Probleme avec 2 malaware
sebisonfire
-
missysoso77 Messages postés 271 Statut Membre -
missysoso77 Messages postés 271 Statut Membre -
Bonjour,
smithfraud et combo fix non pas regler le probleme
ComboFix 08-10-30.13 - Administrator 2008-12-02 20:17:58.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.848 [GMT -8:00]
Running from: C:\Documents and Settings\pok pok\My Documents\ComboFix.exe
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-02 10:32 . 2008-12-02 10:32 <DIR> d-------- C:\Program Files\Digital Guitar Tuner 2.3
2008-12-02 10:32 . 2008-12-02 19:53 <DIR> d-------- C:\Program Files\Crawler
2008-11-28 22:14 . 2008-11-28 22:14 268 --ah----- C:\sqmdata04.sqm
2008-11-28 22:14 . 2008-11-28 22:14 244 --ah----- C:\sqmnoopt04.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 18:24 --------- d-----w C:\Documents and Settings\pok pok\Application Data\LimeWire
2008-12-01 08:10 --------- d-----w C:\Program Files\Starcraft
2008-12-01 07:26 2,058 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-26 02:06 --------- d-----w C:\Documents and Settings\pok pok\Application Data\BitTorrent
2008-10-23 00:37 --------- d-----w C:\Program Files\Trend Micro
2008-10-22 04:08 --------- d-----w C:\Program Files\Navilog1
2008-10-20 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-20 19:58 --------- d-----w C:\Program Files\Yahoo!
2008-10-20 19:58 --------- d-----w C:\Program Files\CCleaner
2008-10-20 19:28 --------- d-----w C:\Program Files\blcorp
2008-10-20 19:23 --------- d-----w C:\Program Files\XoftSpySE
2008-10-20 19:23 --------- d-----w C:\Program Files\AxBx
2008-10-20 06:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-20 06:46 19,456 ----a-w C:\WINDOWS\system32\drvgik.dll
2008-10-12 16:25 --------- d-----w C:\Documents and Settings\pok pok\Application Data\Winamp
2008-10-12 16:24 --------- d-----w C:\Program Files\Winamp
2008-10-10 15:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 15:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-10-08 05:10 --------- d-----w C:\Documents and Settings\pok pok\Application Data\U3
2008-10-07 19:59 --------- d-----w C:\Program Files\Dota Keys
2008-10-06 04:28 --------- d-----w C:\Program Files\Valve
2008-10-06 01:48 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-10-06 01:48 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-10-06 00:10 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-10-06 00:10 --------- d-----w C:\Documents and Settings\pok pok\Application Data\DAEMON Tools
2008-10-05 23:59 --------- d-----w C:\Program Files\BitTorrent
2008-10-05 04:49 --------- d-----w C:\Program Files\CAM Development
2008-10-01 22:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-29 23:38 32,768 ----a-w C:\WINDOWS\system32\winkve32.dll
2008-09-29 21:07 2,537 ----a-w C:\Documents and Settings\pok pok\crack.exe
2008-09-29 14:00 38,998 ----a-w C:\Documents and Settings\pok pok\install.exe
2008-09-24 08:53 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2008-09-21 14:34 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-09-10 09:38 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-09-10 09:38 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2008-09-09 06:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-07-12 17:57 43 ----a-w C:\Documents and Settings\pok pok\RUNME.bat
2005-03-04 00:40 80,849 ----a-w C:\Documents and Settings\pok pok\thesims2keygenfff.zip
.
------- Sigcheck -------
2008-09-21 06:34 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-10 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-10 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSDisp32"="C:\WINDOWS\system32\drvgik.dll" [2008-10-19 19456]
"nwiz"="nwiz.exe" [2005-11-10 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 C:\WINDOWS\soundman.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= "C:\PROGRA~1\SpyZooka\spyguard.dll" [2005-05-07 173568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32]
2008-09-29 15:38 32768 C:\WINDOWS\system32\winkve32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:truite
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
2008-12-03 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-13 13:44]
.
.
------- Supplementary Scan -------
.
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 20:18:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\winkve32.dll
.
Completion time: 2008-12-02 20:19:37
ComboFix-quarantined-files.txt 2008-12-03 04:19:36
ComboFix2.txt 2008-12-02 02:40:56
Pre-Run: 44,430,934,016 bytes free
Post-Run: 44,425,646,080 bytes free
122
smithfraud et combo fix non pas regler le probleme
ComboFix 08-10-30.13 - Administrator 2008-12-02 20:17:58.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.848 [GMT -8:00]
Running from: C:\Documents and Settings\pok pok\My Documents\ComboFix.exe
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-02 10:32 . 2008-12-02 10:32 <DIR> d-------- C:\Program Files\Digital Guitar Tuner 2.3
2008-12-02 10:32 . 2008-12-02 19:53 <DIR> d-------- C:\Program Files\Crawler
2008-11-28 22:14 . 2008-11-28 22:14 268 --ah----- C:\sqmdata04.sqm
2008-11-28 22:14 . 2008-11-28 22:14 244 --ah----- C:\sqmnoopt04.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 18:24 --------- d-----w C:\Documents and Settings\pok pok\Application Data\LimeWire
2008-12-01 08:10 --------- d-----w C:\Program Files\Starcraft
2008-12-01 07:26 2,058 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-26 02:06 --------- d-----w C:\Documents and Settings\pok pok\Application Data\BitTorrent
2008-10-23 00:37 --------- d-----w C:\Program Files\Trend Micro
2008-10-22 04:08 --------- d-----w C:\Program Files\Navilog1
2008-10-20 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-20 19:58 --------- d-----w C:\Program Files\Yahoo!
2008-10-20 19:58 --------- d-----w C:\Program Files\CCleaner
2008-10-20 19:28 --------- d-----w C:\Program Files\blcorp
2008-10-20 19:23 --------- d-----w C:\Program Files\XoftSpySE
2008-10-20 19:23 --------- d-----w C:\Program Files\AxBx
2008-10-20 06:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-20 06:46 19,456 ----a-w C:\WINDOWS\system32\drvgik.dll
2008-10-12 16:25 --------- d-----w C:\Documents and Settings\pok pok\Application Data\Winamp
2008-10-12 16:24 --------- d-----w C:\Program Files\Winamp
2008-10-10 15:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 15:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-10-08 05:10 --------- d-----w C:\Documents and Settings\pok pok\Application Data\U3
2008-10-07 19:59 --------- d-----w C:\Program Files\Dota Keys
2008-10-06 04:28 --------- d-----w C:\Program Files\Valve
2008-10-06 01:48 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-10-06 01:48 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-10-06 00:10 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-10-06 00:10 --------- d-----w C:\Documents and Settings\pok pok\Application Data\DAEMON Tools
2008-10-05 23:59 --------- d-----w C:\Program Files\BitTorrent
2008-10-05 04:49 --------- d-----w C:\Program Files\CAM Development
2008-10-01 22:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-29 23:38 32,768 ----a-w C:\WINDOWS\system32\winkve32.dll
2008-09-29 21:07 2,537 ----a-w C:\Documents and Settings\pok pok\crack.exe
2008-09-29 14:00 38,998 ----a-w C:\Documents and Settings\pok pok\install.exe
2008-09-24 08:53 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2008-09-21 14:34 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-09-10 09:38 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-09-10 09:38 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2008-09-09 06:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-07-12 17:57 43 ----a-w C:\Documents and Settings\pok pok\RUNME.bat
2005-03-04 00:40 80,849 ----a-w C:\Documents and Settings\pok pok\thesims2keygenfff.zip
.
------- Sigcheck -------
2008-09-21 06:34 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-10 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-10 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSDisp32"="C:\WINDOWS\system32\drvgik.dll" [2008-10-19 19456]
"nwiz"="nwiz.exe" [2005-11-10 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 C:\WINDOWS\soundman.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= "C:\PROGRA~1\SpyZooka\spyguard.dll" [2005-05-07 173568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32]
2008-09-29 15:38 32768 C:\WINDOWS\system32\winkve32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:truite
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
2008-12-03 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-13 13:44]
.
.
------- Supplementary Scan -------
.
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 20:18:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\winkve32.dll
.
Completion time: 2008-12-02 20:19:37
ComboFix-quarantined-files.txt 2008-12-03 04:19:36
ComboFix2.txt 2008-12-02 02:40:56
Pre-Run: 44,430,934,016 bytes free
Post-Run: 44,425,646,080 bytes free
122
A voir également:
- Probleme avec 2 malaware
- Supercopier 2 - Télécharger - Gestion de fichiers
- Whatsapp avec 2 sim - Guide
- 2 ecran pc - Guide
- Gta 6 trailer 2 - Guide
- Faire 2 colonnes sur word - Guide
