Aller au contenu

Junot

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

Junot's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Junot
    Salut, Ok. merci pour votre aide. Je suis patient. Voici la copie du rappot ComboFix : ComboFix 09-10-19.01 - Administrator 20/10/2009 4:22.1.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.874.33.1033.18.1014.673 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\Emma.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\wiaserva.log c:\documents and settings\Administrator\Desktop\Security Tool.lnk c:\documents and settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\Administrator\restorer64_a.exe c:\documents and settings\Administrator\Start Menu\Programs\Security Tool.lnk c:\documents and settings\Administrator\Start Menu\Programs\Startup\ikowin32.exe c:\documents and settings\All Users\Application Data\32711418 c:\documents and settings\All Users\Application Data\32711418\32711418.exe c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe c:\program files\pdfforge Toolbar\SearchSettings.dll c:\program files\WinPCap c:\program files\WinPCap\rpcapd.exe c:\windows\kb913800.exe c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\restorer64_a.exe c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll Infected copy of c:\windows\system32\drivers\AGP440.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\agp440.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_npf ((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-20 02:25 . 2009-02-09 00:31 -------- d-----w- c:\program files\pdfforge Toolbar 2009-10-20 02:19 . 2009-06-03 09:39 -------- d-----w- c:\program files\Zylom Games 2009-10-20 02:00 . 2009-02-03 02:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\EndNote 2009-10-20 00:26 . 2008-06-24 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-12 15:08 . 2009-07-29 23:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype 2009-10-12 13:13 . 2009-07-29 23:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM 2009-10-03 15:22 . 2009-02-08 23:57 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-03 15:19 . 2008-06-24 02:32 -------- d-----w- c:\program files\Windows Live 2009-09-01 13:56 . 2009-01-08 20:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss 2009-08-15 11:22 . 2008-06-24 02:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-15 11:22 . 2008-06-24 02:49 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-15 11:22 . 2008-06-24 02:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-05 20:48 . 2009-02-08 23:57 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-07-29 23:45 . 2009-07-29 23:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-01-30 14:12 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-06 39408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-02-27 455168] "VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779] "PowerMenu"="c:\program files\Visual+\PowerMenu\PowerMenu.exe" [2002-12-20 57344] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-13 144784] "ACU"="c:\program files\Atheros\ACU.exe" [2008-01-25 450648] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-02 137752] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-02 1773568] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "hpfsched"="c:\windows\hpfsched.exe" [2000-04-17 36864] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="D:\iTunesHelper.exe" [2009-07-13 292128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184] icwsetup.exe [2009-10-20 26112] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-15 11:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinampAgent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinampAgent.lnk backup=c:\windows\pss\WinampAgent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "d:\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 iastor76;iastor76;c:\windows\system32\drivers\iastor76.sys [27/02/2008 19:38 305176] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/06/2008 04:49 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/06/2008 04:49 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15/08/2009 13:22 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/07/2008 13:24 297752] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [09/02/2009 01:57 54752] R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [24/06/2008 04:37 732160] R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [02/05/2008 08:42 6912] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [24/06/2008 04:44 288000] S2 gupdate1ca10a65cfb3324;Service Google Update (gupdate1ca10a65cfb3324);c:\program files\Google\Update\GoogleUpdate.exe [30/07/2009 01:43 133104] S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [27/06/2008 13:23 27072] . Contents of the 'Scheduled Tasks' folder 2008-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34] 2009-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 23:43] 2009-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 23:43] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.manager.co.th/QOL/ViewNews.aspx?NewsID=9510000085420 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cpklskd5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.fr FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: d:\mozilla plugins\npitunes.dll . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) HKLM-Run-restorer64_a - c:\windows\system32\restorer64_a.exe HKLM-Run-32711418 - c:\docume~1\ALLUSE~1\APPLIC~1\32711418\32711418.exe HKLM-Run-Internet Connection Wizard Setup Tool - c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-20 04:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2280) c:\program files\Visual+\PowerMenu\PowerMenuHook.dll D:\iTunesMiniPlayer.dll d:\itunesminiplayer.resources\fr.lproj\iTunesMiniPlayerLocalized.dll d:\itunesminiplayer.resources\iTunesMiniPlayer.dll c:\windows\system32\MSVCP60.dll c:\program files\LClock\LC.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\acs.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\FolderSize\FolderSizeSvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\emma\CF22191.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\documents and settings\Administrator\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe c:\documents and settings\Administrator\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe c:\windows\system32\wbem\wmiadap.exe . ************************************************************************** . Completion time: 2009-10-20 4:31 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-20 02:31 Pre-Run: 84 443 840 512 bytes free Post-Run: 85 467 234 304 bytes free - - End Of File - - F51CD7101BADA07306567BB19875ABFC Merci
  2. Junot
    Bonjour. J'ai été attaqué par Security Tool. Et j'ai lu sur ce forum comment supprimer avec ComboFix. C'est réussi, par contre, je voudrais bien que quelqu'un d'entre vous puisse analyser le rapport s'il vous plait. Merci d'avance.
×
×
  • Créer...