|
|
Auteur
|
Message
|
1
|
|
|
|
bonjour,j'ai moi aussi été victime de bagle comme pas mal de monde ici apparement!!j'ai téléchargée combofix,je l'ai renomée pour tromper le virus afin de faire le scan mais j'aurais besoin de votre aide pour déchifrer le rapport merci d'avance et si vous pouviez m'aider???
voici le rapport:
ComboFix 08-07-15.4 - sebastien 2008-07-17 1:07:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.537 [GMT 2:00]
Endroit: F:\Mes fichiers reçu\seb.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\sebastien\Application Data\inst.exe
C:\Documents and Settings\sebastien\Local Settings\Application Data\aouee.dat
c:\documents and settings\sebastien\local settings\application data\aouee.exe
C:\Documents and Settings\sebastien\Local Settings\Application Data\aouee_nav.dat
c:\Documents and Settings\sebastien\Local Settings\Application Data\aouee_navps.dat
C:\Documents and Settings\sebastien\Menu Démarrer\Programmes\Spyware-Secure
C:\Documents and Settings\sebastien\Menu Démarrer\Programmes\Spyware-Secure\Spyware-Secure trial.lnk
C:\Documents and Settings\sebastien\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk
C:\InfoSat.txt
C:\WINDOWS\system32\drivers\mdelk.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-16 to 2008-07-16 ))))))))))))))))))))))))))))))))))))
.
2008-07-17 00:45 . 2008-07-17 00:45 786 --a------ C:\WINDOWS\wininit.ini
2008-07-17 00:19 . 2008-07-17 00:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-17 00:19 . 2008-07-17 00:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 00:11 . 2008-07-17 00:45 <REP> d-------- C:\Program Files\Spyware-Secure
2008-07-16 22:42 . 2008-07-16 22:42 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-16 22:42 . 2008-07-16 22:42 <REP> d-------- C:\Documents and Settings\sebastien\Application Data\Malwarebytes
2008-07-16 22:42 . 2008-07-16 22:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-16 22:42 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-16 22:42 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-16 21:28 . 2008-07-16 21:55 <REP> d-------- C:\Program Files\Recovery for Works
2008-07-16 21:18 . 2008-07-16 21:18 <REP> d-------- C:\Muestras
2008-07-16 13:36 . 2008-07-16 13:36 <REP> d-------- C:\WINDOWS\system32\FlashAX
2008-07-16 13:36 . 2008-07-16 13:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microgaming
2008-07-16 13:36 . 2008-07-16 13:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2008-07-16 13:35 . 2008-07-16 13:35 <REP> d-------- C:\MicroGaming
2008-07-09 15:19 . 2008-07-09 15:19 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-07-09 15:19 . 2008-07-09 15:19 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-07-09 15:15 . 2008-07-09 15:15 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-09 13:14 . 2008-07-09 15:12 <REP> d-------- C:\Temp
2008-07-07 05:16 . 2008-07-07 05:16 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-05 00:52 . 2008-07-05 00:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-05 00:15 . 2008-07-16 19:45 <REP> d-------- C:\Program Files\Metaboli Downloader
2008-07-04 23:56 . 2008-07-05 00:00 <REP> d-------- C:\Program Files\T‚l‚chargeur de Civilization 4
2008-07-04 23:56 . 2008-07-04 23:56 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-07-04 23:56 . 2008-07-04 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-07-04 23:51 . 2008-07-04 23:51 <REP> d-------- C:\Remote Programs
2008-07-04 23:51 . 2008-07-07 04:38 <REP> d-------- C:\Program Files\Player Metaboli
2008-07-04 23:51 . 2008-07-04 23:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Player Metaboli
2008-07-04 23:51 . 2008-05-15 14:12 53,314 --------- C:\WINDOWS\ExentInfo.exe
2008-07-04 23:51 . 2004-02-04 10:01 2,238 --------- C:\WINDOWS\metaboli.ico
2008-07-04 23:51 . 2008-07-04 23:51 68 --a------ C:\WINDOWS\GPlrLanc.dat
2008-07-04 20:53 . 2008-07-09 15:18 <REP> d-------- C:\Documents and Settings\sebastien\Application Data\My Games
2008-07-04 20:46 . 2008-07-04 20:46 <REP> d-------- C:\Program Files\Firaxis Games
2008-07-02 16:31 . 2008-07-02 16:31 <REP> d-------- C:\Documents and Settings\sebastien\Application Data\Apple Computer
2008-07-02 00:35 . 2008-07-02 16:27 <REP> d-------- C:\Program Files\NOS
2008-07-02 00:35 . 2008-07-02 16:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-06-29 21:12 . 2008-07-09 15:16 4 --a------ C:\WINDOWS\INI2=No
2008-06-29 21:12 . 2008-07-09 15:16 4 --a------ C:\WINDOWS\INI1=No
2008-06-29 21:11 . 2008-07-09 15:16 <REP> d-------- C:\Program Files\ApprendreLesTables
2008-06-28 15:38 . 2008-06-28 15:38 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-28 15:38 . 2008-06-28 15:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-27 14:43 . 2008-06-28 16:20 <REP> d-------- C:\Documents and Settings\sebastien\Application Data\InfraRecorder
2008-06-24 09:43 . 2008-06-24 09:43 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-06-24 09:41 . 2008-06-24 09:41 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-06-24 09:41 . 2008-07-02 18:21 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-18 23:40 . 2008-07-16 19:45 <REP> d-------- C:\Poker
2008-06-18 00:18 . 2008-06-18 00:18 268 --ah----- C:\sqmdata03.sqm
2008-06-18 00:18 . 2008-06-18 00:18 244 --ah----- C:\sqmnoopt03.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 17:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-15 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-14 12:32 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-07-09 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 13:16 --------- d-----w C:\Program Files\VSO
2008-07-09 13:16 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Vso
2008-07-04 22:00 --------- d-----w C:\Program Files\Téléchargeur de Civilization 4
2008-07-01 22:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:09 --------- d-----w C:\Program Files\Google
2008-06-05 01:17 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Media Player Classic
2008-06-03 19:12 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Samsung
2008-06-03 19:07 --------- d-----w C:\Program Files\Samsung
2008-06-03 00:04 --------- d-----w C:\Program Files\DivX
2008-06-01 00:26 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-31 20:09 94,208 ----a-w C:\Documents and Settings\sebastien\Application Data\ezplay.sys
2008-05-31 19:46 94,208 ----a-w C:\WINDOWS\system32\drivers\ezplay.sys
2008-05-31 19:43 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-31 19:43 47,360 ----a-w C:\Documents and Settings\sebastien\Application Data\pcouffin.sys
2008-05-31 19:28 --------- d-----w C:\Program Files\Windows Live
2008-05-31 19:28 --------- d-----w C:\Program Files\Astonsoft
2008-05-31 19:27 --------- d-----w C:\Program Files\AVSMedia
2008-05-31 19:18 --------- d-----w C:\Documents and Settings\sebastien\Application Data\DeepBurner
2008-05-31 19:04 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-05-31 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-28 20:11 --------- d-----w C:\Program Files\eMule
2008-05-19 06:08 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Talkback
2008-05-17 22:48 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-17 22:47 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-17 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-17 22:35 --------- d-----w C:\Program Files\Alwil Software
2008-05-17 22:07 --------- d-----w C:\Program Files\ASUS
2008-05-17 22:06 --------- d-----w C:\Program Files\GameFace Messenger
2008-05-17 22:01 --------- d-----w C:\Program Files\VIA
2008-05-17 21:57 --------- d-----w C:\Program Files\Trust
2008-05-17 16:55 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-05-17 16:54 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-05-17 16:46 --------- d-----w C:\Program Files\VGA USB Camera
2008-05-17 16:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-17 16:46 --------- d-----w C:\Program Files\directx
2008-05-17 16:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-17 16:41 --------- d-----w C:\Program Files\My Company Name
2008-05-17 16:23 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-17 16:22 --------- d-----w C:\Program Files\Services en ligne
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"Steam"="d:\counte~1\steam.exe" [2008-05-18 00:15 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 13:54 339968]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 14:00 160768]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 08:00 16050176 C:\WINDOWS\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\counter strike\\SteamApps\\sebeagle\\condition zero\\hl.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\counter strike\\SteamApps\\sebeagle\\counter-strike source\\hl2.exe"=
"D:\\counter strike\\SteamApps\\sebeagle\\counter-strike\\hl.exe"=
"D:\\civilizations IV\\Sid Meier's Civilization 4\\Civilization4.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 X4HSX32Ex;X4HSX32Ex;C:\Program Files\Player Metaboli\X4HSX32Ex.Sys [2007-11-14 11:30]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-07-04 23:56]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-15 20:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-GameFace Messenger - C:\Program Files\GameFace Messenger\GameFace.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 01:11:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-17 1:13:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 23:12:40
Pre-Run: 6,489,010,176 octets libres
Post-Run: 7,156,518,912 octets libres
222 --- E O F --- 2008-07-16 19:47:01
|
|
La planète bleue...
|
|
|
Bonjour,
Merci d'éditer ton message avec ce bouton  pour y supprimer ton rapport. Pas de rapport dans le premier message, c'est les règles du forum.
Une fois fait, je te dirais quoi faire 
-->Message édité par no.ppp le 17/07/2008 01:50:03<--
|
|
|
1
|
|
|
|
