Infecté par BanckFrau et autres..Help please

Résolu
JeanPhil -  
 blakruk -
Bonjour,
Windows firewall m'alerte d'une infection + fenêtres navigateurs intempestives... Plusieurs infections je pense.
Si quelqu'un peut m'aider à faire le point SVP.... Merci.

57 réponses

Réponse 1 / 57
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Désolé, Jean-Phil
le rapport est incomplet.

refais un scan d'Hijackthis.

prends ton temps.

A propos, pour le keylogger, as-tu toujours des messages d'erreurs ?
peux-tu dans ce cas être plus explicite ?

A+
1
Réponse 2 / 57
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Comme je te le dis, parfois, le forum a quelques difficultés à supporter le traffic.
C'est un gros forum de discussion avec des milliers de connexion ( 50 000 personnes actuellement connectées !! ).

On verra plus tard pour le rapport d'Hijackthis.

1) Une chose que je voudrais savoir. Est-ce toi qui a installé daemon Tools ?

2) 1) Ouvre le bloc-notes et sélectionne le texte en citation.
Copie/colle ce texte dans le bloc-notes.

file::
C:\Program Files\Common Files\DataViz
C:\Program Files\jbjygcd
C:\ProgramData\jcnotqji
C:\Windows\System32\chabfghd.ini

Enregistre le fichier sur le bureau et nomme-le CFScript.txt.
Vérifie que l'icone de Combofix se trouve également sur le bureau, sinon, tu relécharges combofix et tu l'enregistres aussi sur le bureau.
Glisse/dépose le script sur ComBoFix. Comme indiqué sur le lien suivant.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Tu suis les invites.
Ton bureau va disparaître à plusieurs reprises. Normal.
Une fois le scan achevé, tu enregistres le rapport.

3) Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :

R1 - HKCU\Software\Microsoft\Windows\Curr­entVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\Curr­entVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com­,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {C5753CA8-F244-4D59-9682-83E485BA77F5} - (no file)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WebDb] C:\Windows\system32\lchefits.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe

Tu choisis l'option " Fixchecked" en bas de la page.

Je regarderais cela demain.

A+
1
Réponse 3 / 57
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer ( si sous Vista --> Click droit et executer en tant qu’administrateur )

Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message

A+
0
Réponse 4 / 57
Sacabouffe Messages postés 9427 Date d'inscription   Statut Membre Dernière intervention   1 835
 
Salut
Voici le message JeanPhil

Ok, bonsoir et merci.... Voilà le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:01, on 09/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\ProgramData\jcnotqji\lqtqfaxs.exe­
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.e­xe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Picasa2\PicasaMediaDetector.ex­e
C:\Windows\System32\lchefits.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\system32\wbem\unsecapp.ex­e
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\lchefits.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com/fr-fr/?ref=go­Id=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/?ref=go­Id=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/?ref=go­Id=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com/fr-fr/?ref=go­Id=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\Curr­entVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\Curr­entVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com­,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C7­5} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.d­ll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7D4E2BEC-6A66-4797-8DA8-502C3C55ECDB} - C:\Windows\system32\ddcArPFu.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {C5753CA8-F244-4D59-9682-83E485BA77F5} - (no file)
O2 - BHO: {a42180eb-01f1-699b-1074-7c76661092fe} - {ef290166-67c7-4701-b996-1f10be08124a} - C:\Windows\system32\cdzote.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRHbXol.dll,#1
O4 - HKLM\..\Run: [ccbc0539] rundll32.exe "C:\Windows\system32\mtuithsl.dll",b
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Hide IP NG] C:\Program Files\Hide IP NG\hideipng.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\Users\user\AppData\Local\Temp\E_S176E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WebDb] C:\Windows\system32\lchefits.exe
O4 - HKLM\..\Policies\Explorer\Run: [PNrwVF1rLJ] C:\ProgramData\jcnotqji\lqtqfaxs.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://onedrive.live.com/?id=favorites
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jeanpetrus.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL cdzote.dll
O21 - SSODL: ComAdm - {1BD48EB5-BC8B-BB3E-FA07-0AAEC3C4820A} - C:\Program Files\jbjygcd\ComAdm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 19257 bytes

Bonne continuation ;-)
0
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Merci Sacabouffe.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 57
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Ton PC est plutôt bien infecté.

1) Durant la désinfection de ton ordinateur, les différentes manipulations doivent s’effectuer en tant qu’administrateur.

Dans le panneau de configuration, choisir l’affichage classique.

Dans Comptes d’Utilisateurs --> activer ou désactiver le contrôle des comptes d’utilisateurs
Puis décoche la ligne "Utiliser le controle .. "
Il te sera demandé de redémarrer l’ordinateur. Accepte.

2) tu télécharges smitfraudfix :

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm

Click droit --> Exécuter en tant qu'administrateur sur smitfraudfix.cmd et tu choisis l' option 1 .
Un rapport sera crée.

A+
0
Réponse 6 / 57
JeanPhil
 
ok... "Version non supportée par Vista".... DSL... Pb apparemment.
0
Réponse 7 / 57
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
OK, on va changer d'outil.

1) Il y a une chose qu'il faudra aussi qu'on règle.
C'est les antivirus. Tu en as deux d'installer : norton et antivir.
Lequel veux-tu garder ?

2) Pour cette manipulation, je te conseille de noter ou d'imprimer ce texte car la désinfection va se faire en mode sans échec et tu n'auras pas accès à Internet pour visualiser les consignes.
Autre astuce : Copie/colle le texte dans un fichier .txt que tu enregistres sur ton bureau. Tu le retrouveras alors sur ton bureau et en mode sans échec.

Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.

Tu relances l'ordinateur en mode sans échec ( tapote la touche F8 après redémarrage ).
Tu choisis ton compte utilisateur.

Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.

Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.

A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
Choisis alors Supprimer la selection pour nettoyer les infections.
Tu postes le rapport dans ton prochain message.

Si tu ne le retrouves pas, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est.
Clique dessus et choisir ouvrir.

Le scan dure en moyenne 50 mn.

A+
0
Réponse 8 / 57
JeanPhil
 
Merci pour cette aide efficace....
Concernant les antivirus, il reste des résidus de Norton après la période d'essai et je ne sais pas trop comment m'en séparer... D'autre part, j'avais installé Antivir, mais il semble ne pas être gratuit... Enfin, j'ai fait l'acquisition de AD-AWARE... Franchement, je ne sais pas vraiment quel antivirus efficace utiliser....
Faut-il aussi un firewall ?

Voilà le rapport...:

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1248
Windows 6.0.6001 Service Pack 1

09/10/2008 19:39:14
mbam-log-2008-10-09 (19-39-14).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 181630
Temps écoulé: 45 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 43
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 97

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\ddcArPFu.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5b63112-b43b-4715-bf2b-e60e08f88f0a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a5b63112-b43b-4715-bf2b-e60e08f88f0a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef290166-67c7-4701-b996-1f10be08124a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef290166-67c7-4701-b996-1f10be08124a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1BD48EB5-BC8B-BB3E-FA07-0AAEC3C4820A} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1841f12a-8989-48b9-935c-1ad2d8fe705b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccbc0539 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\comadm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnrwvf1rlj (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1841f12a-8989-48b9-935c-1ad2d8fe705b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcarpfu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcarpfu -> Delete on reboot.

Dossier(s) infecté(s):
C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\ddcArPFu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\uFPrAcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\uFPrAcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\cdzote.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mtuithsl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lshtiutm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\osgeomm_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\osgeomm_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\osgeomm.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\osgeomm.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\uieqmqy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\uieqmqy_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\uieqmqy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\uieqmqy.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\jbjygcd\ComAdm.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\ProgramData\jcnotqji\lqtqfaxs.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rqRHbXol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5AS7MBL\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5AS7MBL\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp00013c92 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp000201b4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\Rar$EX07.264\keygen.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\Desktop\Official-eMule_setup.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcYoOhI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\efcBtsTJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fqlmkxma.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkKcCvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khfETjiJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJATNhH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rqRIbxus.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\urqRHxyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\winlmi32.rom (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
0
Réponse 9 / 57
JeanPhil
 
Je viens de recevoir à nouveau une alerte concernant : keulogger ??? Comment on vire ce truc ?
0
Réponse 10 / 57
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Poste moi un nouveau rapport Hijackthis.

Pour les antivirus :

1) Nettoie ce qu'il reste de Norton avec l'outil suivant :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

2) Antivir est gratuit ( à moins que tu ais choisi une autre version.
S'il le faut, on le désinstallera et tu le réinstalleras ( c'estr un très bon antivirus )
Je te mettrais un tuto.

3) Oui, il faut un parefeu.
Vista en possède un , mais il est difficile à configurer.

On s'occupera des protections à la fin.

J'analyse le rapport et te donne les consignes après manger.

A+
0
Réponse 11 / 57
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
J'ai besoin d'avoir des confirmations sur certains produits que tu utiliserais :

- DatViz, cela te dit quelque chose.
http://www.dataviz.com/global/fr/products/index.html

- connais-tu les sites suivants :
https://www.mycommerce.com/
https://home.bluesnap.com

1) Télécharge navilog d'il mafioso.
http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.exe

Installe Navilog. Un raccourci sera crée sur ton bureau.
Pour la suite, comme tu as vista, il faut exécuter Navilog en tant qu’administrateur de ton PC.
Click droit sur le raccourci du bureau et tu choisis « executer en tant qu’administrateur »

Navilog s’est lancé. Tu choisis l'option 1.
Une fois l’analyse terminée, un rapport va s’ouvrir dans le bloc-notes.
Tu copies et colles le texte de ce rapport dans ton prochain message.

2) Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.


:Files
C:\Program Files\jbjygcd
C:\ProgramData\jcnotqji

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Il est possible que ton ordinateur redémarre pour supprimer les fichiers.

A+
0
Réponse 12 / 57
JeanPhil
 
La réponse est :non pour les questions...
Je passe à Navilog.
0
Réponse 13 / 57
JeanPhil
 
Je suis en scan avec navilog....
Concernant OTmoveIt3, apparemment il y a un problème, voilà ce que j'obtiens:

Error: Unable to interpret <C:\Program Files\jbjygcd> in the current context!
Error: Unable to interpret <C:\ProgramData\jcnotqji > in the current context!

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10092008_204924
0
Réponse 14 / 57
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Oui, pour OTmoveIT, c'est une nouvelle version.
Il y a quelques bugs.

On verra cela avec un autre outil.

Après Navilog, poste moi un rapport Hijackthis.

A+
0
Réponse 15 / 57
JeanPhil
 
recherche avec "Catchme par Gmer" semble bloqué... Indiqué 10 mn et je suis toujours avec:
"Veuillez patienter..... Le scan peut durer une dizaine de minutes".....
0
Réponse 16 / 57
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Il y a encore des bestioles sur ta machine !!
Interromps navilog ( ctrl+alt+supp --> dans le gestionnaire de taches --> applications --> clique sur Navilog et fin de tache )

1) Je te le faisais passer pour nettoyer les certificats.
Les fichiers avaient été supprimés par malwarebytes.
On va les enlever manuellement.

Ferme internet explorer.
Démarrer --> panneau de configuration --> options internet

onglet "Contenu" puis onglet "Certificats"
si tu trouves ceci, en particulier dans "éditeurs approuvés", mais regarde ailleurs :
electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd"
Tu les supprimes.

2) Donc, tu me postes un nouveau rapport Hijackthis ( n'oublie pas click droit --> exécuter en tant qu'administrateur sur le raccourci )

3) Ensuite :
Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

déconnecte toi du net.
Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.

Lance Combofix.exe ( click droit --> .... ) et suis les invites.
Il est possible que ComBoFix redémarre l’ordinateur pour supprimer certains fichiers.

Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.

A+
0
Réponse 17 / 57
JeanPhil
 
impossible de répondre.... Que passa ?
0
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
comment-cela ?
Tu ne peux poster ta réponse ?
Si c'est le cas, fais appel à un modérateur comme la première fois avec sacabouffe.
Clique sur le panneau jaune.

A+
0
Réponse 18 / 57
JeanPhil
 
ComboFix 08-10-08.05 - user 2008-10-09 22:22:53.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.964 [GMT 2:00]
Lancé depuis: C:\Users\user\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.

2008-10-09 20:49 . 2008-10-09 20:49 <REP> d-------- C:\_OTMoveIt
2008-10-09 20:35 . 2008-10-09 20:37 <REP> d-------- C:\Program Files\Navilog1
2008-10-09 18:44 . 2008-10-09 18:44 <REP> d-------- C:\Users\user\AppData\Roaming\Malwarebytes
2008-10-09 18:44 . 2008-10-09 18:44 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-09 18:44 . 2008-10-09 18:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 18:44 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-09 18:44 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-09 18:17 . 2008-10-09 18:17 <REP> d-------- C:\Program Files\Trend Micro
2008-10-09 18:13 . 2008-10-09 18:13 120 ---hs---- C:\Windows\System32\chabfghd.ini
2008-10-09 14:33 . 2008-10-09 19:39 <REP> d-------- C:\ProgramData\jcnotqji
2008-10-09 14:33 . 2008-10-09 19:39 <REP> d-------- C:\Program Files\jbjygcd
2008-10-03 11:16 . 2008-10-03 11:16 <REP> d-------- C:\Program Files\Lavasoft
2008-10-03 11:15 . 2008-10-03 11:15 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-10 03:43 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 03:43 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 03:43 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 03:42 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 03:42 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 03:42 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 03:42 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 03:42 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 03:42 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 18:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-09 17:44 --------- d-----w C:\Users\user\AppData\Roaming\skypePM
2008-10-09 17:44 --------- d-----w C:\Users\user\AppData\Roaming\Skype
2008-10-09 15:58 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-10-09 15:58 --------- d-----w C:\ProgramData\pdf995
2008-10-09 15:58 --------- d-----w C:\ProgramData\FLEXnet
2008-10-09 15:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-03 09:16 --------- d-----w C:\ProgramData\Lavasoft
2008-09-11 01:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 01:03 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 15:35 --------- d-----w C:\Users\user\AppData\Roaming\GrabIt
2008-09-08 07:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-08 07:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 07:39 --------- d-----w C:\Program Files\QuickTime
2008-09-08 07:37 --------- d-----w C:\ProgramData\Apple Computer
2008-08-25 23:17 --------- d-----w C:\Program Files\FastStone Capture
2008-08-25 22:41 --------- d-----w C:\Program Files\Picasa2
2008-08-25 17:54 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-25 17:54 --------- d-----w C:\Program Files\Adobe Media Player
2008-08-20 01:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 01:27 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-24 12:51 73,216 ----a-w C:\Windows\cadkasdeinst01f.exe
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 10:49 51,716 ----a-w C:\Windows\System32\pdf995mon.dll
2008-07-10 10:49 249,856 ----a-w C:\Windows\System32\pdfmona.dll
2008-06-24 19:51 61,448 ----a-w C:\Users\user\AppData\Roaming\nvModes.dat
2008-06-04 20:41 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-10-09_22.10.58.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-09 18:18:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-09 20:19:05 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-09 18:18:55 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-09 20:19:05 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-09 18:18:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-09 20:19:05 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"Hide IP NG"="C:\Program Files\Hide IP NG\hideipng.exe" [2008-07-24 1466368]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 835584]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-07 411768]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-04-02 321656]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2007-04-12 415864]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-08 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-08 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-08 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-08 155648]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-10-03 2468200]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-28 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-28 C:\Windows\SkyTel.exe]

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Palm Registration.lnk - C:\Program Files\Palm\register.exe [2005-08-08 2494464]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2008-04-08 28672]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 471040]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-04-20 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-03-09 09:55 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL cdzote.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1E86A23D-AD17-4FA0-94B5-BC2D9CB13AA0}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{845A27CF-5A33-411B-A52D-DE26B6026DF8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B58B73AD-EB67-45BD-BA17-F6769270773C}"= Disabled:UDP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{F15797FA-64ED-4D4D-B581-9002E1620710}"= Disabled:TCP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{FE617B2F-A732-4F46-8CFE-F224DC14B30C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5A68AF4C-53D2-4A52-8F97-4B013BC86107}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7BCC9A0C-DDC2-49C0-9FD9-BA9B460807F3}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9BAAEAF8-5254-4FB5-9ECA-F4F7AACEEF53}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{932DD0B0-1676-412E-9B4F-0AA2734701A7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{70E65F67-6C07-44E5-AD93-B5AB33B7423C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-04 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-04 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 31104]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 812544]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-08 240128]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 AVerM115S;AVerM115S service;C:\Windows\system32\DRIVERS\AVerM115S.sys [2007-05-14 785280]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2614b2c9-009b-11dd-9070-001b773c28ec}]
\shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80c96e02-031f-11dd-bec8-0013a9e2b7c3}]
\shell\AutoRun\command - H:\autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-10-03 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - user.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []

2008-10-09 C:\Windows\Tasks\User_Feed_Synchronization-{63E6A3EB-F909-4D28-BAA4-1A8D515EF6CE}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

2008-10-09 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{C5753CA8-F244-4D59-9682-83E485BA77F5} - (no file)
HKCU-Run-WebDb - C:\Windows\system32\lchefits.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r2kzt5ul.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 22:25:31
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-09 22:27:37
ComboFix-quarantined-files.txt 2008-10-09 20:27:16
ComboFix2.txt 2008-10-09 20:11:38

Avant-CF: 92 549 914 624 octets libres
Après-CF: 92,520,845,312 octets libres

215 --- E O F --- 2008-10-08 04:46:23
0
Réponse 19 / 57
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
peux-tu me poster un rapport hijackthis pour que je puisse analyser le rapport combofix ?

A+
0
Réponse 20 / 57
JeanPhil
 
Oui, je me bas pour poster depuis 1 heure..... Grrrrr
0

Discussions similaires

Virus détecté
Koony -
MisteryBean -

6 réponses
mustapha
mustapha -
Ainillia -

1 réponse
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses