Aller au contenu

lecrevard

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais

lecrevard's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. lecrevard
    bonjour a tous j'ai ete victime de antispider : bureau rouge,message d'attaque et de ralentissement du systeme, fenetre d'IE qui me ramene sur Antispider j'ai telecharge combofix et poster le log final que dois faire maintenant ? ComboFix 08-07-05.1 - didier 2008-07-07 20:16:40.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.92 [GMT 2:00] Endroit: C:\Documents and Settings\didier\Bureau\killvirus.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\sn.txt C:\WINDOWS\system32\sockins32.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))))))) . 2008-07-07 19:58 . 2008-07-07 19:58 <REP> d-------- C:\Documents and Settings\didier\Application Data\Malwarebytes 2008-07-07 19:58 . 2008-07-07 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-07 19:58 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-07 19:58 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-07 19:57 . 2008-07-07 19:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-07 19:52 . 2008-07-07 19:53 1,192 --a------ C:\WINDOWS\mozver.dat 2008-06-11 14:42 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 14:42 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-07 18:19 --------- d-----w C:\Program Files\eMule 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-26 13:55 126 ----a-w C:\Documents and Settings\didier\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952] "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:25 57344] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 16:49 15691264 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "VIDC.MJPG"= mtkjpeg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2005-08-12 15:43 45056 c:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp] --a------ 2005-10-20 07:15 102400 C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker] --a------ 2003-07-02 11:13 40960 C:\APPS\EmailChecker\ech.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series] --------- 2006-07-13 07:25 57344 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2006-02-23 13:08 147456 c:\APPS\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys] --a------ 2005-11-17 10:51 975360 C:\APPS\SMP\SMPSYS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-06-03 04:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] *Newly Created Service* - APPMGMT *Newly Created Service* - CATCHME . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKLM-Run-ISUSPM Startup - C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe MSConfigStartUp-ISUSScheduler - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-07 20:19:08 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** "ImagePath"="\"c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00¨ [%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00,\03pè\13\00pè\13\00\18î" . Temps d'accomplissement: 2008-07-07 20:22:12 ComboFix-quarantined-files.txt 2008-07-07 18:22:09 Pre-Run: 7,426,400,256 octets libres Post-Run: 10,467,635,200 octets libres 116 --- E O F --- 2008-06-21 13:02:02
  2. lecrevard
    bonjour a tous j'ai ete victime de antispider : bureau rouge,message d'attaque et de ralentissement du systeme, fenetre d'IE qui me ramene sur Antispider j'ai telecharge combofix et poster le log final que dois faire maintenant ? ComboFix 08-07-05.1 - didier 2008-07-07 20:16:40.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.92 [GMT 2:00] Endroit: C:\Documents and Settings\didier\Bureau\killvirus.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\sn.txt C:\WINDOWS\system32\sockins32.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))))))) . 2008-07-07 19:58 . 2008-07-07 19:58 <REP> d-------- C:\Documents and Settings\didier\Application Data\Malwarebytes 2008-07-07 19:58 . 2008-07-07 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-07 19:58 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-07 19:58 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-07 19:57 . 2008-07-07 19:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-07 19:52 . 2008-07-07 19:53 1,192 --a------ C:\WINDOWS\mozver.dat 2008-06-11 14:42 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 14:42 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-07 18:19 --------- d-----w C:\Program Files\eMule 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-26 13:55 126 ----a-w C:\Documents and Settings\didier\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952] "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:25 57344] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 16:49 15691264 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "VIDC.MJPG"= mtkjpeg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2005-08-12 15:43 45056 c:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp] --a------ 2005-10-20 07:15 102400 C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker] --a------ 2003-07-02 11:13 40960 C:\APPS\EmailChecker\ech.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series] --------- 2006-07-13 07:25 57344 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2006-02-23 13:08 147456 c:\APPS\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys] --a------ 2005-11-17 10:51 975360 C:\APPS\SMP\SMPSYS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-06-03 04:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] *Newly Created Service* - APPMGMT *Newly Created Service* - CATCHME . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKLM-Run-ISUSPM Startup - C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe MSConfigStartUp-ISUSScheduler - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-07 20:19:08 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** "ImagePath"="\"c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00¨ [%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00,\03pè\13\00pè\13\00\18î" . Temps d'accomplissement: 2008-07-07 20:22:12 ComboFix-quarantined-files.txt 2008-07-07 18:22:09 Pre-Run: 7,426,400,256 octets libres Post-Run: 10,467,635,200 octets libres 116 --- E O F --- 2008-06-21 13:02:02
×
×
  • Créer...