Aller au contenu

mella

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par mella

  1. mella
    coucou les zebuloniens!!! merci pour cette plateforme d aide open j'ai fait l'analyse avec combofix, j n suis pas informaticienne mais j tiens à mon pc (vu ke j fé architecture) sur le site tuto de combo on m a conseillé de poster le rapport ici afin d sasvoir c ke j devré faire merchiiiiiiiiiiiiiiiiiiii voici la copie du log ComboFix 10-03-08.02 - phx 09/03/2010 11:29:48.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1428 [GMT 1:00] Lancé depuis: d:\logiciels\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . Les fichiers ci-dessous ont été désactivés pendant l'exécution: c:\program files\SuperCopier2\SC2Hook.dll (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll c:\windows\AUTOLNCH.REG c:\windows\system32\SYSInfo.ocx c:\windows\system32\Thumbs.db c:\windows\system32\twain_32.dll C:\Log.txt . . . . impossible à supprimer . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-09 au 2010-03-09 )))))))))))))))))))))))))))))))))))) . 2010-03-06 23:23 . 2010-03-06 23:34 -------- d-----w- c:\documents and settings\phx\Application Data\QuickScan 2010-03-06 23:22 . 2010-03-05 17:33 791456 ----a-w- c:\documents and settings\phx\Application Data\Mozilla\Firefox\Profiles\rc67z3sf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-03-06 23:22 . 2010-03-05 17:03 629152 ----a-w- c:\documents and settings\phx\Application Data\Mozilla\Firefox\Profiles\rc67z3sf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll 2010-03-03 12:07 . 2010-03-06 11:42 1 ----a-w- c:\documents and settings\phx\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-03-03 12:06 . 2010-03-03 12:06 -------- d-----w- c:\documents and settings\phx\Application Data\OpenOffice.org 2010-03-03 12:02 . 2010-03-03 12:03 -------- d-----w- c:\program files\OpenOffice.org 3 2010-02-26 20:07 . 2010-02-26 20:07 -------- d-----w- c:\documents and settings\phx\Local Settings\Application Data\Temp 2010-02-23 21:50 . 2010-02-23 21:50 -------- d-----w- c:\documents and settings\phx\Local Settings\Application Data\Microsoft Help 2010-02-23 21:45 . 2010-02-27 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-02-23 19:41 . 2010-02-23 23:04 -------- d-----w- c:\documents and settings\phx\Application Data\GetRightToGo . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-09 10:48 . 2001-09-28 13:00 447772 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-09 10:47 . 2001-09-28 13:00 64492 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-09 10:47 . 2008-10-12 11:12 46495264 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-03-09 10:47 . 2008-10-12 11:12 2944544 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-03-09 10:41 . 2008-10-25 23:41 -------- d-----w- c:\program files\SuperCopier2 2010-03-09 10:40 . 2008-10-12 11:12 630968 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-03-09 10:40 . 2008-10-12 11:12 279140 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-03-09 09:52 . 2008-10-12 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-03-07 21:26 . 2008-11-11 22:08 -------- d-----w- c:\documents and settings\phx\Application Data\skypePM 2010-03-07 09:00 . 2009-02-04 14:59 -------- d-----w- c:\program files\Microsoft Silverlight 2010-03-06 08:36 . 2008-07-08 22:31 -------- d-----w- c:\documents and settings\phx\Application Data\Skype 2010-03-05 15:30 . 2008-06-12 21:56 126304 ----a-w- c:\documents and settings\phx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-27 12:34 . 2008-06-13 12:11 -------- d-----w- c:\program files\Microsoft Works 2010-02-21 22:45 . 2008-06-13 13:16 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-02-16 20:25 . 2009-12-22 13:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-16 15:12 . 2009-12-15 23:15 -------- d-----w- c:\program files\JkDefrag 2010-02-06 21:02 . 2008-06-13 12:17 -------- d-----w- c:\program files\Google 2010-01-19 11:50 . 2008-06-24 20:32 -------- d-----w- c:\program files\AutoCAD 2006 2010-01-19 11:46 . 2010-01-19 11:46 -------- d-----w- c:\program files\AnswerWorks 4.0 2010-01-19 11:46 . 2008-06-24 19:58 -------- d-----w- c:\program files\Fichiers communs\Autodesk Shared 2010-01-19 11:44 . 2008-06-24 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2010-01-18 00:09 . 2010-01-18 00:09 226936 ----a-w- c:\windows\system32\AcSignOpt.exe 2010-01-18 00:09 . 2010-01-18 00:09 15480 ----a-w- c:\windows\system32\AcSignExtRes.dll 2010-01-18 00:09 . 2010-01-18 00:09 136312 ----a-w- c:\windows\system32\AcSignIcon.dll 2010-01-18 00:09 . 2010-01-18 00:09 124536 ----a-w- c:\windows\system32\AcSignExt.dll 2009-12-31 16:14 . 2004-08-03 23:14 352640 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-22 05:41 . 2004-08-19 16:09 666112 ----a-w- c:\windows\system32\wininet.dll 2009-12-22 05:41 . 2004-08-19 16:09 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-17 07:59 . 2008-06-12 21:44 347648 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:36 . 2004-08-19 16:09 33280 ----a-w- c:\windows\system32\csrsrv.dll . ------- Sigcheck ------- [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sfcfiles.dll [-] 2007-10-10 . C3AB3F01625B68E6A63BA1761A6BEEDD . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}"= "c:\program files\PHPNukeFR\tbPHP0.dll" [2009-12-08 2166296] [HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}] 2009-12-08 21:54 2166296 ----a-w- c:\program files\PHPNukeFR\tbPHP0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}"= "c:\program files\PHPNukeFR\tbPHP0.dll" [2009-12-08 2166296] [HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{258FE8B8-A13C-4B91-9A0C-C2D3CAB8B990}"= "c:\program files\PHPNukeFR\tbPHP0.dll" [2009-12-08 2166296] [HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] c:\documents and settings\phx\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] AutoCAD Startup Accelerator.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-3-21 10872] Lancement rapide d'Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-10-20 295606] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-05-11 01:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-05-19 21:23 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-06-13 12:25 180269 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe Version Cue CS3"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Autodesk Licensing Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"= "c:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\backburner\\server.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [02/02/2007 11:31 24344] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 22:02 135664] S3 DCamUSBSTK016;STK016 Camera;c:\windows\system32\drivers\STK016W2.sys [03/10/2003 23:08 99476] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mchInjDrv . Contenu du dossier 'Tâches planifiées' 2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:02] 2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://mystart.hiyo.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Ajouter à Kaspersky Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\phx\Application Data\Mozilla\Firefox\Profiles\rc67z3sf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search= FF - component: c:\documents and settings\phx\Application Data\Mozilla\Firefox\Profiles\rc67z3sf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\phx\Application Data\Mozilla\Firefox\Profiles\rc67z3sf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-Adobe_ID0EYTHM - c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE AddRemove-Hitman: Contracts - c:\progra~1\Eidos\HITMAN~1\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-09 11:46 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\phx\LOCALS~1\Temp\mc28.tmp" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1072) c:\windows\system32\Ati2evxx.dll c:\windows\system32\klogon.dll - - - - - - - > 'explorer.exe'(3956) c:\program files\SuperCopier2\SC2Hook.dll c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll c:\program files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll c:\program files\WinRAR\rarext.dll c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ShellEx.dll c:\program files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL c:\windows\system32\browselc.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll c:\program files\AskTBar\bar\1.bin\ASKTBAR.DLL c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\windows\system32\shdoclc.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA c:\windows\system32\DivXMedia.ax c:\program files\Fichiers communs\Ahead\DSFilter\NeFLVSplitter.ax c:\program files\ffdshow\ffdshow.ax c:\program files\Fichiers communs\Ahead\DSFilter\NeVideo.ax c:\program files\Fichiers communs\Ahead\Lib\AdvrCntr2.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\WgaTray.exe c:\windows\RTHDCPL.EXE c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\windows\system32\notepad.exe . ************************************************************************** . Heure de fin: 2010-03-09 11:54:21 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-09 10:54 Avant-CF: 25 460 244 480 octets libres Après-CF: 29 733 654 528 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - 40CB6AE5658A2429DADB440C793E417C
×
×
  • Créer...