A l'aide ( Virus Hostsnake ) - Page 2

Précédent
  • 1
  • 2
Réponse 21 / 30
Djet
 
Ok pas de soucis, un grand merci !!!!!!!!!!!!!!!!!!!!!!!!!
@ demain ;-)
0
Réponse 22 / 30
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

* télécharge ceci :http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
* Installez le programme sur le bureau :
o S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
* Faites les mises à jour (clic sur Mises à jour puis Recherche de mises à jour)
* Démarrez en mode sans échec
* Lancez le MalwareByte's Anti-Malware, cliquez sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs
* Une fois le scan terminé, cliquez sur supprimer (si un message demande à redémarrer le PC, acceptez !)
* Un rapport sera généré, enregistrez le de manière à le retrouver

==> poste le stp !

@+
0
Réponse 23 / 30
Djet
 
Bonsoir Green Day, donc voici le rapport :

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM6327bf40 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP795\A0138666.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP795\A0138667.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP795\A0138680.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP796\A0138694.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP796\snapshot\MFEX-1.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP797\snapshot\MFEX-1.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP798\A0138794.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP798\A0138808.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP798\A0138820.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP798\A0138832.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP798\A0139832.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP798\A0139850.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP798\A0139893.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP798\A0139923.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20956986-F224-4763-B3BB-E766DA4A8D5B}\RP798\snapshot\MFEX-1.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\System\aux (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
0
Réponse 24 / 30
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, poste un nouveau combo suivi d'un nouveau hijack, et dis moi où en sont tes soucis !

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 30
Djet
 
ComboFix 08-04-04.1 - admin 2008-04-07 23:36:25.6 - NTFSx86
Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.

2008-04-07 18:24 . 2008-04-07 18:24 <REP> d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-04-07 18:23 . 2008-04-07 18:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 18:23 . 2008-04-07 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 22:52 . 2008-04-06 22:52 <REP> d-------- C:\_OTMoveIt
2008-04-06 19:40 . 2008-04-06 19:40 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-06 19:34 . 2008-04-06 10:24 <REP> d-------- C:\SDFix
2008-04-06 18:55 . 2008-04-06 18:55 <REP> d-------- C:\VundoFix Backups
2008-04-06 17:51 . 2008-04-06 17:51 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 13:54 . 2008-04-06 13:54 <REP> d-------- C:\Documents and Settings\admin\Application Data\Grisoft
2008-04-06 13:54 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-06 01:25 . 2008-04-06 12:33 1,744 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-06 00:47 . 2008-04-06 00:47 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-06 00:41 . 2008-04-06 00:50 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-06 00:32 . 2008-04-06 00:32 121 --a------ C:\WINDOWS\bdagent.INI
2008-04-06 00:11 . 2008-04-06 13:28 <REP> d-------- C:\Program Files\Navilog1
2008-04-05 20:41 . 2008-04-05 20:41 <REP> d-------- C:\Program Files\BitDefender
2008-04-05 20:39 . 2008-04-05 20:42 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-04-05 18:24 . 2008-04-05 18:25 <REP> d-------- C:\Documents and Settings\admin\Application Data\AVG7
2008-04-05 18:23 . 2008-04-05 18:23 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-05 18:22 . 2008-04-05 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-05 17:10 . 2008-04-05 17:10 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-04-05 17:10 . 2008-04-05 17:10 3,120 --a------ C:\WINDOWS\118294.78
2008-04-05 17:09 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-04-05 17:09 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-04-05 17:09 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-04-05 16:38 . 2008-04-05 16:38 <REP> d-------- C:\WINDOWS\system32\save$$updater
2008-04-05 15:40 . 2008-04-05 20:47 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-04-05 15:28 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-05 15:28 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-05 15:27 . 2008-04-05 15:28 <REP> d-------- C:\Program Files\Picasa2
2008-04-05 13:52 . 2008-04-05 20:03 <REP> d-------- C:\Program Files\MSNFix
2008-04-05 02:32 . 2008-04-05 02:38 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-05 02:32 . 2008-04-05 02:32 <REP> d-------- C:\Documents and Settings\admin\Application Data\PC Tools
2008-04-05 02:32 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-05 02:32 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-05 02:32 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-05 02:32 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-04 18:07 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-04 16:47 . 2008-04-04 16:47 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-03 20:19 . 2008-04-05 04:15 <REP> d-------- C:\Program Files\a-squared Free
2008-04-02 14:50 . 2008-04-05 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 13:28 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-02 13:28 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-02 13:28 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-02 13:28 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-02 13:28 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-02 13:28 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-02 13:28 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-02 13:28 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-02 13:28 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-02 13:28 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 20:02 --------- d-----w C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2008-04-05 17:57 --------- d-----w C:\Program Files\Google
2008-04-05 16:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-05 16:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 15:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-05 14:42 --------- d-----w C:\Program Files\IBM
2008-04-05 00:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-02 11:27 --------- d-----w C:\Program Files\Alwil Software
2008-03-22 07:45 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Readme test meow
2008-02-27 08:28 --------- d-----w C:\Program Files\Windows Live
2008-02-23 02:38 43,872 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-19 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-10 20:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-10 20:07 --------- d-----w C:\Program Files\eMule
2008-02-10 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 19:44 --------- d-----w C:\Program Files\FranceTelecomUninstall
2008-02-10 19:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-02-10 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-10 17:38 --------- d-----w C:\Program Files\Lavasoft
2008-02-10 17:37 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-10 17:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 17:08 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-10 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\LICENSE FORD HOPE DRAW
2008-02-10 15:06 --------- d-----w C:\Program Files\Logitech
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((( snapshot@2008-04-06_18.30.36.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-06 08:18:57 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-06 17:41:03 7,995,392 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-04-06 17:41:03 262,144 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-06 08:18:57 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-06 17:40:51 7,995,392 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-04-06 17:40:51 262,144 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-07 17:55:38 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_674.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68CB3332-B0F5-4DD4-B213-7E423BE033F0}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BB21C6E-3DEB-7C31-F9CC-CD09BBB3AC6A}]
C:\DOCUME~1\admin\APPLIC~1\AMENJU~1\onenew.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E7A65D5-AD83-42E9-A906-6ACE19B3816F}]
C:\WINDOWS\system32\pmnli.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-20 01:10 380928 C:\WINDOWS\system32\irprops.cpl]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-07-10 14:25 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-07-10 14:13 114688]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 18:24 86016]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 09:37 40960]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 12:59 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 14:14 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-04 03:01 28739]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Rappels du Calendrier Microsoft Works.lnk - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 14:14:38 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhggf]
mljhggf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnnnk]
urqnnnk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lqu40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Sxd15.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S0 Lqu40;Lqu40;C:\WINDOWS\system32\Drivers\Lqu40.sys []
S0 Sxd15;Sxd15;C:\WINDOWS\system32\Drivers\Sxd15.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f092bd8-cdcf-11dc-8939-000d6027301a}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 23:40:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-07 23:43:29
ComboFix-quarantined-files.txt 2008-04-07 21:43:21
ComboFix2.txt 2008-04-06 21:59:23
ComboFix3.txt 2008-04-06 20:12:45
ComboFix4.txt 2008-04-06 16:31:19
ComboFix5.txt 2008-04-06 16:18:52
Pre-Run: 18,283,319,296 octets libres
Post-Run: 18,270,294,016 octets libres
.
2008-04-06 10:24:28 --- E O F ---

Voici le combo ! Mon pc ne rame plus et je n'ai plus rien apparemment ! Je ne sais pas si c'est bon mais ça a l"ai en tout cas. Merciiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii beaucoup vraiment merci ! Je suis content grave, Merci merci merci il n'y pas assez de mots de remerciement ! ;-)
0
Réponse 26 / 30
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :

File::

C:\WINDOWS\system32\awvtu.dll
C:\DOCUME~1\admin\APPLIC~1\AMENJU~1\onenew.exe
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\mljhggf.dll
C:\WINDOWS\system32\urqnnnk.dll

registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68CB3332-B0F5-4DD4-B213-7E423BE033F0}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BB21C6E-3DEB-7C31-F9CC-CD09BBB3AC6A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E7A65D5-AD83-42E9-A906-6ACE19B3816F}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhggf]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnnnk]


ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation :
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

@+

;-))
0
Réponse 27 / 30
Djet
 
Bonjour,

Je fais comme tu m'as dit mais voilà le combo s'ouvre pas, c'est normal où pas ?
0
Réponse 28 / 30
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
re

supprime le et retélécharge le !

++
0
Réponse 29 / 30
Djet
 
Voilà le combo :-)

ComboFix 08-04-08.4 - admin 2008-04-08 22:48:58.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.71 [GMT 2:00]
Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\DOCUME~1\admin\APPLIC~1\AMENJU~1\onenew.exe
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\mljhggf.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\urqnnnk.dll
.
TimedOut: Windir.dat
TimedOut: progfile.dat

((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
.

2008-04-08 22:34 . 2008-04-08 22:34 <REP> d-------- C:\ComboFix(2)
2008-04-07 18:24 . 2008-04-07 18:24 <REP> d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-04-07 18:23 . 2008-04-07 18:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 18:23 . 2008-04-07 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 22:52 . 2008-04-06 22:52 <REP> d-------- C:\_OTMoveIt
2008-04-06 19:40 . 2008-04-06 19:40 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-06 19:34 . 2008-04-06 10:24 <REP> d-------- C:\SDFix
2008-04-06 18:55 . 2008-04-06 18:55 <REP> d-------- C:\VundoFix Backups
2008-04-06 17:51 . 2008-04-06 17:51 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 13:54 . 2008-04-06 13:54 <REP> d-------- C:\Documents and Settings\admin\Application Data\Grisoft
2008-04-06 13:54 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-06 01:25 . 2008-04-06 12:33 1,744 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-06 00:47 . 2008-04-06 00:47 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-06 00:41 . 2008-04-06 00:50 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-06 00:32 . 2008-04-06 00:32 121 --a------ C:\WINDOWS\bdagent.INI
2008-04-06 00:11 . 2008-04-06 13:28 <REP> d-------- C:\Program Files\Navilog1
2008-04-05 20:41 . 2008-04-05 20:41 <REP> d-------- C:\Program Files\BitDefender
2008-04-05 20:39 . 2008-04-05 20:42 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-04-05 18:24 . 2008-04-05 18:25 <REP> d-------- C:\Documents and Settings\admin\Application Data\AVG7
2008-04-05 18:23 . 2008-04-05 18:23 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-05 18:22 . 2008-04-05 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-05 17:10 . 2008-04-05 17:10 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-04-05 17:10 . 2008-04-05 17:10 3,120 --a------ C:\WINDOWS\118294.78
2008-04-05 17:09 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-04-05 17:09 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-04-05 17:09 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-04-05 16:38 . 2008-04-05 16:38 <REP> d-------- C:\WINDOWS\system32\save$$updater
2008-04-05 15:40 . 2008-04-05 20:47 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-04-05 15:28 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-05 15:28 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-05 15:27 . 2008-04-05 15:28 <REP> d-------- C:\Program Files\Picasa2
2008-04-05 13:52 . 2008-04-05 20:03 <REP> d-------- C:\Program Files\MSNFix
2008-04-05 02:32 . 2008-04-05 02:38 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-05 02:32 . 2008-04-05 02:32 <REP> d-------- C:\Documents and Settings\admin\Application Data\PC Tools
2008-04-05 02:32 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-05 02:32 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-05 02:32 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-05 02:32 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-04 18:07 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-04 16:47 . 2008-04-04 16:47 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-03 20:19 . 2008-04-05 04:15 <REP> d-------- C:\Program Files\a-squared Free
2008-04-02 14:50 . 2008-04-05 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 13:28 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-02 13:28 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-02 13:28 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-02 13:28 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-02 13:28 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-02 13:28 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-02 13:28 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-02 13:28 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-02 13:28 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-02 13:28 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 17:08 --------- d-----w C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2008-04-05 17:57 --------- d-----w C:\Program Files\Google
2008-04-05 16:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-05 16:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 15:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-05 14:42 --------- d-----w C:\Program Files\IBM
2008-04-05 00:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-02 11:27 --------- d-----w C:\Program Files\Alwil Software
2008-03-22 07:45 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Readme test meow
2008-02-27 08:28 --------- d-----w C:\Program Files\Windows Live
2008-02-23 02:38 43,872 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-19 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-10 20:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-10 20:07 --------- d-----w C:\Program Files\eMule
2008-02-10 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 19:44 --------- d-----w C:\Program Files\FranceTelecomUninstall
2008-02-10 19:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-02-10 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-10 17:38 --------- d-----w C:\Program Files\Lavasoft
2008-02-10 17:37 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-10 17:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 17:08 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-10 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\LICENSE FORD HOPE DRAW
2008-02-10 15:06 --------- d-----w C:\Program Files\Logitech
2008-02-10 13:03 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((( snapshot@2008-04-06_18.30.36.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-06 08:18:57 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-06 17:41:03 7,995,392 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-04-06 17:41:03 262,144 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-06 08:18:57 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-06 17:40:51 7,995,392 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-04-06 17:40:51 262,144 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-08 18:01:00 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_650.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-20 01:10 380928 C:\WINDOWS\system32\irprops.cpl]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-07-10 14:25 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-07-10 14:13 114688]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 18:24 86016]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 09:37 40960]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 12:59 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 14:14 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-04 03:01 28739]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Rappels du Calendrier Microsoft Works.lnk - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 14:14:38 24633]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lqu40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Sxd15.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S0 Lqu40;Lqu40;C:\WINDOWS\system32\Drivers\Lqu40.sys []
S0 Sxd15;Sxd15;C:\WINDOWS\system32\Drivers\Sxd15.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f092bd8-cdcf-11dc-8939-000d6027301a}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 22:52:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-08 22:55:11
ComboFix-quarantined-files.txt 2008-04-08 20:55:07
ComboFix2.txt 2008-04-08 20:44:44
ComboFix3.txt 2008-04-07 21:43:31
ComboFix4.txt 2008-04-06 21:59:23
ComboFix5.txt 2008-04-06 20:12:45
Pre-Run: 18,175,541,248 octets libres
Post-Run: 18,163,757,056 octets libres
.
2008-04-06 10:24:28 --- E O F ---
0
Réponse 30 / 30
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

très bien !

fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0
Précédent
  • 1
  • 2

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Site pour regarder animé sans virus
ShaylahScarlet -
bendrop -

1 réponse