Virus trojan downloader purityscan

j'ai effectué Navilog 2, voici le rapport.

Clean Navipromo version 3.5.0 commencé le 10/03/2008 à 21.07.59,84

Outil exécuté depuis C:\Programmi\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO


Microsoft Windows XP [Versione 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS



*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans "C:\Documents and Settings\Lisa Innocentini\impost~1\datiap~1" *



*** Suppression dossiers dans C:\WINDOWS ***

C:\WINDOWS\msskinner ...suppression...
C:\WINDOWS\msskinner supprimé !


*** Suppression dossiers dans C:\Programmi ***

C:\Programmi\Instant Access ...suppression...
C:\Programmi\Instant Access supprimé !

C:\Programmi\MailSkinner ...suppression...
C:\Programmi\MailSkinner supprimé !


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\DATIAP~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\Lisa Innocentini\datiap~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Lisa Innocentini\impost~1\datiap~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Lisa Innocentini\menuav~1\progra~1" ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\egaccess4.inf supprimé !
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\tmlpcert2007 supprimé !
C:\WINDOWS\system32\EGACCESS.dll supprimé !
C:\WINDOWS\system32\egaccess4_1064.dll supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Lisa Innocentini\impost~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *

urslbyf.dat trouvé !
Copie urslbyf.dat réalisée avec succès !
urslbyf.dat supprimé !

urslbyf_nav.dat trouvé !
Copie urslbyf_nav.dat réalisée avec succès !
urslbyf_nav.dat supprimé !

urslbyf_navps.dat trouvé !
Copie urslbyf_navps.dat réalisée avec succès !
urslbyf_navps.dat supprimé !


* Dans "C:\Documents and Settings\Lisa Innocentini\impost~1\datiap~1" *


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !

*** Nettoyage terminé le 10/03/2008 à 21.10.52,59 **

Je n'ai pas compris si c'est bon comme ça ou si il faut que je fasse un autre rapport?? et puis-je éliminer les virus inscrits en quarantaine dans AVG?

Merci!

Bonjour,
voilà, j'espère que j'ai bien fait...


ComboFix 08-03-10.1 - Lisa Innocentini 2008-03-10 22.45.28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.104 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Lisa Innocentini\Desktop\Combo-Fix.exe
* Creato nuovo punto di ripristino

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\recover.reg

.
((((((((((((((((((((((((( Files Creati Da 2008-02-10 al 2008-03-10 )))))))))))))))))))))))))))))))))))
.

2008-03-10 21:48 . 2008-03-10 21:48 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-10 21:42 . 2008-03-10 21:42 <DIR> d-------- C:\Programmi\Realtek
2008-03-10 21:42 . 2008-03-10 21:42 <DIR> d-------- C:\Programmi\Intel Desktop Board
2008-03-10 21:42 . 2004-06-18 17:32 7,469,056 --------- C:\WINDOWS\RTLCPL.exe
2008-03-10 21:42 . 2004-06-17 15:43 2,550,272 --------- C:\WINDOWS\alcwzrd.exe
2008-03-10 21:42 . 2004-06-18 18:19 2,189,440 --------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-03-10 21:42 . 2004-05-04 19:05 309,760 --------- C:\WINDOWS\system32\ALSndMgr.Cpl
2008-03-10 21:42 . 2004-02-27 10:10 156,160 --------- C:\WINDOWS\system32\RtlCPAPI.dll
2008-03-10 21:42 . 2004-06-17 16:12 69,632 --------- C:\WINDOWS\SoundMan.exe
2008-03-10 18:13 . 2008-03-10 21:10 <DIR> d-------- C:\Programmi\Navilog1
2008-03-10 00:58 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-10 00:58 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-10 00:58 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-10 00:57 . 2008-03-10 01:08 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-03-10 00:55 . 2008-03-10 00:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-10 00:55 . 2008-03-10 00:56 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-10 00:55 . 2008-03-10 02:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-08 12:29 . 2008-03-08 12:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-03-08 02:50 . 2008-03-05 02:37 <DIR> d-------- C:\SDFix
2008-03-08 02:37 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-08 02:37 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-08 02:37 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-08 02:37 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-08 02:37 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-08 02:37 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-08 02:37 . 2008-03-08 02:42 3,588 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-07 19:55 . 2008-03-07 19:55 <DIR> d-------- C:\WINDOWS\report
2008-03-07 19:54 . 2008-03-07 19:54 <DIR> d-------- C:\WINDOWS\AU_Backup
2008-03-07 19:54 . 2008-03-07 19:54 35,479,541 --a------ C:\WINDOWS\LPT$VPN.145
2008-03-07 19:54 . 2008-03-07 19:54 1,926,288 --a------ C:\WINDOWS\tsc.ptn
2008-03-07 19:54 . 2008-03-07 19:54 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-03-07 19:54 . 2008-03-07 19:54 267,845 --a------ C:\WINDOWS\tsc.exe
2008-03-07 19:54 . 2008-03-07 19:54 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-03-07 19:54 . 2008-03-07 19:54 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-03-07 19:54 . 2008-03-07 19:57 823 --a------ C:\WINDOWS\tsc.ini
2008-03-07 19:53 . 2008-03-07 19:54 35,479,541 --a------ C:\WINDOWS\VPTNFILE.145
2008-03-07 19:52 . 2008-03-07 19:54 <DIR> d-------- C:\WINDOWS\AU_Temp
2008-03-07 19:52 . 2008-03-07 19:52 <DIR> d-------- C:\WINDOWS\AU_Log
2008-03-07 19:52 . 2008-03-07 19:52 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-03-07 19:52 . 2008-03-07 19:52 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-03-07 19:52 . 2008-03-07 19:52 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-03-07 19:52 . 2008-03-07 19:52 170 --a------ C:\WINDOWS\GetServer.ini
2008-03-07 19:50 . 2008-03-07 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-03-07 19:33 . 2008-03-07 19:33 <DIR> d-------- C:\Programmi\Yahoo!
2008-03-07 19:28 . 2008-03-07 19:28 <DIR> d-------- C:\Documents and Settings\administrateur\Dati applicazioni\AVG7
2008-03-07 19:27 . 2005-09-21 16:01 <DIR> d-------- C:\Documents and Settings\administrateur\WINDOWS
2008-03-07 19:27 . 2005-09-21 12:07 <DIR> d--h----- C:\Documents and Settings\administrateur\Risorse di stampa
2008-03-07 19:27 . 2006-04-07 16:05 <DIR> d-------- C:\Documents and Settings\administrateur\Risorse di rete
2008-03-07 19:27 . 2008-03-07 19:28 <DIR> dr------- C:\Documents and Settings\administrateur\Preferiti
2008-03-07 19:27 . 2006-04-21 21:38 <DIR> d--hs---- C:\Documents and Settings\administrateur\NetworkService
2008-03-07 19:27 . 2005-09-21 10:12 <DIR> d--h----- C:\Documents and Settings\administrateur\Modelli
2008-03-07 19:27 . 2005-09-21 12:07 <DIR> dr------- C:\Documents and Settings\administrateur\Menu Avvio
2008-03-07 19:27 . 2005-09-21 12:07 <DIR> d--h----- C:\Documents and Settings\administrateur\Impostazioni locali
2008-03-07 19:27 . 2008-03-07 19:27 <DIR> dr------- C:\Documents and Settings\administrateur\Documenti
2008-03-07 19:27 . 2005-09-21 16:15 <DIR> d-------- C:\Documents and Settings\administrateur\Dati applicazioni\toshiba
2008-03-07 19:27 . 2005-09-22 07:38 <DIR> d-------- C:\Documents and Settings\administrateur\Dati applicazioni\Symantec
2008-03-07 19:27 . 2005-09-22 07:31 <DIR> d-------- C:\Documents and Settings\administrateur\Dati applicazioni\Sonic
2008-03-07 19:27 . 2008-03-07 19:50 <DIR> dr-h----- C:\Documents and Settings\administrateur\Dati applicazioni
2008-03-07 11:27 . 2008-03-07 18:59 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-03-07 11:26 . 2008-03-07 11:26 <DIR> d-------- C:\Programmi\File comuni\PC Tools
2008-02-19 00:06 . 2008-03-06 01:24 <DIR> d-------- C:\Programmi\eMule
2008-02-18 23:15 . 2008-02-18 23:15 <DIR> d-------- C:\Programmi\uTorrent
2008-02-18 23:15 . 2008-03-06 04:02 <DIR> d-------- C:\Documents and Settings\Lisa Innocentini\Dati applicazioni\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 21:46 --------- d-----w C:\Documents and Settings\Lisa Innocentini\Dati applicazioni\Skype
2008-03-10 21:32 --------- d-----w C:\Documents and Settings\Lisa Innocentini\Dati applicazioni\AVG7
2008-03-10 20:42 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-07 19:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-03-07 07:00 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-03-07 03:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-03-06 02:45 --------- d-----w C:\Programmi\Soulseek
2008-02-29 21:22 --------- d-----w C:\Documents and Settings\Lisa Innocentini\Dati applicazioni\U3
2006-09-24 22:17 24,192 ----a-w C:\Documents and Settings\Lisa Innocentini\usbsermptxp.sys
2006-09-24 22:17 22,768 ----a-w C:\Documents and Settings\Lisa Innocentini\usbsermpt.sys
2008-02-26 00:32 594,944 ----a-w C:\Programmi\mozilla firefox\plugins\MannequinPlayer2.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 11:00 15360]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 09:14 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2006-07-06 17:53 20034600]
"CTSyncU.exe"="C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 09:06 700416]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 10:50 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 19:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 19:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 19:10 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 09:10 88358 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]
"CeEKEY"="C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 13:04 671744]
"TPNF"="C:\Programmi\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 18:11 53248]
"HWSetup"="C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]
"Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 15:49 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 10:58 266240 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 12:33 118784]
"TFncKy"="TFncKy.exe" []
"PadTouch"="C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 11:36 1077329]
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 15:25 73728]
"NDSTray.exe"="NDSTray.exe" []
"CFSServ.exe"="CFSServ.exe" []
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 11:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-18 23:22 579072]
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2006-07-21 07:32 126976]
"RegistryMechanic"="" []
"Rtlupd"="C:\Programmi\Realtek\InstallShield\Rtlupd.exe" [2004-04-29 11:12 262144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 11:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-04 20:10 219136]

C:\Documents and Settings\Lisa Innocentini\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 07:03:44 59080]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Soulseek\\slsk.exe"=
"C:\\Programmi\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\Documents and Settings\\Lisa Innocentini\\Impostazioni locali\\Temp\\eMule0.46c\\emule.exe"=
"C:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\msncall.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 14:54]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2003-02-05 14:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d05b44c-a8d1-11dc-9423-000fb0dc8952}]
\Shell\auto\command - E:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - E:\Knight.exe open
\Shell\find\command - E:\Knight.exe open
\Shell\install\command - E:\Knight.exe open
\Shell\open\command - E:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44618e92-e6d6-11dc-9453-000fb0dc8952}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c96eb80-cf3c-11dc-9443-000fb0dc8952}]
\Shell\auto\command - E:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - E:\Knight.exe open
\Shell\find\command - E:\Knight.exe open
\Shell\install\command - E:\Knight.exe open
\Shell\open\command - E:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d4d4c1d-d613-11db-9306-000fb0dc8952}]
\Shell\auto\command - E:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - E:\Knight.exe open
\Shell\find\command - E:\Knight.exe open
\Shell\install\command - E:\Knight.exe open
\Shell\open\command - E:\Knight.exe open

.
Contenuto della cartella 'Scheduled Tasks'
"2006-04-14 09:05:00 C:\WINDOWS\Tasks\Promemoria registrazione 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-04-21 21:50:11 C:\WINDOWS\Tasks\Promemoria registrazione 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-04-28 21:50:11 C:\WINDOWS\Tasks\Promemoria registrazione 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 22:47:51
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-03-10 22.48.33
ComboFix-quarantined-files.txt 2008-03-10 21:48:18
.
2008-03-10 01:02:02 --- E O F ---