Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Win32.TrojanDownloader.zlob et .small

tepoztlan

Par tepoztlan
dans Analyses et éradication malwares

 Partager

Messages recommandés

tepoztlan Junior Member

tepoztlan

Posté(e)
  • Auteur
Posté(e)
Bonjour,

 

je ne me suis pas connecter depuis hier soir ...

 

aujourd'hui je suis au boulot et ça ne va pas etre facile pour moi de faire les manips.

 

j'ai pu faire la manip CFScript dont le log se trouve ci-après. je n'ai pu faire le scan AV avec Kaspersky ou autre mais hier soirt kj'ai fais une passe avec F-Secure (celui officiel de mon boulot) et il n'a rien trouvé.

 

Dois-je quand même faire le scan avec Kaspersky ?

 

Tout semble etre rentré dans l'ordre au niveau de mon PC

 

Encore merci .

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Le log ComboFix:

ComboFix 08-02.05.3 - rlainel 2008-02-11 11:34:34.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2637 [GMT 1:00]

Running from: d:\Documents and Settings\RLAINEL\Desktop\ComboFix.exe

Command switches used :: d:\Documents and Settings\RLAINEL\Desktop\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\TEMP\cXzz9

C:\WINDOWS\system32\cgatvvxj.ini

C:\WINDOWS\system32\fcrrcwcs.ini

C:\WINDOWS\system32\gbqjqnfy.ini

C:\WINDOWS\system32\geobrmfy.dll

C:\WINDOWS\system32\gynidsyn.ini

C:\WINDOWS\system32\knnmp.ini.vir

C:\WINDOWS\system32\knnmp.ini2.vir

C:\WINDOWS\system32\mljji.dll

C:\WINDOWS\system32\nGpxx01

C:\WINDOWS\system32\pmnnk.dll

C:\WINDOWS\system32\sdeaqqky.dll.vir

C:\WINDOWS\system32\sgmeoyeq.ini

C:\WINDOWS\system32\vimiwsvg.dll

C:\WINDOWS\system32\vturo.dll

C:\WINDOWS\system32\ykqqaeds.ini

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\cgatvvxj.ini

C:\WINDOWS\system32\fcrrcwcs.ini

C:\WINDOWS\system32\gbqjqnfy.ini

C:\WINDOWS\system32\geobrmfy.dll

C:\WINDOWS\system32\gynidsyn.ini

C:\WINDOWS\system32\knnmp.ini.vir

C:\WINDOWS\system32\knnmp.ini2.vir

C:\WINDOWS\system32\sdeaqqky.dll.vir

C:\WINDOWS\system32\sgmeoyeq.ini

C:\WINDOWS\system32\vimiwsvg.dll

C:\WINDOWS\system32\ykqqaeds.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))

.

 

2008-02-10 17:02 . 2004-08-04 13:00 388,608 --a------ C:\kmd.exe

2008-02-10 16:58 . 2008-02-10 16:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2008-02-10 03:15 . 2008-02-10 16:58 <DIR> d-------- C:\VundoFix Backups

2008-02-08 18:38 . 2008-02-10 19:13 <DIR> d-a------ d:\Documents and Settings\All Users\Application Data\TEMP

2008-02-08 18:33 . 2008-02-10 19:13 <DIR> d-------- C:\Program Files\Trojan Remover

2008-02-08 17:44 . 2008-02-08 17:44 <DIR> d-------- d:\Documents and Settings\LocalService\Application Data\StumbleUpon

2008-02-08 16:38 . 2008-02-08 16:38 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-02-08 10:20 . 2008-02-08 10:16 691,545 --a------ C:\WINDOWS\unins000.exe

2008-02-08 10:20 . 2008-02-08 10:20 3,446 --a------ C:\WINDOWS\unins000.dat

2008-02-08 09:22 . 2008-02-08 09:22 <DIR> d-------- d:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-08 09:22 . 2008-02-08 09:22 <DIR> d-------- C:\Program Files\Lavasoft

2008-02-03 22:47 . 2008-02-03 22:52 <DIR> dr------- C:\Program Files\Add-ins

2008-02-03 22:47 . 2002-09-16 01:41 1,089,536 --a------ C:\WINDOWS\system32\Roboex32.dll

2008-02-03 17:25 . 2008-02-03 17:28 <DIR> d-------- C:\WINDOWS\system32\nGpxx01

2008-02-03 17:25 . 2008-02-03 17:25 <DIR> d-------- C:\TEMP\cXzz9

2008-01-28 17:27 . 2005-08-16 15:05 36,864 --a------ C:\WINDOWS\VB6IDEMouseWheelAddin.dll

2008-01-28 17:24 . 2008-01-28 17:24 <DIR> d-------- C:\Program Files\MouseWheelExcel

2008-01-23 17:48 . 2008-01-23 17:48 <DIR> d--h----- C:\WINDOWS\PIF

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-10 11:37 --------- d-----w d:\Documents and Settings\All Users\Application Data\Google Updater

2008-02-09 23:01 --------- d-----w C:\Program Files\Radmin

2008-02-09 15:13 --------- d-----r C:\Program Files\SyncBack

2008-02-08 11:51 --------- d-----w d:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-08 09:27 --------- d-----r C:\Program Files\Spybot - Search & Destroy

2008-02-08 08:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-01-28 13:13 --------- d-----r C:\Program Files\PSPad editor

2008-01-25 08:32 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\StumbleUpon

2008-01-19 11:24 --------- d-----r C:\Program Files\iTunes

2008-01-19 11:23 --------- d-----r C:\Program Files\iPod

2008-01-19 11:22 --------- d-----r C:\Program Files\QuickTime

2008-01-16 10:40 --------- d-----w C:\Program Files\Common Files\Adobe

2008-01-16 10:38 --------- d-----r C:\Program Files\RegCleaner

2008-01-11 17:20 --------- d-----w d:\Documents and Settings\All Users\Application Data\WLInstaller

2008-01-10 16:53 --------- d-----w d:\Documents and Settings\All Users\Application Data\Bluetooth

2008-01-10 16:17 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Nokia

2008-01-08 21:29 --------- d-----r C:\Program Files\Quintessential Player

2008-01-08 20:37 --------- d-----w C:\Program Files\IVT Corporation

2008-01-08 13:38 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Roxio

2008-01-08 13:30 --------- d-----w d:\Documents and Settings\All Users\Application Data\InstallShield

2008-01-08 13:30 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-01-08 13:29 --------- d-----w d:\Documents and Settings\All Users\Application Data\Sonic

2008-01-08 13:29 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-01-08 13:29 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2008-01-08 13:28 --------- d-----w C:\Program Files\Roxio

2008-01-08 13:28 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-01-06 19:03 --------- d-----r C:\Program Files\DVDFab HD Decrypter 3

2008-01-06 18:54 --------- d-----r C:\Program Files\Transparency_Glass

2007-12-27 17:02 --------- d-----r C:\Program Files\palmOne

2007-12-26 09:34 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\F-Secure

2007-12-20 08:58 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\InterVideo

2007-12-20 08:21 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\DVDFab

2007-12-19 08:43 --------- d-----w C:\Program Files\Windows Live Toolbar

2007-12-19 08:37 --------- d-----w d:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

2007-12-19 08:34 --------- d-----w C:\Program Files\StumbleUpon

2007-12-14 07:45 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\SpamBayes

2007-12-14 07:44 --------- d-----w C:\Program Files\SpamBayes

2007-12-12 22:47 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2007-12-12 22:47 --------- d-----r C:\Program Files\Windows Live

2007-12-12 22:37 --------- d-----r C:\Program Files\Autoruns

2007-12-12 22:36 --------- d-----r C:\Program Files\The KMPlayer

2007-12-12 22:36 --------- d-----r C:\Program Files\Canon

2007-12-12 22:35 --------- d-----r C:\Program Files\SplashData

2007-12-12 22:35 --------- d-----r C:\Program Files\Polar

2007-12-12 22:35 --------- d-----r C:\Program Files\Photo Story 3 for Windows

2007-12-12 22:35 --------- d-----r C:\Program Files\File Lister

2007-12-12 22:35 --------- d-----r C:\Program Files\FastStone Image Viewer

2007-12-12 22:30 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\FastStone

2007-12-12 22:26 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-12 22:11 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Leadertech

2007-12-12 22:10 --------- d-----w d:\Documents and Settings\All Users\Application Data\HotSync

2007-12-12 22:09 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\HotSync

2007-12-12 22:08 53,248 ----a-w C:\WINDOWS\PalmDevC.dll

2007-12-12 22:08 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys

2007-12-12 17:28 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\AdobeUM

2007-12-12 17:27 --------- d-----w C:\Program Files\Common Files\PCSuite

2007-12-12 17:27 --------- d-----w C:\Program Files\Common Files\Nokia

2007-12-12 17:27 --------- d-----r C:\Program Files\Nokia

2007-12-12 17:26 --------- d-----w C:\Program Files\PC Connectivity Solution

2007-12-12 17:21 --------- d-----w d:\Documents and Settings\All Users\Application Data\Installations

2007-12-12 15:22 --------- d-----w C:\Program Files\Common Files\Borland

2007-12-12 15:22 --------- d-----w C:\Program Files\Artviews

2007-12-12 07:38 --------- d-----r C:\Program Files\totalcmd

2007-12-11 22:25 --------- d-----r C:\Program Files\Picasa2

2007-12-11 22:07 --------- d-----r C:\Program Files\X1

2007-12-11 21:51 --------- d-----r C:\Program Files\Cegetel

2007-12-11 21:51 --------- d-----r C:\Program Files\CCleaner

2007-12-11 21:44 --------- d-----r C:\Program Files\Apple Software Update

2007-12-11 21:31 --------- d-----r C:\Program Files\Google

2007-12-11 21:29 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Apple Computer

2007-12-11 21:29 --------- d-----w d:\Documents and Settings\All Users\Application Data\Apple Computer

2007-12-11 21:27 --------- d-----w d:\Documents and Settings\All Users\Application Data\Apple

2007-12-11 21:27 --------- d-----w C:\Program Files\Common Files\Apple

2007-12-11 20:27 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Windows Live Writer

2007-12-11 19:13 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2007-12-11 17:02 --------- d-----w C:\Program Files\Java

2007-12-11 16:55 --------- d-----w C:\Program Files\Oracle

2007-12-11 16:36 --------- d-----w C:\Program Files\Bomgar

2007-12-11 15:37 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\PSpad

2007-12-11 15:26 --------- d-----r C:\Program Files\Conjug

2007-12-11 13:08 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\PC Suite

2007-12-11 13:08 --------- d-----w d:\Documents and Settings\All Users\Application Data\PC Suite

2007-12-11 13:02 --------- d-----w C:\Program Files\DIFX

2007-12-11 12:54 --------- d-----r C:\Program Files\iColorFolder

2007-12-11 12:54 --------- d-----r C:\Program Files\7-Zip

2007-12-11 12:52 106 --sha-w C:\Program Files\desktop.ini

2007-12-11 12:10 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Talkback

2007-12-11 10:13 --------- d-----w d:\Documents and Settings\All Users\Application Data\MobileXpress client

2007-12-11 10:13 --------- d-----w d:\Documents and Settings\All Users\Application Data\BT Common Client

2007-12-11 10:13 --------- d-----w C:\Program Files\MobileXpress client

2007-12-11 10:13 --------- d-----w C:\Program Files\BT Common Client

2007-12-11 10:09 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\MobileXpress client

2007-12-11 07:49 --------- d-----w d:\Documents and Settings\Administrator\Application Data\F-Secure

2007-12-11 07:47 --------- d-----w d:\Documents and Settings\All Users\Application Data\Infonet Services Corporation

2007-12-11 07:47 --------- d-----w d:\Documents and Settings\Administrator\Application Data\Infonet Services Corporation

2007-12-11 07:47 --------- d-----w C:\Program Files\Infonet Services Corporation

2007-12-11 07:32 --------- d-----w C:\Program Files\Jasc Software Inc

2007-12-11 07:31 --------- d-----w C:\Program Files\Harrap's Multimédia

2007-12-11 07:25 --------- d-----w C:\Program Files\FileZilla

2007-12-11 07:24 --------- d-----w C:\Program Files\Business Objects

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]

"updateMgr"="C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 18:17 395264]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

"X1FileMonitor.exe"="C:\Program Files\X1\X1FileMonitor.exe" [2007-04-03 18:08 428544]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

"PCTVOICE"="pctspk.exe" [2002-07-18 16:58 163840 C:\WINDOWS\system32\pctspk.exe]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 13:26 303104 C:\WINDOWS\stsystra.exe]

"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-10-26 02:51 122929]

"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 09:57 684032]

"RegTool"="C:\Program Files\Gemplus\GSLibs\BIN\RegTool.exe" [2004-08-24 13:56 40960]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 03:03 8495104]

"nwiz"="nwiz.exe" [2007-11-17 03:03 1626112 C:\WINDOWS\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2007-11-17 03:03 86016 C:\WINDOWS\system32\nvhotkey.dll]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 03:03 81920]

"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-11 13:18 1836544]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe" [2003-09-16 19:01 32881]

"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

 

D:\Documents and Settings\RLAINEL\Start Menu\Programs\Startup\

X1 System Tray.lnk - C:\Program Files\X1\X1Systray.exe [2007-04-03 18:08:34 345088]

X1.lnk - C:\Program Files\X1\X1.exe [2007-04-03 18:09:04 4964352]

 

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2007-12-11 08:22:33 25214]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-14 15:57:44 691984]

F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2007-12-10 15:58:22 32807]

Harrap's Shorter.lnk - C:\WINDOWS\Installer\{8E6BA0F5-DD49-490F-8653-9A4369220B7D}\Icon8E6BA0F5.exe [2007-12-11 08:32:06 6144]

HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:27:34 471040]

Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-11 13:14:45 124400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"disablecad"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceStartMenuLogOff"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

ckpNotify.dll 2006-04-09 21:24 24674 C:\WINDOWS\system32\ckpNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=SetDNSSuffixSearchOrder.vbs

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\1]

"Script"=LocalAdmPwd.vbs

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\2]

"Script"=LocalAdmDom.vbs

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\3]

"Script"=update.vbs

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2006-10-12 11:19]

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]

R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-12-10 15:58]

R2 BT Common Client;BT Common Client;"C:\Program Files\BT Common Client\btomosrv.exe" [2007-07-03 15:44]

R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2006-04-09 21:24]

R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 14:37]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 15:30]

R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 14:37]

R2 GemSAFE Card Access Service;GemSAFE Card Access Service;C:\Program Files\Gemplus\GSLibs\BIN\GCardSrvNT.exe [2004-06-28 16:44]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-04-09 21:24]

R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2006-04-09 21:24]

R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2006-04-09 21:24]

S2 r_server;Remote Administrator Service;"C:\WINDOWS\system32\r_server.exe" [2001-07-24 16:15]

S3 BTHFILT;Filtre de commande Bluetooth;C:\WINDOWS\system32\DRIVERS\BthFilt.sys [2006-11-06 22:13]

S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-22 13:41]

S3 BTWSp50;BTWSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BTWSp50.sys [2007-04-20 09:14]

S3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-10-23 16:04]

S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 10:46]

S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2000-10-27 12:45]

S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 21:58]

S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-01-10 16:22]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-07 07:15:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-02-11 07:32:42 C:\WINDOWS\Tasks\Scheduled scanning task.job"

- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt

"2008-02-10 15:19:57 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"

- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-11 11:35:56

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]

-> C:\WINDOWS\system32\DLAAPI_W.DLL

.

Completion time: 2008-02-11 11:36:22

ComboFix-quarantined-files.txt 2008-02-11 10:36:19

.

2008-01-18 17:03:40 --- E O F ---

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...