Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[résolu][resolu] StorageProtector + Virtumonde

Nicola.S

Par Nicola.S
dans Analyses et éradication malwares

 Partager

Messages recommandés

Nicola.S Member

Nicola.S

Posté(e)
  • Auteur
Posté(e) (modifié)
<br /><br /><br />

-------------------------------

 

bien sur que non !! le rapport est en c:\ComboFix.txt

 

Malheureusement ça ne semble pas le cas.

 

Je n'ai jamais eu de rapport dans C: directement, mais dans C:/Combofix/Combofix.txt.

Je me doute que ce n'est pas normal mais c'est pourtant le cas. Rien n'est créé dans C: directement (contrairement aux rapports des autres logiciels tel que Genproc ou Vundofix)

 

Par contre, un dossier Combofix est bien apparu, et dans celui ci figue un Combofix.txt (qui contient ce que j'ai cité précédement) :P

Modifié par Nicola.S

Nicola.S Member

Nicola.S

Posté(e)
  • Auteur
Posté(e) (modifié)

J'aime bien Antivir, pendant l'analyse, il effectue un bip lorsqu'il trouve un trojan/virus. Je me suis cru dans la bataille finale de la Guerre des Etoiles tellement ça sonnait. :P

 

Voila le Rapport d'antivir (celui de Combofix arrive dans un instant, le temps de le lancer)

 

 

 

AntiVir PersonalEdition Classic

Report file date: 2008-02-14 19:21

 

Scanning for 1109165 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: DOCHE-0PKOS71KZ

 

Version information:

BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:19:50

ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 18:19:50

ANTIVIR3.VDF : 7.0.2.139 181760 Bytes 2008-02-14 18:19:50

AVEWIN32.DLL : 7.6.0.65 3240448 Bytes 2008-02-14 18:19:50

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-14 18:19:50

AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: F:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: 2008-02-14 19:21

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'soffice.bin' - '1' Module(s) have been scanned

Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned

Scan process 'soffice.exe' - '1' Module(s) have been scanned

Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned

Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned

Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

33 processes with 33 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '21' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\upload_moi_DOCHE-0PKOS71KZ.tar.gz

[0] Archive type: GZ

--> upload_moi.tar

[1] Archive type: TAR (tape archiver)

--> qoobox/Quarantine/C/WINDOWS/system32/cbxvvvw.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/ddabx.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/jkkjg.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/malcmicb.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/mljjg.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/sstts.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/windows.vir

[DETECTION] Is the Trojan horse TR/Zapchast.DT.1

--> WINDOWS/System32/WinSpooler.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo

--> WINDOWS/System32/WinUpdating.exe

[DETECTION] Is the Trojan horse TR/Agent.fgk.1

--> WINDOWS/System32/gebyw.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> WINDOWS/System32/ddccb.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> WINDOWS/System32/jkhhh.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> WINDOWS/System32/ddccy.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> WINDOWS/System32/mljgfde.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> WINDOWS/System32/sstttqr.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> WINDOWS/System32/gebcccy.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> WINDOWS/System32/jkkjjge.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> WINDOWS/System32/pmkhfdd.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

--> WINDOWS/System32/awvtqrs.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was moved to '48208746.qua'!

C:\Documents and Settings\Nicolas\Bureau\SmitfraudFix.exe

[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.36

[iNFO] The file was moved to '481d8785.qua'!

C:\Documents and Settings\Nicolas\Local Settings\Temp\runme.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo

[iNFO] The file was moved to '482287ac.qua'!

C:\Documents and Settings\Nicolas\Local Settings\Temp\TEMP01.rar

[0] Archive type: CAB (Microsoft)

--> runme.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo

[iNFO] The file was moved to '48018788.qua'!

C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\KO0NIYOT\tr[1]

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\TQ26IOJT\css4[1]

[DETECTION] Is the Trojan horse TR/Vundo.gc

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\awtsp.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\awvtqrs.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\awvtrrs.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\cbxvvvw.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ddabx.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ddayxwt.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ddccb.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ddccy.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ddccywv.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\gebcccy.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\gebcy.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\gebyaby.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\gebyvvv.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\gebyw.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\geebyyy.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfc.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhe.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhf.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhh.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhhhe.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjg.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjhgh.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjjge.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\jkklljk.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\malcmicb.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\mljgfde.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\mljjg.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\mljji.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\mljjk.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\mllji.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\nelrtibi.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhf.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhfdd.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhfde.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlj.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnljgh.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ssqro.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrsrq.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\sstqpmm.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\sstqr.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\sstts.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\sstttqr.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\uixbqibu.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\vtsqq.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\vtsqrop.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\vtststs.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir

[DETECTION] Is the Trojan horse TR/Zapchast.DT.1

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\WinSpooler.exe.vir

[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\WinUpdating.exe.vir

[DETECTION] Is the Trojan horse TR/Agent.fgk.1

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP291\A0047046.exe

[DETECTION] Contains detection pattern of the dropper DR/MegaSearch.N.25

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP303\A0053654.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP305\A0054904.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055154.exe

[DETECTION] Is the Trojan horse TR/Pakes.bzo

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055175.dll

[DETECTION] Is the Trojan horse TR/Vundo.gc

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055176.dll

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055184.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055226.dll

[DETECTION] Is the Trojan horse TR/Vundo.gc

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055232.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055234.dll

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055242.dll

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056287.dll

[DETECTION] Is the Trojan horse TR/Vundo.gc

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056289.dll

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056506.dll

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056579.dll

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056582.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056597.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056598.dll

[DETECTION] Is the Trojan horse TR/Vundo.gc

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056599.dll

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP318\A0058686.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP318\A0058687.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058884.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058885.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058886.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058887.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058888.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058889.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058890.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058891.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058892.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058893.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058894.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058895.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058896.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058897.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058898.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058899.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058900.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058901.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058902.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058903.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058904.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058905.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058906.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058907.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058908.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058909.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058910.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058911.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058912.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058913.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058914.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058915.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058916.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058917.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058918.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058919.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058920.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058921.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058922.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058923.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058924.exe

[DETECTION] Is the Trojan horse TR/Agent.fgk.1

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058926.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058928.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP321\A0059316.exe

[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.36

[iNFO] The file was deleted!

C:\VundoFix Backups\awvvu.dll.bad

[DETECTION] Is the Trojan horse TR/Vundo.gc

[iNFO] The file was deleted!

C:\VundoFix Backups\degcwhrk.dll.bad

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was deleted!

C:\VundoFix Backups\dpmxctvy.dll.bad

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\VundoFix Backups\igkurnmj.dll.bad

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was deleted!

C:\VundoFix Backups\jkkjh.dll.bad

[DETECTION] Is the Trojan horse TR/Vundo.gc

[iNFO] The file was deleted!

C:\VundoFix Backups\lidwufmt.dll.bad

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\VundoFix Backups\pmnll.dll.bad

[DETECTION] Is the Trojan horse TR/Vundo.gc

[iNFO] The file was deleted!

C:\VundoFix Backups\spexysod.dll.bad

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was deleted!

C:\VundoFix Backups\tuvtcdnf.dll.bad

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\VundoFix Backups\vxrnndve.dll.bad

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\VundoFix Backups\wdhqsqdv.dll.bad

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was deleted!

C:\VundoFix Backups\xpybytff.dll.bad

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\VundoFix Backups\zjkpsyfy.dll.bad

[DETECTION] Is the Trojan horse TR/Vundo.DWB

[iNFO] The file was deleted!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'F:\' <Nouveau nom>

 

 

End of the scan: 2008-02-14 20:10

Used time: 48:49 min

 

The scan has been done completely.

 

8815 Scanning directories

678173 Files were scanned

157 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

132 files were deleted

0 files were repaired

4 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

678016 Files not concerned

3507 Archives were scanned

2 Warnings

0 Notes

Modifié par Nicola.S
Nicola.S Member

Nicola.S

Posté(e)
  • Auteur
Posté(e) (modifié)

Bon je viens de faire le test ComboFix.

 

C'est bizarre, il dit lui même avoir crée un Combofix.txt dans C: mais pourtant il n'y a rien. J'avoue ne pas comprendre.

 

Peut être supprimer les deux dossiers Combofix et Combofix (2) (oui car à un moment, je pouvais plus rien supprimer, du coup j'avais gardé deux versions de combofix) dans C: pour remettre tout à 0 ? je sais pas trop. :P

 

Screen:

 

disquelocalyv6.jpg

 

 

Voila le nouveau rapport obtenu situé dans C:/Combofix(2)/Combofix.txt

 

ComboFix 08-02-13.2 - Nicolas 2008-02-14 20:19:56.10 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1514 [GMT 1:00]

Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe

Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE

C:\WINDOWS\system32\awtsp.exe

C:\WINDOWS\system32\awvtqrs.dll

C:\WINDOWS\system32\awvtrrs.dll

C:\WINDOWS\system32\awvtu.exe

C:\WINDOWS\system32\ddayxwt.dll

C:\WINDOWS\system32\ddccb.exe

C:\WINDOWS\system32\ddccy.exe

C:\WINDOWS\system32\ddccywv.dll

C:\WINDOWS\system32\gebcccy.dll

C:\WINDOWS\system32\gebcy.exe

C:\WINDOWS\system32\gebyaby.dll

C:\WINDOWS\system32\gebyvvv.dll

C:\WINDOWS\system32\gebyw.exe

C:\WINDOWS\system32\geebyyy.dll

C:\WINDOWS\system32\jkhfc.exe

C:\WINDOWS\system32\jkhhe.exe

C:\WINDOWS\system32\jkhhf.exe

C:\WINDOWS\system32\jkhhh.exe

C:\WINDOWS\system32\jkhhhhe.dll

C:\WINDOWS\system32\jkkjg.exe

C:\WINDOWS\system32\jkkjhgh.dll

C:\WINDOWS\system32\jkkjjge.dll

C:\WINDOWS\system32\jkklljk.dll

C:\WINDOWS\system32\mljgfde.dll

C:\WINDOWS\system32\mljji.exe

C:\WINDOWS\system32\mljjk.exe

C:\WINDOWS\system32\mllji.exe

C:\WINDOWS\system32\pmkhf.exe

C:\WINDOWS\system32\pmkhfdd.dll

C:\WINDOWS\system32\pmkhfde.dll

C:\WINDOWS\system32\pmnlj.exe

C:\WINDOWS\system32\pmnljgh.dll

C:\WINDOWS\system32\ssqro.exe

C:\WINDOWS\system32\ssqrsrq.dll

C:\WINDOWS\system32\sstqpmm.dll

C:\WINDOWS\system32\sstqr.exe

C:\WINDOWS\system32\sstts.exe

C:\WINDOWS\system32\sstttqr.dll

C:\WINDOWS\system32\vtsqq.exe

C:\WINDOWS\system32\vtsqrop.dll

C:\WINDOWS\system32\vtststs.dll

C:\WINDOWS\system32\WinSpooler.exe

C:\WINDOWS\system32\WinUpdating.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\awtsp.exe

C:\WINDOWS\system32\awvtqrs.dll

C:\WINDOWS\system32\awvtrrs.dll

C:\WINDOWS\system32\awvtu.exe

C:\WINDOWS\system32\ddayxwt.dll

C:\WINDOWS\system32\ddccb.exe

C:\WINDOWS\system32\ddccy.exe

C:\WINDOWS\system32\ddccywv.dll

C:\WINDOWS\system32\gebcccy.dll

C:\WINDOWS\system32\gebcy.exe

C:\WINDOWS\system32\gebyaby.dll

C:\WINDOWS\system32\gebyvvv.dll

C:\WINDOWS\system32\gebyw.exe

C:\WINDOWS\system32\geebyyy.dll

C:\WINDOWS\system32\jkhfc.exe

C:\WINDOWS\system32\jkhhe.exe

C:\WINDOWS\system32\jkhhf.exe

C:\WINDOWS\system32\jkhhh.exe

C:\WINDOWS\system32\jkhhhhe.dll

c:\windows\system32\jkkjg.exe

C:\WINDOWS\system32\jkkjhgh.dll

C:\WINDOWS\system32\jkkjjge.dll

C:\WINDOWS\system32\jkklljk.dll

C:\WINDOWS\system32\mljgfde.dll

C:\WINDOWS\system32\mljiiih.dll

C:\WINDOWS\system32\mljji.exe

C:\WINDOWS\system32\mljjk.exe

C:\WINDOWS\system32\mllji.exe

C:\WINDOWS\system32\nelrtibi.dll

C:\WINDOWS\system32\pmkhf.exe

C:\WINDOWS\system32\pmkhfdd.dll

C:\WINDOWS\system32\pmkhfde.dll

C:\WINDOWS\system32\pmnlj.exe

C:\WINDOWS\system32\pmnljgh.dll

C:\WINDOWS\system32\qomljkj.dll

C:\WINDOWS\system32\qtutv.ini

C:\WINDOWS\system32\qtutv.ini2

C:\WINDOWS\system32\ssqro.exe

C:\WINDOWS\system32\ssqrsrq.dll

C:\WINDOWS\system32\sstqpmm.dll

C:\WINDOWS\system32\sstqr.exe

c:\windows\system32\sstts.exe

C:\WINDOWS\system32\sstttqr.dll

C:\WINDOWS\system32\ssttu.dll

C:\WINDOWS\system32\ubiqbxiu.ini

C:\WINDOWS\system32\uixbqibu.dll

C:\WINDOWS\system32\uttss.ini

C:\WINDOWS\system32\uttss.ini2

C:\WINDOWS\system32\vdqsqhdw.ini

C:\WINDOWS\system32\vtsqq.exe

C:\WINDOWS\system32\vtsqrop.dll

C:\WINDOWS\system32\vtststs.dll

C:\WINDOWS\system32\windows

C:\WINDOWS\system32\WinSpooler.exe

C:\WINDOWS\system32\WinUpdating.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

 

 

 

 

 

 

 

-------\poof

 

 

-------\poof

 

 

 

 

((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))

.

 

2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Program Files\Avira

2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-02-14 19:13 . 2008-02-14 19:19 61,632 --a------ C:\WINDOWS\system32\drivers\avipbb.sys

2008-02-14 19:13 . 2007-08-09 13:04 40,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys

2008-02-14 19:13 . 2007-03-01 10:34 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys

2008-02-14 19:13 . 2007-07-18 14:22 21,312 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys

2008-02-14 14:27 . 2008-02-14 16:21 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys

2008-02-14 14:18 . 2007-12-14 01:59 139,264 --a------ C:\WINDOWS\system32\javaws.exe

2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\javaw.exe

2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\java.exe

2008-02-13 12:07 . 2008-02-13 12:08 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-02-12 19:07 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe

2008-02-12 19:07 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe

2008-02-12 19:07 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe

2008-02-12 16:43 . 2008-02-12 16:43 <REP> d-------- C:\Program Files\Trend Micro

2008-02-11 23:48 . 2004-08-20 00:09 400,896 --a------ C:\WINDOWS\system32\kmd.exe

2008-02-11 23:07 . 2008-02-11 23:07 3,964 --a------ C:\WINDOWS\system32\tmp.reg

2008-02-11 22:40 . 2008-02-11 22:40 128 --a------ C:\Documents

2008-02-11 20:13 . 2008-02-11 21:14 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-02-11 19:23 . 2008-02-14 19:43 <REP> d-------- C:\VundoFix Backups

2008-02-11 17:52 . 2008-02-14 20:19 <REP> d-------- C:\QooBox

2008-02-11 17:52 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe

2008-02-11 17:52 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe

2008-02-11 17:52 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe

2008-02-11 17:52 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe

2008-02-11 17:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-02-11 17:52 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe

2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Program Files\Grisoft

2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Grisoft

2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-02-11 17:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-02-11 13:44 . 2008-02-11 13:44 294 ---hs---- C:\WINDOWS\system32\bmhvcfoh.ini

2008-02-11 11:48 . 2008-02-11 13:44 354 ---hs---- C:\WINDOWS\system32\bpsnfgrb.ini

2008-02-10 14:48 . 2007-02-11 11:40 354 ---hs---- C:\WINDOWS\system32\ppmmvcbn.ini

2008-02-10 14:05 . 2008-02-12 16:41 650 --a------ C:\WINDOWS\wininit.ini

2008-02-06 11:12 . 2008-02-14 15:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-06 11:12 . 2008-02-10 13:45 37,888 --a------ C:\WINDOWS\system32\rar.exe

2008-02-02 19:01 . 2008-02-03 18:22 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\OpenOffice.org2

2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\MSN6

2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6

2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\Program Files\Lavasoft

2008-01-23 12:53 . 2008-01-23 12:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-14 18:10 --------- d-----w C:\Program Files\Mozilla Firefox

2008-02-14 18:08 2,145,386,496 --sha-w C:\pagefile.sys

2008-02-14 18:08 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2

2008-02-14 14:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-14 13:21 --------- d-----w C:\Program Files\Java

2008-02-14 11:52 --------- d-----w C:\Program Files\eChanblard

2008-02-13 17:09 4,364 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err

2008-02-13 11:08 --------- d-----w C:\Program Files\Internet Explorer

2008-02-11 17:54 --------- d-----w C:\Program Files\Fichiers communs

2008-02-09 22:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\teamspeak2

2008-02-09 17:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-02-09 17:55 --------- d-----w C:\Program Files\Adobe

2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe

2008-01-11 15:42 --------- d-----w C:\Program Files\Google

2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sites

2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Classes de site

2008-01-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-01-08 14:37 --------- d-----w C:\Program Files\Windows Live

2008-01-08 14:37 --------- d-----w C:\Program Files\MSN Messenger

2008-01-08 14:37 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-01-08 12:50 --------- d-----w C:\Program Files\WorkoutLogger

2008-01-08 12:35 --------- d-----w C:\Program Files\nutri

2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

2007-12-19 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-15 19:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Dynamique

2007-12-15 19:14 --------- d-----w C:\Program Files\Visicom Media

2007-12-15 19:14 --------- d-----w C:\Program Files\FileZilla Client

2007-12-15 19:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\FileZilla

2007-12-14 20:51 --------- d-----w C:\Program Files\RealMedia

2007-12-14 20:51 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter

2007-12-14 20:51 --------- d-----w C:\Program Files\DScaler5

2007-12-14 20:51 --------- d-----w C:\Program Files\CD Audio Reader Filter

2007-12-14 20:50 --------- d-----w C:\Program Files\Haali

2007-12-14 20:50 --------- d-----w C:\Program Files\DirectVobSub

2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll

2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll

2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136]

"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-12-01 14:32 1266936]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

 

C:\Documents and Settings\PASCAL\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

 

C:\Documents and Settings\Nicolas\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512]

"{25BE2418-6C95-418F-BE03-0D9B9354A167}"= C:\WINDOWS\system32\mljiiih.dll [ ]

 

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36]

S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]

S3 BS_DEF;BS_DEF;C:\Program Files\ASUS\ASUSUpdate\BS_DEF.sys []

S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 04:57]

 

*Newly Created Service* - ANTIVIRSCHEDULER

*Newly Created Service* - ANTIVIRSERVICE

*Newly Created Service* - AVGIO

*Newly Created Service* - AVGNTFLT

*Newly Created Service* - AVIPBB

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-14 20:22:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Modifié par Nicola.S
angelique Devil Member !

angelique

Posté(e)
Posté(e)

une derniere action avec ComboFix :P

 

1/ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{25BE2418-6C95-418F-BE03-0D9B9354A167}"=-

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

CFScript.gif

 

 

* Une fenêtre bleue va apparaitre: Laisse bosser ComboFix jusqu'à l'apparition du rapport :P

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt ou dans c:\ComboFix1 ou 2 voir 3 :P ou p'tetre dans qoobox ^^

 

2/**telecharge sur ton bureau >> - AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected et patiente jusqu'à la fin du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

**Télécharge ewido anti-spyware micro scanner [ http://downloads.ewido.net/ewido_micro.exe ]sur ton bureau.

  • Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  • Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  • Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  • Clique sur Start Scan et laisse l'outil travailler.le resident d'Antivir sera aussi à l'ecoute,donc delete si infection trouvés
  • Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.Tu me le posteras
  • Poste le dans ta prochaine réponse.

  • Nb, clique sur Remove infections

Nicola.S Member

Nicola.S

Posté(e)
  • Auteur
Posté(e)

Bonjour, bonjour,

 

Voila les 2 rapports demandés :P

 

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: TrackingCookie.2o7

Path: :mozilla.39:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.40:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.41:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.42:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Estat

Path: :mozilla.135:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Gemius

Path: :mozilla.169:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Gemius

Path: :mozilla.171:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Yadro

Path: :mozilla.237:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt

Risk: Medium

 

Name: Not-A-Virus.Hacktool.EvID

Path: C:\Program Files\eChanblard\config\last.zip/EvID4226Patch.exe

Risk: Low

 

Name: Not-A-Virus.Hacktool.EvID

Path: C:\Program Files\eChanblard\EvID4226Patch.exe

Risk: Low

 

 

 

 

 

ComboFix 08-02-13.2 - Nicolas 2008-02-15 18:13:05.11 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1507 [GMT 1:00]

Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe

Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\awtsp.exe

C:\WINDOWS\system32\awvtqrs.dll

C:\WINDOWS\system32\awvtrrs.dll

C:\WINDOWS\system32\awvtu.exe

C:\WINDOWS\system32\ddayxwt.dll

C:\WINDOWS\system32\ddccb.exe

C:\WINDOWS\system32\ddccy.exe

C:\WINDOWS\system32\ddccywv.dll

C:\WINDOWS\system32\gebcccy.dll

C:\WINDOWS\system32\gebcy.exe

C:\WINDOWS\system32\gebyaby.dll

C:\WINDOWS\system32\gebyvvv.dll

C:\WINDOWS\system32\gebyw.exe

C:\WINDOWS\system32\geebyyy.dll

C:\WINDOWS\system32\jkhfc.exe

C:\WINDOWS\system32\jkhhe.exe

C:\WINDOWS\system32\jkhhf.exe

C:\WINDOWS\system32\jkhhh.exe

C:\WINDOWS\system32\jkhhhhe.dll

c:\windows\system32\jkkjg.exe

C:\WINDOWS\system32\jkkjhgh.dll

C:\WINDOWS\system32\jkkjjge.dll

C:\WINDOWS\system32\jkklljk.dll

C:\WINDOWS\system32\mljgfde.dll

C:\WINDOWS\system32\mljiiih.dll

C:\WINDOWS\system32\mljji.exe

C:\WINDOWS\system32\mljjk.exe

C:\WINDOWS\system32\mllji.exe

C:\WINDOWS\system32\nelrtibi.dll

C:\WINDOWS\system32\pmkhf.exe

C:\WINDOWS\system32\pmkhfdd.dll

C:\WINDOWS\system32\pmkhfde.dll

C:\WINDOWS\system32\pmnlj.exe

C:\WINDOWS\system32\pmnljgh.dll

C:\WINDOWS\system32\qomljkj.dll

C:\WINDOWS\system32\qtutv.ini

C:\WINDOWS\system32\qtutv.ini2

C:\WINDOWS\system32\ssqro.exe

C:\WINDOWS\system32\ssqrsrq.dll

C:\WINDOWS\system32\sstqpmm.dll

C:\WINDOWS\system32\sstqr.exe

c:\windows\system32\sstts.exe

C:\WINDOWS\system32\sstttqr.dll

C:\WINDOWS\system32\ssttu.dll

C:\WINDOWS\system32\ubiqbxiu.ini

C:\WINDOWS\system32\uixbqibu.dll

C:\WINDOWS\system32\uttss.ini

C:\WINDOWS\system32\uttss.ini2

C:\WINDOWS\system32\vdqsqhdw.ini

C:\WINDOWS\system32\vtsqq.exe

C:\WINDOWS\system32\vtsqrop.dll

C:\WINDOWS\system32\vtststs.dll

C:\WINDOWS\system32\windows

C:\WINDOWS\system32\WinSpooler.exe

C:\WINDOWS\system32\WinUpdating.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

 

 

 

 

 

 

 

-------\poof

 

 

-------\poof

 

 

 

 

 

 

((((((((((((((((((((((((((((( Fichiers créés 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))))))))

.

 

2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Program Files\Avira

2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-02-14 19:13 . 2008-02-14 19:19 61,632 --a------ C:\WINDOWS\system32\drivers\avipbb.sys

2008-02-14 19:13 . 2007-08-09 13:04 40,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys

2008-02-14 19:13 . 2007-03-01 10:34 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys

2008-02-14 19:13 . 2007-07-18 14:22 21,312 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys

2008-02-14 14:27 . 2008-02-14 16:21 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys

2008-02-14 14:18 . 2007-12-14 01:59 139,264 --a------ C:\WINDOWS\system32\javaws.exe

2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\javaw.exe

2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\java.exe

2008-02-13 12:07 . 2008-02-13 12:08 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-02-12 19:07 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe

2008-02-12 19:07 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe

2008-02-12 19:07 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe

2008-02-12 16:43 . 2008-02-12 16:43 <REP> d-------- C:\Program Files\Trend Micro

2008-02-11 23:48 . 2004-08-20 00:09 400,896 --a------ C:\WINDOWS\system32\kmd.exe

2008-02-11 23:07 . 2008-02-11 23:07 3,964 --a------ C:\WINDOWS\system32\tmp.reg

2008-02-11 22:40 . 2008-02-11 22:40 128 --a------ C:\Documents

2008-02-11 20:13 . 2008-02-11 21:14 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-02-11 19:23 . 2008-02-14 19:43 <REP> d-------- C:\VundoFix Backups

2008-02-11 17:52 . 2008-02-15 18:12 <REP> d-------- C:\QooBox

2008-02-11 17:52 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe

2008-02-11 17:52 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe

2008-02-11 17:52 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe

2008-02-11 17:52 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe

2008-02-11 17:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-02-11 17:52 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe

2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Program Files\Grisoft

2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Grisoft

2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-02-11 17:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-02-11 13:44 . 2008-02-11 13:44 294 ---hs---- C:\WINDOWS\system32\bmhvcfoh.ini

2008-02-11 11:48 . 2008-02-11 13:44 354 ---hs---- C:\WINDOWS\system32\bpsnfgrb.ini

2008-02-10 14:48 . 2007-02-11 11:40 354 ---hs---- C:\WINDOWS\system32\ppmmvcbn.ini

2008-02-10 14:05 . 2008-02-12 16:41 650 --a------ C:\WINDOWS\wininit.ini

2008-02-06 11:12 . 2008-02-14 15:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-06 11:12 . 2008-02-10 13:45 37,888 --a------ C:\WINDOWS\system32\rar.exe

2008-02-02 19:01 . 2008-02-03 18:22 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\OpenOffice.org2

2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\MSN6

2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6

2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\Program Files\Lavasoft

2008-01-23 12:53 . 2008-01-23 12:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-15 16:15 --------- d-----w C:\Program Files\Mozilla Firefox

2008-02-15 16:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2

2008-02-15 16:11 2,145,386,496 --sha-w C:\pagefile.sys

2008-02-14 14:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-14 13:21 --------- d-----w C:\Program Files\Java

2008-02-14 11:52 --------- d-----w C:\Program Files\eChanblard

2008-02-13 17:09 4,364 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err

2008-02-13 11:08 --------- d-----w C:\Program Files\Internet Explorer

2008-02-11 17:54 --------- d-----w C:\Program Files\Fichiers communs

2008-02-09 22:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\teamspeak2

2008-02-09 17:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-02-09 17:55 --------- d-----w C:\Program Files\Adobe

2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe

2008-01-11 15:42 --------- d-----w C:\Program Files\Google

2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sites

2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Classes de site

2008-01-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-01-08 14:37 --------- d-----w C:\Program Files\Windows Live

2008-01-08 14:37 --------- d-----w C:\Program Files\MSN Messenger

2008-01-08 14:37 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-01-08 12:50 --------- d-----w C:\Program Files\WorkoutLogger

2008-01-08 12:35 --------- d-----w C:\Program Files\nutri

2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

2007-12-19 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-15 19:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Dynamique

2007-12-15 19:14 --------- d-----w C:\Program Files\Visicom Media

2007-12-15 19:14 --------- d-----w C:\Program Files\FileZilla Client

2007-12-15 19:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\FileZilla

2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll

2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll

2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136]

"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-12-01 14:32 1266936]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

 

C:\Documents and Settings\PASCAL\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

 

C:\Documents and Settings\Nicolas\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512]

 

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36]

S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]

S3 BS_DEF;BS_DEF;C:\Program Files\ASUS\ASUSUpdate\BS_DEF.sys []

S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 04:57]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-15 18:16:06

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

angelique Devil Member !

angelique

Posté(e)
Posté(e)

On va dire que c'est plutot bien ;o)

 

1/desinstalle ComboFix de cette maniere , copie\colle la ligne ci dessous dans executer et tapes la touche "enter"

 

ComboFix /u

 

2/tu as corrigé les éléments trouvés par ewido micro_scanner , je t'interpelle sur la connerie du P2P

 

Name: Not-A-Virus.Hacktool.EvID

Path: C:\Program Files\eChanblard\config\last.zip/EvID4226Patch.exe

Risk: Low

 

Name: Not-A-Virus.Hacktool.EvID

Path: C:\Program Files\eChanblard\EvID4226Patch.exe

Risk: Low

 

eChanblard=Emule

 

A LIRE >> http://forum.zebulon.fr/index.php?showtopic=85544

 

3/as tu un soucie quelconque suite à toute ces manips?? sinon ça m'a l'air propre

si non , edite ton 1er sujet et met [resolu] dans son titre

 

@+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...