Probleme Combofix

[desperategirl]

Bonjour,

 

Je solicite votre aide car je suis vraiment desesperee...

Sur la machine de mon travail (windows xp)....Antivirus avast...sans commentaire pour celui ci mais ce n est pas ma machine...

Aujourd hui j ai eu un gros souci de virus qui ouvrait systematiquement le centre de securite windows et impossible de naviguer sur le net....

Aprez pas mal de prise de tete, mon ami m a telecharger Combofix, qui m a eliminer le virus apperement...

Mais depuis cet instant, il m est impossible d ouvrir le programme Proyecto Hotel de mon travail, qui est absolument indispensable...le message d erreur est .

Run time erreur 339 Le fichier MSMASK32.ocx is not corectly registred etc...

 

D ou ma question, comment faire pòur retablir les donness d avant le combo fix.....car je prefere ne plus pouvoir naviguer que d etre sans mon programe de gestion de l hotel

Merci de pouvoir m indiquer la marche a suivre, je sais vraiment plus quoi faire

 

Please please please, comment revenir avant d avoir fait un combofix

Merci de votre aide

[Apollo]

Bonsoir,

 

Voilà ce que c'est que d'utiliser ComboFix quand on ne le connaît pas...

Cela peut parfois être dangereux.

 

Poste le rapport de ComboFix qui se trouve sur le C stp.

 

@++

[desperategirl]

Oui je sais, croyer moi que je suis toujours frileuse avec ca....on ne m y reprendra plus....Autant sur ma machine, j ai kaspersky et donc rarement de probleme...que la, j ai avast...et c est la M....

Voici le rapport de combofix que j ai eu une fois tout fini .

ComboFix 11-05-06.05 - VICTOR 07/05/2011 18:50:29.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1791.1314 [GMT 2:00]

Running from: c:\documents and settings\VICTOR\Escritorio\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\$recycle$

c:\$recycle$\config.bin

c:\documents and settings\VICTOR\Configuración local\Datos de programa\bcm.exe

c:\documents and settings\VICTOR\Datos de programa\Afsoq

c:\documents and settings\VICTOR\Datos de programa\Afsoq\yvmui.ogi

c:\documents and settings\VICTOR\Datos de programa\Afsoq\yvmui.tmp

c:\documents and settings\VICTOR\Datos de programa\searchqutb

c:\documents and settings\VICTOR\Datos de programa\searchqutb\dtx.ini

c:\documents and settings\VICTOR\Datos de programa\Yxxes\iqfo.exe

c:\documents and settings\VICTOR\lame_enc.dll

c:\documents and settings\VICTOR\lametritonus.dll

c:\windows\system32\MSMASK32.OCX

.

.

((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))

.

.

2011-04-18 16:44 . 2011-04-18 16:44 -------- d-----w- c:\documents and settings\VICTOR\Datos de programa\Apple Computer

2011-04-15 01:06 . 2011-04-15 01:06 -------- d-----w- c:\windows\ServicePackFiles

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2008-04-15 03:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2008-04-15 03:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53 . 2008-04-15 03:00 1858048 ----a-w- c:\windows\system32\win32k.sys

2011-02-23 14:04 . 2010-12-13 07:32 40648 ----a-w- c:\windows\avastSS.scr

2011-02-23 14:04 . 2010-12-13 07:32 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-23 13:56 . 2011-03-31 17:26 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-02-23 13:56 . 2010-12-13 07:32 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-23 13:55 . 2010-12-13 07:32 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-23 13:55 . 2010-12-13 07:32 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-02-23 13:55 . 2010-12-13 07:32 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-02-23 13:55 . 2010-12-13 07:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-23 13:54 . 2010-12-13 07:32 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-02-23 13:54 . 2010-12-13 07:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-22 23:08 . 2007-08-13 16:54 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:08 . 2007-08-13 16:44 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:07 . 2007-08-13 16:45 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:42 . 2008-04-15 03:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2008-04-15 03:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2008-04-15 03:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:54 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2008-04-15 03:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 14:44 . 2008-04-15 03:00 236032 ----a-w- c:\windows\system32\fxscover.exe

2011-02-09 13:53 . 2008-04-15 03:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2008-04-15 03:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2008-04-15 03:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2008-04-15 03:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{79FF9E60-1F1A-47B0-8B9C-BFD9D0904A74}"= "c:\archivos de programa\PopCorn\es\Toolbar\PopCorn.dll" [2010-08-13 488248]

.

[HKEY_CLASSES_ROOT\clsid\{79ff9e60-1f1a-47b0-8b9c-bfd9d0904a74}]

[HKEY_CLASSES_ROOT\BuscadoToolbar.IEHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{B50BCAFC-CF72-420D-9036-53FD4EE95519}]

[HKEY_CLASSES_ROOT\BuscadoToolbar.IEHook]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 14:04 122512 ----a-w- c:\archivos de programa\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-02 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-19 16850944]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]

"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2010-09-08 421888]

"avast5"="c:\archivos de programa\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]

"D-Link AirPlus XtremeG DWL-G122"="c:\archivos de programa\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-01-02 1552384]

"ANIWZCS2Service"="c:\archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^VICTOR^Menú Inicio^Programas^Inicio^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]

path=c:\documents and settings\VICTOR\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk

backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]

Alaunch [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-14 23:04 39792 ----a-w- c:\archivos de programa\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2008-09-26 09:02 2356088 ----a-r- c:\archivos de programa\Archivos comunes\Adobe\Updater5\AdobeUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 00:20 57344 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]

2008-07-11 05:20 421888 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 15:24 54840 ----a-w- c:\archivos de programa\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-01-08 20:17 52256 ----a-w- c:\archivos de programa\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 05:49 1695232 ------w- c:\archivos de programa\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2008-04-15 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-08-01 14:48 1630208 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-01-08 20:26 68640 ------w- c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 09:43 248040 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-04-02 07:52 68856 ----a-w- c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:vnc5900

"5800:TCP"= 5800:TCP:vnc5800

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [31/03/2011 19:26 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/12/2010 9:32 301528]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2010 9:32 19544]

R2 DynDNS Updater;DynDNS Updater;c:\archivos de programa\DynDNS Updater\DynUpSvc.exe [16/04/2010 18:19 103800]

R2 uvnc_service;uvnc_service;c:\archivos de programa\UltraVNC\winvnc.exe [11/03/2011 16:56 1590216]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [13/10/2009 17:01 41376]

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]

S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

S2 gupdate;Servicio Google Update (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [20/12/2009 15:49 135664]

S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [20/12/2009 15:49 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-20 13:49]

.

2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-20 13:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.es/

IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

Trusted Zone: fnmt.es

Trusted Zone: tax.es\www

TCP: {1D04C3EF-2F2A-417D-BB9A-C72453A73D7F} = 8.8.8.8,8.8.4.4

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab

DPF: {D1282B0B-3590-4E91-811D-D27D7212DE52} - hxxp://192.168.1.220/HdrWatcher.cab

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-{508811BC-58E3-6075-0454-9D41050834C1} - c:\documents and settings\VICTOR\Datos de programa\Yxxes\iqfo.exe

HKLM-Run-DataMngr - c:\archivos de programa\Windows Searchqu Toolbar\DataMngr\DataMngrUI.exe

MSConfigStartUp-nod32kui - c:\archivos de programa\Eset\nod32kui.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-07 18:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1852)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\archivos de programa\Alwil Software\Avast5\AvastSvc.exe

c:\archivos de programa\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\archivos de programa\Java\jre6\bin\jqs.exe

c:\archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\archivos de programa\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

.

**************************************************************************

.

Completion time: 2011-05-07 19:00:18 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-07 17:00

.

Pre-Run: 113,890,254,848 bytes libres

Post-Run: 113,982,988,288 bytes libres

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - A388EE2BCB5FF7895983D03B5897AB39

 

 

Merci de votre aide, je suis vraiment mal mal mal.....je veux juste pouvoir utiliser de nouveau mon programme pour le taff mais impossible....

[Apollo]

Ok,

 

ON va faire son possible pour essayer de récupérer cela:

 

Poste ce qui se trouve dans ce texte stp:

 

C:\:\Qoobox\ComboFix-quarantined-files.txt

 

@++

[desperategirl]

Merci de ton aide !

 

2011-05-07 16:59:42 . 2011-05-07 16:59:42 624 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-nod32kui.reg.dat

2011-05-07 16:59:30 . 2011-05-07 16:59:30 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-DataMngr.reg.dat

2011-05-07 16:59:28 . 2011-05-07 16:59:28 79 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-{508811BC-58E3-6075-0454-9D41050834C1}.reg.dat

2011-05-07 16:54:53 . 2011-05-07 16:54:53 81,895 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_MSMASK32_.OCX.zip

2011-05-07 16:53:37 . 2011-05-07 16:53:37 7,409 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2011-05-07 16:46:46 . 2011-05-07 16:54:53 219 ----a-w- C:\Qoobox\Quarantine\catchme.log

2011-05-07 01:32:09 . 2011-05-07 01:32:09 344,064 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\VICTOR\Configuración local\Datos de programa\bcm.exe.vir

2011-01-30 18:20:38 . 2011-04-04 13:40:12 178,078 ----a-w- C:\Qoobox\Quarantine\C\$Recycle$\config.bin.vir

2010-08-08 02:50:16 . 2010-08-08 02:59:52 15 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\VICTOR\Datos de programa\searchqutb\dtx.ini.vir

2010-06-02 21:17:24 . 2010-06-02 21:17:26 57,344 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\VICTOR\lametritonus.dll.vir

2010-06-02 21:17:20 . 2010-06-02 21:17:22 162,304 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\VICTOR\lame_enc.dll.vir

2010-01-17 22:29:42 . 2011-04-02 11:51:04 1,309,962 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\VICTOR\Datos de programa\Afsoq\yvmui.ogi.vir

2010-01-17 22:29:42 . 2010-01-17 22:29:42 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\VICTOR\Datos de programa\Afsoq\yvmui.tmp.vir

1998-06-23 22:00:00 . 2011-05-07 16:54:53 166,200 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\MSMASK32.OCX.vir

[Apollo]

Ce script a été rédigé spécialement pour cet utilisateur; ne pas l'utiliser sur une autre machine: dangereux!

 

1. Ferme tous les navigateurs ouverts.

2. Désactive provisoirement l'antivirus.

 

2. Ferme/désactive tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

 

3. Ouvre le Bloc-notes et fais un copier/coller du texte situé dans la boîte Code ci-dessous dans le Bloc-notes:

 

DEQUARANTINE::

C:\Qoobox\Quarantine\C\WINDOWS\system32\MSMASK32.OCX.vir 

QUIT::

 

Enregistre le fichier sous le nom CFScript.txt, au même endroit que ComboFix.exe

 

 

 

Comme sur l'image ci-dessus, fais glisser CFScript puis dépose-le sur ComboFix.exe

 

Lorsque l'outil aura terminé, il t'affichera un rapport nommé C:\DeQuarantine_log.txt que tu devras m'envoyer dans ton prochain message.

 

@++