Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 14-02-16.01 - Killer_VirusFr 16/02/2014 21:36:59.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3583.3279 [GMT 1:00]
Lanc� depuis: c:\docume~1\KILLER~1\Bureau\ComboFix.exe
* Un nouveau point de restauration a �t� cr��
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\{$6975-5712-2121-7619$}
c:\{$6975-5712-2121-7619$}\comhost.exe
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\gpresult.exe
c:\windows\directx.sys
c:\windows\svchost.com
.
c:\windows\system32\drivers\usbehci.sys . . . manque!!
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2014-01-16 au 2014-02-16 ))))))))))))))))))))))))))))))))))))
.
.
2014-02-16 20:31 . 2014-02-16 20:31 -------- d-----w- C:\FRST
2014-02-15 14:14 . 2014-02-16 20:27 -------- d-----w- c:\program files\Accessories
2014-02-15 14:14 . 2008-04-13 16:33 1384479 ----a-w- c:\windows\system32\inobject.dll
2014-02-15 14:14 . 2002-08-25 10:17 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX
2014-02-15 14:14 . 1999-08-18 08:54 180224 ---h--w- c:\windows\ntfsv.dll
2014-02-15 14:14 . 2014-02-16 20:19 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\imlgs
2014-02-15 14:14 . 2014-02-15 14:14 -------- d-----w- c:\program files\No-IP
2014-02-15 14:14 . 2014-02-16 20:27 -------- d-----w- c:\program files\VbNet
2014-02-15 14:14 . 2014-02-15 14:14 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\VanToM Folder
2014-02-15 14:13 . 2014-02-15 14:14 -------- d-----w- c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\IntelService
2014-02-15 14:13 . 2014-02-15 14:14 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\Saceza
2014-02-15 14:13 . 2014-02-15 14:14 -------- d-sh--r- c:\documents and settings\Killer_VirusFr\4gr75b2k2
2014-02-15 14:13 . 2014-02-15 14:13 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\etranslator
2014-02-08 09:31 . 2014-02-08 09:31 -------- d-----w- c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\Opera Software
2014-02-08 09:31 . 2014-02-08 09:31 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\Opera Software
2014-02-07 22:28 . 2014-02-07 22:28 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\Malwarebytes
2014-02-07 21:42 . 2014-02-07 21:42 -------- d-----w- c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\Identities
2014-02-07 20:55 . 2014-02-07 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-07 20:46 . 2014-02-07 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 20:41 . 2014-02-16 20:41 41472 ------r- c:\windows\svchost.com
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelService"="c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe" [2014-02-15 1726976]
"VanToM"="c:\documents and settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe" [2014-02-13 199265]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBoxTray"="c:\windows\system32\VBoxTray.exe" [2012-09-07 954712]
.
c:\documents and settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\
start.lnk - c:\documents and settings\Killer_VirusFr\4gr75b2k2\54402.vbs [2014-2-15 194]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^Killer_VirusFr^Menu D�marrer^Programmes^D�marrage^Update.Microsoft.com.url]
path=c:\documents and settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\Update.Microsoft.com.url
backup=c:\windows\pss\Update.Microsoft.com.urlStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8832:UDP"= 8832:UDP:UDP 8832
"3265:TCP"= 3265:TCP:TCP 3265
.
R0 VBoxGuest;VirtualBox Guest Driver;c:\windows\system32\drivers\VBoxGuest.sys [22/09/2012 10:10 108376]
R1 VBoxSF;VirtualBox Shared Folders;c:\windows\system32\drivers\VBoxSF.sys [07/09/2012 17:02 225112]
R2 VBoxService;VirtualBox Guest Additions Service;system32\VBoxService.exe --> system32\VBoxService.exe [?]
R3 VBoxMouse;VirtualBox Guest Mouse Service;c:\windows\system32\drivers\VBoxMouse.sys [07/09/2012 17:02 85848]
R3 VBoxVideo;VBoxVideo;c:\windows\system32\drivers\VBoxVideo.sys [22/09/2012 10:10 104280]
.
.
------- Examen suppl�mentaire -------
.
TCP: DhcpNameServer = 192.168.1.1
.
.
------- Associations de fichier -------
.
exefile=c:\windows\svchost.com "%1" %*
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-+obJwJzRCDFx+Rn8rUrDaI3m - c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\gpresult.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-16 21:41
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(1916)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\VBoxService.exe
c:\docume~1\KILLER~1\LOCALS~1\Temp\3582-490\IntelService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2014-02-16 21:41:27 - La machine a red�marr�
ComboFix-quarantined-files.txt 2014-02-16 20:41
ComboFix2.txt 2014-02-16 20:28
.
Avant-CF: 6�650�449�920 octets libres
Apr�s-CF: 6�652�755�968 octets libres
.
- - End Of File - - 712C5DBC15E25818E92408AB62D7CA92
C99C3199CFAA4CBDCD91493F6D113A50
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3583.3279 [GMT 1:00]
Lanc� depuis: c:\docume~1\KILLER~1\Bureau\ComboFix.exe
* Un nouveau point de restauration a �t� cr��
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\{$6975-5712-2121-7619$}
c:\{$6975-5712-2121-7619$}\comhost.exe
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\gpresult.exe
c:\windows\directx.sys
c:\windows\svchost.com
.
c:\windows\system32\drivers\usbehci.sys . . . manque!!
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2014-01-16 au 2014-02-16 ))))))))))))))))))))))))))))))))))))
.
.
2014-02-16 20:31 . 2014-02-16 20:31 -------- d-----w- C:\FRST
2014-02-15 14:14 . 2014-02-16 20:27 -------- d-----w- c:\program files\Accessories
2014-02-15 14:14 . 2008-04-13 16:33 1384479 ----a-w- c:\windows\system32\inobject.dll
2014-02-15 14:14 . 2002-08-25 10:17 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX
2014-02-15 14:14 . 1999-08-18 08:54 180224 ---h--w- c:\windows\ntfsv.dll
2014-02-15 14:14 . 2014-02-16 20:19 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\imlgs
2014-02-15 14:14 . 2014-02-15 14:14 -------- d-----w- c:\program files\No-IP
2014-02-15 14:14 . 2014-02-16 20:27 -------- d-----w- c:\program files\VbNet
2014-02-15 14:14 . 2014-02-15 14:14 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\VanToM Folder
2014-02-15 14:13 . 2014-02-15 14:14 -------- d-----w- c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\IntelService
2014-02-15 14:13 . 2014-02-15 14:14 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\Saceza
2014-02-15 14:13 . 2014-02-15 14:14 -------- d-sh--r- c:\documents and settings\Killer_VirusFr\4gr75b2k2
2014-02-15 14:13 . 2014-02-15 14:13 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\etranslator
2014-02-08 09:31 . 2014-02-08 09:31 -------- d-----w- c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\Opera Software
2014-02-08 09:31 . 2014-02-08 09:31 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\Opera Software
2014-02-07 22:28 . 2014-02-07 22:28 -------- d-----w- c:\documents and settings\Killer_VirusFr\Application Data\Malwarebytes
2014-02-07 21:42 . 2014-02-07 21:42 -------- d-----w- c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\Identities
2014-02-07 20:55 . 2014-02-07 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-07 20:46 . 2014-02-07 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 20:41 . 2014-02-16 20:41 41472 ------r- c:\windows\svchost.com
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelService"="c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe" [2014-02-15 1726976]
"VanToM"="c:\documents and settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe" [2014-02-13 199265]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBoxTray"="c:\windows\system32\VBoxTray.exe" [2012-09-07 954712]
.
c:\documents and settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\
start.lnk - c:\documents and settings\Killer_VirusFr\4gr75b2k2\54402.vbs [2014-2-15 194]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^Killer_VirusFr^Menu D�marrer^Programmes^D�marrage^Update.Microsoft.com.url]
path=c:\documents and settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\Update.Microsoft.com.url
backup=c:\windows\pss\Update.Microsoft.com.urlStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8832:UDP"= 8832:UDP:UDP 8832
"3265:TCP"= 3265:TCP:TCP 3265
.
R0 VBoxGuest;VirtualBox Guest Driver;c:\windows\system32\drivers\VBoxGuest.sys [22/09/2012 10:10 108376]
R1 VBoxSF;VirtualBox Shared Folders;c:\windows\system32\drivers\VBoxSF.sys [07/09/2012 17:02 225112]
R2 VBoxService;VirtualBox Guest Additions Service;system32\VBoxService.exe --> system32\VBoxService.exe [?]
R3 VBoxMouse;VirtualBox Guest Mouse Service;c:\windows\system32\drivers\VBoxMouse.sys [07/09/2012 17:02 85848]
R3 VBoxVideo;VBoxVideo;c:\windows\system32\drivers\VBoxVideo.sys [22/09/2012 10:10 104280]
.
.
------- Examen suppl�mentaire -------
.
TCP: DhcpNameServer = 192.168.1.1
.
.
------- Associations de fichier -------
.
exefile=c:\windows\svchost.com "%1" %*
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-+obJwJzRCDFx+Rn8rUrDaI3m - c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\gpresult.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-16 21:41
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(1916)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\VBoxService.exe
c:\docume~1\KILLER~1\LOCALS~1\Temp\3582-490\IntelService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2014-02-16 21:41:27 - La machine a red�marr�
ComboFix-quarantined-files.txt 2014-02-16 20:41
ComboFix2.txt 2014-02-16 20:28
.
Avant-CF: 6�650�449�920 octets libres
Apr�s-CF: 6�652�755�968 octets libres
.
- - End Of File - - 712C5DBC15E25818E92408AB62D7CA92
C99C3199CFAA4CBDCD91493F6D113A50