Aller au contenu

Benhhur

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Français English

Benhhur's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Benhhur
    Bonjour à tous, Mon Pc portable (Vista familial, Firefox) a été infecté par Koobface, un virus qui sevit sur faceBook. En cherchant un peu j ai DL ComboFix et je viens maintenant solliciter votre expertise sur le rapport Log que l'analyse a généré... En espérant que vous pourrez m'aider.. Voila le log (un peu long désolé..): ComboFix 10-02-12.01 - Ben 15/02/2010 14:04:30.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1298 [GMT 0:00] Lancé depuis: c:\users\Ben\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1229 [VPS 081210-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! antivirus 4.8.1229 [VPS 081210-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1156096930-2836191889-3919688664-500 c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-3231033161-2971845996-1313068391-1001 c:\$recycle.bin\S-1-5-21-3231033161-2971845996-1313068391-1002 c:\$recycle.bin\S-1-5-21-3231033161-2971845996-1313068391-500 c:\windows\010112010146114101.xxe c:\windows\01011201014650115.xxe c:\windows\0101120101465448.xxe c:\windows\fdgg34353edfgdfdf c:\windows\system32\stacsv.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-15 au 2010-02-15 )))))))))))))))))))))))))))))))))))) . 2010-02-15 14:17 . 2010-02-15 14:17 -------- d-----w- c:\users\Ben\AppData\Local\temp 2010-02-15 14:17 . 2010-02-15 14:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-14 15:37 . 2010-02-14 15:37 24576 ---ha-w- C:\SZKGFS.dat 2010-02-14 15:36 . 2010-02-14 15:36 -------- d-----w- c:\programdata\SITEguard 2010-02-14 15:33 . 2010-02-14 15:33 -------- d-----w- c:\program files\Common Files\iS3 2010-02-14 15:33 . 2010-02-14 18:53 -------- d-----w- c:\programdata\STOPzilla! 2010-02-14 13:46 . 2010-02-14 13:46 32768 ----a-w- c:\windows\system32\drivers\oko6.sys 2010-02-14 13:46 . 2010-02-14 13:46 102400 ----a-w- c:\windows\system32\oko6.dll 2010-02-14 13:45 . 2010-02-14 13:45 1 ----a-w- c:\windows\conf21113.dat 2010-02-12 14:25 . 2010-02-12 14:25 -------- d-----w- c:\program files\iPod 2010-02-12 14:25 . 2010-02-12 14:26 -------- d-----w- c:\program files\iTunes 2010-02-12 14:19 . 2010-02-12 14:19 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-03 19:22 . 2010-02-03 19:22 -------- d-----w- c:\program files\Logitech Touch Mouse Server 2010-01-17 21:08 . 2010-02-15 13:50 -------- d-----w- c:\users\Ben\AppData\Roaming\vlc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-14 16:41 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-14 16:41 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-14 16:35 . 2010-02-14 16:35 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2010-02-14 16:07 . 2007-05-19 19:38 836 ----a-w- c:\windows\bthservsdp.dat 2010-02-13 21:12 . 2009-10-22 18:52 -------- d-----w- c:\users\Ben\AppData\Roaming\Skype 2010-02-13 20:21 . 2009-10-22 18:58 -------- d-----w- c:\users\Ben\AppData\Roaming\skypePM 2010-02-12 15:43 . 2008-03-30 20:51 -------- d-----w- c:\users\Ben\AppData\Roaming\uTorrent 2010-02-12 14:25 . 2008-11-10 21:34 -------- d-----w- c:\program files\Common Files\Apple 2010-02-11 03:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-03 12:37 . 2007-05-27 12:33 49009 ----a-w- c:\users\Ben\AppData\Roaming\nvModes.dat 2010-02-02 01:37 . 2009-10-20 22:38 -------- d-----w- c:\users\Ben\AppData\Roaming\dvdcss 2010-01-29 12:16 . 2009-09-23 12:04 -------- d-----w- c:\program files\QuickTime 2010-01-16 13:50 . 2010-01-16 13:50 -------- d-----w- c:\program files\Veetle 2010-01-14 11:12 . 2009-10-03 10:59 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-04 18:51 . 2010-01-04 18:51 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-28 12:35 . 2010-02-10 13:11 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-28 12:35 . 2010-02-10 13:11 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-28 12:32 . 2010-02-10 13:11 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-28 12:32 . 2010-02-10 13:11 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-28 12:32 . 2010-02-10 13:11 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-28 12:32 . 2010-02-10 13:11 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-28 12:31 . 2010-02-10 13:11 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-28 12:31 . 2010-02-10 13:11 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-28 12:28 . 2010-02-10 13:11 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-28 12:28 . 2010-02-10 13:11 65024 ----a-w- c:\windows\system32\avicap32.dll 2009-12-18 13:05 . 2010-01-21 23:20 833024 ----a-w- c:\windows\system32\wininet.dll 2009-12-18 13:01 . 2010-01-21 23:20 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-12-18 10:14 . 2010-01-21 23:20 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-11 12:07 . 2010-02-10 13:11 301568 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 12:07 . 2010-02-10 13:11 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-11 10:37 . 2007-05-27 12:29 76944 ----a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-08 20:52 . 2010-02-10 13:11 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:52 . 2010-02-10 13:11 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:52 . 2010-02-10 13:11 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-04 16:12 . 2010-02-10 13:11 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-12-04 16:12 . 2010-02-10 13:11 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-04 10:03 . 2009-12-04 10:03 251376 ----a-w- c:\users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll 2009-11-24 23:54 . 2008-09-11 00:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:49 . 2008-09-11 00:31 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2008-09-11 00:31 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2008-09-11 00:31 97480 ----a-w- c:\windows\system32\AvastSS.scr 2007-05-20 03:30 . 2007-05-20 03:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392] "Google Update"="c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-11 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Pinnacle Streaming Server.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Pinnacle Streaming Server.lnk backup=c:\windows\pss\Pinnacle Streaming Server.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=c:\windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2006-11-12 01:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2006-11-17 21:13 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series] 2005-02-08 02:00 98304 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIACE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2007-05-19 20:17 240640 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2006-10-13 10:31 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] 2008-01-24 15:45 644368 ----a-w- c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-05-19 19:52 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-06-20 12:29 185784 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] 2009-05-19 23:26 3561720 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-05-14 22:22 35328 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] 2007-01-24 11:21 563080 ----a-w- c:\windows\WindowsMobile\wmdc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11/09/2008 00:31 114768] R1 oko6;oko6;c:\windows\System32\drivers\oko6.sys [14/02/2010 13:46 32768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11/09/2008 00:31 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11/09/2008 00:30 53328] R2 okosrv;okosrv;c:\windows\sYSteM32\SvchOst.eXE -k okogrp [30/09/2008 00:17 21504] S3 MODRC;DiBcom Infrared Receiver;c:\windows\System32\drivers\modrc.sys [03/01/2009 17:48 13824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr okogrp REG_MULTI_SZ okosrv . Contenu du dossier 'Tâches planifiées' 2010-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231033161-2971845996-1313068391-1000Core.job - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-11 17:33] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231033161-2971845996-1313068391-1000UA.job - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-11 17:33] 2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{E08CB09D-DA0C-45B5-AF7E-F8BE2ACC29EC}.job - c:\windows\system32\msfeedssync.exe [2008-09-30 07:33] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://home.neuf.fr/ uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\rieuroi0.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\users\Ben\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-PMCRemote - (no file) MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-15 14:17 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-02-15 14:22:55 ComboFix-quarantined-files.txt 2010-02-15 14:22 Avant-CF: 27 002 478 592 octets libres Après-CF: 27 826 257 920 octets libres - - End Of File - - 8B879093DF3AA578CCCE621974B0AE95
×
×
  • Créer...