Aller au contenu

ahmedfaresse

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

ahmedfaresse's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. ahmedfaresse
    Bonjour, Tout d'abord j'ai utilisé combo fix car j'ai un virus qui persiste HEUR/MODIFIED.SYSTEMFILE situé dans C:Windows\system32\user32.DLL que mon antivirus avira antivir personal a détecter , je le met en quarantaine ensuite je le supprime et quand je refais un scan il apparait encore . J'ai fait des recherche sur plusieurs forum et on ma conseiller d'utiliser combofix puis d'envoyer ensuite le rapport sur un forum et comme je trouve que zebulon est un forum très puissant et qui ma beaucoup aider je fait appelle a ces membres . Voici le rapport : ComboFix 10-06-27.06 - Aline Sanges 28/06/2010 19:27:33.1.2 - x86 Microsoft Windows 7 Édition Familiale Basique 6.1.7600.0.1252.33.1036.18.3071.2165 [GMT 3:00] Lancé depuis: c:\users\Aline Sanges\Documents\Downloads\Programs\ComboFix.exe * Un antivirus résident est actif . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-28 au 2010-06-28 )))))))))))))))))))))))))))))))))))) . 2010-06-28 16:32 . 2010-06-28 16:32 -------- d-----w- c:\users\Aline Sanges\AppData\Local\temp 2010-06-28 16:32 . 2010-06-28 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-26 16:55 . 2010-06-26 18:04 -------- d-----w- c:\program files\JDownloader 2010-06-26 16:53 . 2010-06-26 16:53 -------- d-----w- c:\program files\SystemRequirementsLab 2010-06-26 16:52 . 2010-06-26 16:52 85504 ----a-w- c:\users\Aline Sanges\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-06-26 16:52 . 2010-06-26 16:52 -------- d-----w- c:\users\Aline Sanges\AppData\Roaming\SystemRequirementsLab 2010-06-23 13:40 . 2009-11-25 09:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-23 13:40 . 2009-11-25 09:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-23 13:40 . 2009-11-25 09:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-06-23 13:40 . 2009-11-25 09:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-23 13:40 . 2009-11-25 09:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-06-23 12:33 . 2010-06-23 12:33 -------- d-----w- c:\program files\Trend Micro 2010-06-23 10:27 . 2010-06-23 10:27 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb273.tmp.exe 2010-06-23 10:17 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll 2010-06-23 10:17 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-06-15 14:52 . 2010-06-15 14:52 -------- d-----w- c:\users\Aline Sanges\AppData\Roaming\skypePM 2010-06-12 05:55 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll 2010-06-12 05:52 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys 2010-06-12 05:52 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll 2010-06-12 05:49 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-06-12 05:49 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-06-02 14:29 . 2003-07-06 10:07 372736 ----a-w- c:\windows\system32\_IJL11.DLL 2010-05-31 07:11 . 2010-05-31 07:11 -------- d-----w- c:\users\Aline Sanges\AppData\Roaming\CyberLink 2010-05-31 06:53 . 2010-05-31 07:05 -------- d-----w- c:\users\Aline Sanges\AppData\Local\Microsoft Games . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-28 16:29 . 2009-08-01 07:53 704480 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-28 16:29 . 2009-08-01 07:53 130754 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-28 16:24 . 2010-03-26 20:24 -------- d-----w- c:\users\Aline Sanges\AppData\Roaming\Skype 2010-06-28 16:14 . 2010-03-26 20:30 -------- d-----w- c:\users\Aline Sanges\AppData\Roaming\LimeWire 2010-06-28 16:13 . 2010-03-26 21:41 -------- d-----w- c:\users\Aline Sanges\AppData\Roaming\DMCache 2010-06-27 17:01 . 2010-03-26 20:25 -------- d-----w- c:\program files\Microsoft.NET 2010-06-15 14:52 . 2010-06-15 14:52 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-06-06 09:39 . 2010-03-26 20:48 -------- d-----w- c:\programdata\CyberLink 2010-05-29 20:36 . 2010-03-27 16:46 -------- d-----w- c:\users\Aline Sanges\AppData\Roaming\vlc 2010-05-27 10:46 . 2010-03-27 17:57 -------- d-----w- c:\users\Aline Sanges\AppData\Roaming\dvdcss 2010-05-21 11:14 . 2010-03-26 20:41 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-15 20:38 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-04-23 07:13 . 2010-05-26 10:54 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-07 19:37 . 2010-03-26 14:18 108824 ----a-w- c:\users\Aline Sanges\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-03 16:22 . 2010-04-03 16:22 10134 ----a-r- c:\users\Aline Sanges\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ------- Sigcheck ------- [-] 2010-03-26 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-26 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-09 3118512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-26 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "CLMLServer"="c:\program files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe" [2008-06-11 196608] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "PCMAgent"="c:\program files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe" [2008-06-11 212992] "PlayMovie"="c:\program files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe" [2008-05-19 172032] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] c:\users\Aline Sanges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 135664] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-26 1343400] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-26 721904] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\ASUS\AI TouchMedia\PlayMovie\000.fcl [2008-05-19 61424] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contenu du dossier 'Tâches planifiées' 2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 20:28] 2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 20:28] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm FF - ProfilePath - c:\users\Aline Sanges\AppData\Roaming\Mozilla\Firefox\Profiles\ajcwlzo7.default\ FF - component: c:\users\Aline Sanges\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\ASUS\AI TouchMedia\PlayMovie\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-605224659-2803746156-872913487-1000_Classes\CLSID\{0b20d056-728c-451b-8b95-6e7d425c2d22}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000071 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,4e,e3,28,9a,b0,40,39,a2,5a,2b,ec,82,f4,15,\ [HKEY_USERS\S-1-5-21-605224659-2803746156-872913487-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):dd,c6,21,8d,13,0c,ab,91,96,04,3f,8c,db,8e,da,b5,91,90,d9,03,b8, f2,32,7f,1b,56,f2,bf,7b,9a,34,e2,46,ef,8b,d0,da,a6,3f,d4,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2010-06-28 19:33:24 ComboFix-quarantined-files.txt 2010-06-28 16:33 Avant-CF: 82 911 559 680 octets libres Après-CF: 82 890 412 032 octets libres - - End Of File - - 97CDB8C318EE955617B9ED01379C1516 Merci d'avance
×
×
  • Créer...