Kavo.exe infection de tous mes PC
Loukoum
-
terapi -
terapi -
Bonjour,
encore désolée de refaire un sujet là-dessu mais là je n'en peux plus!
j'ai un PC portable et un PC maison.
depuis deux mois mon PC portable au démarrage, faisait apparaitre un écran bleu avec un mesage d'erreur. Dell ne m'a pas vraiment aidé et quand je leur parlait de "kavo" il ne savait pas ce que c'était. j'ai decouvert ce que c'était ici.
depuis on a reformaté le PC portable... et n'ayant pas de disque dur externe, j'étais obligée de transférer les fichiers essentiels sur mon ipod et de mon ipod sur mon PC maison.
et tout à l'heure, mon PC maison a buggé et fait apparaitre l'écran bleu!!!!! le meme que celui de mon PC portable!!!!! et j'ai vu quelques jours avant un message d'erreur avec "kavo.exe". je pense que "kavo" s'est transféré sur mon pc maison via mon ipod!!!!
si c'est le cas comment je dois faire pour désinfecter mon ipod? car je dois remettre tous mes dossiers sur mon PC portable qui est maintenant réparé.
comment faire pour éradiquer kavo et éviter qu'il ne se retransmette encore sur mon PC portable?
Je suis étudiante en dernière année!!! c'est une année importante pour moi car j'ai mon mémoire et là je risque de tout perdre mes cours!!!
encore merci du fond du coeur aux personnes qui me répondront!!!
biz
encore désolée de refaire un sujet là-dessu mais là je n'en peux plus!
j'ai un PC portable et un PC maison.
depuis deux mois mon PC portable au démarrage, faisait apparaitre un écran bleu avec un mesage d'erreur. Dell ne m'a pas vraiment aidé et quand je leur parlait de "kavo" il ne savait pas ce que c'était. j'ai decouvert ce que c'était ici.
depuis on a reformaté le PC portable... et n'ayant pas de disque dur externe, j'étais obligée de transférer les fichiers essentiels sur mon ipod et de mon ipod sur mon PC maison.
et tout à l'heure, mon PC maison a buggé et fait apparaitre l'écran bleu!!!!! le meme que celui de mon PC portable!!!!! et j'ai vu quelques jours avant un message d'erreur avec "kavo.exe". je pense que "kavo" s'est transféré sur mon pc maison via mon ipod!!!!
si c'est le cas comment je dois faire pour désinfecter mon ipod? car je dois remettre tous mes dossiers sur mon PC portable qui est maintenant réparé.
comment faire pour éradiquer kavo et éviter qu'il ne se retransmette encore sur mon PC portable?
Je suis étudiante en dernière année!!! c'est une année importante pour moi car j'ai mon mémoire et là je risque de tout perdre mes cours!!!
encore merci du fond du coeur aux personnes qui me répondront!!!
biz
A voir également:
- Kavo.exe infection de tous mes PC
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
5 réponses
je viens de télécharger combofix qui a fait l'Analyse, puis j'ai redémarré le PC.
ci-après le rapport d'analyse :
ComboFix 08-03-24.2 - Hassia 2008-03-25 13:38:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.89 [GMT 1:00]
Endroit: C:\Documents and Settings\Hassia\Mes documents\HASSIA.MIR\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
-- Script messages for sUBs --
VFind -td "C:\WINDOWS\system32\baiso*"
CF24276.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*
CF24276.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF24276.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))))))))
.
2008-03-20 19:44 . 2008-03-20 19:44 96,768 -r-hs---- C:\WINDOWS\system32\kavo2.dll
2008-03-18 22:06 . 2008-03-18 22:06 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-18 22:05 . 2008-03-18 22:05 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-18 21:03 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-18 21:03 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-18 21:03 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-18 21:03 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-18 21:03 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-18 21:03 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-18 21:03 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-18 21:03 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-18 21:03 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-18 21:02 . 2008-03-18 21:05 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-18 20:05 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-03-18 20:05 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-03-18 20:05 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-03-18 11:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-18 11:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-18 11:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-17 20:51 . 2006-05-08 03:00 75,264 --a------ C:\WINDOWS\system32\E_FLBBPE.DLL
2008-03-17 20:51 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBPE.DLL
2008-03-17 20:51 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-03-17 20:44 . 2008-03-17 20:44 <REP> d-------- C:\Program Files\EPSON Print CD
2008-03-17 20:43 . 2008-03-17 20:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-03-17 20:41 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-17 20:39 . 2004-08-04 07:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-17 20:30 . 2008-03-17 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-03-17 20:29 . 2008-03-17 20:44 <REP> d-------- C:\Program Files\epson
2008-03-17 20:29 . 2006-03-20 00:00 63,488 --a------ C:\WINDOWS\system32\escwiad.dll
2008-03-17 20:29 . 2008-03-17 20:29 25 --a------ C:\WINDOWS\CDE RX560EFGD.ini
2008-03-17 15:13 . 2008-03-17 15:13 <REP> d-------- C:\Documents and Settings\Hassia\Contacts
2008-03-17 15:10 . 2008-03-17 15:10 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-17 15:08 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-17 15:04 . 2008-03-18 22:22 <REP> d-------- C:\Program Files\Windows Live
2008-03-17 15:04 . 2008-03-18 22:05 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-17 15:03 . 2008-03-18 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-17 14:51 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-17 14:51 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-17 14:51 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-17 14:51 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 13:31 . 2008-03-17 20:56 113,607 -r-hs---- C:\tmf3w3g0.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 12:11 --------- d-----w C:\Program Files\Wanadoo
2008-03-17 19:50 --------- d-----w C:\Program Files\jeu de la bière grossiste
2008-03-17 19:50 --------- d-----w C:\Program Files\jeu de la bière brasseur
2008-03-17 19:50 --------- d-----w C:\Program Files\eMule
2008-03-17 19:50 --------- d-----w C:\Documents and Settings\Hassia\Application Data\Skype
2008-03-17 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 19:47 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2005-11-07 16:01 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
1999-04-06 12:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2004-05-12 00:03 1038336]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"EPSON Stylus Photo RX560 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.exe" [2006-05-23 05:00 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 10:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" [ ]
"PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" [ ]
"Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" [ ]
"AtiPTA"="atiptaxx.exe" [2002-07-25 11:04 290816 C:\WINDOWS\system32\atiptaxx.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 10:15 684032]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SearchUpgrader"="C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe" [ ]
"QuickTime Task"="C:\qttask.exe" [2004-12-26 18:51 77824]
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2003-11-17 10:52 208896]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-03-31 17:45 210112]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-06-03 04:43 935688]
"SNCT511"="C:\WINDOWS\vsnct511.exe" [2003-07-24 16:38 32768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2004-10-15 21:20:45 954475]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 13:27:42 46080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 20:28]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S2 PCC_PFW;PC-Cillin Personal Firewall;C:\WINDOWS\system32\Drivers\PCC_PFW.sys []
S3 RescueDrv;Inventel Access Point USB Rescue Driver;C:\WINDOWS\system32\Drivers\resc_dwb.sys [2003-04-24 11:03]
S3 SNCT511;VideoCAM Eye;C:\WINDOWS\system32\DRIVERS\snct511.sys [2005-02-03 15:22]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
*Newly Created Service* - CATCHME
*Newly Created Service* - SISPORT
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 13:48:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(????3?w???w?????3?w ??w???[:???????d???r??[1??[???[d??????[?-?[????z??w8h?[\2?[?1?[htinst.INI?[?u?[????d????????F?
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-25 13:53:40
ComboFix-quarantined-files.txt 2008-03-25 12:53:27
.
2008-03-19 22:59:07 --- E O F ---
que dois-je faire maintenant? merci
biz
ci-après le rapport d'analyse :
ComboFix 08-03-24.2 - Hassia 2008-03-25 13:38:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.89 [GMT 1:00]
Endroit: C:\Documents and Settings\Hassia\Mes documents\HASSIA.MIR\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
-- Script messages for sUBs --
VFind -td "C:\WINDOWS\system32\baiso*"
CF24276.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*
CF24276.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF24276.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))))))))
.
2008-03-20 19:44 . 2008-03-20 19:44 96,768 -r-hs---- C:\WINDOWS\system32\kavo2.dll
2008-03-18 22:06 . 2008-03-18 22:06 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-18 22:05 . 2008-03-18 22:05 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-18 21:03 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-18 21:03 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-18 21:03 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-18 21:03 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-18 21:03 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-18 21:03 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-18 21:03 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-18 21:03 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-18 21:03 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-18 21:02 . 2008-03-18 21:05 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-18 20:05 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-03-18 20:05 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-03-18 20:05 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-03-18 11:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-18 11:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-18 11:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-17 20:51 . 2006-05-08 03:00 75,264 --a------ C:\WINDOWS\system32\E_FLBBPE.DLL
2008-03-17 20:51 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBPE.DLL
2008-03-17 20:51 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-03-17 20:44 . 2008-03-17 20:44 <REP> d-------- C:\Program Files\EPSON Print CD
2008-03-17 20:43 . 2008-03-17 20:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-03-17 20:41 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-17 20:39 . 2004-08-04 07:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-17 20:30 . 2008-03-17 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-03-17 20:29 . 2008-03-17 20:44 <REP> d-------- C:\Program Files\epson
2008-03-17 20:29 . 2006-03-20 00:00 63,488 --a------ C:\WINDOWS\system32\escwiad.dll
2008-03-17 20:29 . 2008-03-17 20:29 25 --a------ C:\WINDOWS\CDE RX560EFGD.ini
2008-03-17 15:13 . 2008-03-17 15:13 <REP> d-------- C:\Documents and Settings\Hassia\Contacts
2008-03-17 15:10 . 2008-03-17 15:10 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-17 15:08 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-17 15:04 . 2008-03-18 22:22 <REP> d-------- C:\Program Files\Windows Live
2008-03-17 15:04 . 2008-03-18 22:05 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-17 15:03 . 2008-03-18 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-17 14:51 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-17 14:51 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-17 14:51 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-17 14:51 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 13:31 . 2008-03-17 20:56 113,607 -r-hs---- C:\tmf3w3g0.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 12:11 --------- d-----w C:\Program Files\Wanadoo
2008-03-17 19:50 --------- d-----w C:\Program Files\jeu de la bière grossiste
2008-03-17 19:50 --------- d-----w C:\Program Files\jeu de la bière brasseur
2008-03-17 19:50 --------- d-----w C:\Program Files\eMule
2008-03-17 19:50 --------- d-----w C:\Documents and Settings\Hassia\Application Data\Skype
2008-03-17 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 19:47 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2005-11-07 16:01 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
1999-04-06 12:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2004-05-12 00:03 1038336]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"EPSON Stylus Photo RX560 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.exe" [2006-05-23 05:00 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 10:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" [ ]
"PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" [ ]
"Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" [ ]
"AtiPTA"="atiptaxx.exe" [2002-07-25 11:04 290816 C:\WINDOWS\system32\atiptaxx.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 10:15 684032]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SearchUpgrader"="C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe" [ ]
"QuickTime Task"="C:\qttask.exe" [2004-12-26 18:51 77824]
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2003-11-17 10:52 208896]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-03-31 17:45 210112]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-06-03 04:43 935688]
"SNCT511"="C:\WINDOWS\vsnct511.exe" [2003-07-24 16:38 32768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2004-10-15 21:20:45 954475]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 13:27:42 46080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 20:28]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S2 PCC_PFW;PC-Cillin Personal Firewall;C:\WINDOWS\system32\Drivers\PCC_PFW.sys []
S3 RescueDrv;Inventel Access Point USB Rescue Driver;C:\WINDOWS\system32\Drivers\resc_dwb.sys [2003-04-24 11:03]
S3 SNCT511;VideoCAM Eye;C:\WINDOWS\system32\DRIVERS\snct511.sys [2005-02-03 15:22]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
*Newly Created Service* - CATCHME
*Newly Created Service* - SISPORT
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 13:48:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(????3?w???w?????3?w ??w???[:???????d???r??[1??[???[d??????[?-?[????z??w8h?[\2?[?1?[htinst.INI?[?u?[????d????????F?
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-25 13:53:40
ComboFix-quarantined-files.txt 2008-03-25 12:53:27
.
2008-03-19 22:59:07 --- E O F ---
que dois-je faire maintenant? merci
biz
je viens de télcharger RAV avec mon ipod branché et apres analyse il me dit que mon ordinateur est sain.
ça veut dire que c'est fini ou pas avec kavo?
merci par avance.
biz
ça veut dire que c'est fini ou pas avec kavo?
merci par avance.
biz
je viens de faire un scan avec SUPERanriSpyware et il me dit qu'il n'a rien trouvé.
j'ai refait une analyse avec combofix qui est la suivante :
ComboFix 08-03-24.2 - Hassia 2008-03-25 14:50:58.2 - NTFSx86
Endroit: C:\Documents and Settings\Hassia\Mes documents\HASSIA.MIR\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
-- Script messages for sUBs --
VFind -td "C:\WINDOWS\system32\baiso*"
CF5837.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*
CF5837.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF5837.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
((((((((((((((((((((((((((((( Fichiers créés 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))))))))
.
2008-03-25 14:35 . 2008-03-25 14:46 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-25 14:35 . 2008-03-25 14:35 <REP> d-------- C:\Documents and Settings\Hassia\Application Data\SUPERAntiSpyware.com
2008-03-25 14:35 . 2008-03-25 14:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-18 22:06 . 2008-03-18 22:06 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-18 22:05 . 2008-03-18 22:05 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-18 21:03 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-18 21:03 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-18 21:03 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-18 21:03 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-18 21:03 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-18 21:03 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-18 21:03 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-18 21:03 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-18 21:03 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-18 21:02 . 2008-03-18 21:05 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-18 20:05 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-03-18 20:05 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-03-18 20:05 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-03-18 11:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-18 11:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-18 11:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-17 20:51 . 2006-05-08 03:00 75,264 --a------ C:\WINDOWS\system32\E_FLBBPE.DLL
2008-03-17 20:51 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBPE.DLL
2008-03-17 20:51 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-03-17 20:44 . 2008-03-17 20:44 <REP> d-------- C:\Program Files\EPSON Print CD
2008-03-17 20:43 . 2008-03-17 20:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-03-17 20:41 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-17 20:39 . 2004-08-04 07:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-17 20:30 . 2008-03-17 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-03-17 20:29 . 2008-03-17 20:44 <REP> d-------- C:\Program Files\epson
2008-03-17 20:29 . 2006-03-20 00:00 63,488 --a------ C:\WINDOWS\system32\escwiad.dll
2008-03-17 20:29 . 2008-03-17 20:29 25 --a------ C:\WINDOWS\CDE RX560EFGD.ini
2008-03-17 15:13 . 2008-03-17 15:13 <REP> d-------- C:\Documents and Settings\Hassia\Contacts
2008-03-17 15:10 . 2008-03-17 15:10 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-17 15:08 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-17 15:04 . 2008-03-18 22:22 <REP> d-------- C:\Program Files\Windows Live
2008-03-17 15:04 . 2008-03-18 22:05 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-17 15:03 . 2008-03-18 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-17 14:51 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-17 14:51 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-17 14:51 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-17 14:51 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 13:31 . 2008-03-17 20:56 113,607 -r-hs---- C:\tmf3w3g0.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 13:17 --------- d-----w C:\Program Files\Wanadoo
2008-03-25 12:48 28,160 ----a-w C:\WINDOWS\Internet Logs\xDBCC.tmp
2008-03-25 12:48 1,730,048 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2008-03-25 12:00 143,360 ----a-w C:\WINDOWS\Internet Logs\xDBC9.tmp
2008-03-25 12:00 1,730,560 ----a-w C:\WINDOWS\Internet Logs\xDBC8.tmp
2008-03-19 22:57 1,724,416 ----a-w C:\WINDOWS\Internet Logs\xDBC7.tmp
2008-03-18 19:28 215,552 ----a-w C:\WINDOWS\Internet Logs\xDBC6.tmp
2008-03-18 19:28 1,693,696 ----a-w C:\WINDOWS\Internet Logs\xDBC5.tmp
2008-03-17 19:50 --------- d-----w C:\Program Files\jeu de la bière grossiste
2008-03-17 19:50 --------- d-----w C:\Program Files\jeu de la bière brasseur
2008-03-17 19:50 --------- d-----w C:\Program Files\eMule
2008-03-17 19:50 --------- d-----w C:\Documents and Settings\Hassia\Application Data\Skype
2008-03-17 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 19:47 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2006-06-28 09:33 186,880 ----a-w C:\WINDOWS\Internet Logs\xDBC4.tmp
2006-06-28 09:33 1,613,312 ----a-w C:\WINDOWS\Internet Logs\xDBC3.tmp
2006-01-02 22:15 1,595,904 ----a-w C:\WINDOWS\Internet Logs\xDBC2.tmp
2005-12-21 00:36 61,440 ----a-w C:\WINDOWS\Internet Logs\xDBC1.tmp
2005-12-21 00:36 1,595,904 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp
2005-12-20 17:33 1,595,904 ----a-w C:\WINDOWS\Internet Logs\xDBBF.tmp
2005-12-12 20:19 103,936 ----a-w C:\WINDOWS\Internet Logs\xDBBE.tmp
2005-12-12 20:19 1,593,856 ----a-w C:\WINDOWS\Internet Logs\xDBBD.tmp
2005-11-14 15:37 377,856 ----a-w C:\WINDOWS\Internet Logs\xDBBC.tmp
2005-11-14 15:37 1,588,224 ----a-w C:\WINDOWS\Internet Logs\xDBBB.tmp
2005-11-07 16:01 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-11-02 23:18 352,256 ----a-w C:\WINDOWS\Internet Logs\xDBBA.tmp
2005-11-02 23:17 1,550,336 ----a-w C:\WINDOWS\Internet Logs\xDBB9.tmp
2005-11-02 00:01 2,765,312 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp
2005-11-02 00:01 1,549,824 ----a-w C:\WINDOWS\Internet Logs\xDBB7.tmp
2005-11-02 00:01 1,549,824 ----a-w C:\WINDOWS\Internet Logs\xDBB6.tmp
2005-10-28 23:32 1,542,656 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp
2005-10-26 22:39 6,586,368 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp
2005-10-26 22:38 1,537,536 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp
2005-10-22 17:18 608,256 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp
2005-10-22 17:18 1,526,784 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp
2005-10-20 23:02 2,714,112 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp
2005-10-20 23:02 1,516,032 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp
2005-10-16 22:36 1,492,992 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp
2005-10-15 17:29 924,672 ----a-w C:\WINDOWS\Internet Logs\xDBAD.tmp
2005-10-15 17:29 1,491,968 ----a-w C:\WINDOWS\Internet Logs\xDBAC.tmp
2005-10-14 23:01 401,408 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp
2005-10-14 23:01 1,491,968 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp
2005-10-14 17:19 1,491,968 ----a-w C:\WINDOWS\Internet Logs\xDBA8.tmp
2005-10-14 17:19 1,299,968 ----a-w C:\WINDOWS\Internet Logs\xDBA9.tmp
2005-10-12 17:41 332,288 ----a-w C:\WINDOWS\Internet Logs\xDBA7.tmp
2005-10-12 17:41 1,488,384 ----a-w C:\WINDOWS\Internet Logs\xDBA6.tmp
2005-10-11 22:41 2,666,496 ----a-w C:\WINDOWS\Internet Logs\xDBA5.tmp
2005-10-11 22:41 1,489,408 ----a-w C:\WINDOWS\Internet Logs\xDBA4.tmp
2005-10-08 14:01 1,484,800 ----a-w C:\WINDOWS\Internet Logs\xDBA2.tmp
2005-10-08 14:00 105,984 ----a-w C:\WINDOWS\Internet Logs\xDBA3.tmp
2005-10-07 23:46 558,080 ----a-w C:\WINDOWS\Internet Logs\xDBA1.tmp
2005-10-07 23:46 1,484,800 ----a-w C:\WINDOWS\Internet Logs\xDBA0.tmp
2005-10-06 23:18 827,904 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2005-10-06 23:18 1,484,288 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2005-10-06 17:59 2,888,704 ----a-w C:\WINDOWS\Internet Logs\xDB9D.tmp
2005-10-06 17:59 1,484,288 ----a-w C:\WINDOWS\Internet Logs\xDB9C.tmp
2005-10-05 22:45 1,536,000 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
2005-10-05 22:45 1,484,288 ----a-w C:\WINDOWS\Internet Logs\xDB9A.tmp
2005-10-03 22:47 632,832 ----a-w C:\WINDOWS\Internet Logs\xDB99.tmp
2005-10-03 22:47 1,482,752 ----a-w C:\WINDOWS\Internet Logs\xDB98.tmp
2005-10-03 13:55 830,464 ----a-w C:\WINDOWS\Internet Logs\xDB97.tmp
2005-10-03 13:55 1,481,728 ----a-w C:\WINDOWS\Internet Logs\xDB96.tmp
2005-10-02 22:39 1,482,240 ----a-w C:\WINDOWS\Internet Logs\xDB95.tmp
2005-10-02 15:24 1,612,800 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp
2005-10-02 15:24 1,482,240 ----a-w C:\WINDOWS\Internet Logs\xDB93.tmp
2005-10-01 00:39 1,481,728 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2005-09-28 23:17 1,480,704 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp
2005-09-28 23:16 1,134,080 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp
2005-09-27 23:19 1,480,192 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp
2005-09-27 23:18 526,848 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp
2005-09-27 17:55 1,480,192 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2005-09-27 17:54 1,173,504 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp
2005-09-25 23:23 2,103,296 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp
2005-09-25 23:23 1,478,144 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp
2005-09-23 00:44 2,107,904 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp
2005-09-23 00:44 1,475,584 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2005-09-22 00:04 1,475,072 ----a-w C:\WINDOWS\Internet Logs\xDB87.tmp
2005-09-20 15:10 276,480 ----a-w C:\WINDOWS\Internet Logs\xDB86.tmp
2005-09-20 15:10 1,473,536 ----a-w C:\WINDOWS\Internet Logs\xDB85.tmp
2005-09-20 00:04 324,096 ----a-w C:\WINDOWS\Internet Logs\xDB84.tmp
2005-09-20 00:04 1,474,048 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp
2005-09-19 16:49 1,576,448 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp
2005-09-19 16:49 1,474,048 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp
2005-09-17 17:37 1,472,000 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp
2005-09-16 08:02 1,466,880 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2005-09-16 08:00 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp
2005-09-16 00:58 893,440 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp
2005-09-16 00:58 1,466,880 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2005-09-15 11:35 649,728 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2005-09-15 11:35 1,466,880 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2005-09-14 16:54 450,048 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2005-09-14 16:54 1,466,368 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2005-09-14 00:06 1,975,296 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2005-09-14 00:06 1,468,416 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2005-09-13 09:18 946,176 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2005-09-13 09:18 1,465,344 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2005-09-12 14:18 1,464,320 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2005-09-12 14:16 803,328 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2005-09-10 18:01 1,461,248 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2005-09-10 18:01 1,112,064 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
.
((((((((((((((((((((((((((((( snapshot@2008-03-25_13.53.10,58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-25 13:35:13 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-03-25 13:35:13 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-25 13:35:13 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-03-25 12:58:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_794.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2004-05-12 00:03 1038336]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"EPSON Stylus Photo RX560 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.exe" [2006-05-23 05:00 139264]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 10:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" [ ]
"PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" [ ]
"Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" [ ]
"AtiPTA"="atiptaxx.exe" [2002-07-25 11:04 290816 C:\WINDOWS\system32\atiptaxx.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 10:15 684032]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SearchUpgrader"="C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe" [ ]
"QuickTime Task"="C:\qttask.exe" [2004-12-26 18:51 77824]
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2003-11-17 10:52 208896]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-03-31 17:45 210112]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-06-03 04:43 935688]
"SNCT511"="C:\WINDOWS\vsnct511.exe" [2003-07-24 16:38 32768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2004-10-15 21:20:45 954475]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 13:27:42 46080]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-23 16:47]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 20:28]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S2 PCC_PFW;PC-Cillin Personal Firewall;C:\WINDOWS\system32\Drivers\PCC_PFW.sys []
S2 PCCPFW;PC-cillin PersonalFirewall;C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe []
S3 RescueDrv;Inventel Access Point USB Rescue Driver;C:\WINDOWS\system32\Drivers\resc_dwb.sys [2003-04-24 11:03]
S3 SNCT511;VideoCAM Eye;C:\WINDOWS\system32\DRIVERS\snct511.sys [2005-02-03 15:22]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 14:57:24
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(????3?w???w?????3?w ??w???[:???????d???r??[1??[???[d??????[?-?[????z??w8h?[\2?[?1?[htinst.INI?[?u?[????d????????F?
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Antivirus]
"ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashServ.exe\""
.
Temps d'accomplissement: 2008-03-25 15:00:36
ComboFix-quarantined-files.txt 2008-03-25 14:00:19
ComboFix2.txt 2008-03-25 12:53:42
.
2008-03-19 22:59:07 --- E O F ---
s'il vous plait est-ce que quelqu'un peut m'aider à analyser tout ça??? merci!
est ce que kavo est toujours là?
biz
j'ai refait une analyse avec combofix qui est la suivante :
ComboFix 08-03-24.2 - Hassia 2008-03-25 14:50:58.2 - NTFSx86
Endroit: C:\Documents and Settings\Hassia\Mes documents\HASSIA.MIR\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
-- Script messages for sUBs --
VFind -td "C:\WINDOWS\system32\baiso*"
CF5837.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*
CF5837.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF5837.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
((((((((((((((((((((((((((((( Fichiers créés 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))))))))
.
2008-03-25 14:35 . 2008-03-25 14:46 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-25 14:35 . 2008-03-25 14:35 <REP> d-------- C:\Documents and Settings\Hassia\Application Data\SUPERAntiSpyware.com
2008-03-25 14:35 . 2008-03-25 14:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-18 22:06 . 2008-03-18 22:06 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-18 22:05 . 2008-03-18 22:05 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-18 21:03 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-18 21:03 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-18 21:03 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-18 21:03 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-18 21:03 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-18 21:03 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-18 21:03 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-18 21:03 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-18 21:03 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-18 21:02 . 2008-03-18 21:05 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-18 20:05 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-03-18 20:05 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-03-18 20:05 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-03-18 11:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-18 11:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-18 11:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-17 20:51 . 2006-05-08 03:00 75,264 --a------ C:\WINDOWS\system32\E_FLBBPE.DLL
2008-03-17 20:51 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBPE.DLL
2008-03-17 20:51 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-03-17 20:44 . 2008-03-17 20:44 <REP> d-------- C:\Program Files\EPSON Print CD
2008-03-17 20:43 . 2008-03-17 20:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-03-17 20:41 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-17 20:39 . 2004-08-04 07:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-17 20:30 . 2008-03-17 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-03-17 20:29 . 2008-03-17 20:44 <REP> d-------- C:\Program Files\epson
2008-03-17 20:29 . 2006-03-20 00:00 63,488 --a------ C:\WINDOWS\system32\escwiad.dll
2008-03-17 20:29 . 2008-03-17 20:29 25 --a------ C:\WINDOWS\CDE RX560EFGD.ini
2008-03-17 15:13 . 2008-03-17 15:13 <REP> d-------- C:\Documents and Settings\Hassia\Contacts
2008-03-17 15:10 . 2008-03-17 15:10 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-17 15:08 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-17 15:04 . 2008-03-18 22:22 <REP> d-------- C:\Program Files\Windows Live
2008-03-17 15:04 . 2008-03-18 22:05 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-17 15:03 . 2008-03-18 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-17 14:51 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-17 14:51 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-17 14:51 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-17 14:51 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-17 13:31 . 2008-03-17 20:56 113,607 -r-hs---- C:\tmf3w3g0.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 13:17 --------- d-----w C:\Program Files\Wanadoo
2008-03-25 12:48 28,160 ----a-w C:\WINDOWS\Internet Logs\xDBCC.tmp
2008-03-25 12:48 1,730,048 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2008-03-25 12:00 143,360 ----a-w C:\WINDOWS\Internet Logs\xDBC9.tmp
2008-03-25 12:00 1,730,560 ----a-w C:\WINDOWS\Internet Logs\xDBC8.tmp
2008-03-19 22:57 1,724,416 ----a-w C:\WINDOWS\Internet Logs\xDBC7.tmp
2008-03-18 19:28 215,552 ----a-w C:\WINDOWS\Internet Logs\xDBC6.tmp
2008-03-18 19:28 1,693,696 ----a-w C:\WINDOWS\Internet Logs\xDBC5.tmp
2008-03-17 19:50 --------- d-----w C:\Program Files\jeu de la bière grossiste
2008-03-17 19:50 --------- d-----w C:\Program Files\jeu de la bière brasseur
2008-03-17 19:50 --------- d-----w C:\Program Files\eMule
2008-03-17 19:50 --------- d-----w C:\Documents and Settings\Hassia\Application Data\Skype
2008-03-17 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 19:47 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2006-06-28 09:33 186,880 ----a-w C:\WINDOWS\Internet Logs\xDBC4.tmp
2006-06-28 09:33 1,613,312 ----a-w C:\WINDOWS\Internet Logs\xDBC3.tmp
2006-01-02 22:15 1,595,904 ----a-w C:\WINDOWS\Internet Logs\xDBC2.tmp
2005-12-21 00:36 61,440 ----a-w C:\WINDOWS\Internet Logs\xDBC1.tmp
2005-12-21 00:36 1,595,904 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp
2005-12-20 17:33 1,595,904 ----a-w C:\WINDOWS\Internet Logs\xDBBF.tmp
2005-12-12 20:19 103,936 ----a-w C:\WINDOWS\Internet Logs\xDBBE.tmp
2005-12-12 20:19 1,593,856 ----a-w C:\WINDOWS\Internet Logs\xDBBD.tmp
2005-11-14 15:37 377,856 ----a-w C:\WINDOWS\Internet Logs\xDBBC.tmp
2005-11-14 15:37 1,588,224 ----a-w C:\WINDOWS\Internet Logs\xDBBB.tmp
2005-11-07 16:01 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-11-02 23:18 352,256 ----a-w C:\WINDOWS\Internet Logs\xDBBA.tmp
2005-11-02 23:17 1,550,336 ----a-w C:\WINDOWS\Internet Logs\xDBB9.tmp
2005-11-02 00:01 2,765,312 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp
2005-11-02 00:01 1,549,824 ----a-w C:\WINDOWS\Internet Logs\xDBB7.tmp
2005-11-02 00:01 1,549,824 ----a-w C:\WINDOWS\Internet Logs\xDBB6.tmp
2005-10-28 23:32 1,542,656 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp
2005-10-26 22:39 6,586,368 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp
2005-10-26 22:38 1,537,536 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp
2005-10-22 17:18 608,256 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp
2005-10-22 17:18 1,526,784 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp
2005-10-20 23:02 2,714,112 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp
2005-10-20 23:02 1,516,032 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp
2005-10-16 22:36 1,492,992 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp
2005-10-15 17:29 924,672 ----a-w C:\WINDOWS\Internet Logs\xDBAD.tmp
2005-10-15 17:29 1,491,968 ----a-w C:\WINDOWS\Internet Logs\xDBAC.tmp
2005-10-14 23:01 401,408 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp
2005-10-14 23:01 1,491,968 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp
2005-10-14 17:19 1,491,968 ----a-w C:\WINDOWS\Internet Logs\xDBA8.tmp
2005-10-14 17:19 1,299,968 ----a-w C:\WINDOWS\Internet Logs\xDBA9.tmp
2005-10-12 17:41 332,288 ----a-w C:\WINDOWS\Internet Logs\xDBA7.tmp
2005-10-12 17:41 1,488,384 ----a-w C:\WINDOWS\Internet Logs\xDBA6.tmp
2005-10-11 22:41 2,666,496 ----a-w C:\WINDOWS\Internet Logs\xDBA5.tmp
2005-10-11 22:41 1,489,408 ----a-w C:\WINDOWS\Internet Logs\xDBA4.tmp
2005-10-08 14:01 1,484,800 ----a-w C:\WINDOWS\Internet Logs\xDBA2.tmp
2005-10-08 14:00 105,984 ----a-w C:\WINDOWS\Internet Logs\xDBA3.tmp
2005-10-07 23:46 558,080 ----a-w C:\WINDOWS\Internet Logs\xDBA1.tmp
2005-10-07 23:46 1,484,800 ----a-w C:\WINDOWS\Internet Logs\xDBA0.tmp
2005-10-06 23:18 827,904 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2005-10-06 23:18 1,484,288 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2005-10-06 17:59 2,888,704 ----a-w C:\WINDOWS\Internet Logs\xDB9D.tmp
2005-10-06 17:59 1,484,288 ----a-w C:\WINDOWS\Internet Logs\xDB9C.tmp
2005-10-05 22:45 1,536,000 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
2005-10-05 22:45 1,484,288 ----a-w C:\WINDOWS\Internet Logs\xDB9A.tmp
2005-10-03 22:47 632,832 ----a-w C:\WINDOWS\Internet Logs\xDB99.tmp
2005-10-03 22:47 1,482,752 ----a-w C:\WINDOWS\Internet Logs\xDB98.tmp
2005-10-03 13:55 830,464 ----a-w C:\WINDOWS\Internet Logs\xDB97.tmp
2005-10-03 13:55 1,481,728 ----a-w C:\WINDOWS\Internet Logs\xDB96.tmp
2005-10-02 22:39 1,482,240 ----a-w C:\WINDOWS\Internet Logs\xDB95.tmp
2005-10-02 15:24 1,612,800 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp
2005-10-02 15:24 1,482,240 ----a-w C:\WINDOWS\Internet Logs\xDB93.tmp
2005-10-01 00:39 1,481,728 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2005-09-28 23:17 1,480,704 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp
2005-09-28 23:16 1,134,080 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp
2005-09-27 23:19 1,480,192 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp
2005-09-27 23:18 526,848 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp
2005-09-27 17:55 1,480,192 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2005-09-27 17:54 1,173,504 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp
2005-09-25 23:23 2,103,296 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp
2005-09-25 23:23 1,478,144 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp
2005-09-23 00:44 2,107,904 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp
2005-09-23 00:44 1,475,584 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2005-09-22 00:04 1,475,072 ----a-w C:\WINDOWS\Internet Logs\xDB87.tmp
2005-09-20 15:10 276,480 ----a-w C:\WINDOWS\Internet Logs\xDB86.tmp
2005-09-20 15:10 1,473,536 ----a-w C:\WINDOWS\Internet Logs\xDB85.tmp
2005-09-20 00:04 324,096 ----a-w C:\WINDOWS\Internet Logs\xDB84.tmp
2005-09-20 00:04 1,474,048 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp
2005-09-19 16:49 1,576,448 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp
2005-09-19 16:49 1,474,048 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp
2005-09-17 17:37 1,472,000 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp
2005-09-16 08:02 1,466,880 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2005-09-16 08:00 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp
2005-09-16 00:58 893,440 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp
2005-09-16 00:58 1,466,880 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2005-09-15 11:35 649,728 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2005-09-15 11:35 1,466,880 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2005-09-14 16:54 450,048 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2005-09-14 16:54 1,466,368 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2005-09-14 00:06 1,975,296 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2005-09-14 00:06 1,468,416 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2005-09-13 09:18 946,176 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2005-09-13 09:18 1,465,344 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2005-09-12 14:18 1,464,320 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2005-09-12 14:16 803,328 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2005-09-10 18:01 1,461,248 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2005-09-10 18:01 1,112,064 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
.
((((((((((((((((((((((((((((( snapshot@2008-03-25_13.53.10,58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-25 13:35:13 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-03-25 13:35:13 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-25 13:35:13 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-03-25 12:58:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_794.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2004-05-12 00:03 1038336]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"EPSON Stylus Photo RX560 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.exe" [2006-05-23 05:00 139264]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 10:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" [ ]
"PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" [ ]
"Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" [ ]
"AtiPTA"="atiptaxx.exe" [2002-07-25 11:04 290816 C:\WINDOWS\system32\atiptaxx.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 10:15 684032]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SearchUpgrader"="C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe" [ ]
"QuickTime Task"="C:\qttask.exe" [2004-12-26 18:51 77824]
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2003-11-17 10:52 208896]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-03-31 17:45 210112]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-06-03 04:43 935688]
"SNCT511"="C:\WINDOWS\vsnct511.exe" [2003-07-24 16:38 32768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2004-10-15 21:20:45 954475]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 13:27:42 46080]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-23 16:47]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 20:28]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S2 PCC_PFW;PC-Cillin Personal Firewall;C:\WINDOWS\system32\Drivers\PCC_PFW.sys []
S2 PCCPFW;PC-cillin PersonalFirewall;C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe []
S3 RescueDrv;Inventel Access Point USB Rescue Driver;C:\WINDOWS\system32\Drivers\resc_dwb.sys [2003-04-24 11:03]
S3 SNCT511;VideoCAM Eye;C:\WINDOWS\system32\DRIVERS\snct511.sys [2005-02-03 15:22]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 14:57:24
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(????3?w???w?????3?w ??w???[:???????d???r??[1??[???[d??????[?-?[????z??w8h?[\2?[?1?[htinst.INI?[?u?[????d????????F?
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Antivirus]
"ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashServ.exe\""
.
Temps d'accomplissement: 2008-03-25 15:00:36
ComboFix-quarantined-files.txt 2008-03-25 14:00:19
ComboFix2.txt 2008-03-25 12:53:42
.
2008-03-19 22:59:07 --- E O F ---
s'il vous plait est-ce que quelqu'un peut m'aider à analyser tout ça??? merci!
est ce que kavo est toujours là?
biz
Utilise ceci, c'est un fix conçu spécialement pour ce virus
http://usa.lucretius-ada.com/zcvisitor/b76f3933-4873-11ea-8594-0ac37a316ed3?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
http://usa.lucretius-ada.com/zcvisitor/b76f3933-4873-11ea-8594-0ac37a316ed3?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question