Infecté par TR/Dldr.Tracur.B.124 - Page 2

Résolu
Précédent
  • 1
  • 2
Réponse 21 / 29
green day Messages postés 26319 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
 
Salut,

C'est un point de restauration, donc tant que tu ne restaure pas à cette date, l'infection est inactive. On s'occupera des points infectés à la fin.

Reposte juste un nouveau rapport combofix pour vérification.

@+
0
Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 708
 
En plus TR/Trash.Gen, c'est pas un vrai Trojan... C'est un PE (fichier executable) endommagé.... souvent par catchme ou Combofix qui s'appuie sur catchme.

Donc rien d'alarmant en somme!
0
green day Messages postés 26319 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
 
J'en prends bonne note !

Merci ;-)
0
Réponse 22 / 29
siamang
 
ComboFix 10-05-27.03 - o 05/31/2010 11:48:41.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.613 [GMT 2:00]
Running from: c:\documents and settings\o.HOMESWEETHOME\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-29 09:06 . 2010-05-29 09:06 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Malwarebytes
2010-05-29 09:06 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 09:06 . 2010-05-29 09:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-05-29 09:06 . 2010-05-29 09:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 09:06 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 11:52 . 2010-05-28 11:52 -------- d-----w- C:\_OTM
2010-05-28 10:01 . 2010-05-28 10:01 -------- d-----w- c:\program files\Trend Micro
2010-05-28 09:57 . 2010-05-28 09:58 -------- d-----w- c:\program files\CCleaner
2010-05-25 07:10 . 2010-05-25 07:10 61440 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6a03470d-n\decora-sse.dll
2010-05-25 07:10 . 2010-05-25 07:10 503808 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\msvcp71.dll
2010-05-25 07:10 . 2010-05-25 07:10 499712 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\jmc.dll
2010-05-25 07:10 . 2010-05-25 07:10 348160 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\msvcr71.dll
2010-05-25 07:10 . 2010-05-25 07:10 12800 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6a03470d-n\decora-d3d.dll
2010-05-13 12:17 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3\temp\cleanup.exe
2010-05-13 10:21 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3\temp\Launchpad Removal.exe
2010-05-02 11:53 . 2010-05-02 11:53 -------- d-----w- c:\windows\Sun
2010-05-02 11:53 . 2010-05-02 11:53 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 11:52 . 2010-05-02 11:52 503808 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\msvcp71.dll
2010-05-02 11:52 . 2010-05-02 11:52 499712 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\jmc.dll
2010-05-02 11:52 . 2010-05-02 11:52 348160 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\msvcr71.dll
2010-05-02 11:52 . 2010-05-02 11:52 12800 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37b4f8a1-n\decora-d3d.dll
2010-05-02 11:52 . 2010-05-02 11:52 61440 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37b4f8a1-n\decora-sse.dll
2010-05-02 11:52 . 2010-05-02 11:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 11:52 . 2010-05-02 11:52 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 07:27 . 2009-12-03 11:40 -------- d-----w- c:\program files\PokerStars
2010-05-26 20:58 . 2010-01-10 18:04 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\vlc
2010-05-23 19:42 . 2009-12-01 09:49 -------- d-----w- c:\program files\BitComet
2010-05-13 12:17 . 2010-04-27 19:55 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3
2010-04-29 16:36 . 2009-12-03 11:36 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\BSplayer
2010-04-26 16:35 . 2010-04-26 16:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 05:57 . 2010-04-12 07:43 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Apple Computer
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\program files\iTunes
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\program files\iPod
2010-04-12 07:42 . 2009-12-01 09:47 -------- d-----w- c:\program files\Common Files\Apple
2010-04-12 07:42 . 2010-04-12 07:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-04-12 07:42 . 2010-04-12 07:41 -------- d-----w- c:\program files\QuickTime
2010-04-12 07:41 . 2010-04-12 07:41 -------- d-----w- c:\program files\Apple Software Update
2010-04-12 07:40 . 2010-04-12 07:40 -------- d-----w- c:\program files\Bonjour
2010-03-29 19:15 . 2010-03-29 19:15 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-08 09:18 . 2009-12-01 09:55 63592 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2008-08-30 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-28_14.15.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-31 09:44 . 2010-05-31 09:44 16384 c:\windows\Temp\Perflib_Perfdata_2bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EFCE382-B0FD-4D89-B93C-027ABC6AD902}]
c:\windows\system32\cmdial3232.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2009-11-12 598069]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19276:TCP"= 19276:TCP:BitComet 19276 TCP
"19276:UDP"= 19276:UDP:BitComet 19276 UDP
"18921:TCP"= 18921:TCP:BitComet 18921 TCP
"18921:UDP"= 18921:UDP:BitComet 18921 UDP
"17696:TCP"= 17696:TCP:BitComet 17696 TCP
"17696:UDP"= 17696:UDP:BitComet 17696 UDP

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [10/12/2007 4:45 PM 97408]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [10/12/2007 4:46 PM 10240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [11/12/2009 11:01 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 2:54 PM 66600]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2009 1:15 PM 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 5:24 PM 95528]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [11/12/2009 11:01 PM 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 5:24 PM 1365288]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [1/8/2009 10:38 AM 4136960]
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 11:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2088)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2010-05-31 11:56:55
ComboFix-quarantined-files.txt 2010-05-31 09:56
ComboFix2.txt 2010-05-28 14:17

Pre-Run: 1,659,932,672 bytes free
Post-Run: 1,632,321,536 bytes free

- - End Of File - - 74DBE85F50FE997BE8D951E9CF4537D9
0
Réponse 23 / 29
green day Messages postés 26319 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
 
Ok,

Encore quelque suppression de fichiers :

Créer un document texte sur ton bureau:
* Pointe ta souris sur ton bureau , clique droit / va dans "nouveau" et choisis "document texte" .

* Copie/colle tout le texte qui se trouve ci-dessous en gras dans le fichier texte que tu viens de créer :


File::

c:\documents and settings\o.HOMESWEETHOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\windows\Temp\Perflib_Perfdata_2bc.dat

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EFCE382-B0FD-4D89-B93C-027ABC6AD902}]

Sauvegarde le fichier : va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valide ... ( sauvegarde le bien sur le bureau )

2- Nettoyage :

!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!

-->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif )

Cette manipulation va relancer Combofix .

> Puis patiente le temps du scan ( Le Bureau va disparaître à plusieurs reprises : c'est normal !).

! Ne touches à rien tant que le scan n'est pas terminé !

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

> Une fois le scan achevé, un rapport va s'afficher : poste le pour analyse stp.

@+

0
Réponse 24 / 29
siamang
 
ComboFix 10-05-27.03 - o 05/31/2010 20:15:54.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.718 [GMT 2:00]
Running from: c:\documents and settings\o.HOMESWEETHOME\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\o.HOMESWEETHOME\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\documents and settings\o.HOMESWEETHOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT"
"c:\windows\Temp\Perflib_Perfdata_2bc.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\o.HOMESWEETHOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-29 09:06 . 2010-05-29 09:06 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Malwarebytes
2010-05-29 09:06 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 09:06 . 2010-05-29 09:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-05-29 09:06 . 2010-05-29 09:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 09:06 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 11:52 . 2010-05-28 11:52 -------- d-----w- C:\_OTM
2010-05-28 10:01 . 2010-05-28 10:01 -------- d-----w- c:\program files\Trend Micro
2010-05-28 09:57 . 2010-05-28 09:58 -------- d-----w- c:\program files\CCleaner
2010-05-25 07:10 . 2010-05-25 07:10 61440 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6a03470d-n\decora-sse.dll
2010-05-25 07:10 . 2010-05-25 07:10 503808 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\msvcp71.dll
2010-05-25 07:10 . 2010-05-25 07:10 499712 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\jmc.dll
2010-05-25 07:10 . 2010-05-25 07:10 348160 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42fcf061-n\msvcr71.dll
2010-05-25 07:10 . 2010-05-25 07:10 12800 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6a03470d-n\decora-d3d.dll
2010-05-13 12:17 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3\temp\cleanup.exe
2010-05-13 10:21 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3\temp\Launchpad Removal.exe
2010-05-02 11:53 . 2010-05-02 11:53 -------- d-----w- c:\windows\Sun
2010-05-02 11:53 . 2010-05-02 11:53 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 11:52 . 2010-05-02 11:52 503808 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\msvcp71.dll
2010-05-02 11:52 . 2010-05-02 11:52 499712 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\jmc.dll
2010-05-02 11:52 . 2010-05-02 11:52 348160 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f0bd2cb-n\msvcr71.dll
2010-05-02 11:52 . 2010-05-02 11:52 12800 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37b4f8a1-n\decora-d3d.dll
2010-05-02 11:52 . 2010-05-02 11:52 61440 ----a-w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37b4f8a1-n\decora-sse.dll
2010-05-02 11:52 . 2010-05-02 11:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 11:52 . 2010-05-02 11:52 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 18:11 . 2009-12-01 09:49 -------- d-----w- c:\program files\BitComet
2010-05-31 07:27 . 2009-12-03 11:40 -------- d-----w- c:\program files\PokerStars
2010-05-26 20:58 . 2010-01-10 18:04 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\vlc
2010-05-13 12:17 . 2010-04-27 19:55 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\U3
2010-04-29 16:36 . 2009-12-03 11:36 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\BSplayer
2010-04-26 16:35 . 2010-04-26 16:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 05:57 . 2010-04-12 07:43 -------- d-----w- c:\documents and settings\o.HOMESWEETHOME\Application Data\Apple Computer
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\program files\iTunes
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- c:\program files\iPod
2010-04-12 07:42 . 2009-12-01 09:47 -------- d-----w- c:\program files\Common Files\Apple
2010-04-12 07:42 . 2010-04-12 07:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-04-12 07:42 . 2010-04-12 07:41 -------- d-----w- c:\program files\QuickTime
2010-04-12 07:41 . 2010-04-12 07:41 -------- d-----w- c:\program files\Apple Software Update
2010-04-12 07:40 . 2010-04-12 07:40 -------- d-----w- c:\program files\Bonjour
2010-03-29 19:15 . 2010-03-29 19:15 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
.

------- Sigcheck -------

[-] 2008-08-30 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-28_14.15.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-31 10:00 . 2010-05-31 10:00 16384 c:\windows\Temp\Perflib_Perfdata_7c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2009-11-12 598069]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19276:TCP"= 19276:TCP:BitComet 19276 TCP
"19276:UDP"= 19276:UDP:BitComet 19276 UDP
"18921:TCP"= 18921:TCP:BitComet 18921 TCP
"18921:UDP"= 18921:UDP:BitComet 18921 UDP
"17696:TCP"= 17696:TCP:BitComet 17696 TCP
"17696:UDP"= 17696:UDP:BitComet 17696 UDP

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [10/12/2007 4:45 PM 97408]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [10/12/2007 4:46 PM 10240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [11/12/2009 11:01 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 2:54 PM 66600]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2009 1:15 PM 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 5:24 PM 95528]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [11/12/2009 11:01 PM 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 5:24 PM 1365288]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [1/8/2009 10:38 AM 4136960]
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\o.HOMESWEETHOME\Application Data\Mozilla\Firefox\Profiles\q9anc57y.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 20:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-31 20:23:37
ComboFix-quarantined-files.txt 2010-05-31 18:23
ComboFix2.txt 2010-05-31 09:56
ComboFix3.txt 2010-05-28 14:17

Pre-Run: 1,561,243,648 bytes free
Post-Run: 1,533,054,976 bytes free

- - End Of File - - 30E35DC5B2D36A9B6C2BCC326391B7DB
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 29
green day Messages postés 26319 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
 
Bien, un petit coup de ccleaner pour supprimer les fichiers temps ( un fichier.dat fait de la résistance ?) et pour épurer la base de registre :

1 - Voir le tuto de CCleaner ici :

https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/#tutoriel-ccleaner

2 - Nettoyage et création d'un point de restaurations sain :

* Clique droit sur "Poste de travail" puis choisir "Propriétés".
* Sélectionne l'onglet "Restauration du système".
* Coche "Désactiver la Restauration du système sur tous les lecteurs" ou "Désactiver la Restauration du système" puis appliquer.
* Un message informera la suppression de tous les points de restauration existants.
* Confirmer par "Oui".
* Réactiver ensuite la restauration du système en décochant "Désactiver la Restauration du système".
* Appliquer puis valider par "OK".

3 - Créer ensuite un nouveau point de restauration :

* Aller dans le Menu Démarrer puis dans Programmes
* Ensuite dans Accessoires et enfin dans Outils système
* Choisir Restauration du système
* Sélectionner Créer un point de restauration
* Cliquer sur Suivant
* Entrer un nom pour le point de restauration : ce nom doit être assez évocateur
* Cliquer sur Créer et le point de restauration se créé automatiquement.

4 - mettre à jour son pc et éviter les failles de sécurité :

https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite

5 - Tout ce qu'il faut savoir pour adopter un surf prudant sur le net :

à lire à l'occasion :

https://www.commentcamarche.net/faq/2432-securite-proteger-un-ordinateur-contre-les-malwares

Si tu as des questions ...

@+

;-)
0
Réponse 26 / 29
siamang
 
je fais la création du point de restauration
merci pour tout
c'est sur mon pc est totalement sain????
0
Réponse 27 / 29
green day Messages postés 26319 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
 
s'il n'y a plus de dysfonctionnement, alors je pense que oui :)
0
Réponse 28 / 29
siamang
 
merci pour ton temps et ta disponibilité green day mais aussi pour tes compétences avisées
0
Réponse 29 / 29
green day Messages postés 26319 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
 
Pas d'quoi ;-)

Bon surf !

@+
0
Précédent
  • 1
  • 2

Discussions similaires

Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Problème casque sennheiser 4200
barbie35 -
Beenaxa -

1 réponse
Casio graph 35+ et mac
Camille.R -
totoyo47 -

1 réponse