Sujet Précédent Sujet Suivant

Trojan.spy.html.bankfraud.dq

Fermé
spiderlolo Messages postés 3 Date d'inscription jeudi 11 septembre 2008 Statut Membre Dernière intervention 12 septembre 2008 - 11 sept. 2008 à 19:27
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 12 sept. 2008 à 18:42
Bonjour,

voici mon probleme un troja, à infesté mon pc voici le raport d'erreur/

ComboFix 08-09-10.02 - SPIDER LOLO 2008-09-11 11:32:40.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1842 [GMT 2:00]
Endroit: C:\Users\SPIDER LOLO\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\AutoRun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 09:10 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\FrostWire
2008-09-09 23:56 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\CyberLink
2008-09-09 20:25 --------- d-----w C:\ProgramData\ProcCfgApl
2008-09-09 17:07 --------- d-----w C:\Program Files\LCI
2008-09-09 08:30 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Skype
2008-09-09 08:25 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\skypePM
2008-09-08 18:46 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-09-08 18:46 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-09-08 15:06 --------- d-----w C:\ProgramData\Skype
2008-09-08 15:06 --------- d-----w C:\Program Files\Skype
2008-09-08 15:06 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-08 06:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 06:37 --------- d-----w C:\ProgramData\Ulead Systems
2008-09-07 20:56 --------- d-----w C:\ProgramData\Symantec
2008-09-07 10:50 --------- d-----w C:\Program Files\FrostWire
2008-09-07 00:23 --------- d-----w C:\Program Files\VDOWNLOADER
2008-09-06 23:58 --------- d-----w C:\Program Files\EoRezo
2008-09-06 23:40 --------- d---a-w C:\ProgramData\TEMP
2008-09-04 21:17 --------- d-----w C:\ProgramData\eMule
2008-09-04 21:17 --------- d-----w C:\Program Files\eMule
2008-09-04 10:51 --------- d-----w C:\ProgramData\Megaupload
2008-09-04 10:51 --------- d-----w C:\ProgramData\EmailNotifier
2008-09-04 06:45 --------- d-----w C:\Program Files\WebSite X5 Evolution
2008-09-03 16:13 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Sony
2008-09-03 16:13 --------- d-----w C:\ProgramData\Sony
2008-09-03 16:03 --------- d-----w C:\Program Files\Sony Ericsson
2008-09-03 16:03 --------- d-----w C:\Program Files\QuickTime
2008-09-03 16:02 --------- d-----w C:\ProgramData\Apple Computer
2008-09-03 16:02 --------- d-----w C:\ProgramData\Apple
2008-09-03 16:02 --------- d-----w C:\Program Files\Apple Software Update
2008-09-03 15:44 --------- d-----w C:\ProgramData\Sony Ericsson
2008-09-01 22:17 --------- d-----w C:\Program Files\Micro Application
2008-08-31 13:44 --------- d-----w C:\Program Files\Architecte 3D Platinium Demo
2008-08-31 13:32 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Blender Foundation
2008-08-31 13:32 --------- d-----w C:\Program Files\Blender Foundation
2008-08-31 12:50 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\gtk-2.0
2008-08-31 12:46 --------- d-----w C:\Program Files\GIMP-2.0
2008-08-25 20:01 --------- d-----w C:\ProgramData\orkvufqv
2008-08-24 20:59 --------- d-----w C:\ProgramData\NtiDvdCopy
2008-08-24 17:30 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-24 17:28 --------- d-----w C:\Program Files\DivX
2008-08-24 10:19 --------- d-----w C:\Program Files\Hercules
2008-08-24 08:22 --------- d-----w C:\Program Files\Sony
2008-08-24 08:20 --------- d-----w C:\Program Files\Acer GameZone
2008-08-24 08:19 --------- d-----w C:\Program Files\Image-Line
2008-08-24 08:18 --------- d-----w C:\Program Files\VstPlugins
2008-08-23 18:27 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-23 03:21 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Juce VST Host
2008-08-23 02:55 --------- d-----w C:\Program Files\Sony Setup
2008-08-23 02:54 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Deckadance
2008-08-23 02:31 --------- d-----w C:\Program Files\eSobi
2008-08-23 02:12 --------- d-----w C:\Program Files\Outsim
2008-08-23 01:49 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Publish Providers
2008-08-19 08:45 --------- d-----w C:\Program Files\MSBuild
2008-08-19 08:43 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-18 23:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-18 22:18 --------- d-----w C:\ProgramData\FLEXnet
2008-08-18 21:42 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\OpenOffice.org2
2008-08-18 21:34 --------- d-----w C:\Program Files\Bonjour
2008-08-18 21:29 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-18 20:27 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\HP
2008-08-18 20:25 --------- d-----w C:\ProgramData\WEBREG
2008-08-18 20:25 --------- d-----w C:\ProgramData\HP
2008-08-18 20:23 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\HPAppData
2008-08-18 20:23 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-08-18 20:23 --------- d-----w C:\Program Files\HP
2008-08-18 20:21 --------- d-----w C:\ProgramData\HP Product Assistant
2008-08-18 20:21 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-18 20:21 --------- d-----w C:\Program Files\Common Files\HP
2008-08-18 20:20 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-08-18 20:19 0 ----a-w C:\Users\SPIDER LOLO\AppData\Roaming\wklnhst.dat
2008-08-18 20:14 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-08-18 20:06 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Ulead Systems
2008-08-18 20:03 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-08-18 20:02 --------- d-----w C:\Program Files\Windows Media Components
2008-08-18 18:04 --------- d-----w C:\Program Files\Audacity
2008-08-18 14:18 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\EoRezo
2008-08-17 21:10 --------- d-----w C:\ProgramData\Downloaded Installations
2008-08-17 20:54 --------- d-----w C:\Program Files\Java
2008-08-17 18:07 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\ItsLabel
2008-08-17 17:58 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-08-17 17:53 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\GetRightToGo
2008-08-17 17:22 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_HDJB­ulk_01005.Wdf
2008-08-17 17:22 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_HDJA­sioK_01005.Wdf
2008-08-17 16:34 --------- d-----w C:\Program Files\Common Files\Java
2008-08-17 16:28 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\DivX
2008-08-17 16:16 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-08-17 11:57 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-17 11:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-17 11:04 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-17 11:04 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.S­YS
2008-08-17 11:04 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CA­T
2008-08-17 11:04 --------- d-----w C:\Program Files\Symantec
2008-08-17 10:04 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.s­cr
2008-08-17 10:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-08-17 10:04 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-08-17 10:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-08-17 10:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-08-17 10:04 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-08-17 10:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2000-10-18 10:19 57,344 --sha-w C:\Windows\System32\mfc42loc.dll
1995-09-20 14:16 35,088 --sha-w C:\Windows\System32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w C:\Windows\System32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w C:\Windows\System32\msjter32.dll
1995-09-24 09:02 243,472 --sha-w C:\Windows\System32\vbar2232.dll
1998-05-18 01:06 368,912 --sha-w C:\Windows\System32\vbar332.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-08-17 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"YolwCIR6la"="C:\ProgramData\orkvufqv\unsnsfgr.exe" [2008-08-25 69632]
"Google Update"="C:\Users\SPIDER LOLO\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"ProcCfgApl"="C:\ProgramData\ProcCfgApl\cboxihod.exe" [2008-09-09 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C1A94978-9C4A-44D9-85CC-976E4B256685}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{17250F27-816F-4293-8E80-6C4A899E07AE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DB9E81CD-E999-4D30-9431-905A8CDF3057}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{FDE3C5A9-20A2-4666-80CD-094CBF37C993}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{2ED47240-F206-4606-8CDA-2F141807082E}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{2C6EED45-7B25-44B1-8A9A-972EFE108A9F}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{BA7F183C-0260-4659-8C57-3CF842FF30AA}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{C2191F0A-02E1-4345-985F-D7EB0C11AAF1}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{F61E8216-CE21-44D7-A083-8FD9EF88C629}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{22E9B950-371C-47D2-AEE9-F09A8FB644C9}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"TCP Query User{85FD9D0E-C57A-4E94-8F0A-CA903FE76A63}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= UDP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{58AB164E-06FB-43FA-AFB1-6F421937C783}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= TCP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"TCP Query User{BE5F4F50-B56C-4DF4-B478-191F34C89730}C:\\program files\\hercules\\hercules dualpix hd webcam\\controlui.exe"= UDP:C:\program files\hercules\hercules dualpix hd webcam\controlui.exe:Hercules Zoom Controller Main Application
"UDP Query User{0423C1E5-EE52-4D45-A4F2-528A461FA49E}C:\\program files\\hercules\\hercules dualpix hd webcam\\controlui.exe"= TCP:C:\program files\hercules\hercules dualpix hd webcam\controlui.exe:Hercules Zoom Controller Main Application
"{067960AD-6E38-423F-91C5-989D623D0384}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B3BE736C-7217-47BF-B229-303A8CBFC40F}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire
"{8CD5A098-A7ED-4DF2-80E9-18C6A089A9D7}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire
"{48969383-33DF-4597-A64E-B48496D8764F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{4A384EA0-BE69-4623-BBF4-BFD43D51CE17}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{C83BA2D8-5C42-471B-84E7-9ACA3953DBA4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{A8F85255-A5A7-45DC-B1DB-CC4478133528}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{C4676158-4AFB-4FCE-BEFC-FE2F126DDE22}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{B7369734-DEA9-4C99-AD32-F674CB7DEC54}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{B6A02F55-118F-47AE-9732-A1D71FBB1A36}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{DE95EB19-A981-4CA1-95E5-412DB4626A66}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{597F0373-7083-46C6-A88A-BC19C3A01BF2}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{F55A8EA5-BF4A-40C7-9FF5-A95BEDF08259}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{E5C0CA76-35C1-4F71-A34C-C865E2244309}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{CF50A9F2-6F4E-4B4B-9521-C67869A2C651}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{A51C1F33-C8D6-48EE-AB53-9B365C1378C8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{356E52C8-C58F-4250-8AA7-4B30FD546FA5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{DF0B66B8-E572-4A38-B6C0-A89D452DBBBE}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{7BFC12C4-BAFC-4E32-AB78-85E56CD74BB6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{33862A93-4EB6-4E38-B3A6-ACB92158A6A6}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{7269E45B-7971-4494-9807-D40FCBD2D979}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{68AFBC87-C8B0-4F5F-BE9E-7D5DE3F87394}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{7A381617-185D-4038-A6E8-556BDA9DA8EF}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{28927010-F82B-4776-9CD4-B6FAB3366316}"= Disabled:UDP:57521:Pando P2P TCP Listening Port
"{D4CC74B7-D0B6-4B4C-AE3C-50B19CA414BF}"= Disabled:TCP:57521:Pando P2P UDP Listening Port
"{32F1D152-E16D-4676-84E2-A4C484A24980}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6CA4C8E1-B2AA-4DBF-84E1-2A8D944D91AF}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{4DEB9F41-F0EA-4C04-8285-824BE5919984}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{92981231-DCAA-469D-959A-A32C82CB3091}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{6E341430-79C8-4916-8302-30A492104874}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"{6A1540AB-5C16-4272-9184-493CCC3DF850}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{8B79D375-EFAB-4327-93A4-7D4C60C20E17}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{74B46848-FDB2-43DB-B459-3DF7755651DA}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 131616]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080909.001\IDSvix86.sys [2008-07-16 261680]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
R3 APL531;Hercules Dualpix HD Webcam;C:\Windows\system32\Drivers\HDvidv.sys [2007-07-13 285952]
R3 camfilt2;camfilt2;C:\Windows\system32\DRIVERS\camfilt2.sys [2008-02-01 103720]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 37008]
S3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys [2008-01-23 28672]
S3 HDJAsioK;HDJAsioK;C:\Windows\system32\Drivers\HDJAsioK.sys [2008-04-15 131072]
S3 HDJMidi;Hercules DJ Console Mk2 MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys [2008-06-02 83456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - ERASERUTILDRVI7
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://eo.st
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 11:35:38
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-11 11:36:57
ComboFix-quarantined-files.txt 2008-09-11 09:36:48

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 156,173,119,488 octets libres

248 --- E O F --- 2008-08-23 18:27:11

pouvez vous m'aider?
merci.

3 réponses

Réponse 1 / 3
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 sept. 2008 à 20:25
salut,

Copie le texte ci-dessous :

Folder::
C:\ProgramData\ProcCfgApl
C:\ProgramData\orkvufqv
C:\Program Files\EoRezo
C:\Users\SPIDER LOLO\AppData\Roaming\EoRezo

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YolwCIR6la"=-
"ProcCfgApl"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

ps :

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

@+
-1
Réponse 2 / 3
spiderlolo Messages postés 3 Date d'inscription jeudi 11 septembre 2008 Statut Membre Dernière intervention 12 septembre 2008
12 sept. 2008 à 10:32
voici le raport:

hijckthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:28, on 12/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\SPIDER LOLO\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\SPIDER LOLO\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
-1
Réponse 3 / 3
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
12 sept. 2008 à 18:42
Salut Spiderlolo,

J´ immagine que tu as deja passé malwarebytes, peux tu le repasser et poster son resultat ici stp

Mets le programme a jour

puis

click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+
-1