Aller au contenu

kripon

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par kripon

  1. kripon
    Bonjour, Je vous fais suivre mon rapport Combofix à la suite d'une infection par security suite hier. J'ai bien procédé au préalable à la désinfection, d'abord par Malwarebytes puis Combofix. Mais reste t'il encore des virus ? En vous remerciant pour votre aide. ComboFix 10-08-17.04 - CHRIS 19/08/2010 9:15.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium [GMT 2:00] Lancé depuis: c:\users\CHRIS\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\CHRIS\AppData\Local\btqwmocqf c:\users\CHRIS\AppData\Local\btqwmocqf\lphbnsishdw.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-19 au 2010-08-19 )))))))))))))))))))))))))))))))))))) . 2010-08-11 12:04 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-11 12:04 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-11 12:02 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-08-11 12:02 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll 2010-08-11 12:01 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-08-11 12:01 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-08-11 12:00 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-11 12:00 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-11 12:00 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-11 12:00 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-07 19:23 . 2010-08-09 19:41 2605008 ----a-w- c:\users\CHRIS\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-08-07 18:59 . 2010-08-07 18:59 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe 2010-08-07 18:59 . 2010-08-07 18:59 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-08-07 18:58 . 2010-08-07 18:58 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe 2010-07-26 19:37 . 2010-07-26 19:37 -------- d-----w- c:\users\CHRIS\AppData\Roaming\HPAppData 2010-07-22 03:58 . 2010-07-22 03:58 -------- d-----w- c:\program files\iPod 2010-07-22 03:48 . 2010-07-22 03:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-19 06:28 . 2006-12-18 19:39 12 ----a-w- c:\windows\bthservsdp.dat 2010-08-19 06:22 . 2009-04-11 10:17 52775 ----a-w- c:\users\CHRIS\AppData\Roaming\nvModes.dat 2010-08-19 06:21 . 2009-08-01 18:10 7484 ----a-w- c:\users\CHRIS\AppData\Local\d3d9caps.dat 2010-08-18 21:45 . 2009-04-17 10:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-08-12 05:48 . 2009-04-11 10:20 -------- d-----w- c:\program files\CCleaner 2010-08-12 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-07 18:59 . 2010-05-04 16:39 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-08-07 18:59 . 2010-05-04 16:30 -------- d-----w- c:\programdata\DivX 2010-08-07 18:59 . 2009-03-16 05:24 -------- d-----w- c:\program files\DivX 2010-08-07 18:57 . 2010-05-03 19:08 -------- d-----w- c:\users\CHRIS\AppData\Roaming\vlc 2010-08-07 18:53 . 2010-05-04 16:33 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-08-07 18:53 . 2010-05-04 16:33 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-07-22 03:59 . 2010-06-28 03:39 -------- d-----w- c:\program files\iTunes 2010-07-22 03:58 . 2009-07-22 07:36 -------- d-----w- c:\program files\Common Files\Apple 2010-06-29 04:24 . 2010-06-29 04:24 -------- d-----w- c:\programdata\McAfee 2010-06-28 03:38 . 2010-06-28 03:38 -------- d-----w- c:\program files\QuickTime 2010-06-28 03:38 . 2009-07-22 07:40 -------- d-----w- c:\programdata\Apple Computer 2010-06-28 03:36 . 2010-06-28 03:36 -------- d-----w- c:\program files\Apple Software Update 2010-06-26 06:05 . 2010-08-11 12:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-11 12:03 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-11 12:03 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-11 12:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-26 01:07 . 2006-11-02 15:48 679042 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-26 01:07 . 2006-11-02 15:48 126626 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-26 01:03 . 2009-04-11 10:59 -------- d-----w- c:\program files\Microsoft.NET 2010-06-22 19:39 . 2010-06-22 19:39 -------- d-----w- c:\program files\Bonjour 2010-06-07 19:40 . 2010-06-07 19:40 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-06-07 19:40 . 2010-06-07 19:40 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-06-07 19:40 . 2010-06-07 19:40 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe 2010-06-07 19:40 . 2010-06-07 19:40 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe 2010-06-07 19:40 . 2010-06-07 19:40 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe 2010-05-26 17:06 . 2010-06-09 19:02 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-09 19:02 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-26 13:24 . 2010-05-04 17:00 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe 2010-05-21 12:14 . 2009-10-03 01:03 221568 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):00,71,3f,cc,39,7b,ca,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-12 108289] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2009-05-23 c:\windows\Tasks\HPCeeScheduleFormarct.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-12-18 15:08] 2010-08-18 c:\windows\Tasks\User_Feed_Synchronization-{5ED80C89-107B-4706-BD8A-BEC320EEB7EF}.job - c:\windows\system32\msfeedssync.exe [2010-08-11 04:24] 2010-08-19 c:\windows\Tasks\User_Feed_Synchronization-{6DBDB29A-3A6C-4F0B-8CD3-9834549F8E47}.job - c:\windows\system32\msfeedssync.exe [2010-08-11 04:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html FF - ProfilePath - c:\users\CHRIS\AppData\Roaming\Mozilla\Firefox\Profiles\jtmutqke.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-hpqSRMon - (no file) MSConfigStartUp-nkrbijhg - c:\users\CHRIS\AppData\Local\btqwmocqf\lphbnsishdw.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-19 09:24 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-08-19 09:27:49 ComboFix-quarantined-files.txt 2010-08-19 07:27 Avant-CF: 32 600 956 928 octets libres Après-CF: 32 322 465 792 octets libres - - End Of File - - 126BB6E0AF58E421F98E1DA33340A6CB
×
×
  • Créer...