WORM/Rbot.542720.7 WORM/SdBot.401408.13
Résolu
bab2735
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,
apres une reinstallation de windows XP sp1 ce matin, mon conjoint n'arrive plus a rien avec son ordinatuer!
il a telecharge antivir qui a detecte :
WORM/Rbot.542720.7
WORM/SdBot.401408.13
entre autre!
le telechargement de quoi que ce soit est impossible de cet ordinateur, mais je peut en effectuer sur un autre (au travail)
lorsqu'il va sur internet il y a plein de messages d 'erreur
Comment faire pour s en sortir? faut il formater tous nos disques dur??? ou bien il existe un autre moyen?
Merci de nous venir en aide...
apres une reinstallation de windows XP sp1 ce matin, mon conjoint n'arrive plus a rien avec son ordinatuer!
il a telecharge antivir qui a detecte :
WORM/Rbot.542720.7
WORM/SdBot.401408.13
entre autre!
le telechargement de quoi que ce soit est impossible de cet ordinateur, mais je peut en effectuer sur un autre (au travail)
lorsqu'il va sur internet il y a plein de messages d 'erreur
Comment faire pour s en sortir? faut il formater tous nos disques dur??? ou bien il existe un autre moyen?
Merci de nous venir en aide...
4 réponses
Salut
redemarre en mode sanc eche et fais un scan avec antivir, mets tout ce que tu peux en quarantaine
ensuite :
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
redemarre en mode sanc eche et fais un scan avec antivir, mets tout ce que tu peux en quarantaine
ensuite :
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Salut
Maintenant au demarrage, l'ordi me dit qu'il me manque le "Clmcs.exe", c'est grave?
absolument pas ! ce processus appartient à un backdoor ! en d'autres termes une vilaine bébéttes !
oui, poste le rapport d'antivir, et télécharger HijackThis
L'installer dans un dossier prévu à cet effet.
o Par exemple, C:\HijackThis
o Choisis l'option "do a system scan and save a logfile"; un rapport va être généré
o Copier/coller le rapport sur le forum stp
++
Maintenant au demarrage, l'ordi me dit qu'il me manque le "Clmcs.exe", c'est grave?
absolument pas ! ce processus appartient à un backdoor ! en d'autres termes une vilaine bébéttes !
oui, poste le rapport d'antivir, et télécharger HijackThis
L'installer dans un dossier prévu à cet effet.
o Par exemple, C:\HijackThis
o Choisis l'option "do a system scan and save a logfile"; un rapport va être généré
o Copier/coller le rapport sur le forum stp
++
Salut, suis rassuree pour le clmcs.exe, mais pas trop pour le pare feu windows que je ne peux pas activer..
Voila le rapport antivir :
AntiVir PersonalEdition Classic
Report file date: mardi 26 février 2008 21:42
Scanning for 1125458 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: RAID
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 20:40:33
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 20:40:33
ANTIVIR3.VDF : 7.0.2.195 59392 Bytes 26/02/2008 20:40:33
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 26/02/2008 20:40:35
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 26/02/2008 20:40:35
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 26 février 2008 21:42
The scan of running processes will be started
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'cscript.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'clmcs.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\clmcs.exe'
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'clmcs.exe' has been terminated
C:\WINDOWS\clmcs.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48317a17.qua'!
22 processes with 21 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Setup32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48387a15.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\05AZ0XQB\bb1[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f57a1b.qua'!
C:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0003041.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.542720.7
[INFO] The file was moved to '47f47a15.qua'!
C:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0005139.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47f47a1a.qua'!
C:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0005148.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.542720.7
[INFO] The file was moved to '47f47a1c.qua'!
C:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0005169.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f47a1e.qua'!
C:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0005170.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f47a20.qua'!
C:\WINDOWS\17PHolmes1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48147a2a.qua'!
C:\WINDOWS\system32\aica.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.34816.6
[INFO] The file was moved to '48277b52.qua'!
C:\WINDOWS\system32\bglkz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48307b54.qua'!
C:\WINDOWS\system32\cyuldl.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.215
[INFO] The file was moved to '48397b6c.qua'!
C:\WINDOWS\system32\lgjs.exe
[DETECTION] Contains code of the Windows virus W32/Virut.Gen
[INFO] The file was moved to '482e7b66.qua'!
C:\WINDOWS\system32\vlvf.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '483a7b80.qua'!
C:\WINDOWS\system32\ygbcxjov.exe
[DETECTION] Contains code of the Windows virus W32/Virut.Gen
[INFO] The file was moved to '48267b82.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LE9990OR\bb1[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f57b82.qua'!
Begin scan in 'D:\'
Begin scan in 'F:\' <My Book>
F:\Software\WinDVD.Platinum.v7.0\crack\Keymaker.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.4417
[INFO] The file was moved to '483d81e1.qua'!
F:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0005178.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.4417
[INFO] The file was moved to '47f481b9.qua'!
End of the scan: mardi 26 février 2008 22:15
Used time: 33:55 min
The scan has been done completely.
3145 Scanning directories
138074 Files were scanned
19 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
18 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
138055 Files not concerned
735 Archives were scanned
2 Warnings
7 Notes
je lance ce soir l'autre scan et te poste le rapport demain
merci encore
a++
Voila le rapport antivir :
AntiVir PersonalEdition Classic
Report file date: mardi 26 février 2008 21:42
Scanning for 1125458 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: RAID
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 20:40:33
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 20:40:33
ANTIVIR3.VDF : 7.0.2.195 59392 Bytes 26/02/2008 20:40:33
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 26/02/2008 20:40:35
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 26/02/2008 20:40:35
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 26 février 2008 21:42
The scan of running processes will be started
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'cscript.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'clmcs.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\clmcs.exe'
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'clmcs.exe' has been terminated
C:\WINDOWS\clmcs.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48317a17.qua'!
22 processes with 21 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Setup32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48387a15.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\05AZ0XQB\bb1[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f57a1b.qua'!
C:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0003041.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.542720.7
[INFO] The file was moved to '47f47a15.qua'!
C:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0005139.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47f47a1a.qua'!
C:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0005148.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.542720.7
[INFO] The file was moved to '47f47a1c.qua'!
C:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0005169.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f47a1e.qua'!
C:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0005170.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f47a20.qua'!
C:\WINDOWS\17PHolmes1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48147a2a.qua'!
C:\WINDOWS\system32\aica.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.34816.6
[INFO] The file was moved to '48277b52.qua'!
C:\WINDOWS\system32\bglkz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48307b54.qua'!
C:\WINDOWS\system32\cyuldl.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.215
[INFO] The file was moved to '48397b6c.qua'!
C:\WINDOWS\system32\lgjs.exe
[DETECTION] Contains code of the Windows virus W32/Virut.Gen
[INFO] The file was moved to '482e7b66.qua'!
C:\WINDOWS\system32\vlvf.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '483a7b80.qua'!
C:\WINDOWS\system32\ygbcxjov.exe
[DETECTION] Contains code of the Windows virus W32/Virut.Gen
[INFO] The file was moved to '48267b82.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LE9990OR\bb1[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f57b82.qua'!
Begin scan in 'D:\'
Begin scan in 'F:\' <My Book>
F:\Software\WinDVD.Platinum.v7.0\crack\Keymaker.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.4417
[INFO] The file was moved to '483d81e1.qua'!
F:\System Volume Information\_restore{9CAEB862-0FA8-4013-9A7B-F79ABAB8A292}\RP3\A0005178.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.4417
[INFO] The file was moved to '47f481b9.qua'!
End of the scan: mardi 26 février 2008 22:15
Used time: 33:55 min
The scan has been done completely.
3145 Scanning directories
138074 Files were scanned
19 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
18 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
138055 Files not concerned
735 Archives were scanned
2 Warnings
7 Notes
je lance ce soir l'autre scan et te poste le rapport demain
merci encore
a++
donc hier soir j'ai reussi a faire un scan sans "mode sans echec". Lors de ce scan, j'ai mis un max de truc en quarantaibe, par contre il y en a pour lesquelles il fallait soit ignorer soit supprimer et il me semble que g supprimer quelquechose. Maintenant au demarrage, l'ordi me dit qu'il me manque le "Clmcs.exe", c'est grave?
J'ai redemarre en mode sans echec et lance combofix. Voila son rapport :
ComboFix 08-02-25.3 - moff 2008-02-26 22:24:32.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale
Endroit: C:\Documents and Settings\moff\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nkwqcgkal.exe
C:\WINDOWS\system32\tokxdnjlv.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))
.
2008-02-26 21:11 . 2008-02-26 21:11 55,296 ---hs---- C:\WINDOWS\system32\mdm.exe
2008-02-26 20:39 . 2008-02-26 20:39 <REP> d-------- C:\WINDOWS\system32\bits
2008-02-26 20:39 . 2008-02-26 21:41 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-02-26 20:39 . 2005-02-25 04:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-26 20:38 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-26 20:38 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-26 20:38 . 2004-07-01 23:08 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-02-26 20:38 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-26 20:38 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-26 20:38 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-26 20:38 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-02-26 20:38 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-26 20:38 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-02-26 20:35 . 2008-02-26 20:35 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-02-26 19:06 . 2008-02-26 19:06 118 --a------ C:\WINDOWS\system32\izsge.bat
2008-02-26 17:43 . 2008-02-26 17:43 <REP> d---s---- C:\Documents and Settings\moff\UserData
2008-02-26 17:43 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-26 17:43 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-26 17:43 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-26 17:43 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-02-26 17:43 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-26 17:43 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-26 17:43 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-26 17:43 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-26 17:43 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-26 17:38 . 2008-02-26 17:38 <REP> d-------- C:\WINDOWS\OPTIONS
2008-02-26 17:38 . 2008-02-26 17:38 <REP> d-------- C:\Program Files\Realtek
2008-02-26 17:38 . 2008-02-26 17:38 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-26 17:38 . 2008-02-26 17:38 <REP> d-------- C:\Documents and Settings\moff\Application Data\InstallShield
2008-02-26 17:38 . 2007-11-20 19:09 104,320 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-02-26 17:35 . 2008-02-26 17:35 <REP> d-------- C:\yenicag
2008-02-26 17:18 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2008-02-26 17:18 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-02-26 17:01 . 2008-02-26 16:32 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 20:38 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
2008-02-26 20:38 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-02-26 15:40 --------- d-----w C:\Program Files\Avira
2008-02-26 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-02-26 15:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-26 15:29 558,142 ----a-w C:\WINDOWS\java\Packages\7PZLJV5R.ZIP
2008-02-26 15:29 155,995 ----a-w C:\WINDOWS\java\Packages\CMSEM46Z.ZIP
2008-02-26 15:26 --------- d-----w C:\Program Files\Services en ligne
2008-02-26 11:07 135,168 ----a-w C:\WINDOWS\system32\sfc_os.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Networking Monitoring"="C:\WINDOWS\System32\mdm.exe" [2008-02-26 21:11 55296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-26 21:40 249896]
"WinPerfectAutoRun"="C:\yenicag\WinPerfect\WinPerfect.exe" [2006-11-05 13:48 2838016]
"Windows Networking Monitoring"="C:\WINDOWS\System32\mdm.exe" [2008-02-26 21:11 55296]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-30 21:00 13312]
"Windows Networking Monitoring"="C:\WINDOWS\System32\mdm.exe" [2008-02-26 21:11 55296]
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
S2 Management Consultants (CLMCs);Management Consultants (CLMCs);"C:\WINDOWS\clmcs.exe" []
S2 TTLMS;Track Learning Management System;C:\WINDOWS\System32\ttlms.exe []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 22:26:10
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-26 22:27:52
ComboFix-quarantined-files.txt 2008-02-26 21:27:25
Ensuite, j'ai reussi a telecharger le pack sp2 et je l'ai installe. Le probleme c'est que le pare feu windows est configure desactive et c'est impossible de l 'activer... Ai-je bien fait??? je vais devenir chevre!