Sujet Précédent Sujet Suivant

Infecter par TR/Dropper.Gen 'svchost.exe'

Fermé
merguesa Messages postés 36 Date d'inscription vendredi 2 avril 2010 Statut Membre Dernière intervention 8 décembre 2014 - 13 juin 2011 à 12:47
 Utilisateur anonyme - 13 juin 2011 à 16:41
Bonjour,
antivir m'alerte depuis une semaine la présence des virus sur des fichiers .exe
j'ai fait un scan avec RSIT et voila le contenu du log

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrateur at 2011-06-13 12:39:51
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 88 GB (88%) free of 100 GB
Total RAM: 1920 MB (76% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
Eazel-FR Toolbar - C:\Program Files\Eazel-FR\prxtbEaz0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
MediaBar - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - MediaBar - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll []
{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - Eazel-FR Toolbar - C:\Program Files\Eazel-FR\prxtbEaz0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-04-12 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-04-12 174616]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-04-12 145432]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-03-17 19520544]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-02-04 281768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"WinUpdaterstd"=C:\WINDOWS\WinUpdaterstd\svchost.exe [2011-05-30 101888]
"Speaker"=C:\WINDOWS\WinUpdaterstd\svchost.exe [2011-05-30 101888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"fv6ap3xh7c"=C:\Documents and Settings\Administrateur\fv6ap3xh7c.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-03-25 214016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mebpaqan.dll, mlbsxtyy.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"


Merci pour votre aide :)


5 réponses

Réponse 1 / 5
Utilisateur anonyme
13 juin 2011 à 12:49
salut pas complet ton rapport
0
Réponse 2 / 5
merguesa Messages postés 36 Date d'inscription vendredi 2 avril 2010 Statut Membre Dernière intervention 8 décembre 2014
13 juin 2011 à 13:07
Salut ^^
voila j'ai fait un scan avec combofix et voila le rapport



ComboFix 11-06-12.04 - Administrateur 13/06/2011 12:53:57.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1920.1549 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrateur\Application Data\engel
c:\documents and settings\Administrateur\Application Data\PriceGong
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrateur\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Administrateur\fv6ap3xh7c.exe
c:\documents and settings\Administrateur\gaabom.exe
c:\documents and settings\Administrateur\jtum.exe
c:\documents and settings\Administrateur\kaozr.exe
c:\documents and settings\Administrateur\keohf.exe
c:\documents and settings\Administrateur\kuimov.exe
c:\documents and settings\Administrateur\piilun.exe
c:\documents and settings\Administrateur\roovk.exe
c:\documents and settings\Administrateur\zioril.exe
c:\windows\keys.ini
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.tmp
c:\windows\windupdate
c:\windows\windupdate\WinSocks.sw
c:\windows\WinUpdaterstd
c:\windows\WinUpdaterstd\WinSocks.sw
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GOOGLEUPDATEBETA
-------\Legacy_SSHNAS
-------\Service_GoogleUpdateBeta
-------\Service_SSHNAS
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-13 au 2011-06-13 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-13 10:39 . 2011-06-13 10:39 -------- d-----w- c:\program files\trend micro
2011-06-13 10:39 . 2011-06-13 10:39 -------- d-----w- C:\rsit
2011-05-30 07:25 . 2011-05-30 07:25 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Avira
2011-05-30 07:21 . 2011-05-30 07:21 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
2011-05-27 15:49 . 2011-05-30 07:21 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-27 15:49 . 2011-02-04 10:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-27 15:49 . 2010-06-17 12:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-27 15:49 . 2010-06-17 12:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-27 15:49 . 2011-05-27 15:49 -------- d-----w- c:\program files\Avira
2011-05-27 15:49 . 2011-05-27 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-27 12:44 . 2011-05-27 12:44 -------- d-----w- c:\program files\Windows Sidebar
2011-05-27 12:44 . 2011-05-30 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-05-26 15:16 . 2011-05-26 15:16 392 ----a-w- c:\documents and settings\Administrateur\Application Data\14.tmp
2011-05-26 12:02 . 2011-05-26 12:02 -------- d-----w- C:\spoolerlogs
2011-05-26 08:53 . 2011-06-10 10:12 -------- d-----w- c:\windows\system32\NtmsData
2011-05-18 07:28 . 2011-05-25 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-18 07:27 . 2011-05-18 07:27 -------- d-----w- c:\program files\Fichiers communs\Skype
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 07:15 . 2011-04-26 07:15 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-19 11:25 . 2010-11-15 13:03 74752 ----a-w- c:\windows\ST6UNST.EXE
2011-04-19 11:25 . 2010-11-15 13:03 253952 ------w- c:\windows\Setup1.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-22 . D1110A51663318318C008C5836D243CE . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}"= "c:\program files\Eazel-FR\prxtbEaz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Eazel-FR\prxtbEaz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}"= "c:\program files\Eazel-FR\prxtbEaz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE}"= "c:\program files\Eazel-FR\prxtbEaz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-12 174616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-12 145432]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-16 19520544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-02-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mebpaqan.dll, mlbsxtyy.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 NEOFLTR_700_17757;Juniper Networks TDI Filter Driver (NEOFLTR_700_17757);c:\windows\system32\drivers\NEOFLTR_700_17757.SYS [30/03/2011 10:04 84336]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/05/2011 17:49 136360]
R2 APC-Host;APC-Host;c:\program files\Anyplace Control\apc_host.exe [21/02/2011 21:31 534016]
S2 klhkg;klhkg;c:\windows\system32\drivers\klhkg.exe --> c:\windows\system32\drivers\klhkg.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15/11/2010 14:52 1691480]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2095689
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1
uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
Trusted Zone: gayastats
Trusted Zone: phonecontrol.fr\*.v6
TCP: Interfaces\{DF3F9836-0E7C-42B9-8B27-01DCB7F57D8A}: NameServer = 194.98.57.253,194.98.57.254
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ghkgldz6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Eazel-FR Community Toolbar: {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - %profile%\extensions\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-10 - (no file)
HKCU-Run-fv6ap3xh7c - c:\documents and settings\Administrateur\fv6ap3xh7c.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-13 12:57
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD321HJ rev.1AC01118 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read Un périphérique attaché au système ne fonctionne pas correctement.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89C4A57B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2011-06-13 12:59:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-06-13 10:59
.
Avant-CF: 92 128 104 448 octets libres
Après-CF: 92 175 990 784 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - BEFAC842220912CEA14374CE114BF47B




lol j'y comprends rien :(
0
Réponse 3 / 5
Utilisateur anonyme
Modifié par g3n-h@ckm@n le 13/06/2011 à 13:18
justement si tu n'y comprends rien evite de lancer des bombes atomiques dans ton pc

ca c'est bien passé mais ta machine aurait pu planter et ne plus redemarrer

d'autant plus que certaines choses n'ont pas été respectées pour son lancement :

1/... il n'a pas été renommé
2/... je suppose que tu n'as pas desactivé toutes tes protections
3/...

tu n'as pas utilisé defogger avant pour déhooker atapi
¤¤¤¤¤¤¤¤¤¤ g3n-h@ckm@n ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 4 / 5
merguesa Messages postés 36 Date d'inscription vendredi 2 avril 2010 Statut Membre Dernière intervention 8 décembre 2014
13 juin 2011 à 16:22
voila le nouveau log


Logfile of random's system information tool 1.08 (written by random/random)
Run by fc at 2011-06-13 16:19:15
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 49 GB (73%) free of 67 GB
Total RAM: 1920 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:19:43, on 13/06/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\fc\Bureau\Nouveau dossier\RSIT.exe
C:\Program Files\trend micro\fc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2500339
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Avanquest FR Toolbar - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - C:\Program Files\Avanquest_FR\prxtbAva0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Avanquest FR - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - C:\Program Files\Avanquest_FR\prxtbAva0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Avanquest FR Toolbar - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - C:\Program Files\Avanquest_FR\prxtbAva0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.gayastats
O15 - Trusted Zone: *.v6.phonecontrol.fr
O15 - Trusted Zone: http://*.multimedia-conference.orange-business.com (HKLM)
O15 - Trusted IP range: 192.168.76.5
O16 - DPF: {CBCF8AB4-8A12-4A8A-A22D-36480B41DC78} (eDataInstall ActiveX control, Version 4.0) - https://coopnet.multimedia-conference.orange-business.com/EData/MMC_4.2.0.3/multimedia_conference_4.2.0.3.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://lyon.metagate.francetelecom.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://nantes.metagate.francetelecom.com/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A77FA082-6C85-4659-A73B-0581F2DE5C40}: NameServer = 194.98.57.253,194.98.57.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Utilisateur anonyme
13 juin 2011 à 16:41
C:\ComboFix.txt
0

Discussions similaires

Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Signification "TR"
andromeid -
matrix4422 -

3 réponses
SVCHOST.EXE --> Lag
Mike -
Xasher -

70 réponses
Casque sans fil senheiser TR 120
Thiet78 -
baladur13 -

2 réponses