Virus - Page 2

Précédent
  • 1
  • 2
Réponse 21 / 22
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, poste un nouveau combo et précise l'évolution de la situation

++
0
Réponse 22 / 22
startouff56
 
voilà le rapport combofix:
ComboFix 08-01-18.1 - thomas 2008-01-19 21:51:21.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.75 [GMT 1:00]
Running from: C:\Documents and Settings\thomas\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.

2008-01-19 20:21 . 2004-05-05 09:40 16,384 --a------ C:\WINDOWS\system32\restart.exe
2008-01-19 19:18 . 2007-02-09 10:26 184,320 --a------ C:\WINDOWS\system32\delnext.exe
2008-01-19 19:18 . 2005-03-11 04:29 82,188 --a------ C:\WINDOWS\system32\zip.exe
2008-01-17 22:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:49 . 2008-01-17 19:49 36,864 --a------ C:\WINDOWS\17PHolmes1148.exe
2008-01-17 19:40 . 2008-01-17 21:38 <REP> d-------- C:\Program Files\Dot1XCfg
2008-01-17 19:37 . 2008-01-17 19:37 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
2007-12-25 17:29 . 2007-12-25 17:38 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Canon

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 20:45 90,383 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-19 19:29 --------- d-----w C:\Program Files\SolidNetWork License Manager
2008-01-15 18:24 --------- d-----w C:\Documents and Settings\thomas\Application Data\Canon
2008-01-13 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 20:44 --------- d-----w C:\Program Files\DivX
2008-01-04 12:02 --------- d-----w C:\Program Files\LimeWire
2007-12-17 17:58 --------- d-----w C:\Program Files\MSN Messenger
2007-12-17 17:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-16 17:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 20:01 --------- d-----w C:\Documents and Settings\thomas\Application Data\Move Networks
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-28 22:17 --------- d-----w C:\Program Files\Windows Live
2007-11-23 22:32 --------- d-----w C:\Program Files\Veoh Networks
2007-11-15 18:41 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2007-11-09 19:45 10,736 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-03-01 19:56 384 ----a-w C:\Documents and Settings\thomas\Application Data\internaldb6334.dat
2007-03-01 17:57 194 ----a-w C:\Documents and Settings\thomas\Application Data\internaldb8467.dat
2007-03-01 17:57 18,432 ----a-w C:\Documents and Settings\thomas\Application Data\internaldb41.dat
2007-01-14 19:31 7,922 ----a-w C:\Documents and Settings\thomas\Application Data\wklnhst.dat
2006-08-04 19:10 1 ----a-w C:\Documents and Settings\thomas\SI.bin
2006-01-09 15:17 62,752 ----a-w C:\Documents and Settings\thomas\Application Data\GDIPFONTCACHEV1.DAT
2005-06-28 19:17 1,898 ----a-w C:\Documents and Settings\catherine\Application Data\wklnhst.dat
2005-02-06 12:40 0 ----a-w C:\Documents and Settings\chloe\Application Data\wklnhst.dat
2005-01-22 12:07 62,368 ----a-w C:\Documents and Settings\catherine\Application Data\GDIPFONTCACHEV1.DAT
2004-12-27 07:33 0 ----a-w C:\Documents and Settings\hugo\Application Data\wklnhst.dat
2007-03-13 16:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-18_22.28.58.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-19 19:29:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{616475A4-49A2-4ED1-92B9-FD81FD9C77A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E610318-62CD-4CA5-B50C-F41849C73598}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2006-09-16 10:24 155896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 18:00 15360]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-01-02 00:55 159744]
"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 15:08 4937512]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 204800]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 01:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 01:43 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 03:43 233472]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 16:47 249856]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-02 01:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-25 03:10 339968]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 23:57 81920]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 08:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 17:49 50688]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-07-06 10:56 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44 271672]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11 866584]
"ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 10:40 462848]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 10:45 90112]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 12:31:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\req]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S2 SolidNetWork License Manager;SolidNetWork License Manager;C:\Program Files\SolidNetWork License Manager\lmgrd.exe [2001-10-05 08:20]
S3 PWIPENUM;PWIPENUM;C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-30 13:37:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-19 19:32:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 21:58:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 22:02:08
ComboFix-quarantined-files.txt 2008-01-19 21:01:59
ComboFix2.txt 2008-01-18 21:29:31
.
2008-01-18 21:39:28 --- E O F ---
0
Précédent
  • 1
  • 2

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Site pour regarder animé sans virus
ShaylahScarlet -
bendrop -

1 réponse