Aller au contenu

ephese

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par ephese

  1. ephese
    Voilà un scanne avec combofix mais je ne vois pas ce que je dois faire avec ce fichier ? Je suis un peu paumé ComboFix 08-05-11.1 - pascal 2008-05-12 21:36:37.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1634 [GMT 2:00] Endroit: C:\Documents and Settings\pascal\Bureau\Combo--Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))))))) . 2008-05-12 21:36 . 2008-05-12 21:36 <REP> d-------- C:\ComboFix 2008-05-12 20:29 . 2008-05-12 20:29 <REP> d-------- C:\kav 2008-05-12 19:15 . 2008-05-12 19:15 <REP> d-------- C:\antibagle 2008-05-12 19:07 . 2008-05-12 21:18 <REP> d-------- C:\Program Files\Mozilla Thunderbird 2008-05-12 19:07 . 2008-05-12 19:07 <REP> d-------- C:\Documents and Settings\pascal\Application Data\Thunderbird 2008-05-12 19:07 . 2008-05-12 19:07 <REP> d-------- C:\Documents and Settings\pascal\Application Data\Talkback 2008-05-12 18:33 . 2008-05-12 18:33 <REP> d-------- C:\Program Files\EPSON 2008-05-12 18:33 . 2003-07-28 03:10 76,045 --a------ C:\WINDOWS\system32\EBPMON24.DLL 2008-05-12 18:33 . 2003-05-21 04:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL 2008-05-12 18:33 . 2000-06-07 03:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL 2008-05-12 18:33 . 2003-07-16 15:14 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL 2008-05-12 18:33 . 2008-05-12 18:33 17,285 --a------ C:\WINDOWS\EPSTPLOG.BAK 2008-05-12 18:33 . 2001-09-04 04:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT 2008-05-12 18:32 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-05-12 18:32 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-05-12 18:32 . 2008-05-12 18:32 25 --a------ C:\WINDOWS\CDER200Euro.ini 2008-05-12 18:08 . 2008-05-12 18:08 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG 2008-05-12 18:05 . 2006-03-02 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-05-12 18:04 . 2006-03-02 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-05-12 18:03 . 2008-05-12 18:03 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-05-12 18:03 . 2008-05-12 18:03 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-05-12 18:03 . 2008-05-12 18:03 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-05-12 18:03 . 2008-05-12 18:03 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-05-12 18:03 . 2008-05-12 18:03 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-05-12 18:03 . 2008-05-12 18:03 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-05-12 17:59 . 2006-03-02 14:00 1,086,058 -ra------ C:\WINDOWS\SET2D.tmp 2008-05-12 17:59 . 2006-03-02 14:00 1,013,912 -ra------ C:\WINDOWS\SET2A.tmp 2008-05-12 17:59 . 2006-03-02 14:00 14,573 -ra------ C:\WINDOWS\SET74.tmp 2008-05-12 17:59 . 2006-03-02 14:00 14,043 -ra------ C:\WINDOWS\SET39.tmp 2008-05-12 17:43 . 2008-05-12 17:43 <REP> d-------- C:\WINDOWS\NV11681464.TMP 2008-05-12 17:43 . 2008-05-12 17:43 <REP> d-------- C:\WINDOWS\NV11681448.TMP 2008-05-12 16:57 . 2005-03-29 21:05 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe 2008-05-12 16:57 . 2005-03-29 19:08 299,008 -ra------ C:\WINDOWS\system32\atiiiexx.dll 2008-05-12 16:57 . 2005-03-17 08:29 81,342 -ra------ C:\WINDOWS\system32\atiicdxx.dat 2008-05-12 16:57 . 2005-01-28 09:12 9,684 -ra------ C:\WINDOWS\system32\atifglpf.xml 2008-05-12 16:56 . 2008-05-12 16:59 <REP> d-------- C:\Program Files\ATI Technologies 2008-05-12 16:49 . 2008-05-07 10:54 29,016 --a------ C:\WINDOWS\system32\ntaccess_64.sys 2008-05-12 16:49 . 2008-05-07 10:50 17,920 --a------ C:\WINDOWS\system32\Ntaccess.sys 2008-05-12 16:49 . 2004-07-23 16:09 13,368 --a------ C:\WINDOWS\system32\FlashVxd.vxd 2008-05-12 16:49 . 2007-12-14 09:21 9,216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys 2008-05-12 16:48 . 2008-05-12 16:48 264 --a------ C:\WINDOWS\_delis32.ini 2008-05-12 16:44 . 2004-05-20 10:11 172,032 --a------ C:\WINDOWS\system32\nvuide.exe 2008-05-12 16:44 . 2004-03-21 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu 2008-05-12 16:43 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe 2008-05-12 16:43 . 2004-05-10 08:52 172,032 --a------ C:\WINDOWS\system32\nvunrm.exe 2008-05-12 16:43 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-05-12 16:43 . 2004-04-27 15:22 172,032 --a------ C:\WINDOWS\system32\nvugart.exe 2008-05-12 16:43 . 2004-03-21 02:30 2,509 --a------ C:\WINDOWS\system32\nvnrm.nvu 2008-05-12 16:43 . 2004-04-27 15:22 2,124 --a------ C:\WINDOWS\system32\nvgart.nvu 2008-05-12 16:43 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu 2008-05-12 16:41 . 2003-07-14 13:57 143,360 --a------ C:\WINDOWS\system32\IpLib.dll 2008-05-12 16:41 . 2003-09-02 11:25 11,266 --a------ C:\WINDOWS\system32\drivers\diag69xp.sys 2008-05-12 16:09 . 2004-05-17 13:49 198,656 --a------ C:\WINDOWS\system32\fdco1.dll 2008-05-12 16:09 . 2004-05-17 14:00 191,232 --a------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2008-05-12 16:09 . 2004-05-17 14:00 56,960 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys 2008-05-12 16:09 . 2004-05-17 14:00 33,280 --a------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2008-05-12 16:09 . 2004-05-10 08:53 32,256 --a------ C:\WINDOWS\system32\nvconrm.dll 2008-05-12 16:09 . 2004-03-25 15:29 32,256 --a------ C:\WINDOWS\system32\NVCOG.DLL 2008-05-12 16:09 . 2003-10-29 13:02 21,120 --a------ C:\WINDOWS\system32\drivers\nv_agp.SYS 2008-05-12 16:09 . 2004-05-17 14:00 12,928 --a------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2008-05-12 16:09 . 2004-05-17 13:48 8,192 --a------ C:\WINDOWS\system32\bdco1.dll 2008-05-12 16:08 . 2004-06-03 10:40 79,360 --a------ C:\WINDOWS\system32\drivers\nvatabus.sys 2008-05-12 15:32 . 2008-05-12 17:31 115,495 --a------ C:\WINDOWS\setupapi.old 2008-05-12 15:32 . 2008-05-12 15:52 10 --a------ C:\WINDOWS\WININIT.INI 2008-05-12 14:31 . 2008-05-12 14:31 <REP> d-------- C:\Documents and Settings\pascal\Application Data\ATI 2008-05-12 14:26 . 2008-05-12 14:26 <REP> d-------- C:\WINDOWS\system32\URTTemp 2008-05-12 12:38 . 2008-05-12 19:17 <REP> d-------- C:\Program Files\Hijackthis Version Française 2008-05-12 11:41 . 2008-05-12 12:24 <REP> d-------- C:\Program Files\Yahoo! 2008-05-12 11:19 . 2008-05-12 11:19 <REP> d-------- C:\Program Files\MSXML 6.0 2008-05-12 11:13 . 2008-05-12 11:13 <REP> dr------- C:\Documents and Settings\LocalService\Favoris 2008-05-12 10:54 . 2008-05-12 15:47 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-12 10:43 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-05-12 10:21 . 2008-05-12 10:21 <REP> d-------- C:\Program Files\Alwil Software 2008-05-12 01:40 . 2008-05-12 17:16 <REP> d-------- C:\Program Files\Setup Files 2008-05-12 01:38 . 2008-05-12 01:38 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2008-05-12 01:37 . 2008-05-12 01:37 1,169 --a------ C:\WINDOWS\mozver.dat 2008-05-12 01:28 . 2008-05-12 01:28 <REP> d-------- C:\Program Files\SAGEM 2008-05-12 01:28 . 2004-09-06 17:35 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-05-12 01:03 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-05-12 01:02 . 2004-08-19 17:54 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-05-12 01:01 . 2004-08-19 16:09 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2008-05-12 01:01 . 2001-08-17 23:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2008-05-07 20:26 . 2004-06-03 10:40 294,400 --a------ C:\WINDOWS\system32\idecoi.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-12 14:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-12 14:49 --------- d-----w C:\Program Files\MSI 2008-05-11 21:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-05-11 21:45 45,768 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys 2008-05-11 21:12 --------- d-----w C:\Program Files\microsoft frontpage 2008-05-11 21:10 --------- d-----w C:\Program Files\Services en ligne 2008-04-07 14:06 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 21:05 339968] "DiagAP8169"="C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw" [ ] "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 18:30 498176] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-30 00:36 32768] "EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.exe" [2003-09-11 05:00 99840] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Barre d'‚tat systŠme d'ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-03-30 00:36:36 32768] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] S2 LANPkt;Realtek LANPkt Protocol;C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 15:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\Auto\command - RavMon.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\Auto\command - RavMon.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c418d784-1fac-11dd-81a6-806d6172696f}] \Shell\AutoRun\command - E:\atisetup.exe \Shell\launch\command - E:\atisetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc7d8642-202e-11dd-bf09-00604c597177}] \Shell\AutoRun\command - nideiect.com \Shell\explore\Command - nideiect.com \Shell\open\Command - nideiect.com *Newly Created Service* - BITS *Newly Created Service* - DIAG69XP . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-12 21:37:20 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Diag69xp] "ImagePath"="System32\Drivers\Diag69xp.sys" . Temps d'accomplissement: 2008-05-12 21:37:45 ComboFix-quarantined-files.txt 2008-05-12 19:37:43 Pre-Run: 311,583,518,720 octets libres Post-Run: 311,575,367,680 octets libres 156 --- E O F --- 2008-05-12 10:01:36
  2. ephese
    Bonjour à la communauté Ca fait trois jours que je me débat avec le virus Win32:Beagle-AAW[Trj] . J'ai besoin d'aide et de conseils et je voudrai que l'ont me conseil sur une protection plus sur qu'avast Merci de votre aide .... oh secour Voilà le fichier txt de HijackThisFR Logfile of HijackThis v1.99.1 Scan saved at 19:17:13, on 12/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
×
×
  • Créer...