Se connecter / S'enregistrer
Votre question

Virus trojan downloader

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Décembre 2009 10:40:35

Bonjour,
J'ai attrapper un virus "trojan downloader".J'ai utilisé "ComboFix" est voici le rapport ci-dessous.Si quelqu'un peut m'aider SVP.Merci d'avance.

ComboFix 09-12-26.04 - sophie 27/12/2009 10:18:54.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2029 [GMT 1:00]
Lancé depuis: c:\users\Cyril\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1227 [VPS 090910-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1227 [VPS 090910-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1089890419-786252134-2514529793-500
c:\$recycle.bin\S-1-5-21-998957793-3156463640-59726749-500
c:\windows\system32\KBL.LOG
c:\windows\System32\SYSInfo.ocx
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-27 au 2009-12-27 ))))))))))))))))))))))))))))))))))))
.

2009-12-27 09:25 . 2009-12-27 09:26 -------- d-----w- c:\users\sophie\AppData\Local\temp
2009-12-27 09:25 . 2009-12-27 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-13 10:39 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-13 10:39 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-13 10:39 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 15:59 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 15:59 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 08:47 . 2007-11-27 09:45 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-27 08:47 . 2007-11-27 09:45 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-27 08:43 . 2009-12-05 05:27 42111 ----a-w- c:\programdata\nvModes.dat
2009-12-21 21:06 . 2009-08-13 09:39 -------- d-----w- c:\users\Cyril\AppData\Roaming\LimeWire
2009-12-20 19:32 . 2008-05-06 11:30 -------- d-----w- c:\programdata\NVIDIA
2009-12-16 15:49 . 2009-06-24 07:07 1534 ----a-w- c:\users\sophie\AppData\Roaming\wklnhst.dat
2009-12-12 17:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-12 16:58 . 2007-11-27 02:52 -------- d-----w- c:\programdata\Microsoft Help
2009-12-02 15:32 . 2008-07-18 12:19 27430 ----a-w- c:\users\sophie\AppData\Roaming\nvModes.dat
2009-11-21 06:40 . 2009-12-10 16:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 16:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 16:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 16:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-08 17:41 . 2009-11-06 08:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-06 08:21 . 2009-11-06 08:17 -------- d-----w- c:\program files\Microsoft
2009-11-06 08:20 . 2008-07-19 19:32 -------- d-----w- c:\program files\Windows Live
2009-11-06 08:19 . 2009-11-06 08:19 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-06 08:16 . 2009-11-06 08:16 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-06 08:09 . 2009-11-06 08:09 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-06 07:59 . 2009-11-06 07:59 27335 ----a-w- c:\users\Cyril\AppData\Roaming\nvModes.dat
2009-11-05 12:11 . 2009-08-12 15:52 77360 ----a-w- c:\users\Cyril\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-02 19:42 . 2009-10-03 06:34 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 09:28 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]

c:\users\sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [19/07/2008 20:15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [19/07/2008 20:15 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [19/07/2008 20:14 53328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 10:26
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\sophie\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2009-12-27 10:28:37
ComboFix-quarantined-files.txt 2009-12-27 09:28

Avant-CF: 136 057 069 568 octets libres
Après-CF: 136 443 617 280 octets libres

- - End Of File - - 8C78D38E1245A9936A2D46A4EDFF31F4

Autres pages sur : virus trojan downloader

29 Décembre 2009 13:39:38

Y a vraimant personne pour m'aider ?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS