Sujet Précédent Sujet Suivant

Trojan virtuamonde

ganesh -  
 ganesh -
Bonjour,
spybot a detecté un trojan, virtuamonde, voici mon log hijack , si qqun pouvait m'aider et m'indiquer la procédure à suivre pour me dévéroler? merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:58, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LocalCooling\localcooling.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {C0076390-8BCF-41A3-9275-906D44094CFC} - C:\WINDOWS\system32\jkhhi.dll
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\yayaywv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LocalCooling] "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Admin\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: RAID Manager.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F2291A3-BCA9-4AEF-ADBD-819DD76E0DB1}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: c:\progra~1\google\go333c~1\goec62~1.dll
O20 - Winlogon Notify: yayaywv - C:\WINDOWS\SYSTEM32\yayaywv.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
A voir également:

15 réponses

Réponse 1 / 15
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

# Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers. * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

++
0
ganesh
 
OK résultat du scan Vundofix:
Listing files found while scanning....

C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\yayaywv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ihhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\ihhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayaywv.dll
C:\WINDOWS\system32\yayaywv.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\yayaywv.dll
C:\WINDOWS\system32\yayaywv.dll Has been deleted!

Performing Repairs to the registry.
Done!

je relance hijack?
(merci raleuboleu pour les liens antivirus et firewall)
0
ganesh > ganesh
 
deuxieme hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:48, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LocalCooling\localcooling.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {C0076390-8BCF-41A3-9275-906D44094CFC} - C:\WINDOWS\system32\jkhhi.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LocalCooling] "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Admin\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: RAID Manager.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F2291A3-BCA9-4AEF-ADBD-819DD76E0DB1}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: c:\progra~1\google\go333c~1\goec62~1.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
raleuboleu Messages postés 5028 Statut Membre 79 > ganesh
 
re

de rien puis tu es entre deux bonnes mains lol jrigole mais tu es avec quelqu'un adéquat ^^

kiss et bonne suite , je suis le sujet ...curieuse oui je c^^
0
Réponse 2 / 15
raleuboleu Messages postés 5028 Statut Membre 79
 
salut

effectivement bien infecté

tu n'as aucune protection et ça ben il va falloir y remedier au plus vite

télécharge antivir ici (antivirus :

https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

telecharge kério (parefeu) :

https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html

ensuite fais ceci :

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.

Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.

bizoux
0
Réponse 3 / 15
raleuboleu Messages postés 5028 Statut Membre 79
 
sorry green day du double post^^

bizz
0
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

No soucy ! ;-))

@+
0
Réponse 4 / 15
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Bonne soirée Raleuboleu ! ;-))

Suite :

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
raleuboleu Messages postés 5028 Statut Membre 79
 
merci ^^ a toi aussi !!

kiss
0
ganesh
 
ça y est c'est fait
log de combofix:

ComboFix 08-03-01.3 - Admin 2008-03-02 9:04:00.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.753 [GMT 1:00]
Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\ravmonlog
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\mrofinu2000351.exe
G:\Autorun.inf

----- BITS: Possible sites infectés -----

hxxp://www.panoramio.com
hxxp://www.flickr.com
hxxp://farm3.static.flickr.com
hxxp://farm2.static.flickr.com
hxxp://desourcesure.com
hxxp://limelight
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.

2008-03-02 09:01 . 2008-03-02 09:01 163 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Program Files\Avira
2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 21:44 . 2008-03-01 21:44 <REP> d-------- C:\Program Files\Sunbelt Software
2008-03-01 21:11 . 2008-03-01 21:37 <REP> d-------- C:\VundoFix Backups
2008-03-01 21:00 . 2008-03-01 21:00 <REP> d-------- C:\Program Files\Trend Micro
2008-03-01 20:32 . 2007-02-09 18:34 420,816 --a------ C:\Documents and Settings\Admin\Application Data\wunauclt.exe
2008-03-01 20:10 . 2008-03-01 20:10 <REP> d-------- C:\WINDOWS\system32\txp
2008-03-01 20:10 . 2008-03-01 20:10 <REP> d-------- C:\WINDOWS\Driver
2008-02-18 21:11 . 2008-02-18 21:11 <REP> d-------- C:\Program Files\LocalCooling
2008-02-12 00:26 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-12 00:26 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-12 00:26 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-12 00:26 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-02-12 00:26 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-02-12 00:09 . 2008-02-12 00:09 <REP> d-------- C:\Program Files\OpenAL
2008-02-12 00:09 . 2008-02-12 00:09 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-02-12 00:09 . 2008-02-12 00:09 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-02-09 10:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-09 10:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-09 10:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-09 10:19 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-02-09 10:19 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-02-09 10:16 . 2008-02-09 10:16 289 --a------ C:\WINDOWS\game.ini
2008-02-09 10:03 . 2008-02-09 10:03 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-02-04 09:39 . 2008-02-04 09:39 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Megaupload
2008-02-04 09:34 . 2008-02-04 09:34 <REP> d-------- C:\Program Files\Megaupload
2008-02-04 09:34 . 2008-02-04 09:34 <REP> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-02-03 14:27 . 2008-02-03 14:27 <REP> d-------- C:\SCRABBLE.99
2008-02-03 14:26 . 1999-03-23 09:12 304,128 --a------ C:\WINDOWS\unin040c.exe
2008-02-03 14:17 . 2008-02-03 14:21 <REP> d-------- C:\Program Files\WinISO
2008-02-02 15:44 . 2008-02-02 15:44 250 --a------ C:\WINDOWS\thug2.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 08:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 08:09 --------- d-----w C:\Program Files\PeerGuardian2
2008-03-01 19:54 --------- d-----w C:\Program Files\eMule
2008-03-01 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-29 15:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-29 14:44 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-22 10:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-22 10:57 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-20 13:27 --------- d-----w C:\Program Files\MOG-O-MATIC
2008-02-20 13:27 --------- d-----w C:\Program Files\johnsadventures.com
2008-02-20 13:27 --------- d-----w C:\Documents and Settings\Admin\Application Data\johnsadventures.com
2008-02-20 13:26 --------- d-----w C:\Program Files\DivX
2008-02-09 09:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 09:09 --------- d-----w C:\Program Files\Microsoft Games
2008-01-27 11:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\My Games
2008-01-21 09:28 --------- d-----w C:\Documents and Settings\Admin\Application Data\Eltima Software
2008-01-21 09:26 --------- d-----w C:\Program Files\Easiestutils
2008-01-21 08:59 --------- d-----w C:\Program Files\URUSoft
2008-01-18 19:24 --------- d-----w C:\Program Files\EA GAMES
2008-01-18 18:59 --------- d-----w C:\Program Files\Electronic Arts
2008-01-18 16:10 --------- d-----w C:\Program Files\Gpotato
2008-01-15 18:49 --------- d-----w C:\Program Files\San Andreas Mod Installer
2008-01-08 08:42 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-01-08 08:28 --------- d-----w C:\Program Files\PIXELA
2008-01-08 08:26 --------- d-----w C:\Program Files\Caplio Software
2008-01-07 17:23 --------- d-----w C:\Program Files\UBISOFT
2008-01-07 10:30 --------- d-----w C:\Program Files\Common Files
2008-01-06 16:19 --------- d-----w C:\Program Files\MediaMonkey
2008-01-04 07:59 --------- d-----w C:\Program Files\Google
2008-01-02 14:33 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-02 14:20 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-27 15:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

------- Sigcheck -------

0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll
----a-w 578,048 2005-07-26 13:01:50 C:\WINDOWS\system32\user32.dll

e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\system32\wininet.dll
----a-w 662,528 2005-12-14 11:12:00 C:\WINDOWS\system32\wininet.dll

0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 359,936 2005-09-18 10:29:51 C:\WINDOWS\system32\drivers\tcpip.sys

50b3a210b6fa8d3089a36a32e7d8b21f C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,017,280 2005-10-12 08:33:32 C:\WINDOWS\system32\ntkrnlpa.exe

e75f7aa5a33479f29c636fd0890f5762 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,137,600 2005-07-26 13:01:40 C:\WINDOWS\system32\ntoskrnl.exe

0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe
----a-w 1,036,288 2005-07-26 13:01:30 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0076390-8BCF-41A3-9275-906D44094CFC}]
C:\WINDOWS\system32\jkhhi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-03-24 17:28 983040]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Google Update"="C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe" [2008-02-12 15:48 21488]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34 6729728]
"nwiz"="nwiz.exe" [2005-05-12 00:34 1519616 C:\WINDOWS\system32\nwiz.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2005-04-28 13:49 3630080]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 15:07 617984]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 15:27 1065288]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-25 11:46 1838592]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 15:00 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 00:34 86016]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2006-12-01 18:09 2056875]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-01 22:37 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 10:24 341]
"nlsf"="cmd.exe" [2004-08-19 15:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 14:52 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\go333c~1\goec62~1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5911:TCP"= 5911:TCP:Worms4
"80:TCP"= 80:TCP:Worms4
"28900:TCP"= 28900:TCP:Worms4
"29900:TCP"= 29900:TCP:Worms4
"29901:TCP"= 29901:TCP:Worms4
"5911:UDP"= 5911:UDP:Worms4
"6500:UDP"= 6500:UDP:Worms4
"13139:UDP"= 13139:UDP:Worms4
"27900:UDP"= 27900:UDP:Worms4
"13795:TCP"= 13795:TCP:NortonAV
"18597:TCP"= 18597:TCP:NortonAV
"14839:TCP"= 14839:TCP:NortonAV
"14772:TCP"= 14772:TCP:NortonAV
"17875:TCP"= 17875:TCP:NortonAV
"14711:TCP"= 14711:TCP:NortonAV
"13187:TCP"= 13187:TCP:NortonAV

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2005-03-17 15:00]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2007-12-31 16:55]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2007-12-31 16:55]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 19:56]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 18:56]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At1.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At2.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At3.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 09:09:21
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 9:11:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-02 08:11:48
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok,

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
ganesh
 
le voilà, deuxieme log combofix:

ComboFix 08-03-01.3 - Admin 2008-03-02 16:21:29.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.744 [GMT 1:00]
Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix(2).exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.

2008-03-02 16:20 . 2008-03-02 16:23 <REP> d-------- C:\ComboFix(2)
2008-03-02 16:20 . 2004-08-19 15:09 400,896 --a------ C:\WINDOWS\system32\CF22206.exe
2008-03-02 09:12 . 2008-03-02 16:20 <REP> d-------- C:\WINDOWS\TEMP
2008-03-02 09:01 . 2008-03-02 16:19 455 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Program Files\Avira
2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 21:47 . 2008-03-01 22:37 61,632 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2008-03-01 21:47 . 2007-08-09 13:04 40,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2008-03-01 21:47 . 2007-03-01 10:34 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2008-03-01 21:47 . 2007-07-18 14:22 21,312 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2008-03-01 21:44 . 2008-03-01 21:44 <REP> d-------- C:\Program Files\Sunbelt Software
2008-03-01 21:11 . 2008-03-01 21:37 <REP> d-------- C:\VundoFix Backups
2008-03-01 21:00 . 2008-03-01 21:00 <REP> d-------- C:\Program Files\Trend Micro
2008-03-01 20:32 . 2007-02-09 18:34 420,816 --a------ C:\Documents and Settings\Admin\Application Data\wunauclt.exe
2008-03-01 20:10 . 2008-03-01 20:10 <REP> d-------- C:\WINDOWS\system32\txp
2008-03-01 20:10 . 2008-03-01 20:10 <REP> d-------- C:\WINDOWS\Driver
2008-02-18 21:11 . 2008-02-18 21:11 <REP> d-------- C:\Program Files\LocalCooling
2008-02-12 00:26 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-12 00:26 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-12 00:26 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-12 00:26 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-02-12 00:26 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-02-12 00:09 . 2008-02-12 00:09 <REP> d-------- C:\Program Files\OpenAL
2008-02-12 00:09 . 2008-02-12 00:09 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-02-12 00:09 . 2008-02-12 00:09 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-02-09 10:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-09 10:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-09 10:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-09 10:19 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-02-09 10:19 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-02-09 10:16 . 2008-02-09 10:16 289 --a------ C:\WINDOWS\game.ini
2008-02-09 10:03 . 2008-02-09 10:03 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-02-04 09:39 . 2008-02-04 09:39 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Megaupload
2008-02-04 09:34 . 2008-02-04 09:34 <REP> d-------- C:\Program Files\Megaupload
2008-02-04 09:34 . 2008-02-04 09:34 <REP> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-02-03 14:27 . 2008-02-03 14:27 <REP> d-------- C:\SCRABBLE.99
2008-02-03 14:26 . 1999-03-23 09:12 304,128 --a------ C:\WINDOWS\unin040c.exe
2008-02-03 14:17 . 2008-02-03 14:21 <REP> d-------- C:\Program Files\WinISO
2008-02-02 15:44 . 2008-02-02 15:44 250 --a------ C:\WINDOWS\thug2.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 15:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 15:19 805,306,368 --sha-w C:\pagefile.sys
2008-03-02 15:18 --------- d-----w C:\Program Files\PeerGuardian2
2008-03-02 14:17 --------- d-----w C:\Program Files\Mozilla Firefox
2008-03-01 19:54 --------- d-----w C:\Program Files\eMule
2008-03-01 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-29 15:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-29 14:44 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-22 10:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-22 10:57 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-20 13:27 --------- d-----w C:\Program Files\MOG-O-MATIC
2008-02-20 13:27 --------- d-----w C:\Program Files\johnsadventures.com
2008-02-20 13:27 --------- d-----w C:\Documents and Settings\Admin\Application Data\johnsadventures.com
2008-02-20 13:26 --------- d-----w C:\Program Files\DivX
2008-02-09 09:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 09:09 --------- d-----w C:\Program Files\Microsoft Games
2008-01-27 11:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\My Games
2008-01-21 09:28 --------- d-----w C:\Program Files\Fichiers communs
2008-01-21 09:28 --------- d-----w C:\Documents and Settings\Admin\Application Data\Eltima Software
2008-01-21 09:26 --------- d-----w C:\Program Files\Easiestutils
2008-01-21 08:59 --------- d-----w C:\Program Files\URUSoft
2008-01-18 19:24 --------- d-----w C:\Program Files\EA GAMES
2008-01-18 18:59 --------- d-----w C:\Program Files\Electronic Arts
2008-01-18 16:10 --------- d-----w C:\Program Files\Gpotato
2008-01-15 18:49 --------- d-----w C:\Program Files\San Andreas Mod Installer
2008-01-08 08:42 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-01-08 08:28 --------- d-----w C:\Program Files\PIXELA
2008-01-08 08:26 --------- d-----w C:\Program Files\Caplio Software
2008-01-07 17:23 --------- d-----w C:\Program Files\UBISOFT
2008-01-07 10:30 --------- d-----w C:\Program Files\Common Files
2008-01-06 16:19 --------- d-----w C:\Program Files\MediaMonkey
2008-01-04 07:59 --------- d-----w C:\Program Files\Google
2008-01-02 14:33 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-02 14:20 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-27 15:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

------- Sigcheck -------

0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll
----a-w 578,048 2005-07-26 13:01:50 C:\WINDOWS\system32\user32.dll

e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\system32\wininet.dll
----a-w 662,528 2005-12-14 11:12:00 C:\WINDOWS\system32\wininet.dll

0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 359,936 2005-09-18 10:29:51 C:\WINDOWS\system32\drivers\tcpip.sys

50b3a210b6fa8d3089a36a32e7d8b21f C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,017,280 2005-10-12 08:33:32 C:\WINDOWS\system32\ntkrnlpa.exe

e75f7aa5a33479f29c636fd0890f5762 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,137,600 2005-07-26 13:01:40 C:\WINDOWS\system32\ntoskrnl.exe

0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe
----a-w 1,036,288 2005-07-26 13:01:30 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0076390-8BCF-41A3-9275-906D44094CFC}]
C:\WINDOWS\system32\jkhhi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-03-24 17:28 983040]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Google Update"="C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe" [2008-02-12 15:48 21488]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34 6729728]
"nwiz"="nwiz.exe" [2005-05-12 00:34 1519616 C:\WINDOWS\system32\nwiz.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2005-04-28 13:49 3630080]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 15:07 617984]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 15:27 1065288]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-25 11:46 1838592]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 15:00 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 00:34 86016]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2006-12-01 18:09 2056875]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-01 22:37 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 10:24 341]
"nlsf"="cmd.exe" [2004-08-19 15:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 14:52 44544]

C:\Documents and Settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16 2913584]
YouTube Uploader.lnk - C:\Documents and Settings\Admin\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-10 11:02:09 126136]
RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2007-09-10 10:34:55 724992]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\go333c~1\goec62~1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5911:TCP"= 5911:TCP:Worms4
"80:TCP"= 80:TCP:Worms4
"28900:TCP"= 28900:TCP:Worms4
"29900:TCP"= 29900:TCP:Worms4
"29901:TCP"= 29901:TCP:Worms4
"5911:UDP"= 5911:UDP:Worms4
"6500:UDP"= 6500:UDP:Worms4
"13139:UDP"= 13139:UDP:Worms4
"27900:UDP"= 27900:UDP:Worms4
"13795:TCP"= 13795:TCP:NortonAV
"18597:TCP"= 18597:TCP:NortonAV
"14839:TCP"= 14839:TCP:NortonAV
"14772:TCP"= 14772:TCP:NortonAV
"17875:TCP"= 17875:TCP:NortonAV
"14711:TCP"= 14711:TCP:NortonAV
"13187:TCP"= 13187:TCP:NortonAV

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2005-03-17 15:00]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
S2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2007-12-31 16:55]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2007-12-31 16:55]
S3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 19:56]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 18:56]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At1.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At2.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At3.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 16:23:11
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
c'est grave docteur?
0
Réponse 6 / 15
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :

File::

C:\WINDOWS\system32\drivers\PnkBstrK.sys
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\jkhhi.dll

registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0076390-8BCF-41A3-9275-906D44094CFC}]

ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation :
http://img.bleepingcomputer.com/combofix/usage/rc.gif

driver::

PnkBstrK

Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

++
0
Réponse 7 / 15
ganesh
 
bon...j'ai fait ça, mais combofix m'a rien demandé, il a démarré direct; j'ai pas eu d'options à choisir..

ComboFix 08-03-01.3 - Admin 2008-03-02 20:33:07.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.232 [GMT 1:00]
Endroit: C:\Documents and Settings\Admin\Bureau\PROGRAMMES\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\drivers\PnkBstrK.sys
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\PnkBstrB.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\PnkBstrK.sys
C:\WINDOWS\system32\PnkBstrB.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.

2008-03-02 18:10 . 2008-03-02 18:10 <REP> d-------- C:\Program Files\CodeStuff
2008-03-02 16:20 . 2008-03-02 16:23 <REP> d-------- C:\ComboFix(2)
2008-03-02 09:01 . 2008-03-02 16:53 584 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Program Files\Avira
2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 21:44 . 2008-03-01 21:44 <REP> d-------- C:\Program Files\Sunbelt Software
2008-03-01 21:11 . 2008-03-01 21:37 <REP> d-------- C:\VundoFix Backups
2008-03-01 21:00 . 2008-03-01 21:00 <REP> d-------- C:\Program Files\Trend Micro
2008-03-01 20:32 . 2007-02-09 18:34 420,816 --a------ C:\Documents and Settings\Admin\Application Data\wunauclt.exe
2008-03-01 20:10 . 2008-03-01 20:10 <REP> d-------- C:\WINDOWS\system32\txp
2008-03-01 20:10 . 2008-03-01 20:10 <REP> d-------- C:\WINDOWS\Driver
2008-02-18 21:11 . 2008-02-18 21:11 <REP> d-------- C:\Program Files\LocalCooling
2008-02-12 00:26 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-12 00:26 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-12 00:26 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-12 00:26 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-02-12 00:26 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-02-12 00:09 . 2008-02-12 00:09 <REP> d-------- C:\Program Files\OpenAL
2008-02-12 00:09 . 2008-02-12 00:09 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-02-12 00:09 . 2008-02-12 00:09 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-02-09 10:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-09 10:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-09 10:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-09 10:19 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-02-09 10:19 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-02-09 10:16 . 2008-02-09 10:16 289 --a------ C:\WINDOWS\game.ini
2008-02-09 10:03 . 2008-02-09 10:03 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-02-04 09:39 . 2008-02-04 09:39 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Megaupload
2008-02-04 09:34 . 2008-02-04 09:34 <REP> d-------- C:\Program Files\Megaupload
2008-02-04 09:34 . 2008-02-04 09:34 <REP> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-02-03 14:27 . 2008-02-03 14:27 <REP> d-------- C:\SCRABBLE.99
2008-02-03 14:26 . 1999-03-23 09:12 304,128 --a------ C:\WINDOWS\unin040c.exe
2008-02-03 14:17 . 2008-02-03 14:21 <REP> d-------- C:\Program Files\WinISO
2008-02-02 15:44 . 2008-02-02 15:44 250 --a------ C:\WINDOWS\thug2.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 19:23 --------- d-----w C:\Program Files\eMule
2008-03-02 17:10 --------- d-----w C:\Program Files\PeerGuardian2
2008-03-02 17:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-29 15:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-29 14:44 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-20 13:27 --------- d-----w C:\Program Files\MOG-O-MATIC
2008-02-20 13:27 --------- d-----w C:\Program Files\johnsadventures.com
2008-02-20 13:27 --------- d-----w C:\Documents and Settings\Admin\Application Data\johnsadventures.com
2008-02-20 13:26 --------- d-----w C:\Program Files\DivX
2008-02-09 09:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 09:09 --------- d-----w C:\Program Files\Microsoft Games
2008-01-27 11:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\My Games
2008-01-21 09:28 --------- d-----w C:\Documents and Settings\Admin\Application Data\Eltima Software
2008-01-21 09:26 --------- d-----w C:\Program Files\Easiestutils
2008-01-21 08:59 --------- d-----w C:\Program Files\URUSoft
2008-01-18 19:24 --------- d-----w C:\Program Files\EA GAMES
2008-01-18 18:59 --------- d-----w C:\Program Files\Electronic Arts
2008-01-18 16:10 --------- d-----w C:\Program Files\Gpotato
2008-01-15 18:49 --------- d-----w C:\Program Files\San Andreas Mod Installer
2008-01-08 08:42 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-01-08 08:28 --------- d-----w C:\Program Files\PIXELA
2008-01-08 08:26 --------- d-----w C:\Program Files\Caplio Software
2008-01-07 17:23 --------- d-----w C:\Program Files\UBISOFT
2008-01-07 10:30 --------- d-----w C:\Program Files\Common Files
2008-01-06 16:19 --------- d-----w C:\Program Files\MediaMonkey
2008-01-04 07:59 --------- d-----w C:\Program Files\Google
2008-01-02 14:33 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-02 14:20 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-27 15:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

------- Sigcheck -------

0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll
----a-w 578,048 2005-07-26 13:01:50 C:\WINDOWS\system32\user32.dll

e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\system32\wininet.dll
----a-w 662,528 2005-12-14 11:12:00 C:\WINDOWS\system32\wininet.dll

0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 359,936 2005-09-18 10:29:51 C:\WINDOWS\system32\drivers\tcpip.sys

50b3a210b6fa8d3089a36a32e7d8b21f C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,017,280 2005-10-12 08:33:32 C:\WINDOWS\system32\ntkrnlpa.exe

e75f7aa5a33479f29c636fd0890f5762 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,137,600 2005-07-26 13:01:40 C:\WINDOWS\system32\ntoskrnl.exe

0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe
----a-w 1,036,288 2005-07-26 13:01:30 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-03-24 17:28 983040]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34 6729728]
"nwiz"="nwiz.exe" [2005-05-12 00:34 1519616 C:\WINDOWS\system32\nwiz.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2005-04-28 13:49 3630080]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 15:07 617984]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 15:27 1065288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 15:00 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 00:34 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-01 22:37 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 10:24 341]
"nlsf"="cmd.exe" [2004-08-19 15:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 14:52 44544]

C:\Documents and Settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16 2913584]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2007-09-10 10:34:55 724992]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\go333c~1\goec62~1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5911:TCP"= 5911:TCP:Worms4
"80:TCP"= 80:TCP:Worms4
"28900:TCP"= 28900:TCP:Worms4
"29900:TCP"= 29900:TCP:Worms4
"29901:TCP"= 29901:TCP:Worms4
"5911:UDP"= 5911:UDP:Worms4
"6500:UDP"= 6500:UDP:Worms4
"13139:UDP"= 13139:UDP:Worms4
"27900:UDP"= 27900:UDP:Worms4
"13795:TCP"= 13795:TCP:NortonAV
"18597:TCP"= 18597:TCP:NortonAV
"14839:TCP"= 14839:TCP:NortonAV
"14772:TCP"= 14772:TCP:NortonAV
"17875:TCP"= 17875:TCP:NortonAV
"14711:TCP"= 14711:TCP:NortonAV
"13187:TCP"= 13187:TCP:NortonAV

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2005-03-17 15:00]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2007-12-31 16:55]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2007-12-31 16:55]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 19:56]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 18:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{953d8779-a17d-11dc-8c91-0013d478257a}]
\Shell\AutoRun\command - F:\SETUP.EXE

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At1.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At2.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At3.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 20:37:26
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-02 20:39:16
ComboFix-quarantined-files.txt 2008-03-02 19:39:08
ComboFix2.txt 2008-03-02 08:12:00
0
Réponse 8 / 15
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, poste un nouveau rapport stp

++
0
ganesh
 
ComboFix 08-03-01.3 - Admin 2008-03-03 10:12:08.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.590 [GMT 1:00]
Endroit: C:\Documents and Settings\Admin\Bureau\PROGRAMMES\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))))))))
.

2008-03-02 18:10 . 2008-03-02 18:10 <REP> d-------- C:\Program Files\CodeStuff
2008-03-02 16:20 . 2008-03-02 16:23 <REP> d-------- C:\ComboFix(2)
2008-03-02 09:01 . 2008-03-02 16:53 584 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Program Files\Avira
2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 21:44 . 2008-03-01 21:44 <REP> d-------- C:\Program Files\Sunbelt Software
2008-03-01 21:11 . 2008-03-01 21:37 <REP> d-------- C:\VundoFix Backups
2008-03-01 21:00 . 2008-03-01 21:00 <REP> d-------- C:\Program Files\Trend Micro
2008-03-01 20:32 . 2007-02-09 18:34 420,816 --a------ C:\Documents and Settings\Admin\Application Data\wunauclt.exe
2008-03-01 20:10 . 2008-03-01 20:10 <REP> d-------- C:\WINDOWS\system32\txp
2008-03-01 20:10 . 2008-03-01 20:10 <REP> d-------- C:\WINDOWS\Driver
2008-02-18 21:11 . 2008-02-18 21:11 <REP> d-------- C:\Program Files\LocalCooling
2008-02-12 00:26 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-12 00:26 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-12 00:26 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-02-12 00:26 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-12 00:26 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-02-12 00:26 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-02-12 00:09 . 2008-02-12 00:09 <REP> d-------- C:\Program Files\OpenAL
2008-02-12 00:09 . 2008-02-12 00:09 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-02-12 00:09 . 2008-02-12 00:09 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-02-09 10:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-09 10:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-09 10:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-09 10:19 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-02-09 10:19 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-02-09 10:16 . 2008-02-09 10:16 289 --a------ C:\WINDOWS\game.ini
2008-02-09 10:03 . 2008-02-09 10:03 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-02-04 09:39 . 2008-02-04 09:39 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Megaupload
2008-02-04 09:34 . 2008-02-04 09:34 <REP> d-------- C:\Program Files\Megaupload
2008-02-04 09:34 . 2008-02-04 09:34 <REP> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-02-03 14:27 . 2008-02-03 14:27 <REP> d-------- C:\SCRABBLE.99
2008-02-03 14:26 . 1999-03-23 09:12 304,128 --a------ C:\WINDOWS\unin040c.exe
2008-02-03 14:17 . 2008-02-03 14:21 <REP> d-------- C:\Program Files\WinISO

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 09:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-03 09:06 --------- d-----w C:\Program Files\PeerGuardian2
2008-03-02 23:17 --------- d-----w C:\Program Files\eMule
2008-03-02 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-29 15:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-29 14:44 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-20 13:27 --------- d-----w C:\Program Files\MOG-O-MATIC
2008-02-20 13:27 --------- d-----w C:\Program Files\johnsadventures.com
2008-02-20 13:27 --------- d-----w C:\Documents and Settings\Admin\Application Data\johnsadventures.com
2008-02-20 13:26 --------- d-----w C:\Program Files\DivX
2008-02-09 09:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 09:09 --------- d-----w C:\Program Files\Microsoft Games
2008-01-27 11:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\My Games
2008-01-21 09:28 --------- d-----w C:\Documents and Settings\Admin\Application Data\Eltima Software
2008-01-21 09:26 --------- d-----w C:\Program Files\Easiestutils
2008-01-21 08:59 --------- d-----w C:\Program Files\URUSoft
2008-01-18 19:24 --------- d-----w C:\Program Files\EA GAMES
2008-01-18 18:59 --------- d-----w C:\Program Files\Electronic Arts
2008-01-18 16:10 --------- d-----w C:\Program Files\Gpotato
2008-01-15 18:49 --------- d-----w C:\Program Files\San Andreas Mod Installer
2008-01-08 08:42 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-01-08 08:28 --------- d-----w C:\Program Files\PIXELA
2008-01-08 08:26 --------- d-----w C:\Program Files\Caplio Software
2008-01-07 17:23 --------- d-----w C:\Program Files\UBISOFT
2008-01-07 10:30 --------- d-----w C:\Program Files\Common Files
2008-01-06 16:19 --------- d-----w C:\Program Files\MediaMonkey
2008-01-04 07:59 --------- d-----w C:\Program Files\Google
2008-01-02 14:33 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-27 15:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

------- Sigcheck -------

0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll
----a-w 578,048 2005-07-26 13:01:50 C:\WINDOWS\system32\user32.dll

e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\system32\wininet.dll
----a-w 662,528 2005-12-14 11:12:00 C:\WINDOWS\system32\wininet.dll

0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 359,936 2005-09-18 10:29:51 C:\WINDOWS\system32\drivers\tcpip.sys

50b3a210b6fa8d3089a36a32e7d8b21f C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,017,280 2005-10-12 08:33:32 C:\WINDOWS\system32\ntkrnlpa.exe

e75f7aa5a33479f29c636fd0890f5762 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,137,600 2005-07-26 13:01:40 C:\WINDOWS\system32\ntoskrnl.exe

0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe
----a-w 1,036,288 2005-07-26 13:01:30 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0076390-8BCF-41A3-9275-906D44094CFC}]
C:\WINDOWS\system32\jkhhi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-03-24 17:28 983040]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Google Update"="C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe" [2008-02-12 15:48 21488]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34 6729728]
"nwiz"="nwiz.exe" [2005-05-12 00:34 1519616 C:\WINDOWS\system32\nwiz.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2005-04-28 13:49 3630080]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 15:07 617984]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 15:27 1065288]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-25 11:46 1838592]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 15:00 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 00:34 86016]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2006-12-01 18:09 2056875]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-01 22:37 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 10:24 341]
"nlsf"="cmd.exe" [2004-08-19 15:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 14:52 44544]

C:\Documents and Settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16 2913584]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2007-09-10 10:34:55 724992]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\go333c~1\goec62~1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5911:TCP"= 5911:TCP:Worms4
"80:TCP"= 80:TCP:Worms4
"28900:TCP"= 28900:TCP:Worms4
"29900:TCP"= 29900:TCP:Worms4
"29901:TCP"= 29901:TCP:Worms4
"5911:UDP"= 5911:UDP:Worms4
"6500:UDP"= 6500:UDP:Worms4
"13139:UDP"= 13139:UDP:Worms4
"27900:UDP"= 27900:UDP:Worms4
"13795:TCP"= 13795:TCP:NortonAV
"18597:TCP"= 18597:TCP:NortonAV
"14839:TCP"= 14839:TCP:NortonAV
"14772:TCP"= 14772:TCP:NortonAV
"17875:TCP"= 17875:TCP:NortonAV
"14711:TCP"= 14711:TCP:NortonAV
"13187:TCP"= 13187:TCP:NortonAV

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2005-03-17 15:00]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2007-12-31 16:55]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2007-12-31 16:55]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 19:56]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 18:56]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At1.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At2.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At3.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 10:16:57
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-03 10:18:53
ComboFix-quarantined-files.txt 2008-03-03 09:18:45
ComboFix2.txt 2008-03-02 19:39:18
ComboFix3.txt 2008-03-02 08:12:00
0
Réponse 9 / 15
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

++
0
Réponse 10 / 15
ganesh
 
désolé pour l'absence;
j'attendais l'arrivée d'un DDE, histoire de sauvegarder mes données, parce que bon, ça sent le reformatage tout ça;
mais je te suis, je lance sdfix et te poste ça très vite
merci encore pour le temps consacré à ce problème
0
Réponse 11 / 15
ganesh
 
log sdfix:

[b]SDFix: Version 1.152 [/b]

Run by Admin on 15/03/2008 at 10:59

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 11:20:19
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:bb,17,23,6a,70,e5,47,35,3e,10,a3,d7,59,53,1f,35,40,08,5d,56,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,53,33,f6,97,f8,aa,af,ee,0f,54,cb,b3,65,f1,fb,6d,d5,..
"khjeh"=hex:f8,4d,04,bc,16,9a,a1,23,2b,f3,75,f1,9b,fc,be,87,ee,cc,be,64,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:27,e4,16,1a,cb,14,36,42,df,72,8e,54,2a,93,91,cb,f7,1b,ed,97,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:bb,17,23,6a,70,e5,47,35,3e,10,a3,d7,59,53,1f,35,40,08,5d,56,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,53,33,f6,97,f8,aa,af,ee,0f,54,cb,b3,65,f1,fb,6d,d5,..
"khjeh"=hex:f8,4d,04,bc,16,9a,a1,23,2b,f3,75,f1,9b,fc,be,87,ee,cc,be,64,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:27,e4,16,1a,cb,14,36,42,df,72,8e,54,2a,93,91,cb,f7,1b,ed,97,20,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMuleMorphXT"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:

[b]Files with Hidden Attributes [/b]:

Tue 16 Jan 2007 5,297,976 A..HR --- "C:\Program Files\Picasa2\setup.exe"
Tue 20 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

[b]Finished![/b]
0
Réponse 12 / 15
ganesh
 
log hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:36, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {C0076390-8BCF-41A3-9275-906D44094CFC} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: RAID Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F2291A3-BCA9-4AEF-ADBD-819DD76E0DB1}: NameServer = 192.168.1.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 13 / 15
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

bien, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0
Réponse 14 / 15
ganesh
 
ok désolé pour la perte de temps...:((
0
Réponse 15 / 15
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
???
0
ganesh
 
bé oui j'aurais du commencer par là..
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses