Sujet Précédent Sujet Suivant

Infecté par TR/Dldr.Tracur.B.124

Résolu/Fermé
siamang - 28 mai 2010 à 11:10
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 1 juin 2010 à 10:42
Bonjour,

mon pc est infecté par un cheval de troie les fichiers sont des fichiers de sytem32 genre dphupnp32.dll dplay32.dll comuid32.dll
firewall kério et antivirus antivir
dans l'attente de vos conseils avisés merci d'avance

<config>WindowsXP SP3/ Firefox derniére version

29 réponses

  • 1
  • 2
Réponse 1 / 29
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
28 mai 2010 à 11:38
Salut,

Euh ... non malheureusement spybot ça n'est plus ce que c'était ...
Et je doute qu'antivir arrive à tout neutraliser tout seul ...

- Télécharge http://www.trendsecure.com/portal/fr/_download/HJTInstall.exe ton bureau.
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit coper/coller le rapport stp


@+
1
Réponse 2 / 29
g.chinal Messages postés 1147 Date d'inscription lundi 11 février 2008 Statut Membre Dernière intervention 2 octobre 2014 76
28 mai 2010 à 11:26
Alors pour commencer, As tu un CD de Windows XP ?
Commence tout d'abord par télécharger CCleaner :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tu passe un petit coup
Ensuite, tu fais une petite vérif avec Antivir et si il trouve tes chevaux de troie, tu les met en quarantaine ou tu essaie de les réparer, si rien n'y fait, télécharge SpyBot search and destroye et tu passe un petit coup.
Si tes fichiers système sont abîmés, il faudra utiliser ton cd XP pour réparer tout ça !
0
Réponse 3 / 29
siamang
28 mai 2010 à 11:35
ok je me lance
0
Réponse 4 / 29
g.chinal Messages postés 1147 Date d'inscription lundi 11 février 2008 Statut Membre Dernière intervention 2 octobre 2014 76
28 mai 2010 à 11:38
Bon courage ;)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 29
siamang
28 mai 2010 à 12:11
voici le compte rendu de highjack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:00 PM, on 5/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: (no name) - {0EFCE382-B0FD-4D89-B93C-027ABC6AD902} - C:\WINDOWS\system32\iassvcs32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\o.HOMESWEETHOME\Application Data\SystemProc\lsass.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: SATARaid.lnk = C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\comuid32.dll,C:\WINDOWS\system32\dplay32.dll,C:\WINDOWS\system32\console32.dll,C:\WINDOWS\system32\dplayx32.dll,C:\WINDOWS\system32\cryptdlg32.dll,C:\WINDOWS\system32\dpnhupnp32.dll,C:\WINDOWS\system32\dpnhupnp32.dllg2inue32.dll,C:\WINDOWS\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll,C:\WINDOWS\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dll,C:\WINDOWS\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dlllftl8pq0sjt032.dll
O20 - Winlogon Notify: c812761a924 - C:\WINDOWS\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dlllftl8pq0sjt032.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
0
Réponse 6 / 29
siamang
28 mai 2010 à 12:14
j'ai du faire le scan en mode sans échec
0
Réponse 7 / 29
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
28 mai 2010 à 12:38
Ouep ! J'ai vu pour le mode dans échec :

- Télécharge OTM (de Old_Timer) sur ton Bureau.

http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/


Double clique sur "OTM.exe" pour ouvrir le prg .
Puis copie ce qui se trouve en gras ci-dessous,


:Files
C:\WINDOWS\system32\comuid32.dll
C:\WINDOWS\system32\dplay32.dll
C:\WINDOWS\system32\console32.dll
C:\WINDOWS\system32\dplayx32.dll
C:\WINDOWS\system32\cryptdlg32.dll
C:\WINDOWS\system32\dpnhupnp32.dll

:Commands
[purity]
[emptytemp]
[Reboot]


et colle le dans le cadre de gauche de OTM :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

! Déconnecte toi et ferme toutes tes applications en cours ! ( navigateurs compris )

-> clique sur MoveIt! pour lancer la suppression.
-> laisse travailler l'outil ...

-> une fois finis , un petite fenêtre s'ouvre : clique sur " Yes " .

Ton PC va redémarrer de lui même pour finir la suppression ...

Lors du redémarrage , si on te demande d'autoriser l'exécution d' OTM , accepte ( pour que l'outil finisse son boulot ... ).

-->Poste le contenu du rapport qui se trouve dans le dossier "C:\_OTM\MovedFiles"
( " xxxx2010_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).


Ensuite :

Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

tutoriel pour bien utiliser l'outil
http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

/!\ Déconnecte-toi du net et DESACTIVE TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
Surtout, accepte d'installer la console de récupération
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu ici stp

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

@+
0
Réponse 8 / 29
siamang
28 mai 2010 à 16:31
VOICI LES RAPPORTS
par contre antivir trouve toujours des fichiers infectés
system32\dpnhupnp32.dllg2inue32.dllqcvdu19b32.dll
system32\dpnhupnp32.dllg2inue32.dllqcvdu19b32.dll6jo35slpbo32.dll
system32\dpnhupnp32.dllg2inue32.dllqcvdu19b32.dll6jo35slpbo32.dlllftl8pq0stj032.dll

All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\comuid32.dll
C:\WINDOWS\system32\comuid32.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dplay32.dll
C:\WINDOWS\system32\dplay32.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\console32.dll
C:\WINDOWS\system32\console32.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dplayx32.dll
C:\WINDOWS\system32\dplayx32.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cryptdlg32.dll
C:\WINDOWS\system32\cryptdlg32.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dpnhupnp32.dll
C:\WINDOWS\system32\dpnhupnp32.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 999002 bytes

User: o
->Temp folder emptied: 45374975 bytes
->Temporary Internet Files folder emptied: 112852 bytes

User: o.HOMESWEETHOME
->Temp folder emptied: 145150779 bytes
->Temporary Internet Files folder emptied: 4133995 bytes
->Java cache emptied: 3840304 bytes
->FireFox cache emptied: 90336095 bytes
->Flash cache emptied: 52175 bytes

User: O004C~1~HOM

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 1096209 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1807459 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 120835 bytes

Total Files Cleaned = 282.00 mb


OTM by OldTimer - Version 3.1.12.0 log created on 05282010_135227


ComboFix 10-05-27.03 - o 05/28/2010 16:07:48.2.1 - x86
Running from: c:\documents and settings\o.HOMESWEETHOME\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\020000008e06b785924C.manifest
c:\documents and settings\Administrator\Application Data\020000008e06b785924O.manifest
c:\documents and settings\Administrator\Application Data\020000008e06b785924P.manifest
c:\documents and settings\Administrator\Application Data\020000008e06b785924S.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\020000008e06b785924C.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\020000008e06b785924O.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\020000008e06b785924P.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\020000008e06b785924S.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\extensions\{21048e54-8b19-45af-a0da-0692854a2bf0}
c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\extensions\{21048e54-8b19-45af-a0da-0692854a2bf0}\chrome.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\extensions\{21048e54-8b19-45af-a0da-0692854a2bf0}\chrome\xulcache.jar
c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\extensions\{21048e54-8b19-45af-a0da-0692854a2bf0}\defaults\preferences\xulcache.js
c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\extensions\{21048e54-8b19-45af-a0da-0692854a2bf0}\install.rdf
c:\documents and settings\o.HOMESWEETHOME\Application Data\SystemProc
c:\documents and settings\o.HOMESWEETHOME\Application Data\SystemProc\lsass.exe
c:\documents and settings\o.HOMESWEETHOME\Application Data\SystemProc\upd.exe
c:\windows\GnuHashes.ini
c:\windows\system32\2048921981
c:\windows\system32\cic32.dll
c:\windows\system32\crypt3232.dll
c:\windows\system32\D3DRAMP32.DLL
c:\windows\system32\dciman3232.dll
c:\windows\system32\deskmon32.dll
c:\windows\system32\DMSCRIPT32.DLL
c:\windows\system32\DOCPROP32.DLL
c:\windows\system32\sstray.exe
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\mu306719808v4
c:\windows\system32\SysWoW32\mu306719808v4.kwd
c:\windows\system32\SysWoW32\mu306719808v5
c:\windows\system32\SysWoW32\mu306719808v5.kwd
c:\windows\system32\SysWoW32\mu306719808v6
c:\windows\system32\SysWoW32\mu306719808v6.kwd
c:\windows\system32\SysWoW32\mu306719808v7
c:\windows\system32\SysWoW32\mu306719808v7.kwd
c:\windows\system32\SysWoW32\wu306719808v0
c:\windows\system32\SysWoW32\wu306719808v0.kwd
c:\windows\system32\SysWoW32\wu306719808v1
c:\windows\system32\SysWoW32\wu306719808v1.kwd
c:\windows\system32\SysWoW32\wu306719808v2
c:\windows\system32\SysWoW32\wu306719808v2.kwd
c:\windows\system32\SysWoW32\wu306719808v3
c:\windows\system32\SysWoW32\wu306719808v3.kwd
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2010-05-28 11:52 . 2010-05-28 11:52 -------- d-----w- C:\_OTM
2010-05-28 10:01 . 2010-05-28 10:01 -------- d-----w- c:\program files\Trend Micro
2010-05-28 09:57 . 2010-05-28 09:58 -------- d-----w- c:\program files\CCleaner
2010-05-28 08:50 . 2010-05-28 08:50 296960 ----a-w- c:\windows\system32\iassvcs32.dll
2010-05-27 16:39 . 2010-05-27 16:39 296960 ----a-w- c:\windows\system32\dmdskres32.dll
2010-05-27 15:39 . 2010-05-27 15:39 296960 ----a-w- c:\windows\system32\dmconfig32.dll
2010-05-27 14:39 . 2010-05-27 14:39 296960 ----a-w- c:\windows\system32\dpnmodem32.dll
2010-05-27 12:39 . 2010-05-27 12:39 296960 ----a-w- c:\windows\system32\dhcpsapi32.dll
2010-05-27 11:39 . 2010-05-27 11:39 296960 ----a-w- c:\windows\system32\dot3svc32.dll
2010-05-27 09:39 . 2010-05-27 09:39 296960 ----a-w- c:\windows\system32\dhcpqec32.dll
2010-05-27 07:38 . 2010-05-27 07:38 296960 ----a-w- c:\windows\system32\iaspolcy32.dll
2010-05-26 21:30 . 2010-05-26 21:30 205312 ----a-w- c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dlllftl8pq0sjt032.dll
2010-05-26 21:30 . 2010-05-26 21:30 205312 ----a-w- c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dll
2010-05-26 21:29 . 2010-05-26 21:29 205312 ----a-w- c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll
2010-05-25 07:10 . 2010-05-25 07:10 61440 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6a03470d-n\decora-sse.dll
2010-05-25 07:10 . 2010-05-25 07:10 503808 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\msvcp71.dll
2010-05-25 07:10 . 2010-05-25 07:10 499712 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\jmc.dll
2010-05-25 07:10 . 2010-05-25 07:10 348160 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\msvcr71.dll
2010-05-25 07:10 . 2010-05-25 07:10 12800 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6a03470d-n\decora-d3d.dll
2010-05-13 12:17 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3\temp\cleanup.exe
2010-05-13 10:21 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3\temp\Launchpad Removal.exe
2010-05-02 11:53 . 2010-05-02 11:53 -------- d-----w- c:\windows\Sun
2010-05-02 11:53 . 2010-05-02 11:53 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 11:52 . 2010-05-02 11:52 503808 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\msvcp71.dll
2010-05-02 11:52 . 2010-05-02 11:52 499712 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\jmc.dll
2010-05-02 11:52 . 2010-05-02 11:52 348160 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\msvcr71.dll
2010-05-02 11:52 . 2010-05-02 11:52 12800 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37b4f8a1-n\decora-d3d.dll
2010-05-02 11:52 . 2010-05-02 11:52 61440 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37b4f8a1-n\decora-sse.dll
2010-05-02 11:52 . 2010-05-02 11:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 11:52 . 2010-05-02 11:52 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 20:58 . 2010-01-10 18:04 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\vlc
2010-05-25 09:23 . 2009-12-03 11:40 -------- d-----w- c:\program files\PokerStars
2010-05-23 19:42 . 2009-12-01 09:49 -------- d-----w- c:\program files\BitComet
2010-05-13 12:17 . 2010-04-27 19:55 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3
2010-04-29 16:36 . 2009-12-03 11:36 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\BSplayer
2010-04-26 16:35 . 2010-04-26 16:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 05:57 . 2010-04-12 07:43 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Apple Computer
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\program files\iTunes
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\program files\iPod
2010-04-12 07:42 . 2009-12-01 09:47 -------- d-----w- c:\program files\Common Files\Apple
2010-04-12 07:42 . 2010-04-12 07:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-04-12 07:42 . 2010-04-12 07:41 -------- d-----w- c:\program files\QuickTime
2010-04-12 07:41 . 2010-04-12 07:41 -------- d-----w- c:\program files\Apple Software Update
2010-04-12 07:40 . 2010-04-12 07:40 -------- d-----w- c:\program files\Bonjour
2010-03-29 19:15 . 2010-03-29 19:15 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-08 09:18 . 2009-12-01 09:55 63592 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2008-08-30 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2009-11-12 598069]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c812761a924]
2010-05-26 21:30 205312 ----a-w- c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dlllftl8pq0sjt032.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19276:TCP"= 19276:TCP:BitComet 19276 TCP
"19276:UDP"= 19276:UDP:BitComet 19276 UDP
"18921:TCP"= 18921:TCP:BitComet 18921 TCP
"18921:UDP"= 18921:UDP:BitComet 18921 UDP
"17696:TCP"= 17696:TCP:BitComet 17696 TCP
"17696:UDP"= 17696:UDP:BitComet 17696 UDP

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [10/12/2007 4:45 PM 97408]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [10/12/2007 4:46 PM 10240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [11/12/2009 11:01 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 2:54 PM 66600]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2009 1:15 PM 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 5:24 PM 95528]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [11/12/2009 11:01 PM 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 5:24 PM 1365288]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [1/8/2009 10:38 AM 4136960]
.
Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{0EFCE382-B0FD-4D89-B93C-027ABC6AD902} - c:\windows\system32\cic32.dll
HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\o.HOMESWEETHOME\Application Data\SystemProc\lsass.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 16:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\o.HOMESWEETHOME\Application Data\SystemProc\lsass.exe?????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dlllftl8pq0sjt032.dll
.
Completion time: 2010-05-28 16:17:24
ComboFix-quarantined-files.txt 2010-05-28 14:17

Pre-Run: 1,705,611,264 bytes free
Post-Run: 1,675,358,208 bytes free

- - End Of File - - 171E6F87FB3F6AB44430DD0E5107D2B8
0
Réponse 9 / 29
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
29 mai 2010 à 00:34
Salut,

Ok, ils ont une drôle de tête ces fichiers !

1-Créer un document texte sur ton bureau:
* Pointe ta souris sur ton bureau , clique droit / va dans "nouveau" et choisis "document texte" .

* Copie/colle tout le texte qui se trouve ci-dessous en gras dans le fichier texte que tu viens de créer :


File::
c:\windows\system32\iassvcs32.dll
c:\windows\system32\dmdskres32.dll
c:\windows\system32\dmconfig32.dll
c:\windows\system32\dpnmodem32.dll
c:\windows\system32\dhcpsapi32.dll
c:\windows\system32\dot3svc32.dll
c:\windows\system32\dhcpqec32.dll
c:\windows\system32\iaspolcy32.dll
c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dlllftl8pq0sjt032.dll
c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dll
c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c812761a924]


Sauvegarde le fichier : va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valide ... ( sauvegarde le bien sur le bureau )

2- Nettoyage :

!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!

-->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif )

Cette manipulation va relancer Combofix .

> Puis patiente le temps du scan ( Le Bureau va disparaître à plusieurs reprises : c'est normal !).

! Ne touches à rien tant que le scan n'est pas terminé !

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.


> Une fois le scan achevé, un rapport va s'afficher : poste le pour analyse stp.

@+
0
Réponse 10 / 29
siamang
29 mai 2010 à 10:29
voici le rapport


ComboFix 10-05-27.03 - o 05/29/2010 10:12:35.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.714 [GMT 2:00]
Running from: c:\documents and settings\o.HOMESWEETHOME\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\o.HOMESWEETHOME\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Created a new restore point

FILE ::
"c:\windows\system32\dhcpqec32.dll"
"c:\windows\system32\dhcpsapi32.dll"
"c:\windows\system32\dmconfig32.dll"
"c:\windows\system32\dmdskres32.dll"
"c:\windows\system32\dot3svc32.dll"
"c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll"
"c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dll"
"c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dlllftl8pq0sjt032.dll"
"c:\windows\system32\dpnmodem32.dll"
"c:\windows\system32\iaspolcy32.dll"
"c:\windows\system32\iassvcs32.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\o.HOMESWEETHOME\Application Data\020000008e06b785924C.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\020000008e06b785924O.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\020000008e06b785924P.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\020000008e06b785924S.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\extensions\{62ad81ba-3cf8-4e06-b9e7-cb82520b8cf7}
c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\extensions\{62ad81ba-3cf8-4e06-b9e7-cb82520b8cf7}\chrome.manifest
c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\extensions\{62ad81ba-3cf8-4e06-b9e7-cb82520b8cf7}\chrome\xulcache.jar
c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\extensions\{62ad81ba-3cf8-4e06-b9e7-cb82520b8cf7}\defaults\preferences\xulcache.js
c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\extensions\{62ad81ba-3cf8-4e06-b9e7-cb82520b8cf7}\install.rdf
c:\documents and settings\o.HOMESWEETHOME\Application Data\SystemProc
c:\documents and settings\o.HOMESWEETHOME\Application Data\SystemProc\lsass.exe
c:\documents and settings\o.HOMESWEETHOME\Application Data\SystemProc\upd.exe
c:\windows\system32\2048921981
c:\windows\system32\cmdial3232.dll
c:\windows\system32\dhcpqec32.dll
c:\windows\system32\dhcpsapi32.dll
c:\windows\system32\dmconfig32.dll
c:\windows\system32\dmdskres32.dll
c:\windows\system32\dot3svc32.dll
c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll
c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dll
c:\windows\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dlllftl8pq0sjt032.dll
c:\windows\system32\dpnmodem32.dll
c:\windows\system32\iaspolcy32.dll
c:\windows\system32\iassvcs32.dll
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-28 15:05 . 2010-05-28 15:05 296960 ----a-w- c:\windows\system32\clusapi32.dll
2010-05-28 11:52 . 2010-05-28 11:52 -------- d-----w- C:\_OTM
2010-05-28 10:01 . 2010-05-28 10:01 -------- d-----w- c:\program files\Trend Micro
2010-05-28 09:57 . 2010-05-28 09:58 -------- d-----w- c:\program files\CCleaner
2010-05-25 07:10 . 2010-05-25 07:10 61440 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6a03470d-n\decora-sse.dll
2010-05-25 07:10 . 2010-05-25 07:10 503808 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\msvcp71.dll
2010-05-25 07:10 . 2010-05-25 07:10 499712 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\jmc.dll
2010-05-25 07:10 . 2010-05-25 07:10 348160 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\msvcr71.dll
2010-05-25 07:10 . 2010-05-25 07:10 12800 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6a03470d-n\decora-d3d.dll
2010-05-13 12:17 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3\temp\cleanup.exe
2010-05-13 10:21 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3\temp\Launchpad Removal.exe
2010-05-02 11:53 . 2010-05-02 11:53 -------- d-----w- c:\windows\Sun
2010-05-02 11:53 . 2010-05-02 11:53 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 11:52 . 2010-05-02 11:52 503808 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\msvcp71.dll
2010-05-02 11:52 . 2010-05-02 11:52 499712 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\jmc.dll
2010-05-02 11:52 . 2010-05-02 11:52 348160 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\msvcr71.dll
2010-05-02 11:52 . 2010-05-02 11:52 12800 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37b4f8a1-n\decora-d3d.dll
2010-05-02 11:52 . 2010-05-02 11:52 61440 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37b4f8a1-n\decora-sse.dll
2010-05-02 11:52 . 2010-05-02 11:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 11:52 . 2010-05-02 11:52 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 15:05 . 2010-05-28 15:05 1093632 --sha-w- c:\windows\system32\8.tmp
2010-05-26 20:58 . 2010-01-10 18:04 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\vlc
2010-05-25 09:23 . 2009-12-03 11:40 -------- d-----w- c:\program files\PokerStars
2010-05-23 19:42 . 2009-12-01 09:49 -------- d-----w- c:\program files\BitComet
2010-05-13 12:17 . 2010-04-27 19:55 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3
2010-04-29 16:36 . 2009-12-03 11:36 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\BSplayer
2010-04-26 16:35 . 2010-04-26 16:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 05:57 . 2010-04-12 07:43 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Apple Computer
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\program files\iTunes
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\program files\iPod
2010-04-12 07:42 . 2009-12-01 09:47 -------- d-----w- c:\program files\Common Files\Apple
2010-04-12 07:42 . 2010-04-12 07:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-04-12 07:42 . 2010-04-12 07:41 -------- d-----w- c:\program files\QuickTime
2010-04-12 07:41 . 2010-04-12 07:41 -------- d-----w- c:\program files\Apple Software Update
2010-04-12 07:40 . 2010-04-12 07:40 -------- d-----w- c:\program files\Bonjour
2010-03-29 19:15 . 2010-03-29 19:15 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-08 09:18 . 2009-12-01 09:55 63592 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2008-08-30 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-28_14.15.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-29 08:19 . 2010-05-29 08:19 16384 c:\windows\Temp\Perflib_Perfdata_1e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EFCE382-B0FD-4D89-B93C-027ABC6AD902}]
c:\windows\system32\cmdial3232.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"RTHDBPL"="c:\documents and settings\o.HOMESWEETHOME\Application Data\SystemProc\lsass.exe" [BU]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2009-11-12 598069]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19276:TCP"= 19276:TCP:BitComet 19276 TCP
"19276:UDP"= 19276:UDP:BitComet 19276 UDP
"18921:TCP"= 18921:TCP:BitComet 18921 TCP
"18921:UDP"= 18921:UDP:BitComet 18921 UDP
"17696:TCP"= 17696:TCP:BitComet 17696 TCP
"17696:UDP"= 17696:UDP:BitComet 17696 UDP

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [10/12/2007 4:45 PM 97408]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [10/12/2007 4:46 PM 10240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [11/12/2009 11:01 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 2:54 PM 66600]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2009 1:15 PM 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 5:24 PM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 5:24 PM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [11/12/2009 11:01 PM 65576]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [1/8/2009 10:38 AM 4136960]
.
Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 10:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\o.HOMESWEETHOME\Application Data\SystemProc\lsass.exe?????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2032)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-29 10:23:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-29 08:23
ComboFix2.txt 2010-05-28 14:17

Pre-Run: 1,640,931,328 bytes free
Post-Run: 1,607,000,064 bytes free

- - End Of File - - DA121C81E6A257784A270F8564CBD8C3
0
Réponse 11 / 29
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
29 mai 2010 à 10:42
Ok, encore quelques fichiers à supprimer !

Comment se comporte le pc ?
0
Réponse 12 / 29
siamang
29 mai 2010 à 10:51
beaucoup mieux avira a trouvé un truc dans system volume information mais j'ai pas eu le temps de voir quel type de virus
0
Réponse 13 / 29
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
29 mai 2010 à 10:54
Ok,

Télécharge Malwarebytes : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Installe le
Lance malwarebytes
Clique pour commencer sur Mise à jour et ensuite sur Rechercher des mises à jour
Coche "Exécuter un examen complet"
Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
Clique sur Supprimer la sélection
Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
Fait copier coller et poste le rapport stp

@+
0
Réponse 14 / 29
siamang
29 mai 2010 à 13:49
rapport ci-dessous

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4153

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/29/2010 1:23:51 PM
mbam-log-2010-05-29 (13-23-51).txt

Type d'examen: Examen complet (C:\|F:\|G:\|H:\|)
Elément(s) analysé(s): 193975
Temps écoulé: 2 heure(s), 9 minute(s), 53 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 41

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Documents and Settings\o.HOMESWEETHOME\Application Data\SystemProc\lsass.exe.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cic32.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cmdial3232.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\crypt3232.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\d3dramp32.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dciman3232.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\deskmon32.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dmscript32.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\docprop32.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dpnhupnp32.dllg2inue32.dllqvcdu19b32.dll6jo35slpbo32.dlllftl8pq0sjt032.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP165\A0028150.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP165\A0029234.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP165\A0029237.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP165\A0029238.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP165\A0029239.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP165\A0029240.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP165\A0029241.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP165\A0029242.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030140.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030142.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030143.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030144.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030145.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030146.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030147.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030148.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030149.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030150.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030151.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030152.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030153.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030161.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clusapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\05282010_135227\C_WINDOWS\system32\comuid32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\05282010_135227\C_WINDOWS\system32\console32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\05282010_135227\C_WINDOWS\system32\cryptdlg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\05282010_135227\C_WINDOWS\system32\dplay32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\05282010_135227\C_WINDOWS\system32\dplayx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\05282010_135227\C_WINDOWS\system32\dpnhupnp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\o.HOMESWEETHOME\My Documents\Téléchargements\QuickTime_Update_KB579731.exe (Malware.Ackantta) -> Quarantined and deleted successfully.
0
Réponse 15 / 29
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
29 mai 2010 à 13:56
Ok, Malwarebytes a bien travaillé !

Télécharge RootRepeal.zip : https://25095680-a-62cb3a1a-s-sites.googlegroups.com/site/rootrepeal/RootRepeal.zip?attachauth=ANoY7crVG5FPHiSGIZjurfuoa_UCeSJKezuJcQIi2mRfagQDRpRVOuj9pTSfUZiYdLUDUaujXq_8Gj-zmRhosve8IxS3IJm1XPzXD-JjjfxhZg2ywAmoXA8NbctUdZQ7RalnE8pcoouEkHinqkieEa13a0jL_fbN2Wed_8vVW6iqkAi1VtpiYqO6NOtmf5NjUgdA1IYV8oeqpqi-mzDTpEqeaAtQv9ocqw%3D%3D&attredirects=2

Fais un clic-droit sur le dossier compressé RootRepeal.zip --> Extraire tout --> choisis le Bureau comme destination
Ouvre le nouveau dossier RootRepeal qui vient d'apparaitre sur le Bureau et lance le fichier RootRepeal.exe qu'il contient
Clique sur Files --> Scan
Sélectionne le disque C --> OK
A la fin du scan, clique sur "Save report"
Fais un copier/coller du rapport dans ta prochaine réponse stp

@+
0
Réponse 16 / 29
siamang
30 mai 2010 à 01:39
voici

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/29 14:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF785F000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF77E0000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2188928 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA15F5000 Size: 138112 File Visible: - Signed: -
Status: -

Name: ajic.sys
Image Path: ajic.sys
Address: 0xF782F000 Size: 54016 File Visible: No Signed: -
Status: -

Name: amdk7.sys
Image Path: C:\WINDOWS\system32\DRIVERS\amdk7.sys
Address: 0xF7A8F000 Size: 37760 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7772000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D5000 Size: 319488 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF74CE000 Size: 610304 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA23000 Size: 1085440 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7EE1000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Address: 0xF7DED000 Size: 6144 File Visible: - Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0x99624000 Size: 81920 File Visible: - Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0x9E4FE000 Size: 114688 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7DC3000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7C3F000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0x99EDC000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF78DF000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF789F000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF788F000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF778A000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7D33000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF798F000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_diskdump.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
Address: 0x99D0F000 Size: 16384 File Visible: No Signed: -
Status: -

Name: dump_si3112r.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_si3112r.sys
Address: 0x99638000 Size: 98304 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0x99676000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7EBB000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0x98C0F000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7B5F000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xA1CDA000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7B0F000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF7722000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7DC1000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF77B0000 Size: 125056 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xF7D1B000 Size: 10624 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF7B57000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x9922B000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF795F000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF78FF000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA15CF000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA1698000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF783F000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7B6F000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7D2F000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0x98B19000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF7563000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF76F9000 Size: 92288 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7DC5000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7B67000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF786F000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x99507000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA0353000 Size: 456576 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF3359000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF797F000 Size: 35072 File Visible: - Signed: -
Status: -

Name: msmpu401.sys
Image Path: C:\WINDOWS\system32\drivers\msmpu401.sys
Address: 0xF7EE0000 Size: 2944 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7CD7000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7625000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF763F000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7D1F000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0x9B3E9000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF733D000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF5502000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF356A000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA1617000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF3351000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF766C000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2188928 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7EB0000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv_agp.sys
Image Path: nv_agp.sys
Address: 0xF7ABF000 Size: 18688 File Visible: - Signed: -
Status: -

Name: nvapu.sys
Image Path: C:\WINDOWS\system32\drivers\nvapu.sys
Address: 0xF34B5000 Size: 311552 File Visible: - Signed: -
Status: -

Name: nvarm.sys
Image Path: C:\WINDOWS\system32\drivers\nvarm.sys
Address: 0xF3369000 Size: 69632 File Visible: - Signed: -
Status: -

Name: nvax.sys
Image Path: C:\WINDOWS\system32\drivers\nvax.sys
Address: 0xF7A9F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: NVENET.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NVENET.sys
Address: 0xF7586000 Size: 70656 File Visible: - Signed: -
Status: -

Name: nvmcp.sys
Image Path: C:\WINDOWS\system32\drivers\nvmcp.sys
Address: 0xF33C4000 Size: 987136 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF784F000 Size: 61696 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF7431000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7AB7000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7DE3000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF77CF000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7DF7000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7AAF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2188928 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF736D000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF732C000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7AFF000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7318000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF799F000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF79AF000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF79BF000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7B07000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2188928 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA03C3000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7DC7000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF3628000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF78EF000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF71FA000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SbFw.sys
Image Path: C:\WINDOWS\system32\drivers\SbFw.sys
Address: 0xA16FB000 Size: 265472 File Visible: - Signed: -
Status: -

Name: sbfwim.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sbfwim.sys
Address: 0xF5654000 Size: 60160 File Visible: - Signed: -
Status: -

Name: sbhips.sys
Image Path: C:\WINDOWS\system32\drivers\sbhips.sys
Address: 0xF355A000 Size: 61184 File Visible: - Signed: -
Status: -

Name: sbp2port.sys
Image Path: sbp2port.sys
Address: 0xF78AF000 Size: 43904 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\drivers\SCSIPORT.SYS
Address: 0xF7742000 Size: 98304 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7D17000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF792F000 Size: 64512 File Visible: - Signed: -
Status: -

Name: si3112r.sys
Image Path: si3112r.sys
Address: 0xF775A000 Size: 97408 File Visible: - Signed: -
Status: -

Name: SiWinAcc.sys
Image Path: SiWinAcc.sys
Address: 0xF7C43000 Size: 10240 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7710000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x991B1000 Size: 334848 File Visible: - Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xF3349000 Size: 23040 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7DA7000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF73F1000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA163F000 Size: 361344 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7B77000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF5664000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF35CA000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7DA9000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7B4F000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF5512000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF7B47000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF7598000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF3321000 Size: 26368 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF3361000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF7445000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF787F000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF354A000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0x9A7BD000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x994CA000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7D31000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2188928 File Visible: - Signed: -
Status: -
0
Réponse 17 / 29
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
30 mai 2010 à 12:33
Salut,

Très bien, poste un nouveau rapport hijackthis et dis moi comment se comporte le pc ? Et les difficultés s'il en reste.

@+
0
Réponse 18 / 29
siamang
30 mai 2010 à 17:32
le pc al air d'aller beaucoup mieux plus aucune alerte d'antivir
voici le rapport



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:43 PM, on 5/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: (no name) - {0EFCE382-B0FD-4D89-B93C-027ABC6AD902} - C:\WINDOWS\system32\cmdial3232.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: SATARaid.lnk = C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
0
Réponse 19 / 29
siamang
30 mai 2010 à 17:35
est-ce que "fix checked " sur highjack ou non?
0
Réponse 20 / 29
siamang
30 mai 2010 à 18:36
un message d'antivir toute les heures environ depuis ce matin 11h30
je viens de m'en apercevoir


Dans le fichier 'C:\System Volume Information\_restore{626B8502-1019-4C85-81CC-69430CB1A68E}\RP166\A0030305.dll'
un virus ou un programme indésirable 'TR/Trash.Gen' [trojan] a été détecté.
Action exécutée : Refuser l'accès
0

Discussions similaires

Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Casio graph 35+ et mac
Camille.R -
totoyo47 -

1 réponse
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Signification "TR"
andromeid -
matrix4422 -

3 réponses