A l'aide s'ilvous plait virus beagle
Fermé
biscuik64
Messages postés
48
Statut
Membre
-
toptitbal Messages postés 26224 Date d'inscription Statut Contributeur sécurité Dernière intervention -
toptitbal Messages postés 26224 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Apres différente manipulation voici mon dernier rapport combofix est ce que quelqu'un pourrait me l'analyser s'il vous plait.
ComboFix 08-11-22.02 - clo natha 2008-11-23 14:49:13.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1140 [GMT 1:00]
Lancé depuis: c:\users\clo natha\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 ))))))))))))))))))))))))))))))))))))
.
2008-11-23 14:36 . 2008-11-23 14:46 <REP> d----c--- c:\program files\FindyKill
2008-11-22 16:39 . 2008-11-22 16:39 <REP> d-------- c:\users\CLONAT~1\AppData\Roaming\Malwarebytes
2008-11-22 16:39 . 2008-11-22 16:39 <REP> d-------- c:\users\clo natha\AppData\Roaming\Malwarebytes
2008-11-22 16:39 . 2008-11-22 16:39 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-22 16:39 . 2008-11-22 16:39 <REP> d-------- c:\progra~2\Malwarebytes
2008-11-22 15:30 . 2008-11-22 15:30 <REP> d-------- c:\users\All Users\NortonInstaller
2008-11-22 15:30 . 2008-11-22 15:30 <REP> d-------- c:\progra~2\NortonInstaller
2008-11-21 22:36 . 2008-11-22 15:33 <REP> d----c--- c:\program files\Trend Micro
2008-11-21 21:59 . 2008-11-21 21:59 <REP> d-------- c:\users\CLONAT~1\AppData\Roaming\Uniblue
2008-11-21 21:59 . 2008-11-21 21:59 <REP> d-------- c:\users\clo natha\AppData\Roaming\Uniblue
2008-11-21 21:20 . 2008-11-21 22:26 270,399,889 --a------ c:\windows\MEMORY.DMP
2008-11-21 15:38 . 2008-11-21 15:38 <REP> d-------- c:\users\All Users\Zylom
2008-11-21 15:38 . 2008-11-21 15:38 <REP> d-------- c:\progra~2\Zylom
2008-11-20 00:57 . 2007-06-18 18:03 737,280 --a------ c:\windows\System32\drivers\athr.sys
2008-11-20 00:57 . 2007-06-18 18:03 737,280 --a------ c:\windows\System32\athr.sys
2008-11-20 00:57 . 2007-06-18 18:02 89,991 --a------ c:\windows\System32\netathr.inf
2008-11-19 19:00 . 2008-11-19 19:00 0 --a------ c:\windows\ToDisc.INI
2008-11-19 14:21 . 2008-11-19 14:21 <REP> d-------- c:\windows\Driver Cache
2008-11-19 14:21 . 2004-05-27 08:52 49,152 --a------ c:\windows\System32\TosBthSupport.dll
2008-11-15 21:03 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-15 21:03 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-15 21:03 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-15 21:03 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-15 21:02 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-15 21:02 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 15:15 . 2008-11-14 15:17 <REP> d-------- c:\users\CLONAT~1\AppData\Roaming\BeachPartyCraze
2008-11-14 15:15 . 2008-11-14 15:17 <REP> d-------- c:\users\clo natha\AppData\Roaming\BeachPartyCraze
2008-11-14 14:52 . 2008-11-14 14:52 <REP> d----c--- c:\program files\Oberon Media
2008-11-12 09:10 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 09:10 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 09:10 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-10-31 18:34 . 2008-10-31 18:34 <REP> d-------- c:\users\CLONAT~1\AppData\Roaming\RealArcade
2008-10-31 18:34 . 2008-10-31 18:34 <REP> d-------- c:\users\clo natha\AppData\Roaming\RealArcade
2008-10-29 17:42 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-29 17:42 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-29 17:42 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-29 17:42 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-29 17:42 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 05:45 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 05:45 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 05:45 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-29 01:45 . 2008-10-29 01:45 <REP> d-------- c:\users\CLONAT~1\AppData\Roaming\BloodTies
2008-10-29 01:45 . 2008-10-29 01:45 <REP> d-------- c:\users\clo natha\AppData\Roaming\BloodTies
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx07.dll
2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll
2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\System32\divx_xx11.dll
2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:\windows\System32\divxdec.ax
2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:\windows\System32\DivX.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 23:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 23:57 --------- d-----w c:\program files\Atheros
2008-11-19 13:21 --------- d-----w c:\program files\TOSHIBA
2008-11-19 13:17 --------- d-----w c:\program files\Nokia
2008-11-19 13:04 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Toshiba
2008-11-19 13:04 --------- d-----w c:\users\clo natha\AppData\Roaming\Toshiba
2008-11-19 12:38 --------- d-----w c:\program files\OrangeHSS
2008-11-18 12:49 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Zylom
2008-11-18 12:49 --------- d-----w c:\users\clo natha\AppData\Roaming\Zylom
2008-11-15 16:08 --------- d-----w c:\program files\DivX
2008-11-14 15:15 --------- d---a-w c:\progra~2\TEMP
2008-10-23 22:37 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\LimeWire
2008-10-23 22:37 --------- d-----w c:\users\clo natha\AppData\Roaming\LimeWire
2008-10-23 00:41 --------- dc----w c:\program files\Google
2008-10-22 15:42 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Shopping Blocks
2008-10-22 15:42 --------- d-----w c:\users\clo natha\AppData\Roaming\Shopping Blocks
2008-10-22 12:33 --------- d-----w c:\program files\Common Files\Adobe
2008-10-22 11:59 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-22 11:59 --------- d-----w c:\progra~2\Microsoft Help
2008-10-21 21:30 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 18:45 --------- dc----w c:\program files\ACD Systems
2008-10-20 18:45 --------- d-----w c:\program files\Common Files\ACD Systems
2008-10-20 18:44 10,368 ----a-w c:\windows\system32\drivers\pfc.sys
2008-10-20 18:04 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Leadertech
2008-10-20 18:04 --------- d-----w c:\users\clo natha\AppData\Roaming\Leadertech
2008-10-20 15:38 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\GamesCafe
2008-10-20 15:38 --------- d-----w c:\users\clo natha\AppData\Roaming\GamesCafe
2008-10-19 20:05 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-17 01:15 --------- d-----w c:\program files\Windows Mail
2008-10-11 10:23 --------- d-----w c:\program files\Apple Software Update
2008-10-02 12:10 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\PlayFirst
2008-10-02 12:10 --------- d-----w c:\users\clo natha\AppData\Roaming\PlayFirst
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 11:58 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Playrix Entertainment
2008-09-29 11:58 --------- d-----w c:\users\clo natha\AppData\Roaming\Playrix Entertainment
2008-09-27 15:16 --------- d-----w c:\progra~2\Apple Computer
2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-24 20:58 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\IMVUClient
2008-09-24 20:58 --------- d-----w c:\users\clo natha\AppData\Roaming\IMVUClient
2008-09-23 13:07 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Friday's games
2008-09-23 13:07 --------- d-----w c:\users\clo natha\AppData\Roaming\Friday's games
2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
2008-06-26 00:44 174 --sha-w c:\program files\desktop.ini
2008-01-19 00:53 66,288 ----a-w c:\users\CLONAT~1\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-01-19 00:53 66,288 ----a-w c:\users\clo natha\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-07-06 19:21 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-06 19:21 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-06 19:21 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-13 18:04 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-13 18:04 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-13 18:04 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1488139506-3222835367-4041885044-1000]
"EnableNotificationsRef"=dword:00000003
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D2A16E10-565B-418B-87B1-D75B6BDB02EF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6A4DE066-020D-4C5A-9F94-86869FA51635}"= UDP:c:\program files\eMule\emule.exe:eMule
"{310B79BC-DC4C-4C9F-BA57-3B2F516C86B7}"= TCP:c:\program files\eMule\emule.exe:eMule
"{30A3EEBB-2501-474E-89E9-44F524108A4A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire 4.16.2
"{DAE5FFE9-A082-47D4-BB80-B05401DA10CB}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire 4.16.2
"TCP Query User{2B029668-6E33-4EAF-B479-E243D4200518}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{8646B826-A8AA-4388-A803-CEECF214D68F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C62E143E-9905-409F-910D-5F5467C94C71}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C79A61CB-734E-4844-950F-C12033DD3416}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{A0FBD900-5E47-453C-9F00-E9D7E8BAD0AF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{705E4C75-4EE8-4F3B-9353-E723C2540033}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A675EF66-50E6-43EE-8828-05C558BC77DA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E9D5008D-286A-443F-B60F-C7BB4B106897}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{2CE9999C-0C27-41EB-8B68-062A6ADD8464}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{B3573336-469E-46CA-8C28-100EAA66B276}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{F0CDEFF0-0048-425F-81BE-2373A42B12F6}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{92C39EAB-C9D6-4E52-96EF-07A839430F3E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2007-08-29 7680]
R0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-17 2771968]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;"c:\program files\Toshiba TEMPO\TempoSVC.exe" [2007-10-29 95624]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-07-25 191656]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-07-06 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2008-07-06 27072]
S3 w550bus;Sony Ericsson W550 driver (WDM);c:\windows\system32\DRIVERS\w550bus.sys [2005-07-15 60928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 14:51:17
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-23 14:53:03
ComboFix-quarantined-files.txt 2008-11-23 13:53:00
Avant-CF: 30 245 146 624 octets libres
Après-CF: 30,129,922,048 octets libres
195 --- E O F --- 2008-11-12 22:41:26
Apres différente manipulation voici mon dernier rapport combofix est ce que quelqu'un pourrait me l'analyser s'il vous plait.
ComboFix 08-11-22.02 - clo natha 2008-11-23 14:49:13.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1140 [GMT 1:00]
Lancé depuis: c:\users\clo natha\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 ))))))))))))))))))))))))))))))))))))
.
2008-11-23 14:36 . 2008-11-23 14:46 <REP> d----c--- c:\program files\FindyKill
2008-11-22 16:39 . 2008-11-22 16:39 <REP> d-------- c:\users\CLONAT~1\AppData\Roaming\Malwarebytes
2008-11-22 16:39 . 2008-11-22 16:39 <REP> d-------- c:\users\clo natha\AppData\Roaming\Malwarebytes
2008-11-22 16:39 . 2008-11-22 16:39 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-22 16:39 . 2008-11-22 16:39 <REP> d-------- c:\progra~2\Malwarebytes
2008-11-22 15:30 . 2008-11-22 15:30 <REP> d-------- c:\users\All Users\NortonInstaller
2008-11-22 15:30 . 2008-11-22 15:30 <REP> d-------- c:\progra~2\NortonInstaller
2008-11-21 22:36 . 2008-11-22 15:33 <REP> d----c--- c:\program files\Trend Micro
2008-11-21 21:59 . 2008-11-21 21:59 <REP> d-------- c:\users\CLONAT~1\AppData\Roaming\Uniblue
2008-11-21 21:59 . 2008-11-21 21:59 <REP> d-------- c:\users\clo natha\AppData\Roaming\Uniblue
2008-11-21 21:20 . 2008-11-21 22:26 270,399,889 --a------ c:\windows\MEMORY.DMP
2008-11-21 15:38 . 2008-11-21 15:38 <REP> d-------- c:\users\All Users\Zylom
2008-11-21 15:38 . 2008-11-21 15:38 <REP> d-------- c:\progra~2\Zylom
2008-11-20 00:57 . 2007-06-18 18:03 737,280 --a------ c:\windows\System32\drivers\athr.sys
2008-11-20 00:57 . 2007-06-18 18:03 737,280 --a------ c:\windows\System32\athr.sys
2008-11-20 00:57 . 2007-06-18 18:02 89,991 --a------ c:\windows\System32\netathr.inf
2008-11-19 19:00 . 2008-11-19 19:00 0 --a------ c:\windows\ToDisc.INI
2008-11-19 14:21 . 2008-11-19 14:21 <REP> d-------- c:\windows\Driver Cache
2008-11-19 14:21 . 2004-05-27 08:52 49,152 --a------ c:\windows\System32\TosBthSupport.dll
2008-11-15 21:03 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-15 21:03 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-15 21:03 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-15 21:03 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-15 21:02 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-15 21:02 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 15:15 . 2008-11-14 15:17 <REP> d-------- c:\users\CLONAT~1\AppData\Roaming\BeachPartyCraze
2008-11-14 15:15 . 2008-11-14 15:17 <REP> d-------- c:\users\clo natha\AppData\Roaming\BeachPartyCraze
2008-11-14 14:52 . 2008-11-14 14:52 <REP> d----c--- c:\program files\Oberon Media
2008-11-12 09:10 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 09:10 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 09:10 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-10-31 18:34 . 2008-10-31 18:34 <REP> d-------- c:\users\CLONAT~1\AppData\Roaming\RealArcade
2008-10-31 18:34 . 2008-10-31 18:34 <REP> d-------- c:\users\clo natha\AppData\Roaming\RealArcade
2008-10-29 17:42 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-29 17:42 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-29 17:42 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-29 17:42 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-29 17:42 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 05:45 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 05:45 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 05:45 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-29 01:45 . 2008-10-29 01:45 <REP> d-------- c:\users\CLONAT~1\AppData\Roaming\BloodTies
2008-10-29 01:45 . 2008-10-29 01:45 <REP> d-------- c:\users\clo natha\AppData\Roaming\BloodTies
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx07.dll
2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll
2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\System32\divx_xx11.dll
2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:\windows\System32\divxdec.ax
2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:\windows\System32\DivX.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 23:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 23:57 --------- d-----w c:\program files\Atheros
2008-11-19 13:21 --------- d-----w c:\program files\TOSHIBA
2008-11-19 13:17 --------- d-----w c:\program files\Nokia
2008-11-19 13:04 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Toshiba
2008-11-19 13:04 --------- d-----w c:\users\clo natha\AppData\Roaming\Toshiba
2008-11-19 12:38 --------- d-----w c:\program files\OrangeHSS
2008-11-18 12:49 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Zylom
2008-11-18 12:49 --------- d-----w c:\users\clo natha\AppData\Roaming\Zylom
2008-11-15 16:08 --------- d-----w c:\program files\DivX
2008-11-14 15:15 --------- d---a-w c:\progra~2\TEMP
2008-10-23 22:37 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\LimeWire
2008-10-23 22:37 --------- d-----w c:\users\clo natha\AppData\Roaming\LimeWire
2008-10-23 00:41 --------- dc----w c:\program files\Google
2008-10-22 15:42 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Shopping Blocks
2008-10-22 15:42 --------- d-----w c:\users\clo natha\AppData\Roaming\Shopping Blocks
2008-10-22 12:33 --------- d-----w c:\program files\Common Files\Adobe
2008-10-22 11:59 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-22 11:59 --------- d-----w c:\progra~2\Microsoft Help
2008-10-21 21:30 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 18:45 --------- dc----w c:\program files\ACD Systems
2008-10-20 18:45 --------- d-----w c:\program files\Common Files\ACD Systems
2008-10-20 18:44 10,368 ----a-w c:\windows\system32\drivers\pfc.sys
2008-10-20 18:04 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Leadertech
2008-10-20 18:04 --------- d-----w c:\users\clo natha\AppData\Roaming\Leadertech
2008-10-20 15:38 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\GamesCafe
2008-10-20 15:38 --------- d-----w c:\users\clo natha\AppData\Roaming\GamesCafe
2008-10-19 20:05 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-17 01:15 --------- d-----w c:\program files\Windows Mail
2008-10-11 10:23 --------- d-----w c:\program files\Apple Software Update
2008-10-02 12:10 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\PlayFirst
2008-10-02 12:10 --------- d-----w c:\users\clo natha\AppData\Roaming\PlayFirst
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 11:58 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Playrix Entertainment
2008-09-29 11:58 --------- d-----w c:\users\clo natha\AppData\Roaming\Playrix Entertainment
2008-09-27 15:16 --------- d-----w c:\progra~2\Apple Computer
2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-24 20:58 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\IMVUClient
2008-09-24 20:58 --------- d-----w c:\users\clo natha\AppData\Roaming\IMVUClient
2008-09-23 13:07 --------- d-----w c:\users\CLONAT~1\AppData\Roaming\Friday's games
2008-09-23 13:07 --------- d-----w c:\users\clo natha\AppData\Roaming\Friday's games
2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
2008-06-26 00:44 174 --sha-w c:\program files\desktop.ini
2008-01-19 00:53 66,288 ----a-w c:\users\CLONAT~1\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-01-19 00:53 66,288 ----a-w c:\users\clo natha\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-07-06 19:21 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-06 19:21 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-06 19:21 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-13 18:04 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-13 18:04 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-13 18:04 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1488139506-3222835367-4041885044-1000]
"EnableNotificationsRef"=dword:00000003
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D2A16E10-565B-418B-87B1-D75B6BDB02EF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6A4DE066-020D-4C5A-9F94-86869FA51635}"= UDP:c:\program files\eMule\emule.exe:eMule
"{310B79BC-DC4C-4C9F-BA57-3B2F516C86B7}"= TCP:c:\program files\eMule\emule.exe:eMule
"{30A3EEBB-2501-474E-89E9-44F524108A4A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire 4.16.2
"{DAE5FFE9-A082-47D4-BB80-B05401DA10CB}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire 4.16.2
"TCP Query User{2B029668-6E33-4EAF-B479-E243D4200518}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{8646B826-A8AA-4388-A803-CEECF214D68F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C62E143E-9905-409F-910D-5F5467C94C71}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C79A61CB-734E-4844-950F-C12033DD3416}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{A0FBD900-5E47-453C-9F00-E9D7E8BAD0AF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{705E4C75-4EE8-4F3B-9353-E723C2540033}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A675EF66-50E6-43EE-8828-05C558BC77DA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E9D5008D-286A-443F-B60F-C7BB4B106897}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{2CE9999C-0C27-41EB-8B68-062A6ADD8464}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{B3573336-469E-46CA-8C28-100EAA66B276}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{F0CDEFF0-0048-425F-81BE-2373A42B12F6}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{92C39EAB-C9D6-4E52-96EF-07A839430F3E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2007-08-29 7680]
R0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-17 2771968]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;"c:\program files\Toshiba TEMPO\TempoSVC.exe" [2007-10-29 95624]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-07-25 191656]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-07-06 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2008-07-06 27072]
S3 w550bus;Sony Ericsson W550 driver (WDM);c:\windows\system32\DRIVERS\w550bus.sys [2005-07-15 60928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 14:51:17
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-23 14:53:03
ComboFix-quarantined-files.txt 2008-11-23 13:53:00
Avant-CF: 30 245 146 624 octets libres
Après-CF: 30,129,922,048 octets libres
195 --- E O F --- 2008-11-12 22:41:26
A voir également:
- A l'aide s'ilvous plait virus beagle
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
1 réponse
DOUBLON !
Continue sur cette discussion : http://www.commentcamarche.net/forum/affich 9540971 virus beagle je n arrive pas a le supprimer
Continue sur cette discussion : http://www.commentcamarche.net/forum/affich 9540971 virus beagle je n arrive pas a le supprimer
