Bonjour,
Depuis pas mal de temps j'ai une page d'accueil "Karatika" forcée, c'est-à-dire quoique je fasse en lançant Mozilla je tombe sur cette page: http://www.karatika.com/. J'ai scanné avec Eset, Spybot, changé dans les options, rien n'est detecté. A chaque démarrage la voila.
J'ai dernièrement scanné avec Combofix, j'ai lu que ca pourrait aider mais je ne sais pas quoi faire du log, alors je le met, on sait jamais :
----------------------------------------------------------------------------------
ComboFix 11-06-10.0A - Mathieu 11/06/2011 13:37:50.1.1 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2813.1964 [GMT 2:00]
Lancé depuis: c:\users\Mathieu\Desktop\asdehi.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Pare-feu personnel d'ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif
.
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Mathieu\AppData\Roaming\chrtmp
c:\users\Mathieu\AppData\Roaming\updating.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-11 au 2011-06-11 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-11 11:45 . 2011-06-11 11:45 -------- d-----w- c:\users\Mathieu\AppData\Local\temp
2011-06-11 11:45 . 2011-06-11 11:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 11:35 . 2011-06-11 11:35 -------- d-----w- C:\32788R22FWJFW
2011-06-10 16:26 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-06-10 16:26 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-06-10 16:26 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-06-10 16:26 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-06-10 16:26 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-06-10 16:26 . 2005-04-03 20:57 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-06-10 16:26 . 2011-06-10 16:26 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-06-10 16:26 . 2011-06-10 16:26 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-06-10 16:18 . 2011-06-10 16:18 -------- d--h--r- c:\users\Mathieu\AppData\Roaming\SecuROM
2011-06-10 16:18 . 2011-06-10 16:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-10 16:18 . 2011-06-10 16:47 -------- d-----w- c:\users\Mathieu\AppData\Local\Oblivion
2011-06-05 14:58 . 2011-05-20 12:02 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-06-05 14:58 . 2011-05-20 12:02 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-06-05 10:30 . 2011-06-05 10:30 -------- d-----w- c:\program files\iPod
2011-06-05 10:30 . 2011-06-05 10:31 -------- d-----w- c:\program files\iTunes
2011-06-05 10:26 . 2011-06-05 10:26 -------- d-----w- c:\program files\Bonjour
2011-05-31 13:40 . 2011-05-31 13:40 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-05-23 11:45 . 2011-05-23 11:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 19:24 . 2011-05-19 19:24 -------- d-----w- c:\programdata\ATI
2011-05-19 19:17 . 2011-05-19 19:17 -------- d-----w- C:\AMD
2011-05-19 01:09 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81AA54D4-0287-444E-B40E-6700D6DDCD55}\mpengine.dll
2011-05-18 16:28 . 2011-06-11 10:50 -------- d-----w- c:\users\Mathieu\AppData\Roaming\RIFT
2011-05-16 06:00 . 2011-05-16 06:00 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-16 05:25 . 2011-05-16 05:25 17940480 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-16 05:16 . 2011-05-16 05:16 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-16 05:13 . 2011-05-16 05:13 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-16 05:13 . 2011-05-16 05:13 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-16 05:12 . 2011-05-16 05:12 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-16 05:11 . 2011-05-16 05:11 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-05-16 05:11 . 2011-05-16 05:11 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-16 05:11 . 2011-05-16 05:11 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-16 05:11 . 2011-05-16 05:11 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-16 05:11 . 2011-05-16 05:11 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-16 04:57 . 2011-05-16 04:57 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-05-16 04:56 . 2011-05-16 04:56 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-16 04:56 . 2011-05-16 04:56 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-16 04:52 . 2011-05-16 04:52 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-16 04:49 . 2011-05-16 04:49 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-05-16 04:48 . 2011-05-16 04:48 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-05-16 04:36 . 2011-05-16 04:36 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-16 04:36 . 2011-05-16 04:36 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-16 04:36 . 2011-05-16 04:36 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-05-16 04:35 . 2011-05-16 04:35 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-16 04:34 . 2011-05-16 04:34 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-16 04:31 . 2011-05-16 04:31 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-16 04:31 . 2011-05-16 04:31 52736 ----a-w- c:\windows\system32\amdpcom32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 12:08 . 2011-05-02 19:20 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-16 05:16 . 2011-01-05 03:02 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-05-16 05:07 . 2009-07-13 22:09 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-05-16 04:42 . 2011-01-05 02:28 52736 ----a-w- c:\windows\system32\coinst.dll
2011-05-16 04:35 . 2011-01-05 02:18 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-05-16 04:35 . 2011-01-05 02:18 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-05-08 09:02 . 2011-02-09 11:06 13824 ----a-w- c:\windows\system32\slwga.dll
2011-05-08 09:02 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-05-08 09:02 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-19 11:06 . 2011-02-05 10:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-29 21:15 . 2011-03-27 11:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-08 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2011-5-4 202240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-05-01 311744]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-05 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-05 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-16 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-15 294400]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-05-20 1523008]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-16 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-16 243712]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://karatika.com
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{7ABCD7B5-5053-4A86-A937-6E5194070AEE}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\zpot158i.default\
FF - prefs.js: browser.startup.homepage - hxxp://karatika.com
FF - user.js: browser.startup.homepage - hxxp://karatika.com
user_pref(browser.startup.page,1);
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:0000040c
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{BD015EE1-DD0F-4415-8A09-65DB53345646}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.71.2"
"UniqueId"="0008F2A74D8F1B8A"
"ScannerBuild"=dword:0000215d
"ScannerVersionId"=dword:00001695
"ScannerVersion"="Open window for status."
"ei2"=hex(b):03,d0,14,55,ff,ce,89,31
"ei1"=hex(b):00,1f,29,b5,07,72,00,00
"ei3"=hex(b):1f,1c,8f,4d,00,00,00,00
"ei4"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-06-11 13:48:17
ComboFix-quarantined-files.txt 2011-06-11 11:48
.
Avant-CF: 41 738 022 912 octets libres
Après-CF: 41 520 881 664 octets libres
.
- - End Of File - - A65C4FE72B419959FD0F1CE03B221081
----------------------------------------------------------------------------------
Merci d'avance pour votre aide.
Message édité par Percee le 11-06-2011 à 14:50:51