Trojan-Downloader.Win32.Small.aggj
Blob
-
Blob -
Blob -
Bonjour,
J'ai un problème avec un trojan(Trojan-Downloader.Win32.Small.aggj) depuis hier soir. A chaque démarrage du PC, Kaspersky m'avertit qu'il a découvert un trojan et qu'il essaye de le supprimer. Il relance donc le PC et j'ai de nouveau droit au message en question... J'ai donc essayé de supprimer le fichier(el32.dll qui se trouve dans C:\WINDOWS\system32) manuellement avec unlocker. Ca marche mais lorsque je relance l'ordinateur, le fichier est de nouveau là...
J'ai parcouru divers sujets et forums et sur l'un d'eux, quelqu'un disait de supprimer aussi le fichier el.ini, qui se trouve dans C:\WINDOWS. Je ne sais pas à quoi sert ce fichier et j'ai préféré ne pas y toucher.
J'ai aussi utilisé CCleaner, Malwarebytes et hijackthis, sans résultat(enfin, Malwarebytes a trouvé une dizaine de malwares, dont el32.dll mais c'est le seul qui ne se supprime pas(c'est donc le même problème qu'avec Kaspersky)).
Voilà le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:48, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [DmwClient] "dmwclient.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Jeux\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Jeux\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103546850734
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79741310-EEC8-4B33-BA4D-BE76B82AE8C7}: NameServer = 195.238.2.21,195.238.2.22
O20 - AppInit_DLLs: MsgPlusLoader.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SMTP Server Service (SMTPMainService) - Unknown owner - C:\Program Files\Local SMTP Relay Server\SMTPListener.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
J'ai un problème avec un trojan(Trojan-Downloader.Win32.Small.aggj) depuis hier soir. A chaque démarrage du PC, Kaspersky m'avertit qu'il a découvert un trojan et qu'il essaye de le supprimer. Il relance donc le PC et j'ai de nouveau droit au message en question... J'ai donc essayé de supprimer le fichier(el32.dll qui se trouve dans C:\WINDOWS\system32) manuellement avec unlocker. Ca marche mais lorsque je relance l'ordinateur, le fichier est de nouveau là...
J'ai parcouru divers sujets et forums et sur l'un d'eux, quelqu'un disait de supprimer aussi le fichier el.ini, qui se trouve dans C:\WINDOWS. Je ne sais pas à quoi sert ce fichier et j'ai préféré ne pas y toucher.
J'ai aussi utilisé CCleaner, Malwarebytes et hijackthis, sans résultat(enfin, Malwarebytes a trouvé une dizaine de malwares, dont el32.dll mais c'est le seul qui ne se supprime pas(c'est donc le même problème qu'avec Kaspersky)).
Voilà le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:48, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [DmwClient] "dmwclient.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Jeux\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Jeux\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103546850734
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79741310-EEC8-4B33-BA4D-BE76B82AE8C7}: NameServer = 195.238.2.21,195.238.2.22
O20 - AppInit_DLLs: MsgPlusLoader.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SMTP Server Service (SMTPMainService) - Unknown owner - C:\Program Files\Local SMTP Relay Server\SMTPListener.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
A voir également:
- Trojan-Downloader.Win32.Small.aggj
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan al11 ✓ - Forum Virus
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Trojan win32 - Forum Virus
5 réponses
> Démarre en mode sans échec.
> Lance MalwareByte's Anti-Malware,
- Clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente...
- A la fin du scanne, clique sur "supprimer" (Si des éléments sont difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors)
- après suppression des infections : un rapport va être généré : sauvegarde le et poste le sur forum.
> Lance MalwareByte's Anti-Malware,
- Clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente...
- A la fin du scanne, clique sur "supprimer" (Si des éléments sont difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors)
- après suppression des infections : un rapport va être généré : sauvegarde le et poste le sur forum.
Je viens de faire un scan avec Combofix. Apparemment, un autre fichier(userinit.exe) est infecté, toujours dans system32:
ComboFix 08-11-23.01 - user 2008-11-24 13:41:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.583 [GMT 1:00]
Lancé depuis: c:\documents and settings\user\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\documents\setup.exe
c:\documents and settings\user\Mes documents\My Documents.url
c:\windows\system32\userini.exe
[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!![/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-24 au 2008-11-24 ))))))))))))))))))))))))))))))))))))
.
2008-11-23 15:20 . 2008-11-24 13:28 14,336 --a------ c:\windows\system32\el32.dll
2008-11-23 10:59 . 2008-11-23 10:59 2,955,128 --a------ C:\ccsetup213.exe.part
2008-11-23 00:52 . 2008-11-23 15:17 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 00:52 . 2008-11-23 00:52 <REP> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2008-11-23 00:52 . 2008-11-23 00:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-23 00:52 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 00:52 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-23 00:51 . 2008-11-23 00:52 2,372,472 --a------ c:\program files\mbam-setup.exe
2008-11-20 01:38 . 2008-11-20 01:38 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-20 01:36 . 2008-11-20 01:37 15,083,520 --a------ c:\program files\spybot-search-destroy_spybot_-_search_destroy_1.6.0.30_francais_10965.exe
2008-11-20 01:29 . 2008-11-20 01:31 <REP> d-------- c:\program files\RogueRemover FREE
2008-11-20 01:29 . 2008-11-20 01:29 690,568 --a------ c:\program files\rr-free-setup.exe
2008-11-08 11:46 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\d3dx9_37.dll
2008-11-08 11:45 . 2008-11-08 11:45 1,716,795 --a------ c:\windows\system32\d3dx9_37.zip
2008-11-08 10:19 . 2008-11-21 18:20 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-08 10:19 . 2008-11-08 10:19 1,409 --a------ c:\windows\QTFont.for
2008-11-06 13:57 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-11-06 13:57 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-11-06 13:57 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-11-06 13:57 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-11-06 13:57 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-11-06 13:57 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-11-06 13:57 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-11-06 13:57 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-11-06 13:57 . 2003-05-22 16:31 55,808 --a------ c:\windows\system32\lfpsd13n.dll
2008-10-30 02:24 . 2008-10-30 02:24 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-10-27 19:36 . 2008-10-27 19:36 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 13:01 658,720 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-24 12:46 53,729,568 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-24 12:44 720,620 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-24 12:44 62,732 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-24 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-23 15:43 --------- d-----w c:\documents and settings\user\Application Data\Xfire
2008-11-23 14:54 --------- d-----w c:\documents and settings\user\Application Data\teamspeak2
2008-11-23 14:51 --------- d-----w c:\program files\eclipse
2008-11-23 14:31 --------- d-----w c:\program files\Xfire
2008-11-23 10:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-23 10:07 8,029 ----a-w c:\program files\hijackthis.log
2008-11-23 09:59 2,955,128 ----a-w c:\program files\ccsetup213.exe.part
2008-11-22 23:15 --------- d-----w c:\documents and settings\user\Application Data\Skype
2008-11-20 16:12 --------- d-----w c:\program files\Notepad++
2008-11-20 01:25 --------- d-----w c:\program files\backups
2008-11-12 19:22 --------- d-----w c:\program files\eMule
2008-11-08 10:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 10:41 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-08 10:41 22,328 ----a-w c:\documents and settings\user\Application Data\PnkBstrK.sys
2008-11-03 14:11 --------- d-----w c:\documents and settings\user\Application Data\X-Chat 2
2008-11-01 16:39 --------- d-----w c:\program files\SpeedFan
2008-10-19 13:19 --------- d-----w c:\program files\Keygen by SSG
2008-10-19 10:31 --------- d-----w c:\documents and settings\user\Application Data\Wallpaper
2008-10-19 10:02 --------- d-----w c:\documents and settings\user\Application Data\Grisoft
2008-10-19 10:02 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-19 09:57 12,413,440 ----a-w c:\program files\avgas-setup-7.5.1.43.exe
2008-10-10 21:17 --------- d-----w c:\documents and settings\user\Application Data\Azureus
2008-10-06 17:25 --------- d-----w c:\program files\ATI
2008-10-06 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-10-06 17:21 --------- d-----w c:\program files\ATI Technologies
2008-10-06 17:14 36,663,808 ----a-w c:\program files\8-9_xp32_dd_ccc_wdm_enu_68898.exe
2008-10-04 18:26 --------- d-----w c:\program files\X-Chat 2
2008-10-04 18:25 7,743,998 ----a-w c:\program files\xchat-2.8.6-1.exe
2008-10-04 18:22 --------- d-----w c:\documents and settings\user\Application Data\mIRC
2008-10-04 11:34 --------- d-----w c:\documents and settings\user\Application Data\Hamachi
2008-10-02 13:23 3,231,826 ----a-w c:\program files\eMule0.49b-Installer1.exe
2008-09-25 15:12 --------- d-----w c:\program files\Axon Data
2008-09-25 15:11 1,518,672 ----a-w c:\program files\AxCrypt-Setup.exe
2008-09-15 14:47 70 ----a-w c:\program files\hamachi-purge.reg
2008-09-15 14:41 1,013,392 ----a-w c:\program files\HamachiSetup-1.0.3.0-fr.exe
2008-09-01 15:15 124,404 ----a-w c:\program files\1653S_e.zip
2008-09-01 14:15 594,451 ----a-w c:\program files\DR16CS0T.zip
2008-06-23 19:48 6,010,305 ----a-w c:\program files\YoutubeGet 4.2.6 + crack.rar
2008-06-22 11:17 39 ----a-w c:\program files\options.ini
2008-06-11 13:42 562 ----a-w c:\program files\repair_install.reg
2007-07-09 07:41 911,525 ----a-w c:\program files\data2.cab
2007-07-09 07:41 812,821 ----a-w c:\program files\data1.cab
2007-07-09 07:41 552,214 ----a-w c:\program files\ISSetup.dll
2007-07-09 07:41 476 ----a-w c:\program files\layout.bin
2007-07-09 07:41 473 ----a-w c:\program files\setup.ini
2007-07-09 07:41 449,713 ----a-w c:\program files\setup.inx
2007-07-09 07:41 22,910 ----a-w c:\program files\data1.hdr
2007-07-06 16:28 12,732 ----a-w c:\program files\bcm43xx64.cat
2007-07-06 16:28 12,728 ----a-w c:\program files\bcm43xx.cat
2007-06-28 12:36 401,720 ----a-w c:\program files\HijackThis.exe
2007-06-27 22:33 583,120 ----a-w c:\program files\bcmwl6.inf
2007-06-21 17:16 825,336 ----a-w c:\program files\bcmwl664.sys
2007-06-21 17:16 691,192 ----a-w c:\program files\bcmwl6.sys
2007-03-21 07:10 60,273 ----a-w c:\program files\pthreadGC2.dll
2007-03-09 14:05 30 ----a-w c:\program files\SilentInstall.bat
2006-12-11 10:31 769 ----a-w c:\program files\setup.iss
2006-08-12 10:20 1 ----a-w c:\documents and settings\user\SI.bin
2006-05-17 22:21 164,784 ----a-w c:\program files\_Setup.dll
2005-12-16 14:18 607,232 ----a-w c:\program files\CS0T.EXE
2004-09-20 13:46 131,171 ----a-w c:\program files\1653S_e.pdf
2008-05-28 10:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008052820080529\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 218376]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]
"bcmwltry"="bcmwltry.exe" [2004-01-27 c:\windows\system32\bcmwltry.exe]
"RemoveCpl"="RemoveCpl.exe" [2003-01-14 c:\windows\system32\RemoveCpl.exe]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-09-14 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:34 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-04-17 11:41 196608 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2006-09-15 12:27 2048000 c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-03-01 06:10 15872 c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-03 09:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcmwltry]
--a------ 2004-01-27 16:20 610304 c:\windows\system32\bcmwltry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveCpl]
--a------ 2003-01-14 22:50 24576 c:\windows\system32\RemoveCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Jeux\\Warcraft III\\Warcraft III.exe"=
"c:\\Jeux\\Call of duty\\CoDMP.exe"=
"c:\\Jeux\\Call of duty\\CoDUOMP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Jeux\\Call of duty 2\\CoD2MP_s.exe"=
"c:\\Jeux\\Valve Lan\\hl.exe"=
"c:\\Jeux\\Flatout2\\FlatOut2.exe"=
"c:\\Jeux\\Postal2STP\\System\\POSTAL2.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\half-life 2\\hl2.exe"=
"c:\\Jeux\\C&C Generals\\generals.exe"=
"c:\\Sierra\\Counter-Strike\\cstrike.exe"=
"c:\\Jeux\\GUILD WARS\\Gw.exe"=
"c:\\Jeux\\FEAR\\FEARServer.exe"=
"c:\\Jeux\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\counter-strike source\\hl2.exe"=
"c:\\Jeux\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\dark messiah might and magic multi-player\\mm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Jeux\\Age Of Empires II\\empires2.exe"=
"c:\\Jeux\\Medal of Honor\\MOHAA.exe"=
"c:\\Jeux\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Jeux\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Jeux\\Command and Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\source sdk base\\hl2.exe"=
"c:\\Jeux\\Medieval Total War II\\medieval2.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Jeux\\FEAR\\FEAR.exe"=
"c:\\Jeux\\FEAR\\FEARMP.exe"=
"c:\\Jeux\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Jeux\\Armagetron Advanced\\armagetronad.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Sierra\\Half-Life\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"c:\\Jeux\\Aliens vs. Predator 2\\lithtech.exe"=
"c:\\Jeux\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Jeux\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Jeux\\Populous\\popTB.exe"=
"c:\\Jeux\\Valve Lan\\hltv.exe"=
"c:\\Program Files\\Hamachi\\nicmgr.exe"=
"c:\\Jeux\\Warcraft III\\Garena\\Garena.exe"=
"c:\\Program Files\\X-Chat 2\\xchat.exe"=
"c:\\Jeux\\Command and Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2008-05-20 3026]
R1 SSHDRV65;SSHDRV65;\??\c:\windows\system32\drivers\SSHDRV65.sys [2005-01-12 120320]
R2 Vcs;Vcs support;\??\c:\windows\system32\Drivers\Vcs.sys [2006-05-23 6852]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S2 SMTPMainService;SMTP Server Service;c:\program files\Local SMTP Relay Server\SMTPListener.exe []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe []
S3 kbeepm;kbeepm;\??\c:\docume~1\user\LOCALS~1\Temp\kbeepm.sys []
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-07-25 191656]
S3 NAL;Nal Service ;\??\c:\windows\system32\Drivers\iqvw32.sys [2008-07-29 30816]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS [2003-10-04 17018]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice [2008-04-03 24635]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fe40f5d-885d-11db-b4b3-00115036284f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3ba5c3-aa51-11dc-864c-0011d80253c1}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b95e6418-5232-11db-b43e-00115036284f}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
2008-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-DmwClient - dmwclient.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5h55h6dq.Yvan\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.jeuxvideo.com/etajvbis.htm
FF -: plugin - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5h55h6dq.Yvan\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 14:01:07
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1136)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
c:\windows\system32\WgaLogon.dll
- - - - - - - > 'lsass.exe'(1192)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wltrysvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2008-11-24 14:06:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-24 13:06:25
Avant-CF: 20.193.353.728 octets libres
Après-CF: 21,729,529,856 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
323 --- E O F --- 2008-08-15 15:01:58
ComboFix 08-11-23.01 - user 2008-11-24 13:41:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.583 [GMT 1:00]
Lancé depuis: c:\documents and settings\user\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\documents\setup.exe
c:\documents and settings\user\Mes documents\My Documents.url
c:\windows\system32\userini.exe
[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!![/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-24 au 2008-11-24 ))))))))))))))))))))))))))))))))))))
.
2008-11-23 15:20 . 2008-11-24 13:28 14,336 --a------ c:\windows\system32\el32.dll
2008-11-23 10:59 . 2008-11-23 10:59 2,955,128 --a------ C:\ccsetup213.exe.part
2008-11-23 00:52 . 2008-11-23 15:17 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 00:52 . 2008-11-23 00:52 <REP> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2008-11-23 00:52 . 2008-11-23 00:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-23 00:52 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 00:52 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-23 00:51 . 2008-11-23 00:52 2,372,472 --a------ c:\program files\mbam-setup.exe
2008-11-20 01:38 . 2008-11-20 01:38 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-20 01:36 . 2008-11-20 01:37 15,083,520 --a------ c:\program files\spybot-search-destroy_spybot_-_search_destroy_1.6.0.30_francais_10965.exe
2008-11-20 01:29 . 2008-11-20 01:31 <REP> d-------- c:\program files\RogueRemover FREE
2008-11-20 01:29 . 2008-11-20 01:29 690,568 --a------ c:\program files\rr-free-setup.exe
2008-11-08 11:46 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\d3dx9_37.dll
2008-11-08 11:45 . 2008-11-08 11:45 1,716,795 --a------ c:\windows\system32\d3dx9_37.zip
2008-11-08 10:19 . 2008-11-21 18:20 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-08 10:19 . 2008-11-08 10:19 1,409 --a------ c:\windows\QTFont.for
2008-11-06 13:57 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-11-06 13:57 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-11-06 13:57 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-11-06 13:57 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-11-06 13:57 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-11-06 13:57 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-11-06 13:57 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-11-06 13:57 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-11-06 13:57 . 2003-05-22 16:31 55,808 --a------ c:\windows\system32\lfpsd13n.dll
2008-10-30 02:24 . 2008-10-30 02:24 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-10-27 19:36 . 2008-10-27 19:36 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 13:01 658,720 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-24 12:46 53,729,568 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-24 12:44 720,620 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-24 12:44 62,732 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-24 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-23 15:43 --------- d-----w c:\documents and settings\user\Application Data\Xfire
2008-11-23 14:54 --------- d-----w c:\documents and settings\user\Application Data\teamspeak2
2008-11-23 14:51 --------- d-----w c:\program files\eclipse
2008-11-23 14:31 --------- d-----w c:\program files\Xfire
2008-11-23 10:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-23 10:07 8,029 ----a-w c:\program files\hijackthis.log
2008-11-23 09:59 2,955,128 ----a-w c:\program files\ccsetup213.exe.part
2008-11-22 23:15 --------- d-----w c:\documents and settings\user\Application Data\Skype
2008-11-20 16:12 --------- d-----w c:\program files\Notepad++
2008-11-20 01:25 --------- d-----w c:\program files\backups
2008-11-12 19:22 --------- d-----w c:\program files\eMule
2008-11-08 10:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 10:41 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-08 10:41 22,328 ----a-w c:\documents and settings\user\Application Data\PnkBstrK.sys
2008-11-03 14:11 --------- d-----w c:\documents and settings\user\Application Data\X-Chat 2
2008-11-01 16:39 --------- d-----w c:\program files\SpeedFan
2008-10-19 13:19 --------- d-----w c:\program files\Keygen by SSG
2008-10-19 10:31 --------- d-----w c:\documents and settings\user\Application Data\Wallpaper
2008-10-19 10:02 --------- d-----w c:\documents and settings\user\Application Data\Grisoft
2008-10-19 10:02 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-19 09:57 12,413,440 ----a-w c:\program files\avgas-setup-7.5.1.43.exe
2008-10-10 21:17 --------- d-----w c:\documents and settings\user\Application Data\Azureus
2008-10-06 17:25 --------- d-----w c:\program files\ATI
2008-10-06 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-10-06 17:21 --------- d-----w c:\program files\ATI Technologies
2008-10-06 17:14 36,663,808 ----a-w c:\program files\8-9_xp32_dd_ccc_wdm_enu_68898.exe
2008-10-04 18:26 --------- d-----w c:\program files\X-Chat 2
2008-10-04 18:25 7,743,998 ----a-w c:\program files\xchat-2.8.6-1.exe
2008-10-04 18:22 --------- d-----w c:\documents and settings\user\Application Data\mIRC
2008-10-04 11:34 --------- d-----w c:\documents and settings\user\Application Data\Hamachi
2008-10-02 13:23 3,231,826 ----a-w c:\program files\eMule0.49b-Installer1.exe
2008-09-25 15:12 --------- d-----w c:\program files\Axon Data
2008-09-25 15:11 1,518,672 ----a-w c:\program files\AxCrypt-Setup.exe
2008-09-15 14:47 70 ----a-w c:\program files\hamachi-purge.reg
2008-09-15 14:41 1,013,392 ----a-w c:\program files\HamachiSetup-1.0.3.0-fr.exe
2008-09-01 15:15 124,404 ----a-w c:\program files\1653S_e.zip
2008-09-01 14:15 594,451 ----a-w c:\program files\DR16CS0T.zip
2008-06-23 19:48 6,010,305 ----a-w c:\program files\YoutubeGet 4.2.6 + crack.rar
2008-06-22 11:17 39 ----a-w c:\program files\options.ini
2008-06-11 13:42 562 ----a-w c:\program files\repair_install.reg
2007-07-09 07:41 911,525 ----a-w c:\program files\data2.cab
2007-07-09 07:41 812,821 ----a-w c:\program files\data1.cab
2007-07-09 07:41 552,214 ----a-w c:\program files\ISSetup.dll
2007-07-09 07:41 476 ----a-w c:\program files\layout.bin
2007-07-09 07:41 473 ----a-w c:\program files\setup.ini
2007-07-09 07:41 449,713 ----a-w c:\program files\setup.inx
2007-07-09 07:41 22,910 ----a-w c:\program files\data1.hdr
2007-07-06 16:28 12,732 ----a-w c:\program files\bcm43xx64.cat
2007-07-06 16:28 12,728 ----a-w c:\program files\bcm43xx.cat
2007-06-28 12:36 401,720 ----a-w c:\program files\HijackThis.exe
2007-06-27 22:33 583,120 ----a-w c:\program files\bcmwl6.inf
2007-06-21 17:16 825,336 ----a-w c:\program files\bcmwl664.sys
2007-06-21 17:16 691,192 ----a-w c:\program files\bcmwl6.sys
2007-03-21 07:10 60,273 ----a-w c:\program files\pthreadGC2.dll
2007-03-09 14:05 30 ----a-w c:\program files\SilentInstall.bat
2006-12-11 10:31 769 ----a-w c:\program files\setup.iss
2006-08-12 10:20 1 ----a-w c:\documents and settings\user\SI.bin
2006-05-17 22:21 164,784 ----a-w c:\program files\_Setup.dll
2005-12-16 14:18 607,232 ----a-w c:\program files\CS0T.EXE
2004-09-20 13:46 131,171 ----a-w c:\program files\1653S_e.pdf
2008-05-28 10:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008052820080529\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 218376]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]
"bcmwltry"="bcmwltry.exe" [2004-01-27 c:\windows\system32\bcmwltry.exe]
"RemoveCpl"="RemoveCpl.exe" [2003-01-14 c:\windows\system32\RemoveCpl.exe]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-09-14 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:34 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-04-17 11:41 196608 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2006-09-15 12:27 2048000 c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-03-01 06:10 15872 c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-03 09:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcmwltry]
--a------ 2004-01-27 16:20 610304 c:\windows\system32\bcmwltry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveCpl]
--a------ 2003-01-14 22:50 24576 c:\windows\system32\RemoveCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Jeux\\Warcraft III\\Warcraft III.exe"=
"c:\\Jeux\\Call of duty\\CoDMP.exe"=
"c:\\Jeux\\Call of duty\\CoDUOMP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Jeux\\Call of duty 2\\CoD2MP_s.exe"=
"c:\\Jeux\\Valve Lan\\hl.exe"=
"c:\\Jeux\\Flatout2\\FlatOut2.exe"=
"c:\\Jeux\\Postal2STP\\System\\POSTAL2.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\half-life 2\\hl2.exe"=
"c:\\Jeux\\C&C Generals\\generals.exe"=
"c:\\Sierra\\Counter-Strike\\cstrike.exe"=
"c:\\Jeux\\GUILD WARS\\Gw.exe"=
"c:\\Jeux\\FEAR\\FEARServer.exe"=
"c:\\Jeux\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\counter-strike source\\hl2.exe"=
"c:\\Jeux\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\dark messiah might and magic multi-player\\mm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Jeux\\Age Of Empires II\\empires2.exe"=
"c:\\Jeux\\Medal of Honor\\MOHAA.exe"=
"c:\\Jeux\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Jeux\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Jeux\\Command and Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\source sdk base\\hl2.exe"=
"c:\\Jeux\\Medieval Total War II\\medieval2.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Jeux\\FEAR\\FEAR.exe"=
"c:\\Jeux\\FEAR\\FEARMP.exe"=
"c:\\Jeux\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Jeux\\Armagetron Advanced\\armagetronad.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Sierra\\Half-Life\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\yvanlfdth\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"c:\\Jeux\\Aliens vs. Predator 2\\lithtech.exe"=
"c:\\Jeux\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Jeux\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Jeux\\Populous\\popTB.exe"=
"c:\\Jeux\\Valve Lan\\hltv.exe"=
"c:\\Program Files\\Hamachi\\nicmgr.exe"=
"c:\\Jeux\\Warcraft III\\Garena\\Garena.exe"=
"c:\\Program Files\\X-Chat 2\\xchat.exe"=
"c:\\Jeux\\Command and Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2008-05-20 3026]
R1 SSHDRV65;SSHDRV65;\??\c:\windows\system32\drivers\SSHDRV65.sys [2005-01-12 120320]
R2 Vcs;Vcs support;\??\c:\windows\system32\Drivers\Vcs.sys [2006-05-23 6852]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S2 SMTPMainService;SMTP Server Service;c:\program files\Local SMTP Relay Server\SMTPListener.exe []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe []
S3 kbeepm;kbeepm;\??\c:\docume~1\user\LOCALS~1\Temp\kbeepm.sys []
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-07-25 191656]
S3 NAL;Nal Service ;\??\c:\windows\system32\Drivers\iqvw32.sys [2008-07-29 30816]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS [2003-10-04 17018]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice [2008-04-03 24635]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fe40f5d-885d-11db-b4b3-00115036284f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3ba5c3-aa51-11dc-864c-0011d80253c1}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b95e6418-5232-11db-b43e-00115036284f}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
2008-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-DmwClient - dmwclient.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5h55h6dq.Yvan\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.jeuxvideo.com/etajvbis.htm
FF -: plugin - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5h55h6dq.Yvan\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 14:01:07
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1136)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
c:\windows\system32\WgaLogon.dll
- - - - - - - > 'lsass.exe'(1192)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wltrysvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2008-11-24 14:06:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-24 13:06:25
Avant-CF: 20.193.353.728 octets libres
Après-CF: 21,729,529,856 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
323 --- E O F --- 2008-08-15 15:01:58
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 3
23/11/2008 15:17:51
mbam-log-2008-11-23 (15-17-46).txt
Type de recherche: Examen rapide
Eléments examinés: 49923
Temps écoulé: 9 minute(s), 31 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\el32.dll (Trojan.FakeAlert) -> No action taken.