Problème de virus, encore ! - Page 2
Résolu
Précédent
- 1
- 2
-
Coucou
Relances ComboFix
Stp
-
salut
voici le rapport:
ComboFix 08-01-07.5 - *****2008-01-10 13:01:48.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.243 [GMT -5:00]
Running from: C:\Documents and Settings\*****\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.
2008-01-09 02:58 . 2008-01-09 02:58 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-07 12:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 11:46 . 2008-01-07 18:23 <REP> d-------- C:\VundoFix Backups
2008-01-07 11:21 . 2008-01-07 11:21 <REP> d-------- C:\Program Files\Avira
2008-01-07 11:21 . 2008-01-07 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-07 10:32 . 2008-01-07 10:58 <REP> d-------- C:\Program Files\Navilog1
2007-12-29 14:17 . 2007-12-29 14:17 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-29 14:17 . 2007-12-29 14:17 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-29 14:16 . 2006-09-22 10:17 40 --a------ C:\WINDOWS\RUNAWAY2.INI
2007-12-29 14:03 . 2007-12-29 14:03 <REP> d-------- C:\Program Files\PENDULO Studios
2007-12-27 15:03 . 2008-01-10 11:48 <REP> d-------- C:\Desf
2007-12-24 11:51 . 2007-12-24 11:51 <REP> d-------- C:\Program Files\CCleaner
2007-12-20 19:23 . 2007-12-24 15:24 <REP> d-------- C:\Program Files\PokerStars.NET
2007-12-20 12:55 . 2007-12-20 12:55 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-20 12:53 . 2007-12-20 12:53 <REP> d-------- C:\WINDOWS\system32\su2
2007-12-20 12:53 . 2007-12-20 19:18 <REP> d-------- C:\WINDOWS\system32\pi3
2007-12-20 12:53 . 2007-12-20 12:53 <REP> d-------- C:\WINDOWS\system32\eu1
2007-12-20 12:52 . 2007-12-20 12:52 <REP> d-------- C:\WINDOWS\system32\daSgo18
2007-12-20 12:50 . 2007-12-20 16:56 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-11 14:25 . 2007-12-11 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville
2007-12-11 13:31 . 2007-12-11 13:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2007-12-11 09:14 . 2007-12-11 09:14 <REP> d-------- C:\Documents and Settings\*****\Application Data\Flood Light Games
2007-12-11 09:14 . 2007-12-11 09:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-30 03:28 --------- d-----w C:\Documents and Settings\*****\Application Data\FlashFXP
2008-01-09 05:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-09 05:18 116,608 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-09 05:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-29 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 00:40 --------- d-----w C:\Documents and Settings\*****\Application Data\Lionhead Studios
2007-12-20 22:01 --------- d-----w C:\Documents and Settings\*****\Application Data\LimeWire
2007-12-13 16:24 --------- d-----w C:\Documents and Settings\*****\Application Data\PlayFirst
2007-12-13 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-08 15:53 --------- d-----w C:\Documents and Settings\*****\Application Data\AdobeUM
2007-12-07 23:35 --------- d-----w C:\Program Files\Google
2007-12-07 23:28 --------- d-----w C:\Program Files\Audacity
2007-12-07 23:26 --------- d-----w C:\Program Files\Copernic Agent
2007-12-06 22:04 --------- d-----w C:\Documents and Settings\*****\Application Data\Grisoft
2007-12-06 14:15 46,080 -c--a-w C:\WINDOWS\system32\ftp.exe
2007-12-02 20:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-02 20:08 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-29 23:06 69,816 -c--a-w C:\Documents and Settings\*****\Application Data\GDIPFONTCACHEV1.DAT
2007-11-25 00:53 --------- d-----w C:\Program Files\Camfrog
2007-11-22 20:43 --------- d-----w C:\Documents and Settings\*****\Application Data\Leadertech
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 11:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-15 18:31 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2006-07-24 16:58 1 -c--a-w C:\Documents and Settings\*****\SI.bin
2005-04-27 13:04 6,656 -csha-w C:\Program Files\Fichiers communs\Thumbs.db
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.
[code]<pre>
----a-w 313,472 2008-01-07 16:19:05 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 24,576 2008-01-07 16:18:52 C:\Program Files\D-Link\DGE-530T\dlnetst .exe
----a-w 132,496 2008-01-07 16:18:56 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 28,672 2008-01-07 16:18:50 C:\Program Files\Logitech\MouseWare\system\EM_EXEC .EXE
----a-w 94,208 2008-01-07 16:18:50 C:\Program Files\Microsoft Hardware\Keyboard\type32 .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-07_13.10.34.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:50:06 733,696 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
- 2006-08-17 12:29:49 728,576 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:28:31 728,576 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 12:18:35 360,576 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 16:53:32 360,832 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-04-20 12:18:35 360,576 ------w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 16:53:32 360,832 ------w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-07 11:31 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 18:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Louise Paquette^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Louise Paquette\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-06 15:50 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-09-13 13:17 4621816 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
"C-Media Mixer"=Mixer.exe /startup
"PWatcher"="D:\PrivacyWatcher\PWatcher.exe" /min
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
"nwiz"=nwiz.exe /install
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-09-02 12:40]
R3 m4cxwxp;NDIS5.1 Miniport Driver for D-Link DGE-530T Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\m4cxwxp.sys [2003-08-26 17:23]
S2 X4HSX32;X4HSX32;C:\Program Files\MANIA\X4HSX32.Sys []
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-23 10:59]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\LOUISE~1\LOCALS~1\Temp\cdrmkaun.sys []
S3 SkLaggProtocol;Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\sklagg.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 21:02]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-09-23 12:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c25cc03f-3cd2-11db-b253-001195d72ae3}]
\Shell\AutoRun\command - RavMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
C:\WINDOWS\system32\msnvl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-04 22:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 13:07:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 13:09:06
ComboFix-quarantined-files.txt 2008-01-10 18:08:58
.
2008-01-09 07:59:35 --- E O F --- -
OK
MErci
Un nouveau log Hijackthis
stp
-
salut,
voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 12:18:33, on 2008-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Desf\ccm.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Précédent
- 1
- 2
