Bonjour, rien de bien innovant prob de trojan horse : Win32:Horst-ADX [Trj] donc a l'aide please merci beaucoup Benn.

Trojan

Réponse 21 / 32

Benn

voici le rapport de combofix le dernier que tu m'a demandé je vais faire le reste tt de suite

ComboFix 09-07-27.02 - Dominique Cavuoto 28/07/2009 12:36.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.447.131 [GMT 2:00]
Running from: c:\documents and settings\Dominique Cavuoto\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Dominique Cavuoto\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090727-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\nyoht.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_tsxrw

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-27 08:18 . 2009-07-27 08:34 -------- d-----w- c:\program files\Navilog1
2009-07-27 08:17 . 2009-07-27 08:17 -------- d-----w- c:\program files\AskBardis
2009-07-27 08:13 . 2009-07-27 08:13 -------- d-----w- c:\program files\CCleaner
2009-07-27 08:06 . 2009-07-27 08:09 -------- d-----w- C:\ToolBar SD
2009-07-27 07:43 . 2009-07-27 07:46 -------- d-----w- C:\rsit
2009-07-24 08:34 . 2009-07-24 08:34 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.3\itstv.exe
2009-07-16 08:08 . 2009-07-16 08:08 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2\itstv.exe
2009-07-10 15:14 . 2009-07-10 15:13 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.1\itstv.exe
2009-07-07 15:31 . 2009-07-07 15:31 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.0\itstv.exe
2009-07-02 07:59 . 2009-07-03 05:41 -------- d-----w- C:\!KillBox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 10:44 . 2009-03-23 16:56 -------- d-----w- c:\program files\DNA
2009-07-28 10:44 . 2009-03-23 16:56 -------- d-----w- c:\documents and settings\Dominique Cavuoto\Application Data\DNA
2009-07-28 10:12 . 2009-07-28 10:12 1726 ----a-w- c:\program files\xrvrzsb.txt
2009-07-28 10:05 . 2008-10-08 14:52 -------- d-----w- c:\program files\EoRezo
2009-07-28 09:12 . 2007-02-01 15:06 -------- d-----w- c:\program files\Mozilla Thunderbird Beta 2
2009-07-28 09:01 . 2008-10-08 14:52 -------- d-----w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo
2009-07-28 05:31 . 2008-10-19 14:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-27 19:22 . 2007-10-26 05:23 -------- d-----w- c:\program files\Trend Micro
2009-07-27 13:28 . 2008-10-19 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 10:56 . 2009-04-15 15:25 -------- d-----w- c:\program files\LucasArts
2009-07-27 10:56 . 2006-11-17 10:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 09:58 . 2008-10-20 06:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 05:28 . 2009-04-24 17:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 07:34 . 2009-05-15 14:45 -------- d-----w- c:\program files\free-downloads.net
2009-07-17 17:56 . 2009-03-23 17:15 -------- d-----w- c:\documents and settings\Dominique Cavuoto\Application Data\Azureus
2009-07-13 11:36 . 2008-10-20 06:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2008-10-20 06:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 10:54 . 2009-04-24 16:57 -------- d-----w- c:\program files\Windows Live
2009-07-10 10:14 . 2007-10-17 15:30 43536 ----a-w- c:\documents and settings\Dominique Cavuoto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 05:58 . 2009-06-25 05:58 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.9\itstv.exe
2009-06-17 12:39 . 2009-06-17 12:39 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.8\itstv.exe
2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 15:57 . 2009-06-09 15:56 -------- d-----w- c:\program files\Google
2009-06-09 12:16 . 2009-06-09 12:16 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.7\itstv.exe
2009-06-06 15:17 . 2009-06-05 16:14 -------- d-----w- c:\program files\Studio-Scrap
2009-06-06 14:06 . 2009-06-05 16:15 -------- d-----w- c:\documents and settings\Dominique Cavuoto\Application Data\Studio-Scrap2
2009-06-05 16:31 . 2009-06-05 15:02 -------- d-----w- c:\program files\InstStudio-Scrap
2009-06-03 19:10 . 2006-03-02 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 17:07 . 2009-06-03 17:07 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6\itstv.exe
2009-06-01 16:26 . 2009-06-01 16:26 -------- d-----w- c:\program files\EA GAMES
2009-05-31 06:31 . 2009-04-26 08:23 -------- d-----w- c:\program files\UBISOFT
2009-05-27 07:09 . 2009-05-27 07:09 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5\itstv.exe
2009-05-16 06:42 . 2009-05-16 06:42 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.4\itstv.exe
2009-05-08 18:03 . 2009-05-08 18:03 20480 ----a-w- c:\documents and settings\Dominique Cavuoto\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3\itstv.exe
2009-05-07 15:33 . 2006-03-02 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 19:26 . 2009-04-25 08:04 258408 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-23 15:20 . 2008-12-22 19:16 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-28_08.42.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-28 10:43 . 2009-07-28 10:43 16384 c:\windows\Temp\Perflib_Perfdata_238.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-07-18 07:35 2215960 ----a-w- c:\program files\free-downloads.net\tbfre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2009-07-18 2215960]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2009-07-18 2215960]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-23 321344]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-06-25 1578736]
"eMuleAutoStart"="d:\programs\eMule V0.48a\eMule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\windows\system32\rmctrl.exe" [2000-10-16 32768]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-21 185896]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-06-30 2376928]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-06-16 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2005-10-31 163840]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-02 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programs\\eMule V0.48a\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11280:TCP"= 11280:TCP:BitComet 11280 TCP
"11280:UDP"= 11280:UDP:BitComet 11280 UDP

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [16/05/2009 20:57 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [16/05/2009 20:57 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/06/2009 09:14 114768]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [24/04/2009 18:54 10240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/06/2009 09:14 20560]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [25/04/2009 10:07 30560]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [22/06/2006 20:23 808448]
S2 gupdate1c9e91accb640cc;Service Google Update (gupdate1c9e91accb640cc);c:\program files\Google\Update\GoogleUpdate.exe [09/06/2009 17:56 133104]
S3 DCamUSBNovatek;CI-8330 USB Video Camera;c:\windows\system32\drivers\nvtcam.sys [28/01/2007 12:53 79872]
S3 jbridgep;jbridgep;\??\c:\docume~1\DOMINI~1\LOCALS~1\Temp\jbridgep.sys --> c:\docume~1\DOMINI~1\LOCALS~1\Temp\jbridgep.sys [?]
S4 Aapiwdsnfsra;Aapiwdsnfsra; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-07-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-19 14:35]

2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 15:56]

2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 15:56]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.talti.com
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - d:\programs\OFFICE11\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Dominique Cavuoto\Application Data\Mozilla\Firefox\Profiles\3h2fjo45.default\
FF - prefs.js: browser.search.selectedEngine - Kiwee Live Search
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - plugin: c:\documents and settings\Dominique Cavuoto\Application Data\Mozilla\Firefox\Profiles\3h2fjo45.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\programs\Quick Time\Plugins\npqtplugin.dll
FF - plugin: d:\programs\Quick Time\Plugins\npqtplugin2.dll
FF - plugin: d:\programs\Quick Time\Plugins\npqtplugin3.dll
FF - plugin: d:\programs\Quick Time\Plugins\npqtplugin4.dll
FF - plugin: d:\programs\Quick Time\Plugins\npqtplugin5.dll
FF - plugin: d:\programs\Quick Time\Plugins\npqtplugin6.dll
FF - plugin: d:\programs\Quick Time\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 12:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\SSSensor.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\Smc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-07-28 12:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 10:50
ComboFix2.txt 2009-07-28 08:45

Pre-Run: 23 739 383 808 octets libres
Post-Run: 23 632 265 216 octets libres

209 --- E O F --- 2009-07-23 06:14

Réponse 22 / 32