Résolu - Merci Bruce Lee

[bruce lee]

salut WHYNOT8681,

 

1. Télécharge combofix.exe (par sUBs) sur ton Bureau

2. Double clique combofix.exe et suis les invites.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

[bruce lee]

salut WHYNOT8681,

 

1. Télécharge combofix.exe (par sUBs) sur ton Bureau

2. Double clique combofix.exe et suis les invites.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

[WHYNOT8661]

salut WHYNOT8681,

 

1. Télécharge combofix.exe (par sUBs) sur ton Bureau

2. Double clique combofix.exe et suis les invites.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

 

Tu ne te reposes donc jamais ? Voici les rapport : merci !

 

"Herve" - 07-01-21 12:30:26 Service Pack 2

ComboFix 07-01-21 - Running from: "C:\Documents and Settings\Herve\Bureau"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\Downloaded Program Files\Temp

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\qoobox\purity\WINDOWS\FNTS~1

C:\qoobox\purity\WINDOWS\SKS~1

C:\qoobox\purity\WINDOWS\SKS~1\??sks

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-12-21 to 2007-01-21 ))))))))))))))))))))))))))))))))))

 

 

2007-01-19 05:01 <REP> d-------- C:\DOCUME~1\INVIT~1\Application Data\Adobe

2007-01-18 07:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-01-17 19:13 <REP> d-------- C:\WINDOWS\system32\_avast4_

2007-01-17 19:07 <REP> d-------- C:\!KillBox

2007-01-17 05:16 <REP> d-------- C:\WINDOWS\AU_Temp

2007-01-15 20:32 <REP> d-------- C:\fixwareout

2007-01-13 18:16 <REP> dr------- C:\DOCUME~1\LOCALS~1\Favoris

2007-01-13 18:16 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Google

2007-01-06 11:27 2,522 --a------ C:\WINDOWS\system32\tmp.reg

2007-01-02 13:39 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-01-02 13:39 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-01-02 13:39 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-01-02 13:39 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-01-02 13:39 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-01-02 13:39 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-01-02 13:39 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-01-02 13:26 <REP> d-------- C:\Program Files\AxBx

2007-01-02 13:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft(3)

2007-01-02 12:30 <REP> d-------- C:\DOCUME~1\Herve\Application Data\AVG7

2007-01-02 12:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft(2)

2006-12-23 16:55 <REP> d-------- C:\DOCUME~1\Herve\Application Data\IrfanView

2006-12-23 11:24 <REP> d-------- C:\DOCUME~1\Herve\Application Data\Leadertech

2006-12-23 06:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-01-21 12:33 -------- d-------- C:\DOCUME~1\Herve\Application Data\openoffice.org2

2007-01-19 18:12 -------- d-------- C:\Program Files\msn messenger

2007-01-18 18:33 -------- d-------- C:\Program Files\lx_cats

2007-01-17 05:16 86094 --a------ C:\WINDOWS\bpmnt.dll

2007-01-17 05:16 1101904 --a------ C:\WINDOWS\vsapi32.dll

2007-01-17 05:15 71749 --a------ C:\WINDOWS\hcextoutput.dll

2007-01-17 05:15 176709 --a------ C:\WINDOWS\tsc.exe

2007-01-17 05:14 69689 --a------ C:\WINDOWS\unzip.dll

2007-01-17 05:14 507904 --a------ C:\WINDOWS\tmupdate.dll

2007-01-17 05:14 286720 --a------ C:\WINDOWS\patch.exe

2007-01-16 21:25 -------- d-------- C:\Program Files\jasc software inc

2007-01-15 20:53 -------- d-------- C:\Program Files\jv16 powertools

2007-01-06 07:02 -------- d-------- C:\Program Files\Fichiers communs\adobe

2007-01-02 13:27 -------- d-------- C:\Program Files\google

2007-01-02 13:26 -------- d-------- C:\Program Files\windows nt

2007-01-02 13:26 -------- d-------- C:\Program Files\picasa2

2007-01-02 13:26 -------- d-------- C:\Program Files\movie maker

2007-01-02 13:26 -------- d-------- C:\Program Files\microsoft intellipoint

2007-01-02 13:26 -------- d-------- C:\Program Files\lexmark 730 series

2007-01-02 13:26 -------- d-------- C:\Program Files\k-lite codec pack

2007-01-02 13:26 -------- d-------- C:\Program Files\incredimail

2007-01-02 13:26 -------- d-------- C:\Program Files\hardwaredetection

2007-01-02 13:26 -------- d-------- C:\Program Files\free.fr

2007-01-02 13:26 -------- d-------- C:\Program Files\eurobarre

2007-01-02 13:26 -------- d-------- C:\Program Files\easyrencontre

2007-01-02 13:26 -------- d-------- C:\Program Files\dvd shrink

2007-01-02 13:26 -------- d-------- C:\Program Files\ccleaner

2007-01-02 13:25 -------- d-------- C:\Program Files\spywareblaster

2007-01-02 13:25 -------- d-------- C:\Program Files\mon argent facile

2007-01-02 13:25 -------- d-------- C:\Program Files\grisoft

2007-01-02 13:25 -------- d-------- C:\Program Files\avisplit

2006-12-19 07:30 -------- d-------- C:\Program Files\estsoft

2006-12-19 07:30 -------- d-------- C:\DOCUME~1\Herve\Application Data\estsoft

2006-12-09 05:51 -------- d-------- C:\DOCUME~1\Herve\Application Data\adobeum

2006-12-09 05:50 -------- d-------- C:\DOCUME~1\Herve\Application Data\adobe

2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll

2006-11-11 06:17 4789792 --a------ C:\picasa2-current.exe

2006-11-11 06:17 4789792 --a------ C:\picasa2-current(2).exe

2006-11-11 05:40 1238220 --a------ C:\notepad_notepad_3.9_francais_9567.exe

2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm(3).dll

2006-11-03 06:03 41 --a------ C:\WINDOWS\system32\ddfbaed_s.dll

2006-10-31 06:10 4608 --a------ C:\WINDOWS\system32\cxarxmdd.dll

2006-10-29 17:01 342 --a------ C:\Program Files\regsearch.txt

2006-10-25 17:57 3262369 --a------ C:\Program Files\alzip.exe

2006-10-23 21:50 460392 --a------ C:\incredimail_install.exe

2006-10-23 21:50 460392 --a------ C:\incredimail_install(2).exe

2006-10-23 21:32 6350088 --a------ C:\Thunderbird Setup 1.5.0.7.exe

2006-10-23 21:25 73216 --a------ C:\WINDOWS\st6unst.exe

2006-10-23 21:25 249856 --a------ C:\WINDOWS\setup1.exe

2006-10-23 19:59 460392 --a------ C:\Program Files\incredimail_install.exe

2006-10-23 16:53 9635432 --a------ C:\Program Files\incredimailsetup_fr.exe

2006-10-23 16:18 96768 --a------ C:\WINDOWS\system32\inseng(2).dll

2006-10-23 16:18 663040 --a------ C:\WINDOWS\system32\wininet(5).dll

2006-10-23 16:18 615936 --a------ C:\WINDOWS\system32\urlmon(5).dll

2006-10-23 16:18 55808 --a------ C:\WINDOWS\system32\extmgr(2).dll

2006-10-23 16:18 532480 --a------ C:\WINDOWS\system32\mstime(2).dll

2006-10-23 16:18 474624 --a------ C:\WINDOWS\system32\shlwapi(3).dll

2006-10-23 16:18 448512 --a------ C:\WINDOWS\system32\mshtmled(2).dll

2006-10-23 16:18 39424 --a------ C:\WINDOWS\system32\pngfilt(3).dll

2006-10-23 16:18 357888 --a------ C:\WINDOWS\system32\dxtmsft(3).dll

2006-10-23 16:18 3076096 --a------ C:\WINDOWS\system32\mshtml(2).dll

2006-10-23 16:18 251392 --a------ C:\WINDOWS\system32\iepeers(3).dll

2006-10-23 16:18 205312 --a------ C:\WINDOWS\system32\dxtrans(2).dll

2006-10-23 16:18 16384 --a------ C:\WINDOWS\system32\jsproxy(2).dll

2006-10-23 16:18 152064 --a------ C:\WINDOWS\system32\cdfview(2).dll

2006-10-23 16:18 1495040 --a------ C:\WINDOWS\system32\shdocvw(5).dll

2006-10-23 16:18 146432 --a------ C:\WINDOWS\system32\msrating(3).dll

2006-10-23 16:18 1056768 --a------ C:\WINDOWS\system32\danim(2).dll

2006-10-23 16:18 1023488 --a------ C:\WINDOWS\system32\browseui(2).dll

2006-10-23 12:42 121856 --a------ C:\WINDOWS\system32\xpsp3res(3).dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

"IncrediMail"="C:\\PROGRA~1\\INCRED~1\\bin\\IncMail.exe /c"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Acronis Scheduler2 Service"="\"C:\\Program Files\\Fichiers communs\\Acronis\\Schedule2\\schedhlp.exe\""

"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""

"LXCFCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCFtime.dll,_RunDLLEntry@16"

"snpstd"="C:\\WINDOWS\\vsnpstd.exe"

"Cloneur Expert Monitor"="\"C:\\Program Files\\Micro Application\\Cloneur Expert\\TrueImageMonitor.exe\""

"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"

"Adobe Photo Downloader"="\"D:\\3.0\\Apps\\apdproxy.exe\""

"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

"location"="Common Startup"

"item"="Lancement rapide d'Adobe Reader"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ScanPanel.lnk]

"location"="Common Startup"

"command"="C:\\SCANPA~1\\ScnPanel.exe "

"item"="ScanPanel"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Herve^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]

"location"="Startup"

"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "

"item"="OpenOffice.org 2.0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="avgas"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ewido"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AnyDVD"

"hkey"="HKCU"

"command"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="avgcc"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Ad-Watch"

"hkey"="HKCU"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICEKEYBOARD]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="OFFICEKB"

"hkey"="HKLM"

"command"="C:\\Program Files\\Office keyboard utility\\1.2\\OFFICEKB.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="kav"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NBJ"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PicasaMediaDetector"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="raid_tool"

"hkey"="HKLM"

"command"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PDVDServ"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="vsnpstd"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\vsnpstd.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SOUNDMAN"

"hkey"="HKLM"

"command"="SOUNDMAN.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GoogleToolbarNotifier"

"hkey"="HKCU"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="VTTimer"

"hkey"="HKLM"

"command"="VTTimer.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="VTtrayp"

"hkey"="HKLM"

"command"="VTtrayp.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winampa"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService REG_MULTI_SZ DnsCache\

rpcss REG_MULTI_SZ RpcSs\

imgsvc REG_MULTI_SZ StiSvc\

termsvcs REG_MULTI_SZ TermService\

HTTPFilter REG_MULTI_SZ HTTPFilter\

DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

Usnsvc REG_MULTI_SZ usnsvc\

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35a1b765-5cf6-11db-8bd0-00142aad59a0}]

Shell\AutoRun\command G:\LaunchU3.exe

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_LXCFCUSTOMERCONNECT

 

Completion time: 07-01-21 12:38:05

[bruce lee]

re,

 

tu as deux fichiers inconnu, fait les scanner chez virustotal ou chez JOTTI:

 

C:\WINDOWS\system32\ddfbaed_s.dll et:

 

C:\WINDOWS\system32\cxarxmdd.dll

 

Poste le resultat

 

@+

[WHYNOT8661]

re,

 

tu as deux fichiers inconnu, fait les scanner chez virustotal ou chez JOTTI:

 

C:\WINDOWS\system32\ddfbaed_s.dll et:

 

C:\WINDOWS\system32\cxarxmdd.dll

 

Poste le resultat

 

@+

 

Tiens chez JOTTI ca marché ?

 

File: ddfbaed_s.dll

Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5 b3267754dfe67617da627347576fb449

Packers detected: -

 

Scan taken on 21 Jan 2007 12:52:28 (GMT)

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

 

cxarxmdd.dll

Status: OK

MD5 af6bcf85245bd398c3ac21fbdb13cb60

Packers detected: -

 

Scan taken on 21 Jan 2007 12:47:41 (GMT)

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

VirusBuster Found nothing

VBA32 Found nothing

[WHYNOT8661]

re,

 

tu as deux fichiers inconnu, fait les scanner chez virustotal ou chez JOTTI:

 

C:\WINDOWS\system32\ddfbaed_s.dll et:

 

C:\WINDOWS\system32\cxarxmdd.dll

 

Poste le resultat

 

@+

 

Tiens chez JOTTI ca marché ?

 

File: ddfbaed_s.dll

Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5 b3267754dfe67617da627347576fb449

Packers detected: -

 

Scan taken on 21 Jan 2007 12:52:28 (GMT)

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

 

cxarxmdd.dll

Status: OK

MD5 af6bcf85245bd398c3ac21fbdb13cb60

Packers detected: -

 

Scan taken on 21 Jan 2007 12:47:41 (GMT)

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

VirusBuster Found nothing

VBA32 Found nothing

[bruce lee]

re

 

telecharge http://www.prevx.com/gromozon.asp

 

Ferme toutes les applications en cours

 

execute PrevxFisGrom.exe une fois le scan finit rend toi ici:

 

c:\gromozon_removal.txt

 

ouvre le fichier gromozon_removal.txt et fais un copier/coller de tout son contenu.

 

@+

[WHYNOT8661]

re

 

telecharge http://www.prevx.com/gromozon.asp

 

Ferme toutes les applications en cours

 

execute PrevxFisGrom.exe une fois le scan finit rend toi ici:

 

c:\gromozon_removal.txt

 

ouvre le fichier gromozon_removal.txt et fais un copier/coller de tout son contenu.

 

@+

 

Bonjour Bruce !

 

Voilà tout d'abord ce qui se trouvait dans le cadre lors de l'analyse :

 

Gromozon rootkit component not detected - searching for other components

Scanning: C:\Program Files\Fichiers communs

Scanning Windows Directory...

Scanning Temporary files...

Trojan.Gromozon does not exist on the system.

 

Scan finished normally

For a detailed log, please refer to \gromozon_removal.log

 

Et voici le log :

 

Removal tool loaded into memory

Gromozon rootkit component not detected - searching for other components

Scanning: C:\WINDOWS

Scanning: C:\Program Files\Fichiers communs

 

 

Trojan.Gromozon does not exist - your system is clean.

 

 

Est-ce que le virus ne peut pas se trouver dans "D" puisque mon disque est partionné ? A la fin on me demande si je veux installer PREVX 1 dois je le faire, n'est ce pas un antivirus qui rissquerait de se mettre en conflit avec le mien ?

Merci.

[bruce lee]

salut WHYNOT8661,

 

Peux tu réexecuter l'outil puis poster le rapport s'il te plait

 

Non, n'installe PREVX 1

 

@+

[WHYNOT8661]

salut WHYNOT8661,

 

Peux tu réexecuter l'outil puis poster le rapport s'il te plait

 

Non, n'installe PREVX 1

 

@+

 

 

Voilà Bruce, le même que le précédent, à croire que je ne suis pas infecté ??

 

 

Removal tool loaded into memory

Gromozon rootkit component not detected - searching for other components

Scanning: C:\WINDOWS

Scanning: C:\Program Files\Fichiers communs

 

 

Trojan.Gromozon does not exist - your system is clean.