Aller au contenu

locita

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais

locita's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. locita
    bonjour, j'ai eu un souci avec un malware "antivirus plus" j'ai fais un scan avec combofix et voici le rapport. Quelqu'un pourrait me dire si j'en ai fini avec ce virus?? merci! ComboFix 10-01-26.01 - Utilisateur 26/01/2010 18:58:04.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.651 [GMT 1:00] Lancé depuis: c:\documents and settings\Utilisateur\Mes documents\Téléchargements\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100121-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Utilisateur\Application Data\AntiVirus Plus c:\documents and settings\Utilisateur\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll c:\documents and settings\Utilisateur\Application Data\avp.ico c:\documents and settings\Utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk c:\documents and settings\Utilisateur\Application Data\SystemProc c:\documents and settings\Utilisateur\Application Data\SystemProc\lsass.exe c:\program files\Fast Browser Search c:\program files\Fast Browser Search\IE\1.bat c:\program files\Fast Browser Search\IE\about.html c:\program files\Fast Browser Search\IE\affid.dat c:\program files\Fast Browser Search\IE\basis.xml c:\program files\Fast Browser Search\IE\basis_br.xml c:\program files\Fast Browser Search\IE\basis_de.xml c:\program files\Fast Browser Search\IE\basis_en.xml c:\program files\Fast Browser Search\IE\basis_es.xml c:\program files\Fast Browser Search\IE\basis_fr.xml c:\program files\Fast Browser Search\IE\basis_it.xml c:\program files\Fast Browser Search\IE\basis_nr.xml c:\program files\Fast Browser Search\IE\basis_pt.xml c:\program files\Fast Browser Search\IE\basis_ru.xml c:\program files\Fast Browser Search\IE\basis_tr.xml c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe c:\program files\Fast Browser Search\IE\error.html c:\program files\Fast Browser Search\IE\FBSPlugin.dll c:\program files\Fast Browser Search\IE\fbsProtection.xml c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe c:\program files\Fast Browser Search\IE\FBStoolbar.dll c:\program files\Fast Browser Search\IE\fbstoolbar.jar c:\program files\Fast Browser Search\IE\fbstoolbar.manifest c:\program files\Fast Browser Search\IE\icons.bmp c:\program files\Fast Browser Search\IE\info.txt c:\program files\Fast Browser Search\IE\local.xml c:\program files\Fast Browser Search\IE\logobg.bmp c:\program files\Fast Browser Search\IE\MTWBtoolbar.html c:\program files\Fast Browser Search\IE\search.bmp c:\program files\Fast Browser Search\IE\search_br.bmp c:\program files\Fast Browser Search\IE\search_de.bmp c:\program files\Fast Browser Search\IE\search_es.bmp c:\program files\Fast Browser Search\IE\search_fr.bmp c:\program files\Fast Browser Search\IE\search_it.bmp c:\program files\Fast Browser Search\IE\search_pt.bmp c:\program files\Fast Browser Search\IE\search_ru.bmp c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico c:\program files\Fast Browser Search\IE\SGPU.ico c:\program files\Fast Browser Search\IE\sgpUpdater.exe c:\program files\Fast Browser Search\IE\sgpUpdater.xml c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe c:\program files\Fast Browser Search\IE\tbhelper.dll c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js c:\program files\Fast Browser Search\IE\Toolbar Help.htm c:\program files\Fast Browser Search\IE\uninstall.exe c:\program files\Fast Browser Search\IE\uninstalSGP.exe c:\program files\Fast Browser Search\IE\uninstalSGPU.exe c:\program files\Fast Browser Search\IE\update.exe c:\program files\Fast Browser Search\IE\version.txt c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf c:\program files\Search Guard Plus c:\program files\Search Guard Plus\fbsProtection.xml c:\program files\Search Guard Plus\fbsSearchProvider.xml c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe c:\program files\Search Guard Plus\SearchGuardPlus.exe c:\program files\Search Guard Plus\SearchGuardPlus.ico c:\program files\Search Guard Plus\uninstalSGP.exe c:\program files\Search Guard PlusU c:\program files\Search Guard PlusU\SGPU.ico c:\program files\Search Guard PlusU\sgpUpdater.exe c:\program files\Search Guard PlusU\sgpUpdater.xml c:\program files\Search Guard PlusU\sgpUpdaters.exe c:\program files\Search Guard PlusU\uninstalSGPU.exe c:\program files\SGPSA c:\windows\msa.exe c:\windows\system32\sshnas21.dll c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée Copie restaurée à partir de - Kitty ate it . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Service_SSHNAS ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-26 au 2010-01-26 )))))))))))))))))))))))))))))))))))) . 2010-01-26 16:44 . 2010-01-26 16:44 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes 2010-01-26 16:44 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-26 16:44 . 2010-01-26 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-26 16:44 . 2010-01-26 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-26 16:44 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-26 16:10 . 2010-01-26 16:10 110592 ----a-w- C:\autoexec.exe 2010-01-21 20:36 . 2010-01-21 20:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-01-21 17:30 . 2010-01-21 17:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-01-21 17:28 . 2010-01-21 17:28 118256 ----a-w- c:\windows\system32\KE1WqC7a5_2.exe 2010-01-21 17:24 . 2010-01-21 17:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-26 18:08 . 2009-04-09 03:48 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\OpenOffice.org2 2010-01-02 08:25 . 2009-07-24 17:26 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\U3 2009-12-26 12:03 . 2009-04-07 14:56 31672 ----a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-26 05:41 . 2009-12-26 05:41 1187840 ----a-w- c:\windows\system32\eMaGn_5ba.dll 2009-12-13 09:20 . 2008-04-14 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-13 09:20 . 2008-04-14 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-28 15:33 . 2009-04-09 03:49 1 ----a-w- c:\documents and settings\Utilisateur\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-11-24 23:54 . 2009-04-07 14:53 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2009-04-07 14:54 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2009-04-07 14:54 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2009-04-07 14:54 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2009-04-07 14:54 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2009-04-07 14:54 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2009-04-07 14:54 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2009-04-07 14:54 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2009-04-07 14:54 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-21 15:58 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-29 07:42 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28ef3264-e096-bdac-a774-f997373bb81c}] 2009-12-26 05:41 1187840 ----a-w- c:\windows\system32\eMaGn_5ba.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-08 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-08 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-08 137752] "RTHDCPL"="RTHDCPL.EXE" [2008-08-08 16875008] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-08-08 671744] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "{27E89A8E-9BAE-b852-9AA8-EF9A97BAB48E}"="c:\program files\Connection Manager\AvqAutoRun.exe" [2008-07-11 57344] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\ AntiVirus Plus.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792] OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ AntiVirus Plus.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184] OSD.lnk - c:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_2ACF3AE2549EAFB90DD4A8.exe [2008-8-27 21630] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/04/2009 15:54 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/04/2009 15:54 20560] R2 OsdService;OSD Service;c:\program files\OEM\OSD_1.41\OsdService.exe [22/02/2008 08:24 94208] R3 GpdDevDPort;GpdDevDPort;c:\windows\system32\directport.sys [17/06/2008 20:27 7168] R3 GpdKbFilter;GpdKbFilter;c:\windows\system32\kbfiltr.sys [22/04/2008 18:06 8192] R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [27/08/2008 13:03 31616] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [27/08/2008 11:32 153088] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.tattoodle.com?tid={3B546E76-361C-4eab-99FB-519B3B1B8586} uInternet Connection Wizard,ShellNext = hxxp://www.reallusion.com/templates/linkcount/linkcount.asp?lid=CTECg&param=lang=6 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v2961p5e.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: browser.startup.homepage - hxxp://www.tattoodle.com?tid={B27D9E27-ABB8-261E-51B1-89A208F4BBD2} FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={B27D9E27-ABB8-261E-51B1-89A208F4BBD2}&q= FF - component: c:\program files\Mozilla Firefox\extensions\{05966e99-7da5-0905-7ff1-79b607166af8}\components\KL4t9-Ic_IB-YL.dll . - - - - ORPHELINS SUPPRIMES - - - - BHO-{C2B5AAB8-2183-4be7-81A6-F11493C45872} - c:\documents and settings\Utilisateur\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll HKLM-Run-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe HKLM-Run-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\Utilisateur\Application Data\SystemProc\lsass.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-26 19:08 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o????????????????????????????????????????????? FBSearch = c:\program files\Search Guard Plus\SearchGuardPlus.exe????????????????????????????????????????????? HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run RTHDBPL = c:\documents and settings\Utilisateur\Application Data\SystemProc\lsass.exe????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1564) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.BIN c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2010-01-26 19:11:11 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-26 18:11 Avant-CF: 151 316 226 048 octets libres Après-CF: 152 066 035 712 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - A3383D0859A3AA54706DA9C44ACB2E70
×
×
  • Créer...