Aller au contenu

cebecebe

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par cebecebe

  1. cebecebe
    Bonjour Pear, je m'excuse mais je n'ai pas compris cette procedure. Je ne sais pas si c'est pour moi (cebecebe) sur le poste que j'ai fait le matin. Je voulais avoir de confirmation avant de faire que que ce soit. Merci
  2. cebecebe
    Bonjour, Je viens auprès de vour pour m'aider à eradiquer un PC d'un amis qui est infecté par xp security center et antivirus 2008. j'ia essayer d'installer spyware terminator, mais rien ne se passe. J'ai ensuite j'ai essayer n'analyser avec combofix et après avec hijack. Je voie que combofix trouve les virus et le problème semble éradiquer, mais je voulais que vous m'aidiez à analyser s'il faut faire autres chose pour en finir . Voici les deux rapport Le rapport avec combofix ComboFix 08-08-04.09 - Administrator 2008-08-06 2:46:23.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.317 [GMT -7:00] * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dllcache\beep.sys C:\1rfw8hjr.com C:\Autorun.inf C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1.tmp C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2.tmp C:\Documents and Settings\Administrator\Application Data\rhc7j2j0er6q C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\kanok.vbs C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\ypahavul.lib C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk C:\Documents and Settings\All Users\Start Menu\Programs\XPSecurityCenter C:\Documents and Settings\All Users\Start Menu\Programs\XPSecurityCenter\XPSecurityCenter.lnk C:\Program Files\XPSecurityCenter C:\Program Files\XPSecurityCenter\data\daily.cvd C:\Program Files\XPSecurityCenter\htmlayout.dll C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll C:\Program Files\XPSecurityCenter\pthreadVC2.dll C:\Program Files\XPSecurityCenter\un.ico C:\Program Files\XPSecurityCenter\unzip32.dll C:\Program Files\XPSecurityCenter\wscui.cpl C:\Program Files\XPSecurityCenter\XP_SecurityCenter.cfg C:\Program Files\XPSecurityCenter\XPSecurityCenter.dll C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe C:\WINDOWS\braviax.exe C:\WINDOWS\buritos.exe C:\WINDOWS\cru629.dat C:\WINDOWS\dialerexe.ini C:\WINDOWS\karina.dat C:\WINDOWS\svchost.ini C:\WINDOWS\system32\axrfoiy.dat C:\WINDOWS\system32\axrfoiy_nav.dat C:\WINDOWS\system32\axrfoiy_navps.dat C:\WINDOWS\system32\blphc3j2j0er6q.scr C:\WINDOWS\system32\buritos.exe C:\WINDOWS\system32\ckvo.exe C:\WINDOWS\system32\ckvo0.dll C:\WINDOWS\system32\cru629.dat C:\WINDOWS\system32\DelSelf.bat C:\WINDOWS\system32\drivers\beep.sys C:\WINDOWS\system32\drivers\Paf27.sys C:\WINDOWS\system32\euslrpp.dat C:\WINDOWS\system32\euslrpp_nav.dat C:\WINDOWS\system32\euslrpp_navps.dat C:\WINDOWS\system32\karina.dat C:\WINDOWS\system32\lphc3j2j0er6q.exe C:\WINDOWS\system32\ntos.exe C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\phc3j2j0er6q.bmp c:\WINDOWS\system32\qaamg.dat c:\windows\system32\qaamg.exe c:\WINDOWS\system32\qaamg_nav.dat C:\WINDOWS\system32\qaamg_navps.dat C:\WINDOWS\system32\qfuqheay.dat C:\WINDOWS\system32\qfuqheay_nav.dat C:\WINDOWS\system32\qfuqheay_navps.dat C:\WINDOWS\system32\ssezdmw.dat C:\WINDOWS\system32\ssezdmw_nav.dat C:\WINDOWS\system32\ssezdmw_navps.dat C:\WINDOWS\system32\vgutwnlhm.dat C:\WINDOWS\system32\vgutwnlhm_nav.dat C:\WINDOWS\system32\vgutwnlhm_navps.dat C:\WINDOWS\system32\wsnpoem C:\WINDOWS\system32\wsnpoem\audio.dll C:\WINDOWS\system32\wsnpoem\video.dll C:\WINDOWS\tmlpcert2007 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Legacy_PAF27 -------\Legacy_TCPSR -------\Service_Paf27 -------\Service_tcpsr ((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))) . 2008-08-06 02:48 . 2004-08-04 06:00 4,224 --a------ C:\WINDOWS\system32\dllcache\beep.sys 2008-08-05 19:37 . 2008-08-05 19:36 60,928 --a------ C:\WINDOWS\system32\70.tmp 2008-08-05 19:37 . 2008-08-05 19:37 19,959 --a------ C:\Documents and Settings\All Users\Application Data\enydyvym.pif 2008-08-05 19:37 . 2008-08-05 19:37 18,520 --a------ C:\WINDOWS\system32\zotypuv.vbs 2008-08-05 19:37 . 2008-08-05 19:37 18,367 --a------ C:\WINDOWS\system32\ogik.com 2008-08-05 19:37 . 2008-08-05 19:37 18,360 --a------ C:\WINDOWS\system32\yhor.lib 2008-08-05 19:37 . 2008-08-05 19:37 17,873 --a------ C:\WINDOWS\ocorid.dll 2008-08-05 19:37 . 2008-08-05 19:37 17,718 --a------ C:\Program Files\Common Files\ubiqicorew.exe 2008-08-05 19:37 . 2008-08-05 19:37 15,348 --a------ C:\WINDOWS\itily.bin 2008-08-05 19:37 . 2008-08-05 19:37 13,267 --a------ C:\WINDOWS\jodysynow.db 2008-08-05 19:37 . 2008-08-05 19:37 12,878 --a------ C:\WINDOWS\ohih.vbs 2008-08-05 19:37 . 2008-08-05 19:37 12,864 --a------ C:\Documents and Settings\Administrator\Application Data\obilyn.sys 2008-08-05 19:37 . 2008-08-05 19:37 11,435 --a------ C:\WINDOWS\qiwez.scr 2008-08-05 19:35 . 2008-08-06 02:39 89,494 -r-hs---- C:\svdioajm.cmd 2008-08-03 19:37 . 2008-08-03 19:36 89,885 -r-hs---- C:\xqf.com 2008-07-31 19:44 . 2008-07-31 19:44 89,037 -r-hs---- C:\e.com 2008-07-30 20:03 . 2008-07-30 19:45 60,928 --a------ C:\WINDOWS\system32\23B.tmp 2008-07-30 19:48 . 2008-07-30 23:41 88,890 -r-hs---- C:\kn6jhgc.cmd 2008-07-29 23:47 . 2008-07-29 23:57 <DIR> d-------- C:\Program Files\Lyad Messenger 2008-07-28 02:42 . 2008-08-05 20:22 <DIR> d-------- C:\Program Files\WinClamAVShield 2008-07-27 19:33 . 2008-07-27 19:33 <DIR> d-------- C:\22a14a3451532899cb0e69 2008-07-25 00:25 . 2008-08-05 20:10 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-07-25 00:25 . 2008-07-31 02:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-07-25 00:25 . 2008-08-05 20:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator 2008-07-25 00:25 . 2008-07-25 00:25 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-07-24 22:32 . 2008-08-06 02:39 84,992 -r-hs---- C:\WINDOWS\system32\ckvo1.dll 2008-07-24 22:29 . 2008-07-24 22:30 <DIR> d-------- C:\Program Files\Crawler 2008-07-24 22:29 . 2008-07-24 22:32 87,297 -r-hs---- C:\g2pfnid.com . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-28 09:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-28 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-07-28 09:31 --------- d-----w C:\Program Files\Symantec 2008-07-25 05:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-23 09:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Roxio 2008-07-04 06:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM 2008-06-30 03:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-30 03:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{55c1486a-9ecc-4729-88d4-55dd6aa5bc24}"= "C:\Program Files\Barre_Algerie_Chat\tbBar1.dll" [2007-11-28 08:21 1502232] [HKEY_CLASSES_ROOT\clsid\{55c1486a-9ecc-4729-88d4-55dd6aa5bc24}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{55c1486a-9ecc-4729-88d4-55dd6aa5bc24}"= "C:\Program Files\Barre_Algerie_Chat\tbBar1.dll" [2007-11-28 08:21 1502232] [HKEY_CLASSES_ROOT\clsid\{55c1486a-9ecc-4729-88d4-55dd6aa5bc24}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{55C1486A-9ECC-4729-88D4-55DD6AA5BC24}"= "C:\Program Files\Barre_Algerie_Chat\tbBar1.dll" [2007-11-28 08:21 1502232] [HKEY_CLASSES_ROOT\clsid\{55c1486a-9ecc-4729-88d4-55dd6aa5bc24}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-27 16:19 4670704] "Lyad"="C:\Program Files\Lyad Messenger\lyad_messenger.exe" [2007-02-06 07:07 774144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-09-30 09:41 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-09-30 09:37 126976] "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2006-01-03 23:30 219648] "SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 11:01 525824] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 19:44 65536] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-12-09 19:24 868352] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 13:38 319488] "SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-07-25 00:25 2957824] "MAKTray"="MAKTray.exe" [2005-01-17 16:12 287232 C:\WINDOWS\MAKTray.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36 806912] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"= 1 (0x1) "NoDispScrSavPage"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "1"= Regedit.exe "2"= MSConfig.exe "3"= taskmgr.exe "4"= MMC.exe "5"= gpedit.msc "6"= Cmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Groupement homologue Windows "3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-07-25 00:25] S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:00] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:00] S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:00] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bee0224-b208-11db-b1ed-000ffe3a68a1}] \Shell\AutoRun\command - F:\g83816.com \Shell\explore\Command - F:\g83816.com \Shell\open\Command - F:\g83816.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35b7b874-2173-11db-b0e7-d8cb9e598ee5}] \Shell\Auto\command - bittorrent.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aa8c106-587a-11dd-b4fb-000ffe3a68a1}] \Shell\AutoRun\command - F:\e9ehn1m8.com \Shell\explore\Command - F:\e9ehn1m8.com \Shell\open\Command - F:\e9ehn1m8.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46f9fd58-2f43-11dc-b312-000ffe3a68a1}] \Shell\Auto\command - E:\bittorrent.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4920e84c-84c2-11dc-b3ac-000ffe3a68a1}] \Shell\AutoRun\command - E:\e.com \Shell\explore\Command - E:\e.com \Shell\open\Command - E:\e.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a59161f-a900-11dc-b3e4-000ffe3a68a1}] \Shell\auto\command - E:\SVCH0ST.EXE e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH0ST.EXE e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63458672-1553-11db-b0d3-000ffe3a68a1}] \Shell\AutoRun\command - E:\svdioajm.cmd \Shell\explore\Command - E:\svdioajm.cmd \Shell\open\Command - E:\svdioajm.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6385485a-2e3c-11db-b104-96dab64bdcb6}] \Shell\AutoRun\command - E:\g2pfnid.com \Shell\explore\Command - E:\g2pfnid.com \Shell\open\Command - E:\g2pfnid.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{807d9739-4046-11dc-b32e-000ffe3a68a1}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCIER/system.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c71d8fe-facd-11dc-b47e-000ffe3a68a1}] \Shell\AutoRun\command - E:\RavMon.exe \Shell\explore\Command - E:\RavMon.exe -e \Shell\open\Command - E:\RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa9deec9-5e32-11dc-b364-000ffe3a68a1}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCIER/system.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab8075ea-3c23-11db-b11b-000ffe3a68a1}] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c582d163-d827-11dc-b43a-000ffe3a68a1}] \Shell\Auto\command - wscript "Sex City.jpg.wsf" \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7286cea-b079-11db-b1e8-000ffe3a68a1}] \Shell\Auto\command - wscript "Sex City.jpg.wsf" \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3c7322c-9eb0-11dc-b3d2-000ffe3a68a1}] \Shell\Auto\command - wscript "Sex City.jpg.wsf" \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf" . Contents of the 'Scheduled Tasks' folder 2008-08-06 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 18:32] . - - - - ORPHANS REMOVED - - - - HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe HKLM-Run-lphc3j2j0er6q - C:\WINDOWS\system32\lphc3j2j0er6q.exe HKLM-Run-XP SecurityCenter - C:\Program Files\XPSecurityCenter\xpsecuritycenter.exe HKLM-Run-buritos - buritos.exe Notify-NavLogon - (no file) MSConfigStartUp-System12 - C:\WINDOWS\system32\ne0kS.exe MSConfigStartUp-System64 - C:\WINDOWS\system32\ne0kS.dll.wsf . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 R0 -: HKLM-Main,Start Page = hxxp://www.google.com R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com O8 -: Crawler Search - tbr:iemenu O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-06 02:50:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\MAKHkey.exe C:\Program Files\PDF Complete\pdfsaver.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-08-06 2:52:27 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-06 09:52:22 Pre-Run: 63,192,334,336 bytes free Post-Run: 63,682,383,872 bytes free 312 --- E O F --- 2008-07-28 10:00:18 Le rapport avec hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:56:56 AM, on 8/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: Com Algerie Toolbar - {55c1486a-9ecc-4729-88d4-55dd6aa5bc24} - C:\Program Files\Barre_Algerie_Chat\tbBar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Com Algerie Toolbar - {55c1486a-9ecc-4729-88d4-55dd6aa5bc24} - C:\Program Files\Barre_Algerie_Chat\tbBar1.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [MAKTray] MAKTray.exe O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator/My%20Documents/Jul%2004%202006%20(D)/photos/ipc-military-congo.jpg O24 - Desktop Component 1: (no name) - http://fr.f279.mail.yahoo.com/y5/s/viewpho...Wo&partid=2 -- End of file - 5076 bytes si quelqu'un peut m'aider je le remercie d'avance.
×
×
  • Créer...