Zeb Help Process | Analyseur de rapports de sécurité 
| ACCUEIL | PRESENTATION | TUTORIEL | INSTALL | HELPERS | ZHPDiag | ZHPFix | LIENS | MENACES | ACTUALITES | FEEDBACK | CHANGELOG |
| Général | BTFix | ComboFix | DiversFix | HaxFix | LopFix | NaviFix | SDFix | SmitFraudFix | USBFix | VundoFix | WareOutFix | DriverFix |
PAGES : 1
ChangeLog ComboFix (Depuis le 09/11/2008) |
NOTE : Ce changelog liste seulement les lignes malwares qui sont détectées par Zeb Help Process lors de l'analyse de rapports de sécurité. Ces informations proviennent en partie des feedbacks de helpers francophones.
ComboFix est un outil developpé par sUBs. Les rootkits, autrement dit des fichiers infectieux cachés à l'utilisateur et à la plupart des antivirus et anti-spywares, sont des infections assez coriaces. Cet outil nettoie l'infection et supprime le rootkit.
January,2009
TR/Crypt.XPACK.Gen 
:\rkpcix.exe
TR/Dialer.2866E41B
C:\jhqlrof.exe
W32/Heuristic-MU2!Eldorado
C:\qbuxsc.exe
Rkit/Agent.39936
%SYSTEM32%\895238b4e726bd26683c59f5ed0542a7.sys
%SYSTEM32%\cradle_of_filth.vbe
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM32%\wscript.exe %SYSTEM32%\cradle_of_filth.vbe
Rootkit Driver UAC8c.sys (Variante Rootkit TDSS) 
%SYSTEM32%\drivers\UACppcdpjey.sys
%SYSTEM32%\UACddpvsmwo.dll
%SYSTEM32%\UACmlnswtyx.dll
%SYSTEM32%\UACnskhyrwo.dll
%SYSTEM32%\UACptrljjta.dat
%SYSTEM32%\UACqkpxdgfr.dll
Rootkit Driver UAC8c.sys (Variante Rootkit TDSS)
%SYSTEM32%\drivers\UACptklrxhx.sys
%SYSTEM32%\UACawkqibmo.dll
%SYSTEM32%\UACidqvxfmp.dll
%SYSTEM32%\UACiwqgtprj.dll
%SYSTEM32%\UACkljkbite.dat
%SYSTEM32%\UACohelewxn.log
%SYSTEM32%\UACrvakcfrf.log
%SYSTEM32%\UACtjlgiyev.log
%SYSTEM32%\UACxmffwkbs.dll
HKLM\..\RunOnce: [tdss] %WINDOWS%\TEMP\{Random number}.exe
O4 - HKLM\..\RunOnce: [tdss] %USERPROFILE%\Temp\{Random number}.exe
December,2008
O10 - Unknown file in Winsock LSP: %USERPROFILE%\locals~1\temp\ntdll64.dll
TDSS Rootkit Family
%SYSTEM32%\TDSStkdu.log
Rootkit.Agent
O41 - Driver: (no object) (ati5adxx) - %SYSTEM32%\Drivers\ati5adxx.sys
O49 - CSB:Control Safe Boot HKLM\...\CSx\Network\ati5adxx.sys
O49 - CSB:Control Safe Boot HKLM\...\CSx\Minimal\ati5adxx.sys
TDSS Rootkit Family
%SYSTEM32%\TDSShrxx.dll
%SYSTEM32%\TDSSvkql.dll
Rootkit.Agent
O41 - Driver: (no object) (ati1nvxx) - %SYSTEM32%\Drivers\ati1nvxx.sys
O41 - Driver: (no object) (ati3dlxx) - %SYSTEM32%\Drivers\ati3dlxx.sys
O41 - Driver: (no object) (ati4dlxx) - %SYSTEM32%\Drivers\ati4dlxx.sys
O41 - Driver: (no object) (ati4pwxx) - %SYSTEM32%\Drivers\ati4pwxx.sys
O41 - Driver: (no object) (ati5iqxx) - %SYSTEM32%\Drivers\ati5iqxx.sys
O41 - Driver: (no object) (ati7qyxx) - %SYSTEM32%\Drivers\ati7qyxx.sys
Trojan.Dropper/Gen-PortSv.Process
%WINDOWS%\portsv.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - %WINDOWS%\portsv.exe (file missing)
TDSS Rootkit Family
%SYSTEM32%\drivers\TDSSpqlt.sys
%SYSTEM32%\TDSShrxr.dll
%SYSTEM32%\TDSSkkbi.log
%SYSTEM32%\TDSSmtql.dll
%SYSTEM32%\TDSSmtvd.dat
%SYSTEM32%\TDSSnmxh.log
%SYSTEM32%\TDSSrhyp.log
%SYSTEM32%\TDSSsahc.dll
%SYSTEM32%\TDSSxfum.dll
TDSS Rootkit Family
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
%SYSTEM32%\TDSSkkai.log
%SYSTEM32%\TDSSoiqt.dll
%WINDOWS%\Temp\TDSS24d.tmp
%SYSTEM32%\TDSSlxwp.dll
%USERPROFILE%\Local Settings\Temp\TDSS885e.tmp
%WINDOWS%\Temp\TDSSeea5.tmp
TDSS Rootkit Family
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
"imagepath"="%SYSTEM32%\drivers\TDSSpqxt.sys"
%SYSTEM32%\drivers\TDSSpqxt.sys
%SYSTEM32%\TDSSciou.dll
%SYSTEM32%\TDSSlbqp.dll
%SYSTEM32%\TDSSnrse.dll
%SYSTEM32%\TDSSoiqh.dll
%SYSTEM32%\TDSSosvn.dat
%SYSTEM32%\TDSSvyyy.dat
O4 - HKUS\S-1-5-19\..\Run: [penemafuna] Rundll32.exe "%SYSTEM32%\duhifiho.dll",s (User 'SERVICE LOCAL')
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
TDSS Rootkit family
%WINDOWS%\Temp\TDSS1315.tmp
%WINDOWS%\Temp\TDSSde3a.tmp
%WINDOWS%\Temp\TDSSe33b.tmp
%WINDOWS%\Temp\TDSSfc71.tmp
%USERPROFILE%r\Local Settings\Temp\TDSS93b7.tmp
%USERPROFILE%\Local Settings\Temp\TDSS93e6.tmp
%SYSTEM32%\TDSSbfxx.dll
%SYSTEM32%\TDSSkpau.log
%SYSTEM32%\TDSSpiwn.dll
%SYSTEM32%\TDSSvtnx.dll
%SYSTEM32%\TDSSxfcm.dll
%SYSTEM32%\TDSSyxwd.dll
%SYSTEM32%\drivers\TDSSrqlg.sys
Alphx.a.Worm
O44 - LFC:Last File Created - %SYSTEM32%\av.exe -->01/12/2008
TDSS Rootkit family
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="%SYSTEM32%\drivers\TDSSmxse.sys"
%SYSTEM32%\drivers\TDSSpcuu.sys
%SYSTEM32%\Drivers\TDSSijso.sys
%SYSTEM32%\TDSScfum.dll
%SYSTEM32%\TDSSktkl.dll
%SYSTEM32%\TDSSlxwp.dll
%SYSTEM32%\TDSSoixh.dll
%SYSTEM32%\TDSSpqlt.dat
%SYSTEM32%\TDSSrhym.log
%SYSTEM32%\TDSSsihc.dll
%SYSTEM32%\TDSSbrsr.dll
%SYSTEM32%\TDSSofxh.dll
%SYSTEM32%\TDSSpqxt.dat
%SYSTEM32%\TDSSckvy.dll
%SYSTEM32%\TDSSespn.dll
%SYSTEM32%\TDSSeuvq.dll
%SYSTEM32%\TDSSierd.dat
%SYSTEM32%\TDSSurta.dll
%SYSTEM32%\TDSSuyka.log
%SYSTEM32%\TDSSnhvw.dll
November,2008
%SYSTEM32%\tbjrfz.dll
O20 - AppInit_DLLs: tbjrfz.dll
%SYSTEM32%\ssqPfggH.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe %SYSTEM32%\ssqPfggH.dll,#1
%USERPROFILE%\AppData\Local\Temp\fCRKbYRk.dll
O4 - HKCU\..\Run: [cmds] rundll32.exe %USERPROFILE%\AppData\Local\Temp\fCRKbYRk.dll,c
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{19f65f88-3d32-11dd-8b44-4d6564696130}]
\Shell\AutoRun\command - H:\w0o.com
\Shell\explore\Command - H:\w0o.com
\Shell\open\Command - H:\w0o.com
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c0e7921-a741-11dd-a01b-000d9dd03436}]
\Shell\AutoRun\command - H:\vmhr.bat
\Shell\explore\Command - H:\vmhr.bat
\Shell\open\Command - H:\vmhr.bat
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{434d37dc-8f4a-11dd-a00e-4d6564696130}]
\Shell\AutoRun\command - K:\svch0st.exe
\Shell\explore\Command - K:\svch0st.exe
\Shell\open\Command - K:\svch0st.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{7974ad20-81ec-11dd-a24c-4d6564696130}]
\Shell\AutoRun\command - I:\r1y1.bat
\Shell\explore\Command - I:\r1y1.bat
\Shell\open\Command - I:\r1y1.bat
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5931b73-5065-11dd-a237-4d6564696130}]
\Shell\AutoRun\command - 39lpji.com
\Shell\explore\Command - 39lpji.com
\Shell\open\Command - 39lpji.com
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7398f11-4d6e-11dd-a234-4d6564696130}]
\Shell\AutoRun\command - I:\ipy.cmd
\Shell\explore\Command - I:\ipy.cmd
\Shell\open\Command - I:\ipy.cmd
%SYSTEM32%\hcctpsgk.dll
%SYSTEM32%\xfgbxi.dll
%SYSTEM32%\spps.dll
TDSS Rootkit family
%SYSTEM32%\drivers\TDSSofxh.sys
%SYSTEM32%\Drivers\TDSSpaxt.sys
%SYSTEM32%\TDSSbivk.log
%SYSTEM32%\TDSSbubx.log
%SYSTEM32%\TDSScfub.dll
%SYSTEM32%\TDSSfpmp.dll
%SYSTEM32%\TDSSkpjp.log
%SYSTEM32%\TDSSnmxh.dll
%SYSTEM32%\TDSSnrsr.dat
%SYSTEM32%\TDSSnrsr.dll
%SYSTEM32%\TDSSoexh.dll
%SYSTEM32%\TDSSosvd.dat
%SYSTEM32%\TDSSosvd.dll
%SYSTEM32%\TDSSrhym.dll
%SYSTEM32%\TDSSriqp.dll
%SYSTEM32%\TDSSsbhc.dll
%SYSTEM32%\TDSStkdv.dll
%SYSTEM32%\TDSStkdv.log
%SYSTEM32%\TDSSvvbi.dll
%SYSTEM32%\amvo.exe
%SYSTEM32%\amvo*.dll
2005-07-29 14:24 472 --sha-r %WINDOWS%\eWFoaWFvdWk\yqICuqISxq4.vbs
%SYSTEM32%\Partizan.exe
%SYSTEM32%\Drivers\Partizan.sys
service_partizan
legacy_partizan
O4 - HKCU\..\Run: [Mp3 player] %ALLUSERS%\Favorites\explorer.exe
%SYSTEM32%\winlib .dll
%SYSTEM32%\wacclt.exe
%SYSTEM32%\wacllt.exe
%SYSTEM32%\gprmsgse.axz
%SYSTEM32%\htmbimes.dll
PAGES : 1