HELP::Trojan Win32.GENERIC !!!!

Question

Bonjour, qqun peut-il me venir en aide pour nettoyer le célebrissime Win32.gen??? On m'a filé recemment un bel ordi plus puissant que le mien avec ce petit cadeau à l'interieur!!! Suis sous LSD avec Avast familiale+ZA . MalwareBytes m'a trouvé ceci: 

Msion de la base de donnéealwarebytes' Anti-Malware 1.41
Vers: 2824
Windows 5.1.2600 Service Pack 2

19/09/2009 15:09:13
mbam-log-2009-09-19 (15-09-10).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 119845
Temps écoulé: 9 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
\?\globalroot\systemroot\system32\gasfkybdwvsscx.dll (Trojan.FakeAlert) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlerterALG (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsa shellu (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
\?\globalroot\systemroot\system32\gasfkybdwvsscx.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe (Rogue.RegTool) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\msb.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\msd.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mse.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\msf.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\msg.exe (Trojan.Agent) -> No action taken.

Vous pouvez m'aidez a résoudre, svp?

Narco!4 · Answer

Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

hermione08 · Answer

Ben Genproc me donne just une fenêtre bleue et un curseur...

Narco!4 · Answer

faut attendre

hermione08 · Answer

Re: En effet c'est humiliant....Après avoir affolé mon ZA, voici ce que j'obtient::

Rapport GenProc 2.627 [1] - 19/09/2009 à 17:26:57 
@ Windows XP Service Pack 2 - Mode normal
@ Internet Explorer (7.0.5730.11) [Navigateur par défaut]

~~ ECHEC DU TELECHARGEMENT DE CM ~~  
 
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
C:\Program Files\EsetOnlineScanner\log.txt

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:54, on 19/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\Mickael_GenProc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [laeriaw] C:\Documents and Settings\Mickael\laeriaw.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: cru629.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - D:\KILLINGNUT LAND\Studio\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

hermione08 · Answer

Re: En effet c'est humiliant....Après avoir affolé mon ZA, voici ce que j'obtient::

Rapport GenProc 2.627 [1] - 19/09/2009 à 17:26:57 
@ Windows XP Service Pack 2 - Mode normal
@ Internet Explorer (7.0.5730.11) [Navigateur par défaut]

~~ ECHEC DU TELECHARGEMENT DE CM ~~  
 
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
C:\Program Files\EsetOnlineScanner\log.txt

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:54, on 19/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\Mickael_GenProc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [laeriaw] C:\Documents and Settings\Mickael\laeriaw.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: cru629.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - D:\KILLINGNUT LAND\Studio\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Narco!4 · Answer

[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

hermione08 · Answer

Ayaih: il rame à mort mon pc, voilà, dsl:::

ComboFix 09-09-18.02 - Mickael 19/09/2009 19:07.1.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.33.1036.18.1023.548 [GMT 2:00]
Lancé depuis: c:\documents and settings\Mickael\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090918-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mickael\autorun.inf
c:\windows\system32\msconfig.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-08-19 au 2009-09-19  ))))))))))))))))))))))))))))))))))))
.

2009-09-19 16:34 . 2009-09-19 16:34	--------	d-----w-	c:\program files\CCleaner
2009-09-19 15:13 . 2009-09-19 15:26	--------	d-----w-	C:\GenProc
2009-09-19 15:12 . 2009-09-19 15:12	--------	d-----w-	c:\documents and settings\Mickael\Downloads
2009-09-19 12:57 . 2009-09-19 12:57	--------	d-----w-	c:\documents and settings\Mickael\Application Data\Malwarebytes
2009-09-19 12:56 . 2009-09-10 12:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 12:56 . 2009-09-19 12:57	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-19 12:56 . 2009-09-19 12:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-19 12:56 . 2009-09-10 12:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-19 07:56 . 2009-09-19 07:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-09-19 02:05 . 2009-09-19 12:55	--------	d-----w-	c:\documents and settings\Mickael\Application Data\CheckPoint
2009-09-19 02:04 . 2009-09-19 02:04	--------	d-----w-	c:\program files\CheckPoint
2009-09-19 02:04 . 2009-09-19 02:04	4212	---ha-w-	c:\windows\system32\zllictbl.dat
2009-09-19 02:04 . 2009-08-26 19:09	72584	----a-w-	c:\windows\zllsputility.exe
2009-09-19 02:04 . 2009-08-26 19:08	69000	----a-w-	c:\windows\system32\zlcomm.dll
2009-09-19 02:04 . 2009-08-26 19:08	103816	----a-w-	c:\windows\system32\zlcommdb.dll
2009-09-19 02:03 . 2009-09-19 02:04	--------	d-----w-	c:\windows\system32\ZoneLabs
2009-09-19 02:03 . 2009-08-26 19:08	1238408	----a-w-	c:\windows\system32\zpeng25.dll
2009-09-19 02:03 . 2009-09-19 02:03	--------	d-----w-	c:\program files\Zone Labs
2009-09-19 02:02 . 2009-09-19 20:06	--------	d-----w-	c:\windows\Internet Logs
2009-09-19 01:20 . 2009-09-19 09:04	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-09-19 01:20 . 2009-09-19 09:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 01:10 . 2009-09-19 01:13	--------	d-----w-	c:\program files\Registry Winner
2009-09-18 22:48 . 2008-12-11 06:38	159600	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2009-09-18 22:48 . 2009-09-19 16:32	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-09-18 22:48 . 2009-09-18 23:10	206256	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2009-09-18 22:48 . 2008-12-18 09:16	73840	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-18 22:48 . 2009-09-18 22:49	--------	d-----w-	c:\program files\Fichiers communs\PC Tools
2009-09-18 22:48 . 2008-12-10 09:36	64392	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2009-09-18 22:48 . 2009-09-19 08:43	--------	d-----w-	c:\program files\Spyware Doctor
2009-09-18 22:48 . 2009-09-18 22:48	--------	d-----w-	c:\documents and settings\Mickael\Application Data\PC Tools
2009-09-18 22:48 . 2009-09-18 22:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Tools
2009-09-18 16:29 . 2009-09-18 16:29	--------	d-----w-	c:\program files\Fichiers communs\TSUninstall
2009-09-18 16:28 . 2009-09-18 23:20	--------	d-----w-	c:\program files\TS
2009-09-18 14:36 . 2009-09-18 14:36	75648	----a-w-	c:\windows\system32\drivers\wkatemuduqakn.sys
2009-09-18 10:04 . 2009-09-19 14:40	--------	d-----w-	c:\documents and settings\Mickael\Tracing
2009-09-18 10:03 . 2009-09-18 10:03	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-18 10:02 . 2009-09-18 10:02	--------	dc----w-	c:\windows\system32\DRVSTORE
2009-09-18 10:02 . 2009-08-05 20:48	54752	----a-w-	c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-18 09:59 . 2009-09-18 09:59	--------	d-----w-	c:\program files\Microsoft Sync Framework
2009-09-18 09:59 . 2006-11-29 11:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2009-09-18 09:59 . 2009-09-18 09:59	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2009-09-18 09:58 . 2009-09-18 09:58	--------	d-----w-	c:\program files\Microsoft
2009-09-18 09:57 . 2009-09-18 09:57	--------	d-----w-	c:\program files\Windows Live SkyDrive
2009-09-18 09:57 . 2009-09-18 10:02	--------	d-----w-	c:\program files\Windows Live
2009-09-18 09:51 . 2009-09-18 09:51	--------	d-----w-	c:\program files\Fichiers communs\Windows Live
2009-09-04 15:57 . 2009-09-04 15:57	--------	d-----w-	c:\program files\Sierra On-Line
2009-09-04 15:57 . 1999-04-22 15:49	231936	----a-r-	c:\windows\system32\SNWValid.dll
2009-09-04 15:57 . 1999-04-22 15:49	1022976	----a-r-	c:\windows\system32\SierraNW.dll
2009-09-04 15:56 . 1998-01-23 10:20	305664	----a-w-	c:\windows\IsUn040c.exe
2009-09-04 15:56 . 2009-09-04 15:56	--------	d-----w-	c:\documents and settings\Mickael\WINDOWS

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 14:40 . 2008-08-18 19:23	--------	d-----w-	c:\program files\UltimateZip
2009-09-18 23:10 . 2009-09-18 23:10	7396	----a-w-	c:\windows\system32\drivers\pctcore.cat
2009-09-18 22:47 . 2009-06-07 23:03	--------	d-----w-	c:\documents and settings\Mickael\Application Data\U3
2009-09-18 14:31 . 2001-08-28 18:00	71596	----a-w-	c:\windows\system32\perfc00C.dat
2009-09-18 14:31 . 2001-08-28 18:00	458562	----a-w-	c:\windows\system32\perfh00C.dat
2009-09-18 10:03 . 2008-08-18 20:28	32384	----a-w-	c:\documents and settings\Mickael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 12:09 . 2009-08-03 12:09	--------	d-----w-	c:\documents and settings\Mickael\Application Data\Samsung
2009-08-03 12:08 . 2008-08-18 18:53	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-08-03 12:05 . 2009-08-03 12:05	--------	d-----w-	c:\program files\Samsung
2009-08-03 12:04 . 2009-08-03 12:04	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2009-08-02 17:23 . 2008-08-18 19:31	--------	d-----w-	c:\documents and settings\Mickael\Application Data\OpenOffice.org2
2009-07-26 14:44 . 2009-07-26 14:44	48448	----a-w-	c:\windows\system32\sirenacm.dll
2009-07-24 16:31 . 2009-05-17 21:42	--------	d-----w-	c:\documents and settings\Pierre\Application Data\OpenOffice.org2
2009-07-23 17:41 . 2008-08-18 19:28	--------	d-----w-	c:\documents and settings\Mickael\Application Data\uTorrent
2009-07-10 11:01 . 2009-07-10 11:01	307560	----a-w-	c:\windows\WLXPGSS.SCR
.

------- Sigcheck -------


[-] 2005-06-28 . 77C0C5E7D6CFE2052B8CF28B8722F528 . 359808 . . [5.1.2600.2685] . . c:\windows\system32\drivers	cpip.sys

[-] 2007-07-18 . FA7C7C2B461130A792ADF6A28F1D652B . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2007-08-06 . 7C56D56D6BE0760DDF9A37344731BD3F . 3256832 . . [6.00.2900.2527] . . c:\windows\explorer.exe

[-] 2004-11-28 18:36 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll

c:\windows\system32\drivers\beep.sys ... manque !!
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LClock"="lclock.exe" - c:\windows\LClock.exe [2004-12-08 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-22 1181064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-08-26 1011080]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-08-26 722288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32
wiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
"tscuninstall"="c:\windows\system32	scupgrd.exe" [2004-08-19 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2006-10-27 123904]

c:\documents and settings\Pierre\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\Mickael\Menu D‚marrer\Programmes\D‚marrage\
UltimateZip Quick Start.lnk - c:\program files\UltimateZip\uzqkst.exe [2008-8-18 1087488]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-8-18 237568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19/09/2009 00:48 206256]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [18/08/2008 19:42 16896]
R0 vIdeBus;vIdeBus;c:\windows\system32\drivers\vIdeBus.sys [18/08/2008 19:42 15232]
R0 vIdePort;VIA IDE Controller PORT Driver;c:\windows\system32\drivers\vIdePort.sys [18/08/2008 19:42 40192]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [18/08/2008 19:42 52224]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18/08/2008 21:39 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/08/2008 21:39 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [18/09/2009 12:02 54752]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/08/2009 18:20 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/08/2009 18:20 435568]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/09/2009 00:48 348752]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [18/08/2008 21:18 6400]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [31/10/2003 18:22 77312]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\killingnut land\Studio\Common\Database\bin\fbserver.exe --> d:\killingnut land\Studio\Common\Database\bin\fbserver.exe [?]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S4 uwitgtevi;uwitgtevi;c:\windows\system32\drivers\wkatemuduqakn.sys [18/09/2009 16:36 75648]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-laeriaw - c:\documents and settings\Mickael\laeriaw.exe
AddRemove-Age of Mythology 1.0 - d:\erwin\AOM\UNINSTAL.EXE
AddRemove-Age of Mythology Expansion Pack 1.0 - d:\erwin\AOM\UNINSTXP.EXE
AddRemove-Firebird SQL Server US - d:\killingnut land\Studio\Common\Database\unwise.exe
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
AddRemove-MAGIX Screenshare US - d:\killingnut land\Studio\PCVisit\unwise.exe
AddRemove-TS - c:\program files\TS	sc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 22:09
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(648)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Heure de fin: 2009-09-19 22:20
ComboFix-quarantined-files.txt  2009-09-19 20:20

Avant-CF: 23 188 443 136 octets libres
Après-CF: 23 300 214 784 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /kernel=oemkrnl.exe
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /kernel=oemkrnl.exe

207

hermione08 · Answer

Ca a flingué mon pc!!!! Il a effacé un disque d'archivage, puis au redemarrage: plus rien!!! Impossible de rebooter(pour couronner le tout), car le lecteur ne repère pas le cd!!! Même en mettant cdrom en first boot... Désespoir...J'ai ressorti mon vieux pc...celui qui rame...Dois-je réinstaller sur le new ou peut on rebooter?

HELP::Trojan Win32.GENERIC !!!!

8 réponses

Votre réponse

Newsletters