Se connecter / S'enregistrer
Votre question

trojan tr/crypt.xpack.gen dans system32

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Mars 2008 14:42:23

salut a tous :bounce: 

en cherchant dans le forum, j'ai vu le tuto sur hijackthis ... j'ai donc telecharger cette application et suis en mesure de vous donner le rapport suivant en esperant une aide de votre part pour éradiquer ce mechant trojan ;) 

a la suite j'ai aussi indiquer mon dernier rapport de scan antivirus antivir :pt1cable: 

j aurai bien aime trouver par moi meme et j'espere que quelqu'un me donnera la cle pour y arriver par moi meme et comprendre comment m'en sortir lors de mes prochaines infections :hello: 

Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:39, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\luc\Bureau\WLinstaller.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Windows Live\installer\Dashboard.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\luc\Bureau\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,??????????????
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~2\bdswitch.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://luc1979.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\luc\Mes documents\Mes images\chatfaitdespompesjh6.gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\luc\Bureau\bettina\Photo 28.jpg

--
End of file - 6237 bytes


rapport antivirus antivir

AntiVir PersonalEdition Classic
Report file date: mercredi 19 mars 2008 18:29

Scanning for 1159073 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: LUC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:27:12
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 17:27:12
ANTIVIR3.VDF : 7.0.3.55 314368 Bytes 19/03/2008 17:27:12
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 17:27:16
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/03/2008 17:27:17
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 19 mars 2008 18:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process '9wifi.exe' - '1' Module(s) have been scanned
Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned
Scan process 'AirPlusCFG.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\lspcdj.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4851b6fc.qua'!


End of the scan: jeudi 20 mars 2008 02:02
Used time: 7:32:36 min

The scan has been done completely.

4144 Scanning directories
133680 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
133679 Files not concerned
1337 Archives were scanned
2 Warnings
5 Notes

Autres pages sur : trojan crypt xpack gen system32

a b 8 Sécurité
20 Mars 2008 16:17:18

Bonjour,

Quel emplacement ?
21 Mars 2008 14:14:39

salut

windows\system32\lspcdj.exe

j'ai pas trouve ce fichier en faisant une recherche (même en regardant dans les fichiers caches)
Contenus similaires
a b 8 Sécurité
21 Mars 2008 17:52:25

On va voir autrement.

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    21 Mars 2008 18:14:42

    ComboFix 08-03-20.5 - luc 2008-03-21 18:03:55.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.94 [GMT 1:00]
    Endroit: C:\Documents and Settings\luc\Bureau\Securite\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-21 14:11 . 2008-03-21 14:17 5,073 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-03-20 16:50 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-03-20 16:38 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-03-20 14:45 . 2008-03-20 14:45 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-03-20 12:29 . 2008-03-20 12:44 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-20 12:22 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
    2008-03-20 12:22 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
    2008-03-20 02:41 . 2005-10-20 23:25 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
    2008-03-20 02:16 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
    2008-03-20 02:16 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
    2008-03-20 02:16 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
    2008-03-20 02:16 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
    2008-03-20 02:16 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
    2008-03-20 02:16 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-03-20 02:08 . 2004-08-20 00:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
    2008-03-20 02:08 . 2004-08-20 00:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2008-03-19 18:30 . 2007-07-30 19:19 215,896 --a------ C:\WINDOWS\system32\wuaucpl.cpl
    2008-03-19 18:19 . 2008-03-19 18:19 <REP> d-------- C:\Program Files\Avira
    2008-03-19 16:49 . 2003-07-22 17:29 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-03-19 16:48 . 2003-07-22 17:28 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-03-19 16:47 . 2001-08-23 17:47 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
    2008-03-19 16:33 . 2008-03-19 16:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-03-19 16:33 . 2008-03-19 16:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-03-19 16:33 . 2008-03-19 16:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-03-19 16:33 . 2008-03-19 16:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-03-19 16:33 . 2008-03-19 16:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-03-19 16:30 . 2007-07-30 19:19 1,712,984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2008-03-19 16:28 . 2004-08-19 23:54 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2008-03-19 16:28 . 2004-08-04 07:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
    2008-03-19 16:28 . 2006-06-14 09:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2008-03-19 16:24 . 2004-08-20 00:10 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
    2008-03-19 16:20 . 2008-03-20 02:10 1,223,209 --a------ C:\WINDOWS\setupapi.log.0.old
    2008-03-19 15:40 . 2007-09-17 11:51 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-03-19 15:40 . 2007-09-17 11:51 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-03-19 15:40 . 2007-09-17 13:41 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-03-19 15:40 . 2007-09-17 11:51 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-03-19 15:40 . 2007-09-17 11:51 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-03-19 15:40 . 2007-09-17 11:51 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-03-19 15:40 . 2007-09-17 11:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-03-18 14:26 . 2008-03-18 14:26 244 --ah----- C:\sqmnoopt08.sqm
    2008-03-18 14:26 . 2008-03-18 14:26 232 --ah----- C:\sqmdata08.sqm
    2008-03-15 03:27 . 2008-03-15 03:27 244 --ah----- C:\sqmnoopt07.sqm
    2008-03-15 03:27 . 2008-03-15 03:27 232 --ah----- C:\sqmdata07.sqm
    2008-03-14 11:26 . 2008-03-14 11:26 244 --ah----- C:\sqmnoopt06.sqm
    2008-03-14 11:26 . 2008-03-14 11:26 232 --ah----- C:\sqmdata06.sqm
    2008-03-14 11:19 . 2008-03-14 11:19 <REP> d-------- C:\Documents and Settings\luc\Contacts
    2008-03-14 01:41 . 2008-03-14 01:41 244 --ah----- C:\sqmnoopt05.sqm
    2008-03-14 01:41 . 2008-03-14 01:41 232 --ah----- C:\sqmdata05.sqm
    2008-03-13 22:38 . 2008-03-13 22:38 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
    2008-03-13 04:01 . 2008-03-13 04:01 244 --ah----- C:\sqmnoopt04.sqm
    2008-03-13 04:01 . 2008-03-13 04:01 232 --ah----- C:\sqmdata04.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-21 13:17 72,390 ----a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-03-21 13:17 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-03-20 13:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-20 01:31 --------- d-----w C:\Program Files\PKR
    2008-03-19 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-19 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-19 11:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-03-19 01:53 --------- d-----w C:\Program Files\eMule
    2008-03-13 00:05 --------- d-----w C:\Program Files\KaraFun
    2008-03-12 14:44 --------- d-----w C:\Program Files\Java
    2008-03-05 14:50 80,896 ----a-w C:\WINDOWS\system32\dxdllreg.exe
    2008-02-27 10:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-06 03:59 --------- d-----w C:\Program Files\Visicom Media
    2008-02-06 03:59 --------- d-----w C:\Documents and Settings\luc\Application Data\Visicom Media
    2008-02-06 03:58 729,088 ----a-w C:\WINDOWS\iun6002.exe
    2008-02-06 03:13 98,304 ----a-w C:\WINDOWS\system32\Rey_SubClasser.dll
    2008-01-23 15:46 --------- d-----w C:\Program Files\adslTV
    .

    ------- Sigcheck -------

    2007-06-26 15:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
    2007-06-27 15:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
    2007-08-20 10:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    2007-10-11 00:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    2007-12-07 01:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
    2007-12-07 02:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    2006-06-23 13:28 581120 1f063bdbd1afef9ac0abd02384d40376 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
    2004-08-19 15:09 694784 848baaf9d7e2a2ce9ca1cd0c2db43833 C:\WINDOWS\$NtUninstallKB937143_0$\wininet.dll
    2004-08-20 00:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
    2006-10-27 14:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
    2007-06-27 14:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
    2007-08-20 10:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
    2007-10-11 00:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
    2007-12-07 02:07 697856 de04a7293a48d92fddd6ec067a225562 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    2007-12-07 03:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\SoftwareDistribution\Download\2dce20bc43d87c5ad11562143f87f0c5\SP2GDR\wininet.dll
    2007-12-07 02:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\SoftwareDistribution\Download\2dce20bc43d87c5ad11562143f87f0c5\SP2QFE\wininet.dll
    2007-08-20 10:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2GDR\wininet.dll
    2007-08-20 10:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2QFE\wininet.dll
    2007-10-11 00:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2GDR\wininet.dll
    2007-10-11 00:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2QFE\wininet.dll
    2004-08-20 00:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wininet.dll
    2006-06-23 13:28 581120 1f063bdbd1afef9ac0abd02384d40376 C:\WINDOWS\SoftwareDistribution\Download\73231fc5e2f4907698b91ecd0c870ff8\rtmgdr\wininet.dll
    2006-06-23 20:46 593408 38a54870eced4c83f227a5c4be236709 C:\WINDOWS\SoftwareDistribution\Download\73231fc5e2f4907698b91ecd0c870ff8\RTMQFE\wininet.dll
    2007-12-07 02:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll
    2007-12-07 01:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll
    2007-12-07 02:07 697856 de04a7293a48d92fddd6ec067a225562 C:\WINDOWS\system32\wininet.dll
    2007-12-07 02:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\system32\dllcache\wininet.dll

    2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
    2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2003-07-22 17:34 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    2004-08-20 00:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe
    2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
    2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-08-04 20:13 1294336]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49 49152]
    "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 12:06 181752]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "BDSwitchAgent"="C:\PROGRA~1\softwin\BITDEF~2\bdswitch.exe" [ ]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Flash Media"="" []
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 18:27 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    C:\Documents and Settings\luc\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]
    UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224]
    Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14 155648]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Documents and Settings\luc\Mes documents\Mes images\chatfaitdespompesjh6.gif
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source= C:\Documents and Settings\luc\Bureau\bettina\Photo 28.jpg
    FriendlyName=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\adslTV\\adsltv.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 02:17]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-21 18:07:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\luc\LOCALS~1\Temp\mc21.tmp"
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
    .
    Temps d'accomplissement: 2008-03-21 18:10:08
    .
    2008-03-20 18:13:26 --- E O F ---


    :pt1cable:  faudra m'expliquer comment vous faites pour voir quelque chose la dedans
    a b 8 Sécurité
    21 Mars 2008 19:10:25

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Windows\System32\lspcdj.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Flash Media"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS