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 10:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 15:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 10:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 16:54:15
ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 04/08/2008 04:16:26
ANTIVIR3.VDF : 7.0.6.2 258560 Bytes 12/08/2008 04:16:32
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 11:46:50
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 13/08/2008 04:17:02
AESCN.DLL : 8.1.0.23 119156 Bytes 13/08/2008 04:16:59
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 11:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 13/08/2008 04:16:58
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 13/08/2008 04:16:54
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 13/08/2008 04:16:52
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 11:46:50
AEGEN.DLL : 8.1.0.35 315764 Bytes 13/08/2008 04:16:42
AEEMU.DLL : 8.1.0.7 430452 Bytes 13/08/2008 04:16:39
AECORE.DLL : 8.1.1.8 172406 Bytes 13/08/2008 04:16:36
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 11:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 11:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 12:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 13/08/2008 04:16:33
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 14:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 11:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 15:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 20:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 15:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 15:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 16:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 16:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, H:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 13 août 2008 21:37

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'ELService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'eEBSvc.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'DMAScheduler.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '65' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\oq.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d162a3.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\t.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49066262.qua'!
C:\Documents and Settings\All Users\Application Data\part dead amok eggs\1 Admin.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48e4633a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E7F7211.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E7F7211.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48da6362.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\buwskgte.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491a639c.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\CopySurfDartDrv.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49136397.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\cwegmxig.exe
[DETECTION] Is the TR/Obfuscated.EN.2479 Trojan
[NOTE] The file was moved to '490863a1.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\fmpfbiia.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49136399.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\inyflyyi.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491c639d.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\Kind Noun.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4911639a.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\Name Slow Third.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49106394.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\Name Warn Surf.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49106396.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\oixpdgwl.exe
[DETECTION] Is the TR/Obfuscated.EN.493 Trojan
[NOTE] The file was moved to '491b63a1.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\qhijspbm.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '490c63a1.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\sciibuoc.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '490c639e.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\sfvgtouf.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491963a3.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\smbwxfbf.exe
[DETECTION] Is the TR/FatObfus.2.Gen Trojan
[NOTE] The file was moved to '490563ac.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\snslatlb.exe
[DETECTION] Is the TR/Obfuscated.EN.52 Trojan
[NOTE] The file was moved to '491663af.qua'!
C:\Documents and Settings\HP_Administrateur\Application Data\bias dale tick\tzqeydle.exe
[DETECTION] Is the TR/Obfuscated.EN.2655 Trojan
[NOTE] The file was moved to '491463bd.qua'!
C:\Documents and Settings\HP_Administrateur\Bureau\jeux\Alcohol 120% 1.9.3105 Latest [Corporate Edition With Patch]\Patch.exe
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was moved to '491763c5.qua'!
C:\Documents and Settings\HP_Administrateur\Bureau\jeux\Alcohol 120% 1.9.3105 Latest [Corporate Edition With Patch]\Patch.exe.BAK
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was moved to '491763c7.qua'!
C:\Documents and Settings\HP_Administrateur\Mes documents\Mes fichiers reçus\Nokia_19_jpg.zip
[0] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains recognition pattern of the WORM/SdBot.561152.2 worm
[NOTE] The file was moved to '490e6525.qua'!
C:\Program Files\Fichiers communs\AntivirusFiable\gcw.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '491a6711.qua'!
C:\QooBox\Quarantine\catchme2008-08-11_212858,45.zip
[0] Archive type: ZIP
--> ^ ^ %^^ ^%^%%% ^^^ %^ ^^ .exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> awtrqqol.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4917695c.qua'!
C:\QooBox\Quarantine\C\invwft2h.com.vir
[DETECTION] Is the TR/PSW.OnlineGames.allv Trojan
[NOTE] The file was moved to '4919696b.qua'!
C:\QooBox\Quarantine\C\tfk8.exe.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490e6966.qua'!
C:\QooBox\Quarantine\C\v.bat.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49056930.qua'!
C:\QooBox\Quarantine\C\v.exe.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49086932.qua'!
C:\QooBox\Quarantine\C\Program Files\AntivirusFiable\Base\plugins\SCANKRNL.DLL.vir
[DETECTION] Contains recognition pattern of the Pixel #3 virus
[NOTE] The file was moved to '48e4694b.qua'!
C:\QooBox\Quarantine\C\Program Files\AntivirusFiable\Engines\plugins\SCANKRNL.DLL.vir
[DETECTION] Contains recognition pattern of the Pixel #3 virus
[NOTE] The file was moved to '48e4694e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\% ^ ^ % %%^%^ ^% %^%%%%%% % ^^^ % %^ ^^ .exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48c36930.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\acjuglwc.dll.vir
[DETECTION] Is the TR/Monder.87040.1 Trojan
[NOTE] The file was moved to '490d6976.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\afvtoxti.dll.vir
[DETECTION] Is the TR/Mondera.109568 Trojan
[NOTE] The file was moved to '4919697b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\afykjiqe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491c697d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\amesjkpt.dll.vir
[DETECTION] Is the TR/Mondera.101376.1 Trojan
[NOTE] The file was moved to '49086986.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo.exe.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4919698a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo0.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4919698d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo1.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4919698f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\aqkgewqd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490e6995.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\avwfkyfw.dll.vir
[DETECTION] Is the TR/Mondera.100352 Trojan
[NOTE] The file was moved to '491a699c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\awsltssj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4916699f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\awtrqqol.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '491769a1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bdykbtmh.dll.vir
[DETECTION] Is the TR/Vundo.ESK Trojan
[NOTE] The file was moved to '491c6991.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bhkivakb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490e6999.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bmjwldwk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490d69a1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\btkapnrf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490e69ab.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\butgmhfx.exe.vir
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '491769ae.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bvfofioq.dll.vir
[DETECTION] Is the TR/Mondera.89088.1 Trojan
[NOTE] The file was moved to '490969b1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bwryshcg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491569b6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ceqntxxf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491469a7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cmlbmoet.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '490f69b2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ctshjant.dll.vir
[DETECTION] Is the TR/Monder.80896 Trojan
[NOTE] The file was moved to '491669bc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cyualelu.exe.vir
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '491869c5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dbvfiemx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491969b1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dgcpibei.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490669b8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dgsqkhcx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491669ce.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\djvxmfrn.dll.vir
[DETECTION] Is the TR/Mondera.97280.1 Trojan
[NOTE] The file was moved to '491969d4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dpjovmwv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490d69dc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dvjftimm.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/1007.A root kit
[NOTE] The file was moved to '490d69e4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fchpdltm.dll.vir
[DETECTION] Is the TR/Mondera.108544 Trojan
[NOTE] The file was moved to '490b69d3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fhgsoyll.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '490a69d9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fkidrahg.dll.vir
[DETECTION] Is the TR/Vundo.ESF.4 Trojan
[NOTE] The file was moved to '490c69de.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ftoiykra.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491269e9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gdlojslk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490f69db.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gedxmlgm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490769de.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gkmuktfu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491069e6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\goagdxry.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490469ec.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gvifcovn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490c69f5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hddiqmua.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '490769e4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hrxwuwgr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491b69f5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ichotiiw.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '490b69e8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\incwwjwf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490669f6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\inqtfckc.dll.vir
[DETECTION] Is the TR/Mondera.104448.4 Trojan
[NOTE] The file was moved to '491469f8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iqcqwthr.dll.vir
[DETECTION] Is the TR/Vundo.ENL Trojan
[NOTE] The file was moved to '490669fd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iwpptnbo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49136a06.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iypbqwco.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49136a0a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iyryteid.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49156a0d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jbukawst.dll.vir
[DETECTION] Is the TR/Mondera.90112 Trojan
[NOTE] The file was moved to '491869f8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jckstqru.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490e69fb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jdcepdnh.dll.vir
[DETECTION] Is the TR/Mondera.97280.2 Trojan
[NOTE] The file was moved to '490669fe.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jdishe.dll.vir
[DETECTION] Is the TR/Monder.101888.3 Trojan
[NOTE] The file was moved to '490c6a00.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jercccvs.dll.vir
[DETECTION] Is the TR/Vundo.enl.3 Trojan
[NOTE] The file was moved to '49156a03.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jjkoyaho.dll.vir
[DETECTION] Is the TR/Mondera.89088.1 Trojan
[NOTE] The file was moved to '490e6a09.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jmcwobfy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49066a0e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jpmugrbm.dll.vir
[DETECTION] Is the TR/Mondera.96256.1 Trojan
[NOTE] The file was moved to '49106a13.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\juwfwxtu.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '491a6a1a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jyvqyrcc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49196a21.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kgxxtudh.dll.vir
[DETECTION] Is the TR/Mondera.108544.2 Trojan
[NOTE] The file was moved to '491b6a11.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kqcaxeve.dll.vir
[DETECTION] Is the TR/Mondera.112640 Trojan
[NOTE] The file was moved to '49066a1d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kvoyxqnl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49126a26.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kwmgksjb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49106a29.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lbkotawm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490e6a16.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lcnqedyl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49116a19.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lfyfrufx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491c6a1d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lqzgpg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491d6a2b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ltebhqfx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49086a2f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mocetv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49066a2c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mubetaus.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49056a34.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nfltvbdu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490f6a28.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ngyxdfrr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491c6a2a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nlndhpsv.dll.vir
[DETECTION] Is the TR/Mondera.114688.1 Trojan
[NOTE] The file was moved to '49116a32.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nlnmvbyk.dll.vir
[DETECTION] Is the TR/Vundo.enl.3 Trojan
[NOTE] The file was moved to '49116a35.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nxkjkslx.dll.vir
[DETECTION] Is the TR/Mondera.104448.4 Trojan
[NOTE] The file was moved to '490e6a43.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\oavjchfv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49196a2d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\olkxha.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490e6a3b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\omytnhor.dll.vir
[DETECTION] Is the TR/Mondera.104448.1 Trojan
[NOTE] The file was moved to '491c6a3d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ooukuvtk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49186a42.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\orgpsmyj.dll.vir
[DETECTION] Is the TR/Mondera.108544 Trojan
[NOTE] The file was moved to '490a6a47.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\osecnndt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49086a4a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ovhvvo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490b6a4f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pdceseyr.dll.vir
[DETECTION] Is the TR/Monder.94720.4 Trojan
[NOTE] The file was moved to '49066a3f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pdtrrhuh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49176a41.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pgqjlehs.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49146a46.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pqnaswgb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49116a53.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\prrabsji.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49156a59.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\psmckeca.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49106a5d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qbmuwlhv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49106a4f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qihcrafe.exe.vir
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '490b6a58.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qjrqpcwk.dll.vir
[DETECTION] Is the TR/Vundo.ESF.3 Trojan
[NOTE] The file was moved to '49156a5c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qmtmkfrr.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49176a60.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qmwsypuo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491a6a62.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qngbvvok.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '490a6a65.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qtlypgsr.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '490f6a6d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qtsekqhd.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49166a6e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rfpintks.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49136a62.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rmrvcmcr.exe.vir
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49156a6b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rplhka.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490f6a71.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rrfpnkxk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49096a75.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rsnfbgkw.exe.vir
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49116a78.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rtbydice.dll.vir
[DETECTION] Is the TR/Mondera.106496.1 Trojan
[NOTE] The file was moved to '49056a7b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\scdjao.dll.vir
[DETECTION] Is the TR/Monder.104448.2 Trojan
[NOTE] The file was moved to '49076a6b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\sceaowpp.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49086a6d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\sloinlbi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49126a7d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\snpqsmuj.dll.vir
[DETECTION] Is the TR/Mondera.108544.1 Trojan
[NOTE] The file was moved to '49136a81.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\spqcqtqh.dll.vir
[DETECTION] Is the TR/Mondera.104448.2 Trojan
[NOTE] The file was moved to '49146a86.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tcjmjtyb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490d6a7b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\thlneuob.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490f6a81.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tmfbdiud.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49096a88.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tngqiyqh.exe.vir
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '490a6a8b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tphewjph.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490b6a8f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tsywcmfa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491c6a94.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tuqxpene.dll.vir
[DETECTION] Is the TR/Mondera.101376.1 Trojan
[NOTE] The file was moved to '49146a98.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvujlcd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49196a99.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\uiuhbckw.dll.vir
[DETECTION] Is the TR/Vundo.enl.3 Trojan
[NOTE] The file was moved to '49186a8f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ujekjhgo.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49086a9b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\upiqytuj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490c6aa3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\uriftdrv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490c6aa6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vcsneqes.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49166a9b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vhhpyrkp.dll.vir
[DETECTION] Is the TR/Vundo.EUG Trojan
[NOTE] The file was moved to '490b6aa2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vmdrpxps.exe.vir
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49076aa9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vqsgpviq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49166aaf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vrfifqnt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49096ab2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vrtooooh.dll.vir
[DETECTION] Is the TR/Mondera.102400 Trojan
[NOTE] The file was moved to '49176ab4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vsbwybdq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49056abc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vsqabhyu.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49146abd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtblwebb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49056ac0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vvhrty.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490b6ac6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wbtdysjh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '486aad9d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wdedmgeh.dll.vir
[DETECTION] Is the TR/Vundo.EZR Trojan
[NOTE] The file was moved to '49086ab8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wdsukfir.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49166aba.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\whelaekr.dll.vir
[DETECTION] Is the TR/Mondera.108544.1 Trojan
[NOTE] The file was moved to '49086ac0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wmbpdvoa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49056ac7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wqjouwtx.dll.vir
[DETECTION] Is the TR/Monder.101888.3 Trojan
[NOTE] The file was moved to '490d6acc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xckvwerd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490e6ac3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xdbpxslt.dll.vir
[DETECTION] Is the TR/Monder.104448.2 Trojan
[NOTE] The file was moved to '49056ac6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xedsksvi.dll.vir
[DETECTION] Is the TR/Mondera.100352.1 Trojan
[NOTE] The file was moved to '49076aca.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xeogbyns.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49126ad5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xoehetdy.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49086adf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xrjmriwa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490d6ae3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xuyllvsa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491c6ae6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xvovueih.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49126ae7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xwhdwnxi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490b6ae9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yayxwtqo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491c6ad3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yepfxtbx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49136ad7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ygxgywcs.exe.vir
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '491b6ada.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yvwhwnec.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491a6ae9.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP123\A0047388.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ac2.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP123\A0047389.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd2b.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP123\A0047407.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ac4.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP123\A0047408.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36ac3.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP123\A0047465.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a8dd2c.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP123\A0047467.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd2d.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP123\A0047468.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36ac6.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047473.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ac5.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047474.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd2e.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047483.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36ac7.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047485.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd20.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047486.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd2f.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047606.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36ac9.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047609.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd22.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047610.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36acb.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047638.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36ac8.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047639.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd21.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0047640.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36aca.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0048637.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a8dd24.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0048639.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36acd.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0048640.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd23.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0048648.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36acc.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0048650.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd25.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0048651.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36ace.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0048661.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a8dd26.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0048663.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36acf.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP124\A0048664.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd38.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP125\A0048671.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd27.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP125\A0048672.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36ac0.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP125\A0048681.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36ad1.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP125\A0048683.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd3a.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP125\A0048684.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36ad3.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP125\A0048692.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a8dd29.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP125\A0048694.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ad8.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP125\A0048695.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd31.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP126\A0048701.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd3c.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP126\A0048702.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36ad5.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP126\A0048711.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a8dd3e.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP126\A0048713.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ad7.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP126\A0048724.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ad0.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP126\A0049738.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a8dd39.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP126\A0049740.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ad2.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP126\A0049741.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd30.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP127\A0049756.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ad9.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP127\A0049757.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd3b.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP128\A0049763.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ad4.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP128\A0050763.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd32.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP129\A0050769.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36adb.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP129\A0050770.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd3d.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP130\A0050797.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ad6.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP130\A0050798.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd34.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP130\A0050827.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36add.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP130\A0050829.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd36.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP130\A0050830.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd3f.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP130\A0050861.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36aa8.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP130\A0050864.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36adf.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP130\A0050865.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd08.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050884.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ae1.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050885.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36ada.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050894.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a8dd33.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050896.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36adc.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050897.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd0a.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050908.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36ae3.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050910.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd35.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050911.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36ade.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050920.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a8dd37.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050922.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd41.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0050923.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd0c.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050928.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ae5.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050929.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd0e.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050936.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36aaa.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050938.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd43.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050939.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36aac.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050947.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a8dd45.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050950.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ae7.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050951.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd00.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050996.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36aae.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050998.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ae9.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP132\A0050999.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd02.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP133\A0051005.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ae0.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP133\A0051006.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd09.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP134\A0051019.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ae2.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP134\A0051020.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36aeb.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP134\A0051028.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a8dd04.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP134\A0051030.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36aed.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP134\A0051031.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd06.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP134\A0051053.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd0b.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP134\A0051059.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36ae4.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP134\A0051062.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36aef.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP134\A0051063.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd18.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP135\A0051068.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36af1.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP135\A0051069.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd0d.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP135\A0051089.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36ae6.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP135\A0051091.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd0f.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP135\A0051092.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd1a.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP136\A0051097.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36af8.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP136\A0051098.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd11.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP136\A0051110.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36afa.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP136\A0051112.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36af3.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP136\A0051113.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd1c.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP136\A0051124.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36af5.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP136\A0051126.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36ae8.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP136\A0051127.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd01.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP137\A0051133.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d36aea.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP137\A0051134.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd1e.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP137\A0051145.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36af7.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP137\A0051147.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd10.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP137\A0051148.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '49a8dd03.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP137\A0051159.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36aec.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP137\A0051161.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a8dd05.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP137\A0051162.inf
[DETECTION] Is the TR/PSW.OnlineGames.xls Trojan
[NOTE] The file was moved to '48d36aee.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP137\A0051172.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d36af9.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\R
0
Réponse 8 / 10
Utilisateur anonyme
14 août 2008 à 03:37
Ok,
très bien.

Avant de finir :
> Fais un scan en ligne avec Kaspersky : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
N.B. : Le scan ne marche que sous Internet Explorer.
- Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...) si possible. Allume les si necessaire.
- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >.
- On va te demander de télécharger un contrôle active x, accepte .
- Dans le menu < Choisissez la cible de l'analyse >, sélectionne < Poste de travail >. Le scan va commencer.
- Poste le rapport qui sera généré stp.
S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : http://www.inoculer.com/activex.php3
Rappel : le scan est à faire sous Internet Explorer
Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html


A+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
14 août 2008 à 17:29
Bonjour,
j'ai bien fait le scan avec kaspersky mais je n'ai eu aucun rapport à la suite - ai je fais une connerie?
0
Utilisateur anonyme > bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
14 août 2008 à 17:54
Salut,

A la fin du scanne il faut que tu cliques sur afficher le rapport.

Sinon le scanne a trouvé des éléments infectieux ?

A+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010 > Utilisateur anonyme
14 août 2008 à 18:18
oui le scan a trouvé des éléments infectueux
je vais recommencer et tenter de sortir le rapport
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010 > Utilisateur anonyme
14 août 2008 à 20:09
c bon le scan est réussit et le rapport aussi le voici:

Thursday, August 14, 2008 5:06:38 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 14/08/2008
Enregistrements dans la base antivirus Kaspersky : 972746
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Statistiques de l'analyse
Total d'objets analysés 118305
Nombre de virus trouvés 4
Nombre d'objets infectés 14 / 0
Nombre d'objets suspects 0
Durée de l'analyse 01:41:52

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10862F09.tmp/MagicApplet.class Infecté : Trojan-Downloader.Java.OpenConnection.ao ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10862F09.tmp/OwnClassLoader.class Infecté : Trojan.Java.ClassLoader.au ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10862F09.tmp/Installer.class Infecté : Trojan-Downloader.Java.OpenConnection.ao ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10862F09.tmp ZIP: infecté - 3 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10862F09.tmp CryptFF: infecté - 3 ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\$_hpcst$.hpc L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Historique\History.IE5\MSHist012008081420080815\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\WCESLog.log L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF43CE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~ROMFN_000000E4 L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.Word\~WRS{A865C990-484B-45B3-94B0-C7BC6651AF51}.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Administrateur\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\cjeqtpdu.dll.vir Infecté : Trojan.Win32.Mondera.gen ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\oawvtasa.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\qsudnhcs.dll.vir Infecté : Trojan.Win32.Mondera.gen ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\ukpthxiy.dll.vir Infecté : Trojan.Win32.Mondera.gen ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111387.dll Infecté : Trojan.Win32.Mondera.gen ignoré
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111454.dll Infecté : Trojan.Win32.Monder.gen ignoré
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111476.dll Infecté : Trojan.Win32.Mondera.gen ignoré
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0111503.dll Infecté : Trojan.Win32.Mondera.gen ignoré
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP215\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D3042BF2-DE4E-43C5-9427-3409129EC18B}.crmlog L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{F7FE6280-66BF-48F6-BB88-AAFAB9492B4B}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\IntelDH.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\yrxspxkw.dll Infecté : Trojan.Win32.Mondera.gen ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010 > Utilisateur anonyme
15 août 2008 à 00:16
Salut DllD
t'es tjrs dans les parages? je sais pas si c'est fini j'ai vu qu'il y avait encore des fichiers infectés mais l'ordi fonctionne bcp mieux
j'attend le reste des instruction si il y en a d'autres
A+
0
Réponse 9 / 10
Utilisateur anonyme
18 août 2008 à 03:08
Bonsoir/bonjour,
Je suis de retour de week end....

Alors,
vide ta quarantaine Norton stp (supprime les éléments infectés trouvés).


Ensuite,
> Peux-tu vérifier ta console JAVA ici : https://www.java.com/fr/download/uninstalltool.jsp, et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version). Dis moi ce qu'il en est stp.
Pour info. ou en cas de problème : http://assiste.com.free.fr/p/abc/c/anti_java.html

> Mets à jour Acrobat si ce n'est pas le cas (désinstalle avant la version antérieure) : https://get2.adobe.com/reader/otherversions/

> Télécharge ToolsCleaner : https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/ sur ton bureau.
- Clique sur Recherche et laisse le scan agir ...
- Clique sur Suppression pour finaliser (tu peux, si tu le souhaites, te servir des Options facultatives)
- Clique sur Quitter pour obtenir le rapport et poste le dans ta réponse (TCleaner.txt se trouve à la racine de ton disque dur (C:\)).
- Supprime ToolsCleaner ensuite.

> Télécharge et installe Easy Cleaner stp : https://www.01net.com/telecharger/windows/Utilitaire/registre/fiches/8351.html
(lien miroir : https://www.clubic.com/telecharger-fiche11170-easycleaner.html )
- Lance le programme puis clique sur <Registre> puis sur <Trouver>.
- A la fin du scan clique sur <Supprime tout> puis confirme par <Oui> puis quitte le programme.
Si besoin tuto ici : https://www.pcparadise.fr
et http://www.6ma.fr/tuto/easycleaner-nettoyer-windows-des-elements-obsoletes/

> Tu peux aussi vider ta corbeille.

> Désactive et réactive la restauration de système, pour cela : suis les instructions de ce lien : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924
PS : Si tu est sous Vista c'est ce lien : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/4f60eedf1156c8068525695b005ca288/c066b2e9a50cc948802572870032b170?OpenDocument

> Passe un coup d'AGV et/ou de MalwareByte's Anti-Malware et de Ccleaner de temps en temps (1 fois par semaine à 1 fois par mois, suivant l'utilisation que tu fais de ton PC. Tu peux aussi décocher la casse dans l’onglet "Options"</souligne> puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures").
- Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser.
- Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être à l'aise))

> Pour bien protéger ton PC :
[1 seul Antivirus] + [1 seul Pare feu] + [Quelques Antispywares] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows)] + [Utilisation du PC en mode Invité (= limité). Lors d'une infection en mode administrateur le PC est beaucoup plus vulnérable. Voir ICI]
PS : En fait la meilleure des protections c'est toi même : ce que tu fais avec ton PC : où tu surfes, télécharges...ect....
Les virus utilisent les failles de ton PC pour infecter un système. Info : http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html

> Quelques liens utiles :
- http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet
- https://sebsauvage.net/safehex.html
- https://www.zebulon.fr/telechargements/securite/protection-donnees-personnelles/spywareblaster.html (= petit logiciel qui bloque l'installation d'activ-X nuisibles au PC. Fonctionne en arrière plan)

Voila,
Bonne lecture....

A+

PS : Si tu veux être sûr qu'il ne reste plus rien alors tu peux refaire un scanne en ligne Kasper (poste alors le rapport stp)

;)
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
19 août 2008 à 15:06
Salut DllD

désolé tu m'as dit de vider la quarantaine Norton mais je n'ai pas Norton j'ai ce que tu m'as dit d'intaller Avira AntiVir Personal donc je ne sais pas si je dois suivre la procédure
merci de me répondre
A+
0
Réponse 10 / 10
Utilisateur anonyme
19 août 2008 à 20:04
Bonsoir,
Pourtant dans le rapport Kaspersky :

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10862F09.tmp/MagicApplet.class Infecté : Trojan-Downloader.Java.OpenConnection.ao ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10862F09.tmp/OwnClassLoader.class Infecté : Trojan.Java.ClassLoader.au ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10862F09.tmp/Installer.class Infecté : Trojan-Downloader.Java.OpenConnection.ao ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10862F09.tmp ZIP: infecté - 3 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10862F09.tmp CryptFF: infecté - 3 ignoré



Bon alors avant de faire la suite, fais ceci stp :

Désinstalle Norton depuis ce lien : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924


Ensuite,
> Télécharge OTMoveIT (de Old_Timer) : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe sur ton bureau...
- Double-clique sur OTMoveIt.exe pour le lancer.
- Assure toi que la case "Unregister Dll's and Ocx's" est bien cochée !!!
- Copie le texte qui se trouve ci-dessous et colle-le dans le cadre de gauche de OTMoveIt nommé <Paste standard List of Files/Folders to be moved>.

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus

- Clique sur < MoveIt! > pour lancer la suppression.
- Lorsqu'un résultat apparaît dans le cadre Results clique sur Exit
N.B :Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
Un rapport est créé dans %SYSTEMDRIVE%\_OTMoveIt\MovedFiles\date du jour (C:\_OTMoveIt\MovedFiles\), copie-colle-le dans ta réponse suivante stp.



Puis passe à la suite des manip stp.

A+
0
bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
20 août 2008 à 23:58
Salut DllD
un peu de temps je me suis absenté deux jours
voici le rapport

File/Folder C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08202008_202646

je poursuis comme tu me l'as dit
je reste dans les parages

A+
Merci tu me rend un très grand service
0
Utilisateur anonyme > bono_971 Messages postés 40 Date d'inscription dimanche 10 août 2008 Statut Membre Dernière intervention 10 août 2010
21 août 2008 à 00:11
Bonsoir,
Pas de problème Bono.
Passe à la suite :)

A+
0

Discussions similaires

qu'est-ce que diff message ?
zebulonmarie -
mumu -

18 réponses
Instagram "Désolé, une erreur s'est produite"
bananamilk -
cedric.masdeb -

60 réponses
Comment reconnaitre si un SMS m'indiquant un message vocal est une arnaque ?
kikidefer -
brucine -

9 réponses
Erreur vidéo inconnue sur le Freebox Player
mouhaaV2.0 -
LH -

59 réponses
Free erreur 38 : impossible d'envoyer des SMS
warnawak -
marcellou -

58 réponses