Virus nouveau dossier.exe

[nissou2008]

merci beaucoup,

 

je dois quitter maintenant, je termine la procédure demain et je vous poste le rapport.

 

merci encore une fois.

PS: je vois déjà une grande amélioration, j'ai pu supprimé nouveau dossier.exe, je peux entrer dans le disque en double cliquant (alors que je devais faire un clic droit, explorer)

 

cordialement.

[nissou2008]

bonjour,

SVP, où est ce que j'ouvre combofix (j'exécute ce que j'ai téléchargé, 24781-CF.exe?) j'ai pas compris!!

 

merci.

[nissou2008]

j'ai trouvé le répertoire Qoobox, mais quel bloc note ouvrir, merci.

[nissou2008]

bonjour,

 

alors j'ai crée un nouveau bloc note CFScript.txt, copié les instructions, et je l'ai glissé sur combofix.exe.

 

voici le rapport: merci.

 

 

ComboFix 10-01-25.06 - Administrateur 01/27/2010 10:26:21.2.2 - x86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.213.1036.18.503.223 [GMT 1:00]

Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Downloads\24781-CF.exe

Commutateurs utilisés :: c:\qoobox\CFScript.txt.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"c:\windows\system32\01.tmp"

"c:\windows\system32\02.tmp"

"c:\windows\system32\ezsidmv.dat"

"c:\windows\system32\pjbfqyoz.dll"

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\01.tmp

c:\windows\system32\02.tmp

c:\windows\system32\ezsidmv.dat

c:\windows\system32\pjbfqyoz.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_W32MAN

-------\Service_W32man

-------\Service_lgysmmfl

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-27 au 2010-01-27 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-26 09:49 . 2010-01-26 09:49 -------- d-----w- c:\program files\ZHPDiag

2010-01-25 09:19 . 2010-01-25 09:19 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Identities

2010-01-24 14:04 . 2010-01-24 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqwmi

2010-01-24 13:11 . 2010-01-24 13:13 -------- d-----w- C:\scolr

2010-01-04 14:00 . 2010-01-27 08:17 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM

2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\program files\Fichiers communs\Skype

2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----r- c:\program files\Skype

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-27 09:33 . 2010-01-27 09:33 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-01-27 09:16 . 2009-03-14 10:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype

2010-01-06 13:15 . 2009-12-06 12:20 1 ----a-w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-01-04 14:00 . 2009-03-14 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-01-04 10:44 . 2009-07-29 10:41 -------- d-----w- c:\program files\Google

2009-12-10 12:57 . 2009-12-10 12:57 -------- d-----w- c:\program files\Fichiers communs\xing shared

2009-12-10 12:57 . 2009-11-11 13:37 -------- d-----w- c:\program files\Fichiers communs\Real

2009-12-10 12:55 . 2009-12-10 12:55 12252656 ----a-w- C:\realplayer_realplayer_11.1.3_gold_complet_anglais_182262.exe

2009-12-09 10:43 . 2009-03-11 13:08 96072 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-06 12:19 . 2009-12-06 12:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org

2009-12-06 12:05 . 2009-12-06 12:05 -------- d-----w- c:\program files\OpenOffice.org 3

2009-12-01 15:56 . 2009-12-01 15:56 435720 ----a-w- c:\documents and settings\Administrateur\Application Data\Real\Update\setup3.08\setup.exe

2009-11-18 07:23 . 2004-08-16 10:36 64732 ----a-w- c:\windows\system32\perfc00C.dat

2009-11-18 07:23 . 2004-08-16 10:36 448190 ----a-w- c:\windows\system32\perfh00C.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-10 133104]

"3gp Player"="c:\program files\3gp Player\3gpPlayer.exe" [2007-09-20 634368]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]

"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]

"MAKTray"="MAKTray.exe" [2004-08-27 287232]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"LayoutM"="KLayMgr.exe" [2004-08-16 45056]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"HyperappelPL2003"="c:\program files\Larousse\Petit Larousse 2004\bin\HiPL2002popup.exe" [2003-07-04 122880]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-12-10 198160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

 

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"f:\\oracle\\ora92\\Apache\\Apache\\Apache.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;f:\oracle\ora92\Apache\Apache\Apache.exe [18-04-2002 22:02 4096]

R2 OracleServiceBASE;OracleServiceBASE;f:\oracle\ora92\bin\ORACLE.EXE BASE --> f:\oracle\ora92\bin\ORACLE.EXE BASE [?]

S2 OracleOraHome92Agent;OracleOraHome92Agent;f:\oracle\ora92\bin\agntsrvc.exe [26-04-2002 17:29 28944]

S3 Oracledev_formsClientCache80;Oracledev_formsClientCache80;f:\dev\forms\BIN\ONRSD80.EXE [27-10-2000 13:45 101136]

S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;f:\oracle\ora92\bin\encsvc.exe [13-02-2002 8:23 187392]

S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;f:\oracle\ora92\bin\agntsvc.exe [13-02-2002 8:23 254464]

S4 OracleReportServer-Rep60_DSI208SAIDA-dev_forms;Oracle Reports Server [Rep60_DSI208SAIDA-dev_forms];f:\dev\forms\BIN\RWMTS60.EXE [27-10-2000 13:38 110592]

.

Contenu du dossier 'Tâches planifiées'

 

2010-01-27 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-29 10:41]

 

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 10:41]

 

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 10:41]

 

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511949088-2501407886-2894658554-500Core.job

- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 07:10]

 

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511949088-2501407886-2894658554-500UA.job

- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 07:10]

.

.

------- Examen supplémentaire -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html

.

 

**************************************************************************

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés:

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]

"ImagePath"="f:\oracle\ora92/bin/pagntsrv.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]

"ImagePath"="f:\oracle\ora92\BIN\TNSLSNR "

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(3204)

c:\windows\system32\browselc.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\windows\system32\msiexec.exe

f:\oracle\ora92\bin\omtsreco.exe

f:\oracle\ora92\BIN\TNSLSNR.exe

f:\oracle\ora92\bin\ORACLE.EXE

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

f:\oracle\ora92\jdk\bin\java.exe

f:\oracle\ora92\jdk\bin\java.exe

f:\oracle\ora92\bin\isqlplus

c:\windows\MAKTray.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Heure de fin: 2010-01-27 10:36:18 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-27 09:36

ComboFix2.txt 2010-01-26 13:45

 

Avant-CF: 8,743,235,584 octets libres

Après-CF: 8,715,317,248 octets libres

 

- - End Of File - - 2758253CA0615ED3786FE4C1BDD80F7C

[pear]

Cela se présente bien.

Faites un scan Antivir en mode sans échec et postez en le rapport, svp

[nissou2008]

bonjour,

 

j'ai effectué un scan en mode sans échec et voici le rapport: merci.

 

Avira AntiVir Personal

Report file date: 27 جانفييه, 2010 12:35

 

Scanning for 1369550 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Save mode

Username: Administrateur

Computer name: DSI208SAIDA

 

Version information:

BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:15

ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 06:20:53

ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 10:24:47

Engineversion : 8.1.1.6

AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 09:46:50

AESCRIPT.DLL : 8.1.0.46 283002 Bytes 08/07/2008 07:33:29

AESCN.DLL : 8.1.0.22 119157 Bytes 09/07/2008 09:46:50

AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 09:46:50

AEPACK.DLL : 8.1.1.6 364918 Bytes 09/07/2008 09:46:50

AEOFFICE.DLL : 8.1.0.20 192891 Bytes 09/07/2008 09:46:50

AEHEUR.DLL : 8.1.0.35 1298806 Bytes 08/07/2008 07:33:29

AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 09:46:50

AEGEN.DLL : 8.1.0.29 307573 Bytes 09/07/2008 09:46:50

AEEMU.DLL : 8.1.0.6 430451 Bytes 09/07/2008 09:46:50

AECORE.DLL : 8.1.1.3 172404 Bytes 09/07/2008 09:46:50

AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 09:50:42

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01

AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 15:35:20

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: quarantine

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, E:, F:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: 27 جانفييه, 2010 12:35

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '59' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000a9

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\pv.com

[DETECTION] Contains recognition pattern of the SPR/Tool.PV program

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\n.pif

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

--> 32788R22FWJFW\License\pv_5_2_2.zip

[1] Archive type: ZIP

--> pv.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.PV program

[NOTE] The file was moved to '4b902659.qua'!

C:\Documents and Settings\Administrateur\Mes documents\Downloads\24781-CF.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\pv.com

[DETECTION] Contains recognition pattern of the SPR/Tool.PV program

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\n.pif

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

--> 32788R22FWJFW\License\pv_5_2_2.zip

[1] Archive type: ZIP

--> pv.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.PV program

[NOTE] The file was moved to '4b97263e.qua'!

C:\Qoobox\Quarantine\C\WINDOWS\system32\pjbfqyoz.dll.vir

[DETECTION] Is the TR/Killav.28714 Trojan

[NOTE] The file was moved to '4bc22ba5.qua'!

C:\Qoobox\Quarantine\E\8paf1d.com.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4bc12bac.qua'!

C:\Qoobox\Quarantine\E\y6yol.exe.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4bd92b73.qua'!

C:\Qoobox\Quarantine\F\8paf1d.com.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4bc12bae.qua'!

C:\Qoobox\Quarantine\F\y6yol.exe.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4bd92b76.qua'!

C:\WINDOWS\system32\cvicvyyv.dll

[WARNING] The file could not be opened!

Begin scan in 'E:\'

Begin scan in 'F:\'

F:\Utilitaires\toad 8.0 sur Oracle Database Administrator (10.7.0.154)\toad 8.0 sur Oracle Database Administrator (10.7.0.154).rar

[0] Archive type: RAR

--> Quest[1] Toad For Oracle Xpert v8.0-Ror\Quest.Toad.for.Oracle.Xpert.v8.0-ROR\keygen.exe

[DETECTION] Is the TR/Agent.34880.A Trojan

[NOTE] The file was moved to '4bc1388c.qua'!

 

 

End of the scan: 27 جانفييه, 2010 13:57

Used time: 1:21:57 Hour(s)

 

The scan has been done completely.

 

11780 Scanning directories

602700 Files were scanned

14 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

8 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

602684 Files not concerned

9001 Archives were scanned

2 Warnings

8 Notes

[nissou2008]

j'ai posté mais je vois rien afficher alors je refais!

 

alors j'ai fais le scan, et voici le rapport:

 

Avira AntiVir Personal

Report file date: 27 جانفييه, 2010 12:35

 

Scanning for 1369550 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Save mode

Username: Administrateur

Computer name: DSI208SAIDA

 

Version information:

BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:15

ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 06:20:53

ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 10:24:47

Engineversion : 8.1.1.6

AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 09:46:50

AESCRIPT.DLL : 8.1.0.46 283002 Bytes 08/07/2008 07:33:29

AESCN.DLL : 8.1.0.22 119157 Bytes 09/07/2008 09:46:50

AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 09:46:50

AEPACK.DLL : 8.1.1.6 364918 Bytes 09/07/2008 09:46:50

AEOFFICE.DLL : 8.1.0.20 192891 Bytes 09/07/2008 09:46:50

AEHEUR.DLL : 8.1.0.35 1298806 Bytes 08/07/2008 07:33:29

AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 09:46:50

AEGEN.DLL : 8.1.0.29 307573 Bytes 09/07/2008 09:46:50

AEEMU.DLL : 8.1.0.6 430451 Bytes 09/07/2008 09:46:50

AECORE.DLL : 8.1.1.3 172404 Bytes 09/07/2008 09:46:50

AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 09:50:42

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01

AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 15:35:20

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: quarantine

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, E:, F:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: 27 جانفييه, 2010 12:35

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '59' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000a9

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\pv.com

[DETECTION] Contains recognition pattern of the SPR/Tool.PV program

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\n.pif

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

--> 32788R22FWJFW\License\pv_5_2_2.zip

[1] Archive type: ZIP

--> pv.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.PV program

[NOTE] The file was moved to '4b902659.qua'!

C:\Documents and Settings\Administrateur\Mes documents\Downloads\24781-CF.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\pv.com

[DETECTION] Contains recognition pattern of the SPR/Tool.PV program

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\n.pif

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

--> 32788R22FWJFW\License\pv_5_2_2.zip

[1] Archive type: ZIP

--> pv.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.PV program

[NOTE] The file was moved to '4b97263e.qua'!

C:\Qoobox\Quarantine\C\WINDOWS\system32\pjbfqyoz.dll.vir

[DETECTION] Is the TR/Killav.28714 Trojan

[NOTE] The file was moved to '4bc22ba5.qua'!

C:\Qoobox\Quarantine\E\8paf1d.com.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4bc12bac.qua'!

C:\Qoobox\Quarantine\E\y6yol.exe.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4bd92b73.qua'!

C:\Qoobox\Quarantine\F\8paf1d.com.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4bc12bae.qua'!

C:\Qoobox\Quarantine\F\y6yol.exe.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4bd92b76.qua'!

C:\WINDOWS\system32\cvicvyyv.dll

[WARNING] The file could not be opened!

Begin scan in 'E:\'

Begin scan in 'F:\'

F:\Utilitaires\toad 8.0 sur Oracle Database Administrator (10.7.0.154)\toad 8.0 sur Oracle Database Administrator (10.7.0.154).rar

[0] Archive type: RAR

--> Quest[1] Toad For Oracle Xpert v8.0-Ror\Quest.Toad.for.Oracle.Xpert.v8.0-ROR\keygen.exe

[DETECTION] Is the TR/Agent.34880.A Trojan

[NOTE] The file was moved to '4bc1388c.qua'!

 

 

End of the scan: 27 جانفييه, 2010 13:57

Used time: 1:21:57 Hour(s)

 

The scan has been done completely.

 

11780 Scanning directories

602700 Files were scanned

14 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

8 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

602684 Files not concerned

9001 Archives were scanned

2 Warnings

8 Notes

 

Merci.

[pear]

Bonsoir,

Poste de travail->Outils ->Options des dossiers ->Affichage

Cocher "Afficher les dossiers cachés"

Décocher" Masquer les extension des fichiers dont le type est connus "ainsi que "Masquer les fichiers protégés du système d exploitation"

--> un message dit que cela peut endommager le système, ne pas en tenir compte, valider par oui.

 

 

Rendez vous à cette addresse:

 

Cliquez sur parcourir pour trouver ce fichier:

C:\WINDOWS\system32\cvicvyyv.dll

et cliquez sur "envoyer le fichier"

Copiez /collez la réponse dans votre prochain message.

 

Note: il peut arriver que le fichier ait déjà été analysé. Si c'est le cas, cliquez sur le bouton Reanalyse file now

[nissou2008]

bonjour;

 

je n'ai pas pu afficher la page virustotal, 'lien interrompu', apparemment ma connexion ne le permets pas!! j'ai affiché une copie avec google, mais j'ai pas pu envoyer le fichier!!

 

merci.

 

plutôt 'lien corrompu' .

[pear]

Réessayez, svp.