Un ver dans mon ordi

Hombrez87 Messages postés 23 Statut Membre -  
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
voile mon ordinateur et infecte par un ver et impossible de l'enlevai ou désinfecter par les anti-virus, le ver il et reconnue par F-Secure Inetrnet Security 2009 (Worm.win32.Mabezat.b) et Panda 2009 (w32.Mabezat.c.worm), alors svp aider moi si quelqu'un a une solution ou a était déjà infecter par se VERRRRR, Merci pour tout aide
A voir également:

28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
Hombrez87 Messages postés 23 Statut Membre
 
************************debut ComboFix.txt ***************************************************
ComboFix 09-02-12.03 - merzak 2009-02-13 1:37:43.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.482 [GMT 1:00]
Lancé depuis: c:\documents and settings\merzak\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\merzak\Bureau\CFScript.txt
AV: F-Prot Antivirus for Windows *On-access scanning enabled* (Outdated)
AV: Panda Global Protection 2009 *On-access scanning disabled* (Updated)
FW: Panda Personal Firewall 2009 *disabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\documents and settings\merzak\Application Data\tazebama
c:\windows\WINDOWS .exe
C:\zPharaoh.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\merzak\Application Data\tazebama
c:\documents and settings\merzak\Application Data\tazebama\tazebama.log
c:\documents and settings\merzak\Application Data\tazebama\zPharaoh.dat
C:\zPharaoh.exe
d:\recycler\NokiaN73Tools.exe
d:\recycler\RECYCLER .exe
D:\zPharaoh.exe
e:\recycler\Make Windows Original.exe
e:\recycler\RECYCLER .exe
E:\zPharaoh.exe
G:\zPharaoh.exe
H:\zPharaoh.exe
i:\recycler\RECYCLER .exe
i:\recycler\WinrRarSerialInstall.exe
I:\zPharaoh.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-13 au 2009-02-13 ))))))))))))))))))))))))))))))))))))
.

2009-02-13 01:27 . 2009-02-13 01:36 160,895 --a------ c:\documents and settings\tazebama.dl_
2009-02-13 01:27 . 2009-02-13 01:36 160,895 --a------ c:\documents and settings\hook.dl_
2009-02-13 01:27 . 2009-02-13 01:36 32,768 --a------ c:\documents and settings\tazebama.dll
2009-02-13 01:23 . 2009-02-13 01:37 126 --a------ C:\1.taz
2009-02-12 19:20 . 2009-02-12 23:20 <REP> d-------- C:\rsit
2009-02-12 19:20 . 2009-02-12 23:20 <REP> d-------- c:\program files\trend micro
2009-02-12 14:12 . 2009-02-12 14:12 <REP> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-12 13:13 . 2009-02-12 13:13 <REP> d-------- c:\program files\Opera
2009-02-12 10:13 . 2009-02-12 18:09 <REP> d-------- c:\program files\UsbFix
2009-02-12 09:55 . 2009-02-12 09:55 <REP> dr------- c:\documents and settings\merzak\Favoris
2009-02-12 09:49 . 2009-02-12 09:49 161,165 --a------ c:\windows\WINDOWS .exe
2009-02-05 16:30 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-05 16:23 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-05 16:09 . 2009-02-05 16:09 <REP> d-------- c:\program files\SAGEM
2009-02-05 14:38 . 2009-02-05 14:38 <REP> d-------- c:\windows\system32\fr
2009-02-05 14:38 . 2009-02-05 14:38 <REP> d-------- c:\windows\system32\bits
2009-02-05 14:38 . 2009-02-05 14:38 <REP> d-------- c:\windows\l2schemas
2009-02-04 19:28 . 2009-02-13 01:58 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys
2009-02-04 19:25 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys
2009-02-04 19:25 . 2009-02-04 19:25 261 --a------ c:\windows\system32\PavCPL.dat
2009-02-04 19:24 . 2009-02-08 20:00 <REP> d-------- c:\documents and settings\merzak\Application Data\Panda Security
2009-02-04 19:24 . 2009-02-08 16:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Panda Security
2009-02-04 19:22 . 2009-02-04 19:22 <REP> d-------- c:\program files\Fichiers communs\Panda Security
2009-02-04 19:22 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys
2009-02-04 19:22 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys
2009-02-04 19:22 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-02 15:50 . 2007-08-14 08:12 18,816 --------- c:\windows\system32\SAVRKBootTasks.sys
2009-01-23 01:24 . 2009-01-23 01:25 1,024 --a------ c:\windows\system32\pwdremover.dat
2009-01-23 01:24 . 2009-01-23 01:24 36 --a------ c:\windows\verypdf.ini
2009-01-23 01:23 . 2009-01-23 01:23 <REP> d-------- c:\program files\PDF Password Remover v2.5
2009-01-23 00:12 . 2008-10-16 21:18 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-01-23 00:12 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-23 00:12 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-23 00:12 . 2008-10-16 21:18 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-01-23 00:12 . 2008-10-16 21:18 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-23 00:12 . 2008-10-16 21:18 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-01-23 00:12 . 2008-10-16 21:18 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-01-23 00:12 . 2008-10-16 21:18 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-23 00:12 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-01-22 18:27 . 2009-02-08 20:00 <REP> d-------- c:\documents and settings\merzak\Application Data\F-Secure
2009-01-22 18:19 . 2009-02-08 16:24 <REP> d-------- c:\documents and settings\All Users\Application Data\fssg
2009-01-22 18:18 . 2009-02-08 16:24 <REP> d-------- c:\documents and settings\All Users\Application Data\f-secure
2009-01-21 23:55 . 2009-01-21 23:55 <REP> d-------- c:\program files\Sophos
2009-01-21 15:57 . 2008-04-14 03:33 293,376 --------- c:\windows\system32\qagentrt.dll
2009-01-21 15:57 . 2008-04-14 03:33 290,304 --------- c:\windows\system32\rhttpaa.dll
2009-01-21 15:57 . 2008-04-14 03:33 153,600 -----c--- c:\windows\system32\dllcache\shmedia.dll
2009-01-21 15:57 . 2008-04-14 03:33 151,040 --------- c:\windows\system32\qagent.dll
2009-01-21 15:57 . 2008-04-14 03:32 86,016 -----c--- c:\windows\system32\dllcache\sl_anet.acm
2009-01-21 15:57 . 2004-07-17 16:34 85,617 -----c--- c:\windows\system32\dllcache\plyr_err.chm
2009-01-21 15:57 . 2008-04-14 03:33 76,800 --------- c:\windows\system32\qutil.dll
2009-01-21 15:57 . 2004-07-17 16:34 66,148 -----c--- c:\windows\system32\dllcache\revert.wmz
2009-01-21 15:57 . 2008-04-14 03:33 62,464 --------- c:\windows\system32\qcliprov.dll
2009-01-21 15:57 . 2008-04-14 03:33 61,952 --------- c:\windows\system32\rasqec.dll
2009-01-21 15:57 . 2008-04-14 03:34 32,768 --------- c:\windows\system32\setupn.exe
2009-01-21 15:57 . 2008-04-13 19:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2009-01-21 15:57 . 2004-08-04 05:50 1,818 -----c--- c:\windows\system32\dllcache\skins.inf
2009-01-21 15:55 . 2008-04-14 03:33 397,312 --------- c:\windows\system32\mmcex.dll
2009-01-21 15:54 . 2008-04-14 03:33 651,264 --------- c:\windows\system32\dot3ui.dll
2009-01-21 15:53 . 2008-04-14 03:33 136,192 --------- c:\windows\system32\aaclient.dll
2009-01-21 14:21 . 2009-02-12 09:49 <REP> d-------- C:\fsaua.data
2009-01-20 16:19 . 2009-01-20 16:19 0 --a------ c:\windows\InstalationHijach2
2009-01-20 16:13 . 2009-01-20 16:13 <REP> d-------- c:\program files\MSECache
2009-01-20 15:57 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2009-01-20 15:56 . 2009-01-20 15:56 <REP> d-------- c:\program files\Realtek AC97
2009-01-20 15:56 . 2006-08-01 14:58 143,360 --a------ c:\windows\system32\RtlCPAPI.dll
2009-01-20 15:45 . 2008-12-13 07:37 3,593,216 --a--c--- c:\windows\system32\dllcache\mshtml.dll
2009-01-20 15:21 . 2008-05-01 15:36 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-01-20 15:19 . 2008-10-03 11:03 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2009-01-20 15:18 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-19 16:14 . 2009-01-19 16:14 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-19 16:14 . 2009-01-19 16:14 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-19 16:14 . 2009-01-19 16:14 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-19 16:14 . 2009-01-19 16:14 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-19 16:14 . 2009-01-19 16:14 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-19 16:14 . 2009-01-19 16:14 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-19 15:12 . 2002-09-07 01:00 399,670 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2009-01-19 15:12 . 2002-09-07 01:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-01-19 15:12 . 2002-09-07 01:00 13,497 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT
2009-01-19 15:12 . 2002-09-07 01:00 13,312 --a------ c:\windows\system32\irclass.dll
2009-01-19 15:12 . 2002-09-07 01:00 8,599 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT
2009-01-19 15:11 . 2004-08-04 06:43 1,086,058 -ra------ c:\windows\SETB5.tmp
2009-01-19 15:11 . 2009-02-05 16:11 1,031,358 --a------ c:\windows\setupapi.log.2.old
2009-01-19 15:11 . 2004-08-04 06:52 1,014,836 -ra------ c:\windows\SETB2.tmp
2009-01-19 15:11 . 2004-08-04 06:45 14,043 -ra------ c:\windows\SETC1.tmp
2009-01-18 00:12 . 2009-01-18 00:12 <REP> d-------- c:\program files\Fichiers communs\xing shared
2009-01-17 23:39 . 2009-02-08 16:06 <REP> d-------- C:\Davory
2009-01-17 16:11 . 2009-01-17 16:15 <REP> d-------- c:\program files\WinHex
2009-01-15 15:34 . 2009-01-15 15:35 <REP> d-------- c:\program files\PHPNukeFR
2009-01-15 00:54 . 2009-02-08 16:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Backup
2009-01-14 15:16 . 2009-02-05 16:39 1,355 --a------ c:\windows\imsins.BAK

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 00:59 595,968 ----a-w c:\windows\soundman.exe
2009-02-13 00:59 1,132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-02-13 00:59 1,132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-02-13 00:31 --------- d-----w c:\program files\Common Files
2009-02-12 22:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-12 22:06 906,095 ----a-w c:\windows\iun6002.exe
2009-02-12 22:06 475,503 ----a-w c:\windows\IsUninst.exe
2009-02-12 22:06 235,887 ----a-w c:\windows\bitdeins.exe
2009-02-12 18:43 --------- d-----w c:\program files\eMule
2009-02-12 18:20 238,108 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-02-12 18:20 238,108 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-02-12 08:49 45,000 ----a-w c:\program files\serials.rar
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\uTorrent
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\MxBoost
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\Media Player Classic
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\iolo
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\InterVideo
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\IDM
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\Flock
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\DMCache
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\AVS4YOU
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\Ahead
2009-02-08 19:00 --------- d-----w c:\documents and settings\merzak\Application Data\AdobeUM
2009-02-08 18:59 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2009-02-08 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-08 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-02-08 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-08 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\MSN6
2009-02-08 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2009-02-08 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-02-08 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-05 15:10 23 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-02-05 15:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 18:24 --------- d-----w c:\program files\Panda Security
2009-01-29 14:07 --------- d-----w c:\program files\ABBYY FineReader 4.0 Sprint
2009-01-29 14:00 --------- d-----w c:\program files\Groove Games
2009-01-21 13:16 --------- d-----w c:\program files\Google
2009-01-20 14:56 --------- d-----w c:\program files\AvRack
2009-01-17 23:11 --------- d-----w c:\program files\Fichiers communs\Real
2009-01-17 12:23 --------- d-----w c:\program files\Edges
2009-01-15 00:49 --------- d-----w c:\program files\Winamp
2009-01-15 00:46 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-15 00:39 --------- d-----w c:\program files\AOL Security Toolbar
2009-01-14 23:40 --------- d-----w c:\program files\Conduit
2009-01-14 23:07 --------- d-----w c:\program files\IsoBuster
2009-01-14 23:05 --------- d-----w c:\program files\AVS4YOU
2009-01-09 22:26 --------- d-----w c:\program files\Microsoft
2009-01-09 22:25 --------- d-----w c:\program files\Windows Live
2009-01-09 22:25 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-01-09 22:23 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-09 21:33 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-01-09 21:27 --------- d-----w c:\program files\CCleaner
2009-01-01 23:42 --------- d-----w c:\program files\Internet Download Manager
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2007-05-01 14:05 238,162 ----a-w c:\program files\Uninst.isu
2001-11-30 09:29 344,064 ----a-w c:\program files\AlbumBase.dll
2001-11-30 09:29 172,032 ----a-w c:\program files\abmFind.dll
2001-11-30 09:29 1,871,872 ----a-w c:\program files\PhotoImpression.exe
2001-11-21 16:13 126,976 ----a-w c:\program files\Res_Pi.dll
2001-11-21 15:28 10,903 ----a-w c:\program files\Lblspec.ini
2001-08-08 14:08 114,688 ----a-w c:\program files\MultiPrint.dll
2001-07-19 17:27 659,456 ----a-w c:\program files\EzDll.dll
2001-07-02 11:30 53,248 ----a-w c:\program files\wdmcapture.dll
2001-06-19 19:59 139,264 ----a-w c:\program files\Res_Dll.dll
2001-05-17 16:18 69,632 ----a-w c:\program files\ASPI.dll
2001-05-14 19:21 166,163 ----a-w c:\program files\PhotoImpression.HLP
2001-04-26 17:23 53,248 ----a-w c:\program files\EditWin.dll
2000-11-24 14:43 28,160 ----a-w c:\program files\ezrgb24.ax
2000-10-16 18:51 32,768 ----a-w c:\program files\OsWrapperForPI.dll
2000-10-09 15:43 61,440 ----a-w c:\program files\PiApi.dll
2000-10-04 14:47 90,112 ----a-w c:\program files\myCtrl.dll
2000-09-26 17:54 122,880 ----a-w c:\program files\eff_ehn.dll
2000-01-29 09:21 247,844 ----a-w c:\program files\exif.exf
1999-06-29 16:34 400 ----a-w c:\program files\click1.wav
1999-06-29 12:07 533 ----a-w c:\program files\click2.wav
1999-05-26 09:46 212,480 ----a-w c:\program files\pcdlib32.dll
1997-12-23 16:34 115,712 ----a-w c:\program files\Filefpx.dll
1996-10-17 16:40 308,736 ----a-w c:\program files\FPXLIB.DLL
1996-09-24 07:13 91,136 ----a-w c:\program files\JPEGLIB.DLL
.

((((((((((((((((((((((((((((( SnapShot@2009-02-13_ 1.27.12.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-12 22:06:40 222,063 ----a-w c:\windows\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe
+ 2009-02-13 01:00:01 65,536 ----a-w c:\windows\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe
- 2009-02-12 22:06:41 321,903 ----a-w c:\windows\system32\AUTMGR32.EXE
+ 2009-02-13 01:00:13 165,376 ----a-w c:\windows\system32\AUTMGR32.EXE
- 2009-02-13 00:25:43 206,396 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-13 01:02:26 206,396 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
- 2009-02-13 00:25:15 850,799 ----a-w c:\windows\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
+ 2009-02-13 00:59:48 694,272 ----a-w c:\windows\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-12 4044983]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-03 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-02-13 1707520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 196608]
"PaperPort PTD"="c:\paprport\pptd40nt.exe" [1997-08-25 22016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2005-12-21 169472]
"Athan"="c:\program files\Athan\Athan.exe" [2008-08-18 1069056]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2001-12-16 46080]
"EPSON Stylus C46 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840]
"Nero DriveSpeed"="c:\progra~1\Ahead\NEROTO~1\DRIVES~1.EXE" [2009-02-13 440320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-18 185872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2001-12-16 2899968]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432]
"SoundMan"="SOUNDMAN.EXE" [2009-02-13 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2001-12-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage .exe [2009-02-08 160945]
Recycle Bin.exe [2009-02-08 381803]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-11-14 221304]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-02-05 962661]
gwum.lnk - c:\program files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe [2008-07-05 471040]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-11-14 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"vidc.I263"= i263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
"c:\\Program Files\\Maxthon2\\Maxthon.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-02-04 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-02-04 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-02-04 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-02-04 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-02-04 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-02-04 19:24:39 158848]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-02-02 18816]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-02-04 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-02-04 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-02-04 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2009\psksvc.exe [2009-02-04 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-02-04 13880]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\Gigabyte Windows Utility Manager\MARKFUN.W32 [2008-07-05 8236]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-02-04 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 WMIBIOS;%WMIBIOS.ServiceName%;c:\windows\system32\drivers\wmibios.sys [2008-07-05 18272]
R3 WMIINFO;WMIINFO Driver;c:\windows\system32\drivers\wmiinfo.sys [2008-07-05 21184]
S0 FPA_RTP;FPA_RTP;c:\windows\system32\Drivers\FSTOPW.SYS --> c:\windows\system32\Drivers\FSTOPW.SYS [?]
S2 UPSMON_Service;UPSMON_Service;TC --> TC [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\16.tmp --> c:\windows\system32\16.tmp [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\MTK.SYS [2008-11-01 15670]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [2001-11-29 1432836]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - COMFILTR

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {A5721EC0-45FD-4AF6-8D26-B511385D81CE} = 81.22.90.29 82.101.136.29
TCP: {EF3D6FAB-3941-46D0-B915-8CB969DB9885} = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\merzak\Application Data\Mozilla\Firefox\Profiles\fmh4ox8s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2102473&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - PHPNukeFR Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2102473&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2102473&SearchSource=2&q=
FF - component: c:\documents and settings\merzak\Application Data\Mozilla\Firefox\Profiles\fmh4ox8s.default\extensions\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 02:02:09
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\Gigabyte Windows Utility Manager\markfun.w32"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\16.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPSMON_Service]
"ImagePath"="T\14C"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\Setup\AllowStart\DcomLaunch]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\System\Setup\AllowStart\Sacsvr]
@DACL=(02 0000)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\nview.dll
c:\program files\Panda Security\Panda Global Protection 2009\pavoepl.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Panda Security\Panda Global Protection 2009\TPSrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\WebProxy.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
c:\program files\Fichiers communs\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Panda Security\Panda Global Protection 2009\PAVSRV51.EXE
c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe
c:\program files\Panda Security\Panda Global Protection 2009\SrvLoad.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-02-13 2:06:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-13 01:06:35
ComboFix2.txt 2009-02-13 00:28:11
ComboFix3.txt 2009-02-12 23:04:56

Avant-CF: 435 290 112 octets libres
Après-CF: 431,689,728 octets libres

393 --- E O F --- 2009-02-12 09:00:36

-******************************************** Fin Combofix.txt ********************************
0
Réponse 22 / 28
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Tazebama n'arrête pas de se recréer. Je ne te garantie pas qu'on va y arriver car c'est vraiment une belle cochonnerie.

Fais un scan avec AVPTool :
ftp://ftp.kaspersky.com/devbuilds/AVPTool/setup_7.0.0.290_13.02.2009_03-20.exe
0
Réponse 23 / 28
Hombrez87 Messages postés 23 Statut Membre
 
ces toujour moi, Destrio5 SVP, voila le micro de mon frere a aussi le meme ver (tazebama) et j'ai fait la meme procedure que tu ma donné et voila le raport de Combofix alor dit moi si ces bon, pour le mien et bien Karpesh il scan et il et maintenant a 12860 ver alor,
je vous remerci d'avance
********************************debut Combofix.txt du micro mon frere ****************************
ComboFix 09-02-12.03 - Ahmed 2009-02-13 18:56:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.580 [GMT 1:00]
Lancé depuis: c:\documents and settings\Ahmed\Bureau\ComboFix.exe
AV: Panda Internet Security 2009 *On-access scanning disabled* (Outdated)
FW: Panda Personal Firewall 2009 *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Administrateur\Application Data\tazebama
c:\windows\system\msvbvm60.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-13 au 2009-02-13 ))))))))))))))))))))))))))))))))))))
.

2009-02-13 18:36 . 2009-02-13 18:36 <REP> d-------- c:\windows\LastGood
2009-02-02 20:25 . 2009-02-02 20:25 <REP> d-------- c:\program files\Xi
2009-02-02 19:35 . 2009-02-02 19:35 <REP> d-------- c:\program files\Fichiers communs\xing shared
2009-02-02 19:34 . 2009-02-02 19:34 <REP> d-------- c:\program files\Real
2009-02-02 19:32 . 2009-02-02 19:35 <REP> d-------- c:\program files\Fichiers communs\Real
2009-01-30 19:14 . 2009-01-30 19:14 <REP> d-------- c:\documents and settings\Ahmed\Application Data\MSNInstaller
2009-01-27 17:34 . 2002-01-10 03:01 110,592 --a------ c:\windows\system32\tsccvid.dll
2009-01-23 16:43 . 2009-01-23 16:43 55 --a------ C:\winupa.ini
2009-01-23 16:42 . 2009-01-23 16:42 3,026 --a------ c:\windows\system32\drivers\hwinterface.sys
2009-01-23 16:42 . 2009-01-23 16:42 16 --a------ c:\windows\drymemor.bin
2009-01-23 16:41 . 2009-02-05 18:59 52 --a------ c:\windows\winupa.ini
2009-01-23 16:40 . 1993-05-11 23:00 398,416 --------- c:\windows\system32\VBRUN300.DLL
2009-01-23 16:40 . 1997-08-29 14:32 383,512 --------- c:\windows\system32\Tab32x20.ocx
2009-01-23 16:40 . 1998-06-27 03:22 205,848 --------- c:\windows\system32\threed32.ocx
2009-01-23 16:40 . 1998-07-13 00:00 10,240 --------- c:\windows\system32\SYSINFR.DLL
2009-01-23 16:40 . 2000-11-30 10:23 4,990 --------- c:\windows\system32\UKEYVDD.DLL
2009-01-23 16:39 . 2009-01-23 16:41 <REP> d-------- c:\program files\IproCAM
2009-01-22 17:01 . 2009-01-22 17:07 <REP> d-------- c:\windows\system32\Adobe
2009-01-22 15:17 . 2009-01-22 15:18 <REP> d-------- c:\program files\PyVot
2009-01-19 17:22 . 2009-01-19 17:22 <REP> d-------- c:\program files\SnIco Edit
2009-01-19 17:00 . 2009-02-11 16:05 116 --a------ c:\windows\NeroDigital.ini
2009-01-18 17:20 . 2009-01-18 17:20 <REP> d-------- c:\documents and settings\Ahmed\Application Data\Ahead
2009-01-18 17:18 . 2009-01-18 17:18 <REP> d-------- c:\program files\Nero
2009-01-18 17:18 . 2009-01-18 17:18 <REP> d-------- c:\program files\Fichiers communs\Ahead
2009-01-14 12:49 . 2009-01-14 12:49 <REP> d-------- c:\program files\ABCAutoCAD
2009-01-14 11:43 . 2009-01-18 16:37 <REP> d-------- c:\program files\DAS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 17:35 254,460 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-02-13 17:35 254,460 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-02-13 17:31 --------- d-----w c:\documents and settings\Ahmed\Application Data\Orbit
2009-02-13 17:30 1,132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-02-13 17:30 1,132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-02-05 16:01 583,680 ----a-w c:\windows\soundman.exe
2009-02-05 13:09 931,183 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-02-05 13:09 323,439 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-01-24 15:56 --------- d-----w c:\program files\Orbitdownloader
2009-01-23 16:19 --------- d-----w c:\program files\Google
2009-01-14 17:04 --------- d-----w c:\program files\DAS_CACOBATPH
2008-12-27 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-12-03 16:29 410,984 ----a-w c:\windows\system32\deploytk.dll
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

------- Sigcheck -------

2004-08-04 04:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys
2004-08-04 04:14 359040 6a603809f598332dbedd535bdbce313e c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-13 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-13 14:12 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-02-05 1673728]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-01-22 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C46 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-06-30 845056]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-06-25 49408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"Adobe_ID0EYTHM"="c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-02 185872]
"SoundMan"="SOUNDMAN.EXE" [2009-02-05 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2008-07-14 581632]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-15 968805]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-09-10 1707208]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-08 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 15:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2008-07-14 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-07-14 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-07-14 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-07-14 22072]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2009-01-23 3026]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-07-14 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-07-14 22:50:53 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-07-14 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-07-14 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-07-14 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\psksvc.exe [2008-07-14 28976]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT01060033;PANDA NDIS IM Filter Miniport v1.6.0.33;c:\windows\system32\drivers\neti1633.sys [2008-07-14 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [2008-07-14 3351]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contenu du dossier 'Tâches planifiées'

2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NWEReboot - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.dz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SYSTRAN: &Effacer le cache de traduction - c:\program files\Systran\Premium\menuClearCache.html
IE: SYSTRAN: &Options - c:\program files\Systran\Premium\menuConfigure.html
IE: SYSTRAN: &Traduire - c:\program files\Systran\Premium\menuTranslate.html
IE: SYSTRAN: En®istrement - c:\program files\Systran\Premium\menuRegister.html
IE: SYSTRAN: Rechercher les &mises à jour - c:\program files\Systran\Premium\menuUpdate.html
IE: SYSTRAN: Traduire les &cadres - c:\program files\Systran\Premium\menuTranslateAll.html
IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{703436F1-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuTranslate.html
IE: {{703436F2-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuTranslateAll.html
IE: {{703436F3-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuConfigure.html
IE: {{703436F4-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuClearCache.html
IE: {{703436F5-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuRegister.html
IE: {{703436F6-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Premium\MenuUpdates.html
TCP: {7D7450F7-ECF2-4AD7-BACB-6845B09E3E42} = 81.22.90.29 82.101.136.29
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 18:59:19
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4d1e946a-ea25-4cdc-8336-4ca9994bab11}]
@Denied: (Full) (Everyone)
"Model"=dword:000000e0
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,22,75,7a,93,24,bb,ab,c2,27,15,c0,d2,de,08,86,37,bf,af,e8,26,3f,f1,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):47,dc,d5,f2,12,5c,69,68,09,93,dd,c8,65,bf,b0,15,6a,ef,a1,81,ef,
82,10,f2,1b,64,17,eb,81,92,52,8e,be,10,84,bb,71,a9,6d,f9,00,00,00,00,00,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\avldr.dll
.
Heure de fin: 2009-02-13 19:01:35
ComboFix-quarantined-files.txt 2009-02-13 18:01:09

Avant-CF: 21 391 601 664 octets libres
Après-CF: 24,054,231,040 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

211
********************************fin de Combofix.txt du micro de mon frere *************************
0
Réponse 24 / 28
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Kaspersky a trouvé des choses pour l'instant ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
Hombrez87 Messages postés 23 Statut Membre
 
oui meme beaucoup il et maintenant a 12902 de (Worm.Win32.Mabezat.B) et ces quoi (still posponed) tous les fois qu'il trouve un virus il me signale sa??

* svp et le raport du micro de mon frere merci
0
Réponse 26 / 28
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Si AVPTool a détecté 12902 fichiers infectés par Mabezat, c'est fini, ton Windows est mort. Il suffit qu'il reste un seul fichier Mabezat pour que l'infection recommence à infecter des fichiers.
0
Hombrez87 Messages postés 23 Statut Membre
 
ces sur alors une fois qu'il aura fini je vais tous réinstallé, mon problème ces que j'ai des dossier importent que je ne peut les supprimés, un travail de 10 ans,
0
Réponse 27 / 28
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
En espérant que Mabezat ne se mette pas dans tes documents.

Pour ton frère, tu peux également faire un scan avec AVPTool.
0
Hombrez87 Messages postés 23 Statut Membre
 
jesper et merci pour se que tu fait vraiment ces tous a ton honneur, et je te métrait au courant une fois fini
0
Réponse 28 / 28
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Ok ;)
0