Probleme Trojan packed nsanti
zibi
-
totobetourne Messages postés 5677 Statut Membre -
totobetourne Messages postés 5677 Statut Membre -
bonjour
Je vous envoie ci joint le rapport de hijack et celui de combofix afin de verifier si le probleme a ete resolu..
Je vopus remercie d'avance..
Il faut dire que j'ai pas l'air trop rassure parce qu'il y'a un signe bizarre qui precede de mes documents word
le voici <gras>.~$</gras>
Le rapport combo fix
ComboFix 08-08-25.01 - All 2008-08-26 22:53:22.1 - NTFSx86
Endroit: C:\Documents and Settings\All\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All\Application Data\macromedia\Flash Player\#SharedObjects\ESNEL84W\bin.clearspring.com
C:\Documents and Settings\All\Application Data\macromedia\Flash Player\#SharedObjects\ESNEL84W\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\All\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\All\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\All\Cookies\all@ad.yieldmanager[2].txt
C:\Documents and Settings\All\Cookies\all@bluestreak[2].txt
C:\Documents and Settings\All\Cookies\all@edt02[1].txt
C:\Documents and Settings\All\Cookies\all@hits.gureport.co[1].txt
C:\Documents and Settings\All\Cookies\all@news.fr.msn[1].txt
C:\Documents and Settings\All\Cookies\all@serving-sys[2].txt
C:\Documents and Settings\All\Cookies\all@statcounter[2].txt
C:\Documents and Settings\All\Cookies\all@trafiz[2].txt
C:\Documents and Settings\All\Cookies\all@www.toutpourlamicro[1].txt
C:\dynrn6e.cmd
C:\e898.com
C:\nqgcd.com
C:\WINDOWS\2.exe
C:\WINDOWS\mywinsys.ini
C:\WINDOWS\system\svchest.exe
C:\WINDOWS\system32\AlxRes061230.exe
C:\WINDOWS\system32\dd.exe
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\mywebhit.ini.tmp
C:\WINDOWS\system32\scrsys061230.scr
C:\WINDOWS\system32\scrsys16_061230.scr
C:\WINDOWS\system32\tavo1.dll
C:\WINDOWS\system32\winsys32_061230.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OFFICE_SOURCE_ENGINE_HELP
-------\Service_Indexingbox
-------\Service_Office Source Engine Help
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
.
2008-08-26 23:24 . 2008-08-26 23:24 268 --ah----- C:\sqmdata12.sqm
2008-08-26 23:24 . 2008-08-26 23:24 244 --ah----- C:\sqmnoopt12.sqm
2008-08-26 21:11 . 2008-08-26 21:11 <REP> d-------- C:\Program Files\Trend Micro
2008-08-26 13:19 . 2008-08-26 13:19 <REP> d-------- C:\Documents and Settings\All\Application Data\Simply Super Software
2008-08-26 07:52 . 2008-08-26 07:52 <REP> d-------- C:\Program Files\Windows Sidebar
2008-08-26 07:51 . 2008-08-26 08:31 <REP> d-------- C:\Program Files\Norton AntiVirus
2008-08-26 07:49 . 2008-08-26 07:54 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-26 07:49 . 2008-08-26 07:54 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-26 06:05 . 2008-08-26 21:05 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-26 05:57 . 2008-08-26 05:58 <REP> d-------- C:\Program Files\Trojan Remover
2008-08-26 05:57 . 2008-08-26 05:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-26 05:57 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-26 05:57 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-26 05:57 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-26 05:57 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-26 05:57 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-26 05:24 . 2008-08-26 12:08 <REP> d-------- C:\Documents and Settings\N‚PourDomin‚
2008-08-26 03:49 . 2008-08-26 03:49 <REP> d-------- C:\Documents and Settings\All\Application Data\Malwarebytes
2008-08-26 03:48 . 2008-08-26 03:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 02:25 . 2008-08-26 02:25 92,837 --a------ C:\WINDOWS\tt.exe
2008-08-24 16:41 . 2008-08-21 16:42 109,945 -r-hs---- C:\dpu1.exe
2008-08-24 16:41 . 2008-08-26 05:04 89,420 -r-hs---- C:\n.com
2008-08-23 15:48 . 2008-08-24 07:02 92,661 -r-hs---- C:\mnl6on3.com
2008-08-22 17:36 . 2008-08-21 16:53 91,316 -r-hs---- C:\yssjnngm.cmd
2008-08-21 16:42 . 2008-08-21 16:53 91,316 -r-hs---- C:\83fgj.com
2008-08-20 16:04 . 2008-08-20 16:04 92,123 -r-hs---- C:\2.cmd
2008-08-17 14:27 . 2008-08-18 21:33 90,346 -r-hs---- C:\c9hehpa.bat
2008-08-14 20:29 . 2008-08-16 02:31 89,197 -r-hs---- C:\t1ypkh.exe
2008-08-14 02:33 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 15:40 . 2008-08-11 15:40 268 --ah----- C:\sqmdata11.sqm
2008-08-11 15:40 . 2008-08-11 15:40 244 --ah----- C:\sqmnoopt11.sqm
2008-08-01 12:41 . 2008-08-01 14:16 89,037 -r-hs---- C:\e.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 21:27 262,144 ---ha-w C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-08-26 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-26 10:18 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-26 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-26 05:54 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-26 05:54 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-26 05:54 --------- d-----w C:\Program Files\Symantec
2008-08-21 14:42 109,945 ----a-w C:\WINDOWS\system32\kavo.exe.vir
2008-08-01 11:18 --------- d-----w C:\Program Files\Google
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-23 15:17 117,946 --sh--r C:\g2pfnid.com
2008-07-23 14:49 130,904 --sh--r C:\ceqfqp.bat
2008-07-22 10:08 116,906 --sh--r C:\e9ehn1m8.com
2008-07-20 15:45 117,009 --sh--r C:\ybj8df.exe
2008-07-13 21:55 --------- d-----w C:\Program Files\CapAlpha
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-30 04:53 --------- d-----w C:\Program Files\ScrabBot
2008-06-29 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-26 07:34 124,974 --sh--r C:\p1f6b.exe
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-19 15:40 58,424 ----a-w C:\Documents and Settings\All\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Suite"="regedit -s" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg20.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\m9as2c.cmd
\Shell\explore\Command - D:\m9as2c.cmd
\Shell\open\Command - D:\m9as2c.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bce577d-c5c0-11dc-a6b2-0010dc37deb1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Microsoft Works Update Detection - C:\Program Files\Microsoft Works\WkDetect.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\All\Application Data\Mozilla\Firefox\Profiles\ri5kcjs3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
.
.
------- File Associations (Beta) -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 23:32:46
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-26 23:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 21:46:33
Pre-Run: 39,957,905,408 octets libres
Post-Run: 42,083,835,904 octets libres
197 --- E O F --- 2008-08-25 01:17:02
Je vous envoie ci joint le rapport de hijack et celui de combofix afin de verifier si le probleme a ete resolu..
Je vopus remercie d'avance..
Il faut dire que j'ai pas l'air trop rassure parce qu'il y'a un signe bizarre qui precede de mes documents word
le voici <gras>.~$</gras>
Le rapport combo fix
ComboFix 08-08-25.01 - All 2008-08-26 22:53:22.1 - NTFSx86
Endroit: C:\Documents and Settings\All\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All\Application Data\macromedia\Flash Player\#SharedObjects\ESNEL84W\bin.clearspring.com
C:\Documents and Settings\All\Application Data\macromedia\Flash Player\#SharedObjects\ESNEL84W\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\All\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\All\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\All\Cookies\all@ad.yieldmanager[2].txt
C:\Documents and Settings\All\Cookies\all@bluestreak[2].txt
C:\Documents and Settings\All\Cookies\all@edt02[1].txt
C:\Documents and Settings\All\Cookies\all@hits.gureport.co[1].txt
C:\Documents and Settings\All\Cookies\all@news.fr.msn[1].txt
C:\Documents and Settings\All\Cookies\all@serving-sys[2].txt
C:\Documents and Settings\All\Cookies\all@statcounter[2].txt
C:\Documents and Settings\All\Cookies\all@trafiz[2].txt
C:\Documents and Settings\All\Cookies\all@www.toutpourlamicro[1].txt
C:\dynrn6e.cmd
C:\e898.com
C:\nqgcd.com
C:\WINDOWS\2.exe
C:\WINDOWS\mywinsys.ini
C:\WINDOWS\system\svchest.exe
C:\WINDOWS\system32\AlxRes061230.exe
C:\WINDOWS\system32\dd.exe
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\mywebhit.ini.tmp
C:\WINDOWS\system32\scrsys061230.scr
C:\WINDOWS\system32\scrsys16_061230.scr
C:\WINDOWS\system32\tavo1.dll
C:\WINDOWS\system32\winsys32_061230.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OFFICE_SOURCE_ENGINE_HELP
-------\Service_Indexingbox
-------\Service_Office Source Engine Help
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
.
2008-08-26 23:24 . 2008-08-26 23:24 268 --ah----- C:\sqmdata12.sqm
2008-08-26 23:24 . 2008-08-26 23:24 244 --ah----- C:\sqmnoopt12.sqm
2008-08-26 21:11 . 2008-08-26 21:11 <REP> d-------- C:\Program Files\Trend Micro
2008-08-26 13:19 . 2008-08-26 13:19 <REP> d-------- C:\Documents and Settings\All\Application Data\Simply Super Software
2008-08-26 07:52 . 2008-08-26 07:52 <REP> d-------- C:\Program Files\Windows Sidebar
2008-08-26 07:51 . 2008-08-26 08:31 <REP> d-------- C:\Program Files\Norton AntiVirus
2008-08-26 07:49 . 2008-08-26 07:54 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-26 07:49 . 2008-08-26 07:54 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-26 06:05 . 2008-08-26 21:05 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-26 05:57 . 2008-08-26 05:58 <REP> d-------- C:\Program Files\Trojan Remover
2008-08-26 05:57 . 2008-08-26 05:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-26 05:57 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-26 05:57 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-26 05:57 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-26 05:57 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-26 05:57 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-26 05:24 . 2008-08-26 12:08 <REP> d-------- C:\Documents and Settings\N‚PourDomin‚
2008-08-26 03:49 . 2008-08-26 03:49 <REP> d-------- C:\Documents and Settings\All\Application Data\Malwarebytes
2008-08-26 03:48 . 2008-08-26 03:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 02:25 . 2008-08-26 02:25 92,837 --a------ C:\WINDOWS\tt.exe
2008-08-24 16:41 . 2008-08-21 16:42 109,945 -r-hs---- C:\dpu1.exe
2008-08-24 16:41 . 2008-08-26 05:04 89,420 -r-hs---- C:\n.com
2008-08-23 15:48 . 2008-08-24 07:02 92,661 -r-hs---- C:\mnl6on3.com
2008-08-22 17:36 . 2008-08-21 16:53 91,316 -r-hs---- C:\yssjnngm.cmd
2008-08-21 16:42 . 2008-08-21 16:53 91,316 -r-hs---- C:\83fgj.com
2008-08-20 16:04 . 2008-08-20 16:04 92,123 -r-hs---- C:\2.cmd
2008-08-17 14:27 . 2008-08-18 21:33 90,346 -r-hs---- C:\c9hehpa.bat
2008-08-14 20:29 . 2008-08-16 02:31 89,197 -r-hs---- C:\t1ypkh.exe
2008-08-14 02:33 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 15:40 . 2008-08-11 15:40 268 --ah----- C:\sqmdata11.sqm
2008-08-11 15:40 . 2008-08-11 15:40 244 --ah----- C:\sqmnoopt11.sqm
2008-08-01 12:41 . 2008-08-01 14:16 89,037 -r-hs---- C:\e.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 21:27 262,144 ---ha-w C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-08-26 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-26 10:18 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-26 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-26 05:54 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-26 05:54 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-26 05:54 --------- d-----w C:\Program Files\Symantec
2008-08-21 14:42 109,945 ----a-w C:\WINDOWS\system32\kavo.exe.vir
2008-08-01 11:18 --------- d-----w C:\Program Files\Google
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-23 15:17 117,946 --sh--r C:\g2pfnid.com
2008-07-23 14:49 130,904 --sh--r C:\ceqfqp.bat
2008-07-22 10:08 116,906 --sh--r C:\e9ehn1m8.com
2008-07-20 15:45 117,009 --sh--r C:\ybj8df.exe
2008-07-13 21:55 --------- d-----w C:\Program Files\CapAlpha
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-30 04:53 --------- d-----w C:\Program Files\ScrabBot
2008-06-29 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-26 07:34 124,974 --sh--r C:\p1f6b.exe
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-19 15:40 58,424 ----a-w C:\Documents and Settings\All\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Suite"="regedit -s" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg20.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\m9as2c.cmd
\Shell\explore\Command - D:\m9as2c.cmd
\Shell\open\Command - D:\m9as2c.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bce577d-c5c0-11dc-a6b2-0010dc37deb1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Microsoft Works Update Detection - C:\Program Files\Microsoft Works\WkDetect.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\All\Application Data\Mozilla\Firefox\Profiles\ri5kcjs3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
.
.
------- File Associations (Beta) -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 23:32:46
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-26 23:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 21:46:33
Pre-Run: 39,957,905,408 octets libres
Post-Run: 42,083,835,904 octets libres
197 --- E O F --- 2008-08-25 01:17:02
A voir également:
- Probleme Trojan packed nsanti
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
1 réponse
on ne voit pas le rapport hijack.
il doit te rester des choses car il y a un peu de fichier suspect.
essaye cet outil et apres refais un combo fix.
Telecharges malwares bytes anti malwares :
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
il doit te rester des choses car il y a un peu de fichier suspect.
essaye cet outil et apres refais un combo fix.
Telecharges malwares bytes anti malwares :
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
