TR/Pandex.L.2 le retour!!! Fermé

Question

Bonjour,

Antivir m'indique que je suis infecté, voici le message: C:\WINDOWS\system32\drivers\smtpdrv.sys Is the trojan horse TR/Pandex.L.2
il m'est impossible de le suprimer avec Antivir j'ai essayé toutes les possibilités offerte par Antivir mais à chaque fois que je redémarre et que je lance Firefox le message réapparait.
Peut-on réparer mon PC sans le formater ? Voici un rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:46, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\CCM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6265F37C-B899-4FBD-862E-ED0DB8F3CDE4} - C:\WINDOWS\system32\vtsqn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask             .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Userfile Sharing Serv] usnsrv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM             .EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

green day · Answer

Salut

 poste un rapport combo stp

++

123coco123 · Answer

Bonjour, voici le rapport combofix: ComboFix 08-01-14.4 - ****** Jean-Claude 2008-01-16 10:24:41.1 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.579 [GMT 1:00] Running from: C:\Documents and Settings\****** Jean-Claude\Bureau\Romu\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\1_exception.nls . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SMTPDRV -------\smtpdrv ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))))))) . 2008-01-16 10:30 . 18,176 C:\WINDOWS\system32\drivers\smtpdrv.sys 2008-01-16 10:30 . 2008-01-16 10:30 0 --a------ C:\WINDOWS\system32\8_exception.nls 2008-01-16 10:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-14 22:56 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-01-14 18:53 . 2008-01-14 23:01 d-------- C:\WINDOWS\system32\ActiveScan 2008-01-14 18:53 . 2008-01-14 19:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-01-14 18:53 . 2008-01-14 19:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-14 18:53 . 2008-01-14 19:02 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-01-14 13:59 . 2008-01-14 18:43 d-------- C:\WINDOWS\BDOSCAN8 2008-01-14 12:30 . 2008-01-14 12:30 d-------- C:\Program Files\Trend Micro 2008-01-11 11:04 . 2008-01-11 11:04 d-------- C:\Program Files\Avira GmbH 2008-01-11 10:52 . 2008-01-16 10:12 24,832 --a------ C:\WINDOWS\system32\drivers\Ejn48.sys 2008-01-08 21:17 . 2006-01-21 10:12 d-------- C:\Documents and Settings\Administrateur\WINDOWS 2008-01-08 21:17 . 2002-09-30 12:55 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-01-08 21:17 . 2002-09-30 12:55 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-01-08 21:17 . 2002-09-30 12:55 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-01-08 21:17 . 2006-01-21 10:06 dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-01-08 21:17 . 2002-09-30 12:55 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-01-08 21:17 . 2002-09-30 13:09 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-01-08 21:17 . 2002-09-30 12:55 dr------- C:\Documents and Settings\Administrateur\Bureau 2008-01-08 21:17 . 2006-01-21 10:06 d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust 2008-01-08 21:17 . 2008-01-16 10:13 554 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2008-01-08 20:58 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-01-08 14:34 . 2008-01-08 14:34 d-------- C:\Program Files\Avira 2008-01-08 14:34 . 2008-01-08 14:34 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-08 10:59 . 2008-01-14 14:37 d-------- C:\VundoFix Backups 2008-01-05 09:47 . 2008-01-08 14:40 21,760 --a------ C:\WINDOWS\Kpt83.sys 2008-01-05 09:28 . 2008-01-05 09:28 21,760 --a------ C:\WINDOWS\system32\drivers\Kpt83.sys 2008-01-04 12:16 . 2008-01-05 11:45 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-03 20:40 . 2008-01-03 20:40 d-------- C:\Documents and Settings\***** Jean-Claude\Application Data\uk.co.planetside 2008-01-03 20:06 . 2008-01-03 20:06 d-------- C:\Program Files\Terragen 2008-01-03 19:38 . 2008-01-03 19:42 d-------- C:\Program Files\eMule 2007-12-25 21:55 . 2007-12-25 21:56 d-------- C:\Program Files\Return To Castle Wolfenstein 2007-12-25 21:55 . 2007-12-25 21:55 d-------- C:\Program Files\Quake III Arena 2007-12-25 21:55 . 2008-01-03 20:01 d-------- C:\Program Files\GtkRadiant-1.4 2007-12-25 15:08 . 2008-01-02 18:02 d-------- C:\Documents and Settings\***** Jean-Claude\Application Data\Nokia Multimedia Player 2007-12-25 15:00 . 2007-12-25 15:03 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2007-12-25 14:56 . 2007-12-25 14:56 d-------- C:\Program Files\Fichiers communs\PCSuite 2007-12-25 14:56 . 2007-12-25 14:56 d-------- C:\Program Files\Fichiers communs\Nokia 2007-12-25 14:56 . 2007-12-25 14:56 d-------- C:\Program Files\DIFX 2007-12-25 14:56 . 2007-12-25 15:11 d-------- C:\Documents and Settings\***** Jean-Claude\Application Data\PC Suite 2007-12-25 14:55 . 2008-01-15 01:36 d-------- C:\Program Files\PC Connectivity Solution 2007-12-25 14:55 . 2006-10-10 08:54 138,240 --a------ C:\WINDOWS\system32\drivers mwcd.sys 2007-12-25 14:55 . 2006-10-10 08:54 50,688 --a------ C:\WINDOWS\system32 mwcdcls.dll 2007-12-25 14:55 . 2006-10-10 08:54 30,720 --a------ C:\WINDOWS\system32 mwcdcocls.dll 2007-12-25 14:55 . 2006-10-10 08:54 12,800 --a------ C:\WINDOWS\system32\drivers mwcdcm.sys 2007-12-25 14:55 . 2006-10-10 08:54 12,800 --a------ C:\WINDOWS\system32\drivers mwcdcj.sys 2007-12-25 14:55 . 2006-10-10 08:54 9,216 --a------ C:\WINDOWS\system32\drivers mwcdc.sys 2007-12-25 14:55 . 2006-10-10 08:54 4,608 --a------ C:\WINDOWS\system32 mwcdlog.dll 2007-12-25 14:54 . 2007-12-25 14:56 d-------- C:\Program Files\Nokia 2007-12-25 14:52 . 2007-12-25 14:52 19 --a------ C:\WINDOWS\SoundConverter.INI 2007-12-25 14:50 . 2007-12-25 14:50 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2007-12-25 00:59 . 2007-12-25 01:00 72 --a------ C:\WINDOWS\MediaManager.INI 2007-12-25 00:52 . 2007-12-25 00:52 d-------- C:\Program Files\MP3 Player Utilities 4.18 2007-12-24 17:45 . 2007-12-24 17:45 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp 2007-12-24 17:45 . 2007-12-24 17:45 64,470 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-12-24 17:41 . 2007-12-24 17:41 d-------- C:\WINDOWS\BricoPacks 2007-12-24 17:41 . 2007-12-24 17:45 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-12-23 20:50 . 2007-12-23 20:50 d-------- C:\CNYSELPHYCP 2007-12-23 20:50 . 2007-12-23 20:50 10 --a------ C:\WINDOWS\WININIT.INI 2007-12-23 17:22 . 2007-12-23 17:22 d-------- C:\Program Files\Snapshot Viewer 2007-12-23 17:22 . 2007-12-23 17:22 d-------- C:\Documents and Settings\All Users\Application Data\SBT 2007-12-23 17:14 . 2007-12-23 17:23 d-------- C:\WINDOWS\ShellNew 2007-12-21 12:23 . 2007-12-21 12:23 d-------- C:\Documents and Settings\***** Jean-Claude\Application Data\Snapfish . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-16 08:59 --------- d-----w C:\Program Files\LogMeIn 2008-01-11 10:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-08 16:30 --------- d-----w C:\Program Files\Sunbelt Software 2008-01-08 13:48 --------- d-----w C:\Program Files\QuickTime 2008-01-08 13:47 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-12-25 20:56 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2007-12-25 19:51 --------- d-----w C:\Program Files\Windows Live 2007-12-25 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-25 13:57 --------- d-----w C:\Documents and Settings\****** Jean-Claude\Application Data\Nokia 2007-12-24 16:45 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-12-23 16:21 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-08 09:31 --------- d-----w C:\Documents and Settings\***** Jean-Claude\Application Data\Creative 2007-12-08 09:29 --------- d-----w C:\Program Files\Creative 2007-12-08 09:12 --------- d-----w C:\Program Files\Google 2007-12-07 10:10 --------- d-----w C:\Program Files\Lavasoft 2007-12-07 10:10 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-12-07 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-06 20:20 --------- d-----w C:\Program Files\No-IP 2007-12-06 08:51 --------- d-----w C:\Program Files\Java 2007-12-06 08:48 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-12-04 18:14 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-04 18:03 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe 2007-12-04 11:57 --------- d-----w C:\Program Files\MSXML 6.0 2007-12-04 11:55 --------- d-----w C:\Program Files\MSBuild 2007-12-04 11:50 --------- d-----w C:\Program Files\Reference Assemblies 2007-12-04 11:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-03 19:55 245,760 ----a-w C:\WINDOWS\system32\JkDefragScreenSaver.exe 2007-12-03 19:55 110,592 ----a-w C:\WINDOWS\system32\JkDefragScreenSaver.scr 2007-12-01 13:39 --------- d-----w C:\Program Files\Microsoft Works 2007-12-01 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-01 09:53 --------- d-----w C:\Program Files\CCleaner 2007-11-30 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-11-30 22:25 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-11-30 22:19 --------- d-----w C:\Program Files\Wanadoo 2007-11-15 17:46 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll 2007-11-15 17:46 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll 2007-11-15 17:46 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll 2007-11-15 17:46 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll 2007-11-15 17:46 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll . [code]

----a-w           335,872 2008-01-06 12:44:23  C:\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           184,320 2008-01-06 17:23:26  C:\Program Files\Creative\Shared Files\CAMTRAY .EXE
----a-w           151,597 2008-01-06 17:23:15  C:\Program Files\Fichiers communs\Real\Update_OB
ealsched .exe
----a-w           132,496 2008-01-06 17:23:22  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w            63,048 2008-01-06 17:23:22  C:\Program Files\LogMeIn\x86\LogMeInSystray .exe
----a-w           222,720 2008-01-06 17:23:26  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
----a-w           919,016 2008-01-06 17:23:21  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w            15,360 2008-01-05 10:45:06  C:\WINDOWS\system32\ctfmon .exe

[/code] ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6265F37C-B899-4FBD-862E-ED0DB8F3CDE4}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 03:04 184320] "Userfile Sharing Serv"="usnsrv.exe" [] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-08 21:26 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\LMIinit] LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejn48.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kpt83.sys] @="Driver" . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2006-04-21 12:34:58 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1137849358.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-16 10:30:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll . Completion time: 2008-01-16 10:32:53 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-16 09:32:46 . 2007-12-12 20:47:39 --- E O F ---

green day · Answer

Salut

 désolé pour le retard ! n'hésite pas à faire des up ici, si tu te perds dans mes contributions : 

Télécharge RenV.exe sur ton Bureau:

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Double-clique sur RenV.exe pour le lancer, et patiente.

Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, poste le stp

++

123coco123 · Answer

Bonjour j'ai deux nouvelles detections de virus Antivir en plus de Pandex:

C:\WINDOWS\TEMP\326781.exe    WORM/Ntech.Z.4
C:\WINDOWS\TEMP\BN2.tmp    WORM/Ntech.Z.4

Voici le rapport RenV:

[code]
Ran on 18/01/2008 - 13:44:42,82

----a-w           335,872 2008-01-06 12:44:23  C:\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           184,320 2008-01-06 17:23:26  C:\Program Files\Creative\Shared Files\CAMTRAY .EXE
----a-w           151,597 2008-01-06 17:23:15  C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w           132,496 2008-01-06 17:23:22  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w            63,048 2008-01-06 17:23:22  C:\Program Files\LogMeIn\x86\LogMeInSystray .exe
----a-w           222,720 2008-01-06 17:23:26  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
----a-w           919,016 2008-01-06 17:23:21  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w            15,360 2008-01-05 10:45:06  C:\WINDOWS\system32\ctfmon .exe

 Entries:                8  (8)
 Directories:            0  Files:             8
 Bytes:          2,024,429  Blocks:        3,956
[/code]

green day · Answer

Salut

ok,

Double-clique sur RenV.exe pour le lancer, et patiente.

Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, poste le.

et la manip suivante avec le résultat du log

Créé un fichier Bloc Notes avec le texte en gras : 

C:\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\Program Files\Creative\Shared Files\CAMTRAY .EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\LogMeIn\x86\LogMeInSystray .exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\WINDOWS\system32\ctfmon .exe


    * Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
    * Choisis "Enregistrer sous" et choisis "Bureau"
    * Dans le champ "Nom du fichier" en bas de page donne le nom suivant:Log.txt
    * Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
    * Quitte le Bloc Notes.
    * Fais un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe comme sur la capture ci-dessous  

 ==> voir l'animation :  http://img.photobucket.com/albums/v666/sUBs/RenV.gif

++

123coco123 · Answer

[code]
Ran on 18/01/2008 - 18:22:22,68

----a-w           335,872 2008-01-06 12:44:23  C:\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           184,320 2008-01-06 17:23:26  C:\Program Files\Creative\Shared Files\CAMTRAY .EXE
----a-w           151,597 2008-01-06 17:23:15  C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w           132,496 2008-01-06 17:23:22  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w            63,048 2008-01-06 17:23:22  C:\Program Files\LogMeIn\x86\LogMeInSystray .exe
----a-w           222,720 2008-01-06 17:23:26  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
----a-w           919,016 2008-01-06 17:23:21  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w            15,360 2008-01-05 10:45:06  C:\WINDOWS\system32\ctfmon .exe

 Entries:                8  (8)
 Directories:            0  Files:             8
 Bytes:          2,024,429  Blocks:        3,956
[/code]


[code]
Ran on 18/01/2008 - 18:25:14,01

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0
[/code]

TR/Pandex.L.2 le retour!!!

6 réponses

Discussions similaires