Sujet Précédent Sujet Suivant

Hldrrr.exe

Résolu/Fermé
Anemos - 18 mai 2008 à 19:33
 Anemos - 19 mai 2008 à 21:50
Bonjour,

J'ai choppé le virus hldrrr.exe, j'ai lu les derniers sujets sur ce forum traitant de ce virus et j'ai notamment effectué les actions conseillées par Noctambule28 sur ce sujet-ci : http://www.commentcamarche.net/forum/affich 6350516 hldrrr exe trojan

Voici les logs de elibagla et hijackthis :


Sun May 18 19:20:22 2008
EliBagle v11.37 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 16 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.37
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun May 18 19:21:06 2008
EliBagle v11.37 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 16 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\downld\201156.EXE --> Eliminado Bagle

Nº Total de Directorios: 3575
Nº Total de Ficheros: 90143
Nº de Ficheros Analizados: 6853
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:30, on 18.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WebSite-Watcher\wswatch.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://whatevercc.livejournal.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Demoxi WebBrowserEvents Class - {503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Demoxi ToolButton Class - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WebSite-Watcher.lnk = C:\Program Files\WebSite-Watcher\wswatch.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Daz\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Demoxi - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051A34C-C932-4619-8C59-FDF70755A913}: NameServer = 192.168.1.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe

15 réponses

Réponse 1 / 15
Utilisateur anonyme
18 mai 2008 à 19:38
salut

fais ca:

* Télécharger Combifix (by Subs) sur cette page :
* http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Enregistrez le sur le bureau
* Déconnectez vous d'internet et fermez toutes tes applications et programmes
* Double-cliquez sur combo-fix.exe
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée sous la racine: C:\Combofix.txt

Remarque : combo se charge de supprimer un certain nombre de fichiers infectés liés à bagle.
Il est impératif de télécharger combo par le lien donné précédemment ( version renommée ) ou alors de renommer vous même combo ( clic droit sur le fichier < renommer ), car sinon Combo sera totalement inefficace face à Bagle !
(vous pouver renomer combofix en n'importe quoi comme killer ou tuer etc...)

vous me poster le rapport
0
Anemos
18 mai 2008 à 19:52
ComboFix 08-05-15.3 - Daz 2008-05-18 19:44:50.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.687 [GMT 2:00]
Endroit: D:\__D\__inst\___virus\tueur.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\174171.exe
C:\WINDOWS\system32\drivers\downld\17589015.exe
C:\WINDOWS\system32\drivers\downld\17624140.exe
C:\WINDOWS\system32\drivers\downld\17782593.exe
C:\WINDOWS\system32\drivers\downld\17819031.exe
C:\WINDOWS\system32\drivers\downld\17841687.exe
C:\WINDOWS\system32\drivers\downld\89296.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\t.txt
N:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.

2008-05-18 19:41 . 2008-05-18 19:41 <REP> d-------- C:\ComboFix
2008-05-18 19:24 . 2008-05-18 19:24 <REP> d-------- C:\Program Files\Trend Micro
2008-05-18 19:20 . 2008-05-18 19:20 <REP> d-------- C:\Muestras
2008-05-18 13:40 . 2008-05-18 13:41 <REP> d-------- C:\Program Files\ReaConverter 5.5 Pro
2008-05-18 13:40 . 2008-05-18 13:47 <REP> d-------- C:\Documents and Settings\Daz\Application Data\RCP 5
2008-05-18 13:38 . 2008-05-18 13:39 <REP> d-------- C:\Program Files\gs
2008-05-16 18:29 . 2008-05-16 18:30 <REP> d-------- C:\Program Files\4Musics Multiformat Converter
2008-05-16 18:29 . 2004-05-12 14:41 40,960 --a------ C:\WINDOWS\system32\amshellext.dll
2008-05-14 00:53 . 2008-05-14 01:02 <REP> d-------- C:\Documents and Settings\Daz\Wagaya no Oinarisama OP(320KMP3+BK)
2008-05-13 08:49 . 2008-05-13 08:50 <REP> d-------- C:\Program Files\CDex_150
2008-05-07 15:28 . 2008-05-13 12:08 1,259,574 --a------ C:\WINDOWS\ACD Wallpaper.bmp
2008-05-01 10:18 . 2008-05-01 10:18 <REP> d-------- C:\Documents and Settings\Daz\.thumbnails
2008-05-01 10:10 . 2008-05-01 11:12 <REP> d-------- C:\Documents and Settings\Daz\.gimp-2.2
2008-05-01 10:07 . 2008-05-01 10:09 <REP> d-------- C:\Program Files\GIMP-2.2
2008-05-01 10:07 . 2008-05-01 10:07 <REP> d-------- C:\Program Files\Fichiers communs\GTK
2008-04-29 20:24 . 2008-04-29 20:24 <REP> d-------- C:\Program Files\Unlocker
2008-04-28 17:52 . 2008-04-28 17:52 0 --ah----- C:\Documents and Settings\NetworkService\hpothb07.dat
2008-04-27 11:59 . 2008-04-27 11:59 <REP> d-------- C:\Program Files\CDCheck
2008-04-22 07:34 . 2008-04-22 07:34 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\PhotoParade

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 17:41 --------- d-----w C:\Documents and Settings\Daz\Application Data\uTorrent
2008-05-18 17:04 --------- d-----w C:\Program Files\eMule
2008-05-18 14:01 --------- d-----w C:\Program Files\Semagic
2008-05-14 19:55 --------- d-----w C:\Program Files\Winamp
2008-05-13 08:52 --------- d-----w C:\Program Files\uTorrent
2008-05-12 06:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-04 17:34 --------- d-----w C:\Documents and Settings\Daz\Application Data\Jasc
2008-04-04 17:32 --------- d-----w C:\Program Files\Jasc Software Inc
2008-04-04 14:23 --------- d-----w C:\Program Files\demoxi
2008-04-04 14:23 --------- d-----w C:\Documents and Settings\Daz\Application Data\demoxi
2008-04-01 18:29 --------- d-----w C:\Program Files\Fichiers communs\FotoNation
2008-03-31 16:09 --------- d-----w C:\Program Files\Google
2008-03-31 16:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 16:02 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-25 16:01 --------- d-----w C:\Documents and Settings\Daz\Application Data\AdobeUM
2008-03-23 22:23 --------- d-----w C:\Program Files\Opera
2008-03-23 13:25 313,040 ----a-w C:\Documents and Settings\Daz\Application Data\GDIPFONTCACHEV1.DAT
2008-03-21 22:24 --------- d-----w C:\Program Files\ModTheSims2.com
2008-03-21 21:43 --------- d-----w C:\Program Files\jwpce
2008-03-21 21:21 782 ----a-w C:\registre.reg
2008-03-19 08:48 --------- d-----w C:\Documents and Settings\Daz\Application Data\Media Player Classic
2008-03-18 12:30 --------- d-----w C:\Documents and Settings\Daz\Application Data\ACD Systems
2008-03-18 10:42 --------- d-----w C:\Program Files\FileZilla
2008-03-18 08:33 --------- d-----w C:\Program Files\MSN Messenger
2008-03-17 20:02 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2008-03-17 18:37 558,142 ----a-w C:\WINDOWS\java\Packages\X3PNJ7Z1.ZIP
2008-03-17 18:37 155,995 ----a-w C:\WINDOWS\java\Packages\A7DRJHN1.ZIP
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD}]
2008-03-17 19:00 118784 --a------ C:\Program Files\demoxi\identity\[u]0[/u].8.1.1169\bin\ie\identity.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93830054-C0EE-41a4-94FC-411CBEB9F076}]
2008-03-17 19:00 118784 --a------ C:\Program Files\demoxi\identity\[u]0[/u].8.1.1169\bin\ie\identity.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 11:45 13312]
"scheduler_monitor"="C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 11:17 27136]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2002-08-28 21:38 208953]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 11:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 22:10 335872]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 20:05 2532576]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"QuickTime Task"="C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" [2008-03-17 21:51 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 11:45 13312]

C:\Documents and Settings\Daz\Menu D‚marrer\Programmes\D‚marrage\
æTorrent.lnk - C:\Program Files\uTorrent\uTorrent.exe [2008-05-03 19:27:22 265008]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2008-03-17 21:50:43 869376]
WebSite-Watcher.lnk - C:\Program Files\WebSite-Watcher\wswatch.exe [2008-03-17 21:25:31 1700352]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-03-07 17:58 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\demoxi identity]
--a------ 2008-03-17 19:01 364630 C:\Program Files\demoxi\identity\[u]0[/u].8.1.1169\bin\demoxi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 02:32]
S3 rcp_service;ReaConverter scheduler service;C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 12:27]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 02:48]

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-17 18:05:22 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1205780723.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 19:46:34
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


C:\Documents and Settings\Daz\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 815 bytes hidden from API


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Temps d'accomplissement: 2008-05-18 19:48:26
ComboFix-quarantined-files.txt 2008-05-18 17:47:24

Pre-Run: 19,445,055,488 octets libres
Post-Run: 19,706,445,824 octets libres

162
0
Réponse 2 / 15
nico-81 Messages postés 1612 Date d'inscription vendredi 18 avril 2008 Statut Membre Dernière intervention 27 février 2014 98
18 mai 2008 à 19:54
fixe xette ligne :
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

regarde :
http://www.castlecops.com/modules.php?name=StartupList&query=SOUNDMAN.EXE

mais je ne suis pas sûr, atta qu'une autre personne regarde
0
Réponse 3 / 15
Utilisateur anonyme
18 mai 2008 à 19:55
ok reposte moi un log hijackthis
0
Anemos
18 mai 2008 à 19:58
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:24, on 18.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://whatevercc.livejournal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Demoxi WebBrowserEvents Class - {503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O2 - BHO: Demoxi ToolButton Class - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WebSite-Watcher.lnk = C:\Program Files\WebSite-Watcher\wswatch.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Daz\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Demoxi - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051A34C-C932-4619-8C59-FDF70755A913}: NameServer = 192.168.1.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
0
Anemos
18 mai 2008 à 19:59
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:24, on 18.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://whatevercc.livejournal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Demoxi WebBrowserEvents Class - {503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O2 - BHO: Demoxi ToolButton Class - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WebSite-Watcher.lnk = C:\Program Files\WebSite-Watcher\wswatch.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Daz\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Demoxi - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051A34C-C932-4619-8C59-FDF70755A913}: NameServer = 192.168.1.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
0
Réponse 4 / 15
Utilisateur anonyme
18 mai 2008 à 20:09
maintenant désinstalle avast et mes antivir mes le a jour puis fais un scan et supprime tous se qu'il trouve (delete)
puis poste moi le log d'antivir et un nouveau log d'hijackthis
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
Anemos
18 mai 2008 à 20:48
ça va prendre un peu plus de temps, le scan d'antivir n'en est pas à 2%, je te poste ça dans la soirée .. merci ;)
0
Réponse 6 / 15
Utilisateur anonyme
18 mai 2008 à 20:49
ok derien
0
Réponse 7 / 15
Anemos
19 mai 2008 à 09:00
12h et beaucoup de fichiers plus tard ... AntiVir m'a trouvé quelques merdes qu'Avast m'avait laissé ... merci Avast ....



Avira AntiVir Personal
Report file date: dimanche, 18. mai 2008 20:37

Scanning for 1276115 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: AMN-ML87VDR00G3

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09.04.2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18.03.2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07.02.2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28.02.2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21.02.2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17.05.2008 18:36:20
ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17.05.2008 18:36:20
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25.02.2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 18.05.2008 18:36:33
AESCN.DLL : 8.1.0.18 119156 Bytes 18.05.2008 18:36:31
AERDL.DLL : 8.1.0.20 418165 Bytes 18.05.2008 18:36:31
AEPACK.DLL : 8.1.1.5 364918 Bytes 18.05.2008 18:36:30
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18.05.2008 18:36:28
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 18.05.2008 18:36:27
AEHELP.DLL : 8.1.0.14 115063 Bytes 18.05.2008 18:36:23
AEGEN.DLL : 8.1.0.21 303477 Bytes 18.05.2008 18:36:23
AEEMU.DLL : 8.1.0.6 430451 Bytes 18.05.2008 18:36:22
AECORE.DLL : 8.1.0.29 168311 Bytes 18.05.2008 18:36:21
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23.01.2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18.02.2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23.01.2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28.02.2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23.01.2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10.03.2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06.03.2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, G:, H:, I:, J:, K:, N:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche, 18. mai 2008 20:37

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'utorrent.exe' - '1' Module(s) have been scanned
Scan process 'wswatch.exe' - '1' Module(s) have been scanned
Scan process 'Printkey2000.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!
Boot sector 'N:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\Jeux\_install\Games N Gage (Pandemonium,Virtua Tennis, Fifa 2004 - 2005, Ssx, Sonic, Tomb Raider, Etc).zip
[0] Archive type: ZIP
--> N gage/Nokia N-Gage Games/Motoracer/keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
--> N gage/Nokia N-Gage Games/Moto Racer/Moto Racer.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
[NOTE] The file was deleted!
D:\Jeux\_install\Jigsaw Puzzle Platinum.zip
[0] Archive type: ZIP
--> Keygen.exe
[DETECTION] Is the Trojan horse TR/Small.FIB
[NOTE] The file was deleted!
D:\__D\__inst\Trial-Reset_V3.0_Final.By.theboss.rar
[0] Archive type: RAR
--> Plugins\Empty Key.dll
[DETECTION] Is the Trojan horse TR/Agent.7184.1
[NOTE] The file was deleted!
Begin scan in 'G:\'
Begin scan in 'H:\'
H:\Documents and Settings\Daz\Mes documents\__D\_games\Games N Gage (Pandemonium,Virtua Tennis, Fifa 2004 - 2005, Ssx, Sonic, Tomb Raider, Etc).zip
[0] Archive type: ZIP
--> N gage/Nokia N-Gage Games/Motoracer/keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
--> N gage/Nokia N-Gage Games/Moto Racer/Moto Racer.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
[NOTE] The file was deleted!
H:\Documents and Settings\Daz\Mes documents\__D\_games\Jigsaw Puzzle Platinum.zip
[0] Archive type: ZIP
--> Keygen.exe
[DETECTION] Is the Trojan horse TR/Small.FIB
[NOTE] The file was deleted!
H:\Documents and Settings\Daz\Mes documents\__D\__inst\Trial-Reset_V3.0_Final.By.theboss.rar
[0] Archive type: RAR
--> Plugins\Empty Key.dll
[DETECTION] Is the Trojan horse TR/Agent.7184.1
[NOTE] The file was deleted!
Begin scan in 'I:\'
I:\System Volume Information\_restore{32D4A648-C6AA-43FE-94B9-8056EADAB86E}\RP38\A0007195.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[NOTE] The file was moved to '4860b9af.qua'!
Begin scan in 'J:\'
Begin scan in 'K:\'
K:\Pics\A trier\The Sims - Spock skin.zip
[0] Archive type: ZIP
--> The Sims - Spock skin.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was deleted!
Begin scan in 'N:\' <My Book>


End of the scan: lundi, 19. mai 2008 08:48
Used time: 12:11:04 min

The scan has been done completely.

41101 Scanning directories
1843826 Files were scanned
10 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
7 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
1843816 Files not concerned
46529 Archives were scanned
2 Warnings
8 Notes



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:55:41, on 19.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WebSite-Watcher\wswatch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Semagic\LiveJournalU.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://whatevercc.livejournal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Demoxi WebBrowserEvents Class - {503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O2 - BHO: Demoxi ToolButton Class - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WebSite-Watcher.lnk = C:\Program Files\WebSite-Watcher\wswatch.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Daz\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Demoxi - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051A34C-C932-4619-8C59-FDF70755A913}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
0
Réponse 8 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 mai 2008 à 11:19
slt en passant

vire les crack trouvés par antivir!
et vide la quarantaine d'antivir!


______________


ton windows n'est pas a jour et tu n'as pas de parefeu?


mets a jour windows le SP2 et SP3

DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE


ensuite mets a jour internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

_____________

tu n'as aucun antiespion:

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport (garde le par la suite)

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/







je laisse
jessydu54, poursuivre

et te faire désativer ta restauration par la suite
0
Réponse 9 / 15
Anemos
19 mai 2008 à 12:50
Non, mon pare feu a été viré par le virus et je verrai pour la mise à jour de XP ... j'attendrai qu'on me dire que la SP3 est stable et exempt de bugs et de failles (ce qui n'a pas l'air d'être encore tout à fait le cas).

Si si, j'ai un antispyware, je n'ai pas encore ressenti besoin de le passer sur cette installation de XP (Je l'ai installé il n'y a pas très longtemps sur un nouveau disque dur). Je le ferai certainement bientôt. Merci en tout cas ;)
0
Réponse 10 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 mai 2008 à 12:55
remets un parefeu en urgence et installe le sp2 au moins
0
Réponse 11 / 15
Utilisateur anonyme
19 mai 2008 à 14:19
dsl j'ai du m'absenter merci jlpjlp de lui avoir répondue
comme par feu je te conseille zone alarm free
0
Réponse 12 / 15
Anemos
19 mai 2008 à 15:29
Sinon c'est bon pour le reste ?
0
Réponse 13 / 15
Utilisateur anonyme
19 mai 2008 à 15:30
oui je pense
0
Réponse 14 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 mai 2008 à 15:31
il faut désactiver ta restauration car des virus sont dedans:

désactive la restauration système
puis redemarre ton ordi
puis réactive là : https://www.informatruc.com


______________

recolle un scan antivir pour verifer
0
Réponse 15 / 15
Anemos
19 mai 2008 à 21:50
Merci beaucoup :D
0