Aller au contenu

bwabwa

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais

bwabwa's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. bwabwa
    Bonsoir, J'ai été infecté, j'ai appliqué combofix, je poste le rapport es ce que quelqu'un peut me l'interpréter s'il vosu plait : ComboFix 10-04-21.01 - Késia 22/04/2010 23:09:26.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.510.335 [GMT -4:00] Lancé depuis: c:\documents and settings\Késia\Bureau\prenyo2.exe AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Késia\xeuizek.exe c:\install\install.exe c:\windows\system32\3.tmp c:\windows\system32\Ijl11.dll c:\windows\system32\svshost.dll c:\windows\system32\wininet.exe c:\windows\system32\winint.exe Une copie infectée de c:\windows\system32\drivers\ipsec.sys a été trouvée et désinfectée Copie restaurée à partir de - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MEMSWEEP2 -------\Service_MEMSWEEP2 ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-23 au 2010-04-23 )))))))))))))))))))))))))))))))))))) . 2010-04-23 02:35 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-04-23 02:35 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-04-23 02:35 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-04-23 02:35 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-04-23 02:35 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-04-23 02:35 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-04-23 02:35 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-04-23 02:35 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-04-23 02:35 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-04-23 02:30 . 2010-04-23 02:31 -------- d-----w- C:\FyK 2010-04-22 03:02 . 2010-04-22 03:09 -------- d-----w- c:\windows\BDOSCAN8 2010-04-21 02:14 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-21 02:14 . 2010-04-21 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-21 02:14 . 2010-04-23 01:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-21 02:14 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 23:53 . 2010-04-20 23:53 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-04-20 23:17 . 2010-04-20 23:17 -------- d-----w- c:\program files\Sophos 2010-04-16 01:42 . 2010-04-23 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-03-30 13:04 . 2010-03-30 13:04 -------- d-----w- c:\program files\VideoLAN 2010-03-30 12:54 . 2010-03-30 12:54 -------- d-----w- c:\program files\JRE 2010-03-30 12:53 . 2010-03-30 12:54 -------- d-----w- c:\program files\OpenOffice.org 3 2010-03-30 12:51 . 2010-04-01 03:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-26 23:37 . 2010-03-27 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-03-26 23:37 . 2010-03-26 23:37 -------- d-----w- c:\program files\NOS . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-23 00:52 . 2009-11-11 17:46 -------- d-----w- c:\program files\CCleaner 2010-04-22 02:38 . 2008-03-30 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-22 01:02 . 2008-03-30 16:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-21 11:05 . 2008-03-30 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-04-20 23:02 . 2004-08-03 23:14 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys 2010-04-16 01:46 . 2008-03-30 16:11 -------- d-----w- c:\program files\Alwil Software 2010-04-07 23:29 . 2008-08-29 09:19 -------- d-----w- c:\program files\KiddyWeb 2010-04-01 03:36 . 2008-04-17 20:18 -------- d-----w- c:\program files\Fichiers communs\Java 2010-04-01 03:35 . 2008-04-17 20:19 -------- d-----w- c:\program files\Java 2010-03-10 12:53 . 2001-08-24 14:00 48964 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-10 12:53 . 2001-08-24 14:00 367990 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-07 13:41 . 2008-12-04 08:02 -------- d-----w- c:\program files\Windows Live 2010-03-07 13:39 . 2010-03-07 13:39 -------- d-----w- c:\program files\Microsoft 2010-03-07 13:38 . 2010-03-07 13:38 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-03-05 11:21 . 2010-03-05 11:21 -------- d-----w- c:\program files\Google 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2008-06-27 18:43 . 2008-06-27 18:43 87 -c--a-w- c:\program files\setup.log . ------- Sigcheck ------- [-] 2004-08-18 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys [-] 2004-08-22 . 998F3F568F6074A35AB08CD3395A9DC2 . 1036288 . . [6.00.2900.2180] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-04-14 2790472] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk backup=c:\windows\pss\DSLMON.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WG111v2 Smart Wizard.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WG111v2 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Késia^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.2.lnk] path=c:\documents and settings\Késia\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-04-10 13:51 136176 ----atw- c:\documents and settings\Késia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2004-02-10 09:55 155648 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 20:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiddyWeb] 2006-03-14 20:14 3440640 ----a-w- c:\program files\KiddyWeb\KiddyWeb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-02-22 02:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Késia\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22/04/2010 22:35 162768] R1 xswpfse;xswpfse;c:\windows\system32\drivers\xswpfse.sys [29/08/2008 05:19 15187] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/04/2010 22:35 19024] S0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [30/04/2004 03:33 5248] S0 okwp;okwp;c:\windows\system32\drivers\evij.sys --> c:\windows\system32\drivers\evij.sys [?] S1 ziaaedfcgjo1;ziaaedfcgjo1;c:\windows\system32\drivers\ziaaedfcgjo1.sys --> c:\windows\system32\drivers\ziaaedfcgjo1.sys [?] S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\drivers\adiusbae.sys [27/06/2008 14:48 117289] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [06/01/2010 22:01 194304] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [30/04/2004 03:37 160640] . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms} IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\Késia\Application Data\Mozilla\Firefox\Profiles\6nraoglk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q= FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nplucent.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-eyeBeam SIP Client - c:\program files\CounterPath\X-Lite\x-lite.exe MSConfigStartUp-TkBellExe - c:\program files\Fichiers communs\Real\Update_OB\realsched.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-22 23:17 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\RtlGina2.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2010-04-22 23:21:15 - La machine a redémarré ComboFix-quarantined-files.txt 2010-04-23 03:21 Avant-CF: 2 725 015 552 octets libres Après-CF: 2 661 175 296 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - 345E5E6788F056C25878ACEEA874A49B
×
×
  • Créer...