Aller au contenu

blaouftcloud

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par blaouftcloud

  1. blaouftcloud
    D'accord, merci à vous!
  2. blaouftcloud
    Bonsoir, Je ne sais pas si mon sujet à ça place ici mais bon.. Voila, cela fait plusieurs jours que je lis et relis le dossier consacré à la formation à l'analyse de rapports Hijackthis. Du coup, j'aurais bien voulu jeter un oeil sur les entrainement proposé à la fin. Je clique donc sur les liens et à chaque fois, ça me dirige sur le forum de PC Astuce. Alors je voulais savoir si c'était bien ça et comment faire pour trouver les logs d'entrainement. Et après, il est possible d'avoir les "corrigé"?? Merci d'avance.
  3. blaouftcloud
    J'aurais besoin d'aide pour l'analyse du rapport de combofix, le voici: Merci d'avance ComboFix 09-01-21.04 - Simon 2009-01-24 21:54:46.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.676 [GMT 1:00] Lancé depuis: c:\documents and settings\Simon\Bureau\ComboFix.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\components\crfmxbnlsrancx.dll c:\windows\msetup c:\windows\msetup\MSetup.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-24 au 2009-01-24 )))))))))))))))))))))))))))))))))))) . 2009-01-24 19:27 . 2008-04-13 19:33 21,504 --a------ c:\windows\system32\hidserv.dll 2009-01-24 19:27 . 2008-04-13 19:33 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll 2009-01-24 19:27 . 2008-04-13 19:05 14,720 --a------ c:\windows\system32\drivers\kbdhid.sys 2009-01-24 19:27 . 2008-04-13 19:05 14,720 --a--c--- c:\windows\system32\dllcache\kbdhid.sys 2009-01-24 16:09 . 2009-01-24 16:09 <REP> d-------- c:\program files\Avira 2009-01-24 16:09 . 2009-01-24 16:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-24 15:58 . 2009-01-24 15:58 <REP> d-------- c:\documents and settings\Simon\Application Data\OpenOffice.org 2009-01-24 15:53 . 2009-01-24 15:53 <REP> d-------- c:\program files\OpenOffice.org 3 2009-01-24 15:53 . 2009-01-24 15:53 <REP> d-------- c:\program files\JRE 2009-01-24 15:52 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-24 09:53 . 2009-01-24 09:53 <REP> d-------- c:\program files\Neoact 2009-01-24 09:53 . 2007-02-05 13:11 139,264 --a------ c:\windows\NeoUninstall.exe 2009-01-24 09:53 . 2009-01-24 09:53 26 --a------ c:\windows\neosetup.INI 2009-01-23 18:51 . 2009-01-23 19:40 <REP> d-------- C:\ToolBar SD 2009-01-23 05:31 . 2009-01-23 05:31 <REP> d-------- c:\program files\Trend Micro 2009-01-22 20:57 . 2009-01-22 20:57 <REP> d-------- c:\program files\Ipod Video Converter 2009-01-22 20:14 . 2009-01-22 20:14 <REP> d-------- c:\program files\Atheros WLAN Client 2009-01-22 20:14 . 2008-12-12 15:37 1,346,016 --a------ c:\windows\system32\drivers\athw.sys 2009-01-22 19:26 . 2009-01-22 19:26 <REP> d-------- c:\program files\Marvell 2009-01-22 18:47 . 2009-01-22 18:47 <REP> dr------- c:\documents and settings\LocalService\Favoris 2009-01-22 06:28 . 2009-01-22 06:28 <REP> d-------- c:\documents and settings\Simon\Application Data\Malwarebytes 2009-01-22 06:27 . 2009-01-22 06:28 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-22 06:27 . 2009-01-22 06:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-22 06:27 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-22 06:27 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-21 18:31 . 2009-01-21 20:06 <REP> d-------- C:\Games 2009-01-18 14:10 . 2009-01-18 14:10 <REP> d-------- c:\program files\Alwil Software 2009-01-18 12:16 . 2009-01-23 23:20 <REP> d-------- c:\documents and settings\Simon\Application Data\dvdcss 2009-01-18 10:07 . 2009-01-18 10:07 268 --ah----- C:\sqmdata07.sqm 2009-01-18 10:07 . 2009-01-18 10:07 244 --ah----- C:\sqmnoopt07.sqm 2009-01-18 00:38 . 2009-01-18 00:38 268 --ah----- C:\sqmdata06.sqm 2009-01-18 00:38 . 2009-01-18 00:38 244 --ah----- C:\sqmnoopt06.sqm 2009-01-16 18:47 . 2009-01-16 18:47 268 --ah----- C:\sqmdata05.sqm 2009-01-16 18:47 . 2009-01-16 18:47 244 --ah----- C:\sqmnoopt05.sqm 2009-01-16 18:44 . 2009-01-19 19:04 <REP> d-------- c:\documents and settings\Simon\Application Data\vlc 2009-01-16 18:42 . 2009-01-16 18:42 <REP> d-------- c:\program files\VideoLAN 2009-01-16 13:28 . 2009-01-16 13:28 268 --ah----- C:\sqmdata04.sqm 2009-01-16 13:28 . 2009-01-16 13:28 244 --ah----- C:\sqmnoopt04.sqm 2009-01-16 11:42 . 2009-01-16 11:42 268 --ah----- C:\sqmdata03.sqm 2009-01-16 11:42 . 2009-01-16 11:42 244 --ah----- C:\sqmnoopt03.sqm 2009-01-16 10:07 . 2009-01-16 10:07 268 --ah----- C:\sqmdata02.sqm 2009-01-16 10:07 . 2009-01-16 10:07 244 --ah----- C:\sqmnoopt02.sqm 2009-01-16 09:00 . 2009-01-16 09:00 268 --ah----- C:\sqmdata01.sqm 2009-01-16 09:00 . 2009-01-16 09:00 244 --ah----- C:\sqmnoopt01.sqm 2009-01-15 20:01 . 2009-01-15 20:01 268 --ah----- C:\sqmdata00.sqm 2009-01-15 20:01 . 2009-01-15 20:01 244 --ah----- C:\sqmnoopt00.sqm 2009-01-01 15:23 . 2009-01-01 15:24 664 --a------ c:\windows\system32\d3d9caps.dat 2008-12-30 19:55 . 2009-01-18 16:33 <REP> d-------- c:\documents and settings\Simon\Application Data\VSO 2008-12-30 19:52 . 2008-12-30 19:52 <REP> d-------- c:\program files\VSO 2008-12-30 18:00 . 2008-12-30 18:00 <REP> d-------- c:\documents and settings\Simon\Application Data\CopyTransControlCenter 2008-12-30 17:40 . 2009-01-18 11:21 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe 2008-12-30 17:40 . 2009-01-21 05:17 69,027 --a------ c:\windows\system32\crfmxbnlsrancx.dll-uninst.exe 2008-12-30 17:40 . 2009-01-18 14:20 47,583 --a------ c:\windows\system32\lndhejyzdk.exe 2008-12-30 09:13 . 2008-06-14 18:33 272,768 --------- c:\windows\system32\drivers\bthport.sys 2008-12-30 09:13 . 2008-06-14 18:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-12-30 09:09 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-12-30 09:09 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-12-30 09:09 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-12-30 09:09 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-12-30 09:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-12-30 01:30 . 2009-01-19 06:17 <REP> d--h----- c:\windows\$hf_mig$ 2008-12-30 01:30 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe 2008-12-29 23:25 . 2008-12-29 23:25 <REP> d-------- c:\documents and settings\Simon\Application Data\cucusoft 2008-12-29 23:24 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.DLL 2008-12-29 23:24 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\MSVCP71.DLL 2008-12-29 23:24 . 2003-02-21 05:42 348,160 --a------ c:\windows\system32\MSVCR71.DLL 2008-12-29 21:09 . 2008-12-29 21:09 <REP> d-------- c:\documents and settings\Simon\Application Data\Apple Computer 2008-12-29 21:09 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-12-29 21:09 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-12-29 21:08 . 2008-12-29 21:09 <REP> d-------- c:\program files\iTunes 2008-12-29 21:08 . 2008-12-29 21:08 <REP> d-------- c:\program files\iPod 2008-12-29 21:08 . 2008-12-29 21:08 <REP> d-------- c:\program files\Bonjour 2008-12-29 21:08 . 2008-12-29 21:09 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-29 21:06 . 2008-12-29 21:08 <REP> d-------- c:\program files\QuickTime 2008-12-29 21:06 . 2008-12-29 21:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-29 21:05 . 2008-12-29 21:05 <REP> d-------- c:\program files\Apple Software Update 2008-12-29 21:05 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys 2008-12-29 21:04 . 2008-12-29 21:08 <REP> d-------- c:\program files\Fichiers communs\Apple 2008-12-29 21:04 . 2008-12-29 21:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-12-29 18:41 . 2008-12-29 18:41 <REP> d-------- c:\program files\Shareaza 2008-12-29 18:41 . 2008-12-29 18:41 <REP> d-------- c:\documents and settings\Simon\Application Data\Shareaza 2008-12-28 23:40 . 2008-12-28 23:44 <REP> d-------- c:\documents and settings\Simon\Application Data\uTorrent 2008-12-28 22:24 . 2008-12-28 22:24 <REP> d-------- c:\windows\Games 2008-12-28 22:19 . 2008-12-28 22:19 <REP> d-------- c:\program files\Fichiers communs\BOONTY Shared 2008-12-28 22:19 . 2008-12-28 22:19 <REP> d-------- c:\program files\Boonty 2008-12-28 22:19 . 2008-12-28 22:19 <REP> d-------- c:\documents and settings\All Users\Application Data\BOONTY 2008-12-28 22:05 . 2008-12-28 22:05 <REP> d-------- c:\documents and settings\Simon\Application Data\Zylom 2008-12-28 22:02 . 2008-12-28 22:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Zylom 2008-12-28 19:36 . 2008-12-28 19:36 <REP> d-------- c:\program files\Google 2008-12-28 18:26 . 2008-12-28 18:26 <REP> d-------- c:\program files\Jasc Software Inc 2008-12-28 18:26 . 2008-12-28 18:26 <REP> d-------- c:\documents and settings\Simon\Application Data\Jasc Software Inc 2008-12-28 17:42 . 2009-01-24 16:02 <REP> d-------- c:\documents and settings\Simon\Application Data\U3 2008-12-28 17:42 . 2008-04-13 18:57 58,752 --a------ c:\windows\system32\drivers\redbook.sys 2008-12-28 17:42 . 2008-04-13 18:57 58,752 --a--c--- c:\windows\system32\dllcache\redbook.sys 2008-12-28 17:38 . 2008-12-28 17:38 <REP> d-------- c:\documents and settings\Simon\Contacts 2008-12-28 17:36 . 2008-12-28 17:36 <REP> d-------- c:\program files\MSN Messenger 2008-12-28 13:18 . 2008-12-28 13:18 <REP> d-------- c:\windows\Sun 2008-12-28 10:10 . 2008-12-28 10:10 0 --a------ c:\windows\nsreg.dat 2008-12-27 22:45 . 2008-12-27 22:45 <REP> d---s---- c:\documents and settings\Simon\UserData . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 14:52 --------- d-----w c:\program files\Java 2009-01-22 19:14 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-22 18:22 --------- d-----w c:\program files\Samsung 2009-01-18 13:19 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-30 02:58 --------- d-----w c:\program files\WIDCOMM 2008-11-30 02:57 0 ----a-w c:\windows\system32\drivers\144D_SAMSUNG_N_NC10_02CA.mrk 2009-01-05 19:41 652,800 ----a-w c:\program files\mozilla firefox\components\nsmilehighads.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-20 659456] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944] "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2007-10-31 2768896] "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2008-10-27 298664] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RTHDCPL"="RTHDCPL.EXE" [2008-08-26 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Simon\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-01-14 30208] R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2008-10-06 238464] R4 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2008-10-06 4300] R4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?] S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-10-30 19840] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9bf3ff9-e91d-11dd-bfb5-001377ae396e}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe . Contenu du dossier 'Tâches planifiées' 2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{edd326fb-0ef4-21b2-b90f-4e761c386e7f} - c:\windows\system32\nsfB.dll . ------- Examen supplémentaire ------- . mWindow Title = uInternet Settings,ProxyOverride = *.local IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\rkbdgmdg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: browser.startup.homepage - www.google.fr FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q= FF - component: c:\program files\Mozilla Firefox\components\nsmilehighads.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll ---- PARAMETRES FIREFOX ---- FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q= FF - user.js: keyword.enabled - true FF - user.js: browser.search.defaultenginename - Yoog Search FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q= . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 21:58:08 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\rundll32.exe c:\windows\system32\igfxsrvc.exe c:\program files\Samsung\MagicKBD\MagicKBD.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2009-01-24 22:00:33 - La machine a redémarré [simon] ComboFix-quarantined-files.txt 2009-01-24 21:00:29 Avant-CF: 55,865,802,752 octets libres Après-CF: 56,133,787,648 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 244 --- E O F --- 2009-01-21 20:02:34
×
×
  • Créer...