bonjour voici un sca fait par cwshredder, si qq un pouvait me dire ce que cela lui inspire, se serais cool
CWShredder v2.0. scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
System Information:
Windows XP (5.01.2600 )
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\System32
AppData folder: C:\Documents and Settings\user\Application Data
Username: user
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
Infected data: file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page
Infected data: file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
Infected data: file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page
Infected data: file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
Infected data: file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Infected data: file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
Found Hosts file: C:\WINDOWS\System32\drivers\etc\hosts (790 bytes, R)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] Userinit.exe,TGBRFV_
CWS.Googlems.2 Domain in Trusted Zone: xxxtoolbar.com
Found Win.ini file: C:\WINDOWS\win.ini (728 bytes, RA)
Found System.ini file: C:\WINDOWS\system.ini (231 bytes, RA)
et vopila le scan de spysubtract
**** Run Keys ****
RUN: [SoundMan] SOUNDMAN.EXE
RUN: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
RUN: [WinampAgent] C:\Program Files\Winamp\winampa.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
RUN: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
RUN: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
RUN: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
**** Browser Helper Objects ****
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar1.dll
**** IE Toolbars ****
TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx
TOOLBAR: [&Google] c:\program files\google\googletoolbar1.dll
TOOLBAR: [ISTbar] C:\PROGRA~1\ISTbar\istbar.dll
**** IE Extensions ****
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
**** IE Settings ****
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: C:\WINDOWS\System32\blank.htm
Search Bar: file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
Search Page: file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
**** IE Context Menu (Right click) ****
IEContext: [&Google Search] res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
IEContext: [Backward &Links] res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
IEContext: [Cac&hed Snapshot of Page] res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
IEContext: [E&xporter vers Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
IEContext: [Si&milar Pages] res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E92FCD71-48ED-45DE-B212-CD1942E30672}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E92FCD71-48ED-45DE-B212-CD1942E30672}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A78FA27C-6952-4820-A507-C76AE7D43132}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A78FA27C-6952-4820-A507-C76AE7D43132}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{46B36EBF-6EC1-4312-AD9A-3F6A679CA2D5}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{46B36EBF-6EC1-4312-AD9A-3F6A679CA2D5}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D367A81-9C1C-41F0-8258-561135CC7D15}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D367A81-9C1C-41F0-8258-561135CC7D15}] DATAGRAM 2
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [http://www.apple.com/qtactivex/qtplugin.cab]
{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} [http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab] C:\WINDOWS\Downloaded Program Files\WinTaskAdX.dll
{386A771C-E96A-421F-8BA7-32F1B706892F} [http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
SEARCH: [SearchAssistant] file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
voila si qqun y voit quel que chose de space, il peut m aider, j en serai heureux,lolll
merci d avance
kevin
