Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Trojan win32 Fasec

LaGroO

Par LaGroO
dans Analyses et éradication malwares

 Partager

Messages recommandés

LaGroO Junior Member

LaGroO

Posté(e)
Posté(e)

Bonjour,

 

j'ai actuellement le même problème que dans ce topic, avec les mêmes symptômes.

D'après Avast, le trojan est situé dans un fichier "senekapcidthxi.dll" du dossier System32.

Pouvez-vous m'aider à résoudre ce problème ?

 

Merci d'avance.

 

 

Voici mon rapport HiJackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:50:10, on 09/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Users\Phil\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://hotline.eclair.ec-lyon.fr/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

O4 - Startup: QuickSet.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio.exe (file missing)

 

--

End of file - 9092 bytes

LaGroO Junior Member

LaGroO

Posté(e)
  • Auteur
Posté(e)

Voilà ce que m'a donnée Combofix :

 

 

 

ComboFix 09-03-12.01 - Phil 2009-03-13 13:29:32.1 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2045.1102 [GMT 1:00]

Lancé depuis: c:\users\Phil\Desktop\Bibitte.exe

AV: avast! antivirus 4.8.1229 [VPS 090103-1] *On-access scanning enabled* (Updated)

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\senekauxcivpkj.sys

c:\windows\system32\senekapcidthxi.dll

c:\windows\system32\senekapstbddxr.dat

c:\windows\system32\senekapttirvnn.dll

c:\windows\system32\senekauvecncdc.dll

c:\windows\system32\senekavxbucsmr.dat

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_SENEKA

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-13 au 2009-03-13 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-13 13:37 . 2009-03-13 13:37 0 --a------ c:\windows\System32\senekapop.dll

2009-03-13 13:37 . 2009-03-13 13:37 0 --a------ c:\windows\System32\drivers\seneka.sys

2009-03-13 13:33 . 2009-03-13 13:35 1,436 --a------ c:\windows\System32\senekasmruqhbw.dat

2009-03-11 19:03 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL

2009-03-11 19:03 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-11 19:03 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-11 19:03 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll

2009-03-11 19:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-03-11 19:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-03-10 08:50 . 2009-03-10 08:50 <REP> d-------- c:\users\Phil\AppData\Roaming\Borland

2009-03-10 08:40 . 2009-03-10 08:41 <REP> d-------- c:\program files\Common Files\CodeGear Shared

2009-03-10 08:40 . 2009-03-10 08:40 <REP> d-------- c:\program files\Common Files\Borland Shared

2009-03-10 08:40 . 2009-03-10 08:40 <REP> d-------- c:\program files\CodeGear

2009-03-10 08:32 . 2009-03-10 08:51 <REP> d-------- c:\users\All Users\CodeGear

2009-03-10 08:32 . 2009-03-10 08:51 <REP> d-------- c:\programdata\CodeGear

2009-03-10 08:31 . 2009-03-10 09:08 <REP> d-------- c:\users\All Users\{AB3EC276-D261-4943-A921-1CC1C6799AED}

2009-03-10 08:31 . 2009-03-10 09:08 <REP> d-------- c:\programdata\{AB3EC276-D261-4943-A921-1CC1C6799AED}

2009-03-07 18:46 . 2009-03-07 18:46 <REP> d-------- c:\users\Phil\AppData\Roaming\Auslogics

2009-03-07 18:46 . 2009-03-07 18:46 <REP> d-------- c:\program files\Auslogics

2009-03-05 15:06 . 2009-03-05 15:06 0 --a------ c:\windows\System32\drivers\senekariajaquq.sys

2009-02-27 21:11 . 2009-02-27 21:11 <REP> d----c--- c:\windows\System32\DRVSTORE

2009-02-27 21:11 . 2009-02-27 21:11 <REP> d-------- c:\users\Phil\AppData\Roaming\Apple Computer

2009-02-27 21:11 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-02-27 21:11 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\program files\iTunes

2009-02-27 21:10 . 2009-02-27 21:10 <REP> d-------- c:\program files\iPod

2009-02-27 21:10 . 2009-02-27 21:10 <REP> d-------- c:\program files\Bonjour

2009-02-27 21:07 . 2009-02-27 21:07 <REP> d-------- c:\program files\Apple Software Update

2009-02-27 21:06 . 2009-02-27 21:10 <REP> d-------- c:\program files\Common Files\Apple

2009-02-24 17:31 . 2009-02-24 17:31 <REP> d-------- c:\users\Phil\Bluetooth Software

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-13 12:40 227,388 ----a-w c:\users\All Users\nvModes.dat

2009-03-13 12:40 227,388 ----a-w c:\programdata\nvModes.dat

2009-03-12 08:46 --------- d-----w c:\program files\Windows Mail

2009-03-12 08:44 --------- d-----w c:\programdata\Microsoft Help

2009-03-11 22:40 --------- d-----w c:\program files\DC++

2009-03-01 21:04 --------- d-----w c:\program files\Mp3TagToolsv12

2009-02-27 20:10 --------- d-----w c:\programdata\Apple Computer

2009-02-27 20:09 --------- d-----w c:\program files\QuickTime Alternative

2009-02-07 16:20 --------- d-----w c:\program files\EA Games

2009-02-07 16:17 --------- d-----w c:\program files\AGEIA Technologies

2009-02-07 16:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2009-01-23 16:00 --------- d-----w c:\users\Phil\AppData\Roaming\fretsonfire

2009-01-23 16:00 --------- d-----w c:\program files\Frets on Fire

2009-01-19 17:50 --------- d-----w c:\program files\Audacity

2009-01-19 17:46 --------- d-----w c:\programdata\NCH Swift Sound

2009-01-13 07:14 --------- d-----w c:\program files\ECL

2008-04-28 19:45 22,328 ----a-w c:\users\Phil\AppData\Roaming\PnkBstrK.sys

2008-04-12 13:33 132,264 ----a-w c:\users\Phil\AppData\Roaming\nvModes.dat

2008-03-26 11:01 174 --sha-w c:\program files\desktop.ini

2007-10-13 12:00 0 ----a-w c:\users\Phil\AppData\Roaming\wklnhst.dat

2007-10-08 14:54 76 --sh--r c:\windows\CT4CET.bin

2008-04-03 20:08 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-04-03 20:08 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-04-03 20:08 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-08 1862144]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-22 166432]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13515296]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-02-22 92704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

 

c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de notification Live Search.lnk - c:\users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-18 143360]

QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut1_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-08 45056]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-08 50688]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3575546740-1429275205-405926686-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9954A64F-1E70-4155-98F0-64237BC05CD1}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema

"{BF2871F4-2C49-4A15-BB2A-1EDD39A29A8A}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{AF467CDD-3008-4EBF-898D-BCEEEE7BAEA6}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{B82B8783-0E81-48D2-A01C-8458D28923AD}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"TCP Query User{72E39133-118D-4824-A43E-A620DDBA87A7}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"UDP Query User{13C937C9-E569-46D5-B2DC-D05474E15FE8}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"{AAC8510A-7818-47A7-93F9-184889DB07EC}"= UDP:c:\program files\Google\Google Desktop Search\GoogleDesktop.exe:Google Desktop

"{88753D6A-E037-404A-BA3C-AE91064C2F41}"= TCP:c:\program files\Google\Google Desktop Search\GoogleDesktop.exe:Google Desktop

"{D06AA9A2-0C1F-4D14-968B-5876C42E9605}"= UDP:4664:Google Desktop port

"{ABB5D8BF-0C94-4176-A315-A47CDA263734}"= UDP:9339:Texas Hold'em Facebook

"TCP Query User{4D0F6753-1054-4E00-BFE1-301D3DC40A78}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++

"UDP Query User{525D7231-338B-4F37-9481-27829A028882}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++

"{11D7757C-B834-442F-85E6-BF39A4D8C9EF}"= UDP:1240:Hotmail

"{578B2432-6F19-4A03-BFE8-7F39952425AA}"= TCP:1240:Hotmail(2)

"{6DFB30DB-DD78-4E9B-BCEB-E73522260144}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

"{8A909ED0-A3D9-400E-9B1F-96DDFAA6EED9}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

"TCP Query User{5EEDE0E5-D701-4AF0-BF4D-FE8F67A3AEC1}c:\\users\\phil\\downloads\\splinter cell pandora tomorrow\\pandora.exe"= UDP:c:\users\phil\downloads\splinter cell pandora tomorrow\pandora.exe:pandora

"UDP Query User{CCB905B7-6445-4648-9601-C32CFC6467B8}c:\\users\\phil\\downloads\\splinter cell pandora tomorrow\\pandora.exe"= TCP:c:\users\phil\downloads\splinter cell pandora tomorrow\pandora.exe:pandora

"TCP Query User{E38C7B3B-AB14-456B-9432-75C50F891DDB}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC

"UDP Query User{2422B691-45F7-4E47-9A5B-6648BDE66192}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC

"{26AB5E42-216E-4367-A398-D74B0F55CF99}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{9696C176-9C47-4AC5-9FD6-96D9DCFD947E}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{A3AEAA5A-B344-47ED-B3CF-85BA8A0A09D1}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III

"{BFD40A5C-B9F2-44E8-A669-BDD01C62F2E9}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{663598C2-541E-4F39-A7C1-6D667667CB48}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{9873A928-B14B-44A4-9391-4BCEA4A29ACD}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{95D4BBCE-0587-4E69-A060-6335723F055D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{97CC75DC-958C-4523-AE46-17E6CBD3BBC5}c:\\counter-strike source lan edition\\hl2.exe"= UDP:c:\counter-strike source lan edition\hl2.exe:hl2

"UDP Query User{87726A6C-562A-461B-BD54-61A64317F674}c:\\counter-strike source lan edition\\hl2.exe"= TCP:c:\counter-strike source lan edition\hl2.exe:hl2

"TCP Query User{24416B44-7109-4E48-A747-84DC881C14C5}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{48B3741D-0231-4183-B1D2-61D13A3AF16C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{B94EFE7C-9C60-498D-86D7-A2970D626C3B}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{284707D9-1E49-45A3-A8B7-A2ECBC72AF33}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{278FD0AF-C8D7-4DBE-AC2D-5EF59C0C34A8}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{20C3E9F6-50C1-4D81-8681-91867C261047}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"{9CF9B6D2-1226-4516-AA93-E6CC71082B4C}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge

"{634DF36A-21F7-47FB-9997-FEB3AC12C5F4}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge

"{41F864BC-0058-4552-8C06-9E6034D413FA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{C4F2F244-04E1-4EA3-B1D6-C060EA29E913}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{CD374017-CDC6-47D7-A7E8-85E2B5A90D38}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{247C446D-9843-4F58-954F-FE76BDB84F84}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-11 114768]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2007-10-13 73728]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-11 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2007-10-15 51792]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2007-10-08 235584]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2007-10-08 7424]

S3 hid8101;hid8101;c:\windows\System32\drivers\hid8101.sys [2007-12-27 31899]

S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-14 2808664]

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - sptd

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37677d84-c6dd-11dd-bcbf-001c239499f1}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0681f1b-8a25-11dd-a2b5-001c239499f1}]

\shell\AutoRun\command - WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8f9328-2d56-11dd-80c8-001c239499f1}]

\shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3899e0a-7e8a-11dc-9811-001c26f27048}]

\shell\AutoRun\command - G:\win32/setup.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{180818B5-1487-4F2D-8BC1-FAF9E4CD9599}.job

- c:\windows\system32\msfeedssync.exe [2008-01-18 23:33]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

 

 

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\na8abr4s.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-13 13:40:28

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\wlanext.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\users\Phil\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\PnkBstrA.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\windows\System32\stacsv.exe

c:\windows\System32\msiexec.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\System32\wermgr.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

c:\windows\System32\conime.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2009-03-13 13:47:17 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-03-13 12:47:14

 

Avant-CF: 19,768,340,480 octets libres

Après-CF: 19,756,691,456 octets libres

 

256 --- E O F --- 2009-03-12 08:45:28

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

 

 

 

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

Folder::

c:\program files\Bonjour

File::

c:\program files\Bonjour\mDNSResponder.exe

Driver::

senekariajaquq.sys

mDNSResponder.exe

Rootkit::

c:\windows\System32\drivers\senekariajaquq.sys

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{41F864BC-0058-4552-8C06-9E6034D413FA}"=-

"{C4F2F244-04E1-4EA3-B1D6-C060EA29E913}"=-

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

animation1md2.gif

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

LaGroO Junior Member

LaGroO

Posté(e)
  • Auteur
Posté(e)

Voici le rapport :

 

 

ComboFix 09-03-12.01 - Phil 2009-03-14 19:50:33.2 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2045.1267 [GMT 1:00]

Lancé depuis: c:\users\Phil\Desktop\Bibitte.exe

Commutateurs utilisés :: c:\users\Phil\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1229 [VPS 090103-1] *On-access scanning enabled* (Updated)

* Un nouveau point de restauration a été créé

 

FILE ::

c:\program files\Bonjour\mDNSResponder.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Bonjour

c:\program files\Bonjour\About Bonjour.rtf

c:\program files\Bonjour\mdnsNSP.dll

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\drivers\seneka.sys

c:\windows\system32\drivers\senekariajaquq.sys

c:\windows\system32\senekapop.dll

c:\windows\system32\senekasmruqhbw.dat

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_seneka

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-14 au 2009-03-14 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-11 19:03 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL

2009-03-11 19:03 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-11 19:03 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-11 19:03 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll

2009-03-11 19:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-03-11 19:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-03-10 08:50 . 2009-03-10 08:50 <REP> d-------- c:\users\Phil\AppData\Roaming\Borland

2009-03-10 08:40 . 2009-03-10 08:41 <REP> d-------- c:\program files\Common Files\CodeGear Shared

2009-03-10 08:40 . 2009-03-10 08:40 <REP> d-------- c:\program files\Common Files\Borland Shared

2009-03-10 08:40 . 2009-03-10 08:40 <REP> d-------- c:\program files\CodeGear

2009-03-10 08:32 . 2009-03-10 08:51 <REP> d-------- c:\users\All Users\CodeGear

2009-03-10 08:32 . 2009-03-10 08:51 <REP> d-------- c:\programdata\CodeGear

2009-03-10 08:31 . 2009-03-10 09:08 <REP> d-------- c:\users\All Users\{AB3EC276-D261-4943-A921-1CC1C6799AED}

2009-03-10 08:31 . 2009-03-10 09:08 <REP> d-------- c:\programdata\{AB3EC276-D261-4943-A921-1CC1C6799AED}

2009-03-07 18:46 . 2009-03-07 18:46 <REP> d-------- c:\users\Phil\AppData\Roaming\Auslogics

2009-03-07 18:46 . 2009-03-07 18:46 <REP> d-------- c:\program files\Auslogics

2009-02-27 21:11 . 2009-02-27 21:11 <REP> d----c--- c:\windows\System32\DRVSTORE

2009-02-27 21:11 . 2009-02-27 21:11 <REP> d-------- c:\users\Phil\AppData\Roaming\Apple Computer

2009-02-27 21:11 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-02-27 21:11 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\program files\iTunes

2009-02-27 21:10 . 2009-02-27 21:10 <REP> d-------- c:\program files\iPod

2009-02-27 21:07 . 2009-02-27 21:07 <REP> d-------- c:\program files\Apple Software Update

2009-02-27 21:06 . 2009-02-27 21:10 <REP> d-------- c:\program files\Common Files\Apple

2009-02-24 17:31 . 2009-02-24 17:31 <REP> d-------- c:\users\Phil\Bluetooth Software

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-14 18:56 0 ----a-w c:\users\All Users\nvModes.dat

2009-03-14 18:56 0 ----a-w c:\programdata\nvModes.dat

2009-03-13 20:11 --------- d-----w c:\program files\DC++

2009-03-12 08:46 --------- d-----w c:\program files\Windows Mail

2009-03-12 08:44 --------- d-----w c:\programdata\Microsoft Help

2009-03-01 21:04 --------- d-----w c:\program files\Mp3TagToolsv12

2009-02-27 20:10 --------- d-----w c:\programdata\Apple Computer

2009-02-27 20:09 --------- d-----w c:\program files\QuickTime Alternative

2009-02-07 16:20 --------- d-----w c:\program files\EA Games

2009-02-07 16:17 --------- d-----w c:\program files\AGEIA Technologies

2009-02-07 16:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2009-01-23 16:00 --------- d-----w c:\users\Phil\AppData\Roaming\fretsonfire

2009-01-23 16:00 --------- d-----w c:\program files\Frets on Fire

2009-01-19 17:50 --------- d-----w c:\program files\Audacity

2009-01-19 17:46 --------- d-----w c:\programdata\NCH Swift Sound

2008-04-28 19:45 22,328 ----a-w c:\users\Phil\AppData\Roaming\PnkBstrK.sys

2008-04-12 13:33 132,264 ----a-w c:\users\Phil\AppData\Roaming\nvModes.dat

2008-03-26 11:01 174 --sha-w c:\program files\desktop.ini

2007-10-13 12:00 0 ----a-w c:\users\Phil\AppData\Roaming\wklnhst.dat

2007-10-08 14:54 76 --sh--r c:\windows\CT4CET.bin

2008-04-03 20:08 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-04-03 20:08 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-04-03 20:08 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-13_13.45.51.66 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2009-03-13 12:40:06 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-14 18:56:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2009-03-13 12:40:06 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-14 18:56:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-14 18:56:13 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-03-13 11:37:32 105,752 ----a-w c:\windows\System32\perfc009.dat

+ 2009-03-13 17:10:33 105,752 ----a-w c:\windows\System32\perfc009.dat

- 2009-03-13 11:37:33 123,556 ----a-w c:\windows\System32\perfc00C.dat

+ 2009-03-13 17:10:33 123,556 ----a-w c:\windows\System32\perfc00C.dat

- 2009-03-13 11:37:33 591,872 ----a-w c:\windows\System32\perfh009.dat

+ 2009-03-13 17:10:33 591,872 ----a-w c:\windows\System32\perfh009.dat

- 2009-03-13 11:37:33 669,566 ----a-w c:\windows\System32\perfh00C.dat

+ 2009-03-13 17:10:33 669,566 ----a-w c:\windows\System32\perfh00C.dat

- 2009-03-13 12:42:03 11,928 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3575546740-1429275205-405926686-1000_UserData.bin

+ 2009-03-14 18:02:34 11,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3575546740-1429275205-405926686-1000_UserData.bin

- 2009-03-13 12:42:03 147,308 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-03-14 18:02:34 147,470 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-03-13 12:41:58 55,360 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-03-14 18:02:30 55,360 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-03-11 11:43:09 438,198 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-03-13 17:05:13 439,974 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-08 1862144]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-22 166432]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13515296]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-02-22 92704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

 

c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de notification Live Search.lnk - c:\users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-18 143360]

QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut1_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-08 45056]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-08 50688]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3575546740-1429275205-405926686-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9954A64F-1E70-4155-98F0-64237BC05CD1}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema

"{BF2871F4-2C49-4A15-BB2A-1EDD39A29A8A}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{AF467CDD-3008-4EBF-898D-BCEEEE7BAEA6}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{B82B8783-0E81-48D2-A01C-8458D28923AD}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"TCP Query User{72E39133-118D-4824-A43E-A620DDBA87A7}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"UDP Query User{13C937C9-E569-46D5-B2DC-D05474E15FE8}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"{AAC8510A-7818-47A7-93F9-184889DB07EC}"= UDP:c:\program files\Google\Google Desktop Search\GoogleDesktop.exe:Google Desktop

"{88753D6A-E037-404A-BA3C-AE91064C2F41}"= TCP:c:\program files\Google\Google Desktop Search\GoogleDesktop.exe:Google Desktop

"{D06AA9A2-0C1F-4D14-968B-5876C42E9605}"= UDP:4664:Google Desktop port

"{ABB5D8BF-0C94-4176-A315-A47CDA263734}"= UDP:9339:Texas Hold'em Facebook

"TCP Query User{4D0F6753-1054-4E00-BFE1-301D3DC40A78}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++

"UDP Query User{525D7231-338B-4F37-9481-27829A028882}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++

"{11D7757C-B834-442F-85E6-BF39A4D8C9EF}"= UDP:1240:Hotmail

"{578B2432-6F19-4A03-BFE8-7F39952425AA}"= TCP:1240:Hotmail(2)

"{6DFB30DB-DD78-4E9B-BCEB-E73522260144}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

"{8A909ED0-A3D9-400E-9B1F-96DDFAA6EED9}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

"TCP Query User{5EEDE0E5-D701-4AF0-BF4D-FE8F67A3AEC1}c:\\users\\phil\\downloads\\splinter cell pandora tomorrow\\pandora.exe"= UDP:c:\users\phil\downloads\splinter cell pandora tomorrow\pandora.exe:pandora

"UDP Query User{CCB905B7-6445-4648-9601-C32CFC6467B8}c:\\users\\phil\\downloads\\splinter cell pandora tomorrow\\pandora.exe"= TCP:c:\users\phil\downloads\splinter cell pandora tomorrow\pandora.exe:pandora

"TCP Query User{E38C7B3B-AB14-456B-9432-75C50F891DDB}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC

"UDP Query User{2422B691-45F7-4E47-9A5B-6648BDE66192}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC

"{26AB5E42-216E-4367-A398-D74B0F55CF99}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{9696C176-9C47-4AC5-9FD6-96D9DCFD947E}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{A3AEAA5A-B344-47ED-B3CF-85BA8A0A09D1}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III

"{BFD40A5C-B9F2-44E8-A669-BDD01C62F2E9}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{663598C2-541E-4F39-A7C1-6D667667CB48}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{9873A928-B14B-44A4-9391-4BCEA4A29ACD}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{95D4BBCE-0587-4E69-A060-6335723F055D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{97CC75DC-958C-4523-AE46-17E6CBD3BBC5}c:\\counter-strike source lan edition\\hl2.exe"= UDP:c:\counter-strike source lan edition\hl2.exe:hl2

"UDP Query User{87726A6C-562A-461B-BD54-61A64317F674}c:\\counter-strike source lan edition\\hl2.exe"= TCP:c:\counter-strike source lan edition\hl2.exe:hl2

"TCP Query User{24416B44-7109-4E48-A747-84DC881C14C5}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{48B3741D-0231-4183-B1D2-61D13A3AF16C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{B94EFE7C-9C60-498D-86D7-A2970D626C3B}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{284707D9-1E49-45A3-A8B7-A2ECBC72AF33}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{278FD0AF-C8D7-4DBE-AC2D-5EF59C0C34A8}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{20C3E9F6-50C1-4D81-8681-91867C261047}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"{9CF9B6D2-1226-4516-AA93-E6CC71082B4C}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge

"{634DF36A-21F7-47FB-9997-FEB3AC12C5F4}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge

"{CD374017-CDC6-47D7-A7E8-85E2B5A90D38}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{247C446D-9843-4F58-954F-FE76BDB84F84}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-11 114768]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2007-10-13 73728]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-11 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2007-10-15 51792]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2007-10-08 235584]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2007-10-08 7424]

S3 hid8101;hid8101;c:\windows\System32\drivers\hid8101.sys [2007-12-27 31899]

S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-14 2808664]

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - sptd

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37677d84-c6dd-11dd-bcbf-001c239499f1}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0681f1b-8a25-11dd-a2b5-001c239499f1}]

\shell\AutoRun\command - WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8f9328-2d56-11dd-80c8-001c239499f1}]

\shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3899e0a-7e8a-11dc-9811-001c26f27048}]

\shell\AutoRun\command - G:\win32/setup.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-14 c:\windows\Tasks\User_Feed_Synchronization-{180818B5-1487-4F2D-8BC1-FAF9E4CD9599}.job

- c:\windows\system32\msfeedssync.exe [2008-01-18 23:33]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

 

 

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\na8abr4s.default\

FF - prefs.js: browser.search.selectedEngine - Facebook

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-14 19:56:23

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\wlanext.exe

c:\windows\System32\conime.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\System32\PnkBstrA.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\users\Phil\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

c:\windows\System32\stacsv.exe

c:\windows\System32\msiexec.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\System32\wermgr.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2009-03-14 20:02:18 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-03-14 19:02:12

ComboFix2.txt 2009-03-13 12:47:18

 

Avant-CF: 17 102 467 072 octets libres

Après-CF: 16,446,394,368 octets libres

 

279 --- E O F --- 2009-03-12 08:45:28

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bonsoir,

 

Scan en ligne

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

Désactiver l'antivirus actuel

Kaspersky

Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème

Cybersécurité

 

et nouvel hijackthis, svp.

Modifié par pear
LaGroO Junior Member

LaGroO

Posté(e)
  • Auteur
Posté(e)

Rapport Kaspersky :

 

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, March 16, 2009

Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, March 15, 2009 20:37:55

Records in database: 1909826

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

 

Scan statistics:

Files scanned: 268347

Threat name: 1

Infected objects: 3

Suspicious objects: 0

Duration of the scan: 02:42:11

 

 

File name / Threat name / Threats count

C:\Qoobox\Quarantine\C\Windows\System32\senekapcidthxi.dll.vir Infected: Packed.Win32.Tdss.c 1

C:\Qoobox\Quarantine\C\Windows\System32\senekapttirvnn.dll.vir Infected: Packed.Win32.Tdss.c 1

C:\Qoobox\Quarantine\C\Windows\System32\senekauvecncdc.dll.vir Infected: Packed.Win32.Tdss.c 1

 

The selected area was scanned.

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Ce que voisKaspersky est en quarantaine:c'est tout bon.

Pour supprimer Combofix:

Démarrer > Exécuter ->combofix.exe /u

Valider par OK

ComboFix démarre et affiche un message disant que ComboFix est bien éliminé: cliquer sur OK.

 

J'attends le rapport hijackthis, svp.

LaGroO Junior Member

LaGroO

Posté(e)
  • Auteur
Posté(e)

Voici le rapport HiJackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:49:20, on 16/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Users\Phil\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://hotline.eclair.ec-lyon.fr/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

O4 - Startup: QuickSet.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O13 - Gopher Prefix:

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)

O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio.exe (file missing)

 

--

End of file - 8335 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...