Impossible de supprimer Trojan-win32.bho.abo
Dernière réponse : dans Sécurité
Bonjour après un scan avec Kaspersky j'ai u ce trojan , Trojan-win32.Bho.abo il est localiser dans c:\windows\system32\crtdl.dll
Mais il mes impossible de le supprimer et je my connais pas trop quelqu'n pourrait il m'aider merci.
Mais il mes impossible de le supprimer et je my connais pas trop quelqu'n pourrait il m'aider merci.
Autres pages sur : impossible supprimer trojan win32 bho abo
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:13, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D9AAE877-5A36-4D60-8AC0-5D5443DA2070} - C:\WINDOWS\system32\crtdl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4071 bytes
Scan saved at 19:07:13, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D9AAE877-5A36-4D60-8AC0-5D5443DA2070} - C:\WINDOWS\system32\crtdl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4071 bytes
Re,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
ComboFix 07-12-09.1 - User 2007-12-09 19:23:01.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.745 [GMT 1:00]
Running from: C:\Documents and Settings\User\Bureau\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))))))))
.
2007-12-09 19:06 . 2007-12-09 19:06 <REP> d-------- C:\Program Files\Trend Micro
2007-12-09 17:03 . 2007-12-09 17:03 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-09 17:03 . 2007-12-09 17:03 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-09 17:03 . 2007-12-09 17:03 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-09 17:03 . 2007-12-09 17:03 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-09 15:16 . 2007-12-09 15:16 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-09 15:16 . 2007-12-09 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-09 15:16 . 2007-12-09 19:23 1,347,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-09 15:16 . 2007-12-09 15:24 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-09 15:16 . 2007-12-09 15:24 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-09 15:16 . 2007-12-09 19:24 7,200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-09 15:16 . 2007-12-09 15:24 3,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-09 15:16 . 2007-12-09 15:24 1,244 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-07 18:14 . 2002-09-07 01:00 84,992 --a------ C:\WINDOWS\system32\crtdl.dll
2007-12-07 18:14 . 19,456 C:\WINDOWS\system32\drivers\qwjbbijp.dat
2007-11-27 18:49 . 2007-11-30 13:19 <REP> d-------- C:\Program Files\PKR
2007-11-27 16:47 . 2007-11-27 16:47 <REP> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2007-11-27 16:47 . 2007-02-26 18:15 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2007-11-27 16:47 . 2007-02-26 18:15 61,984 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2007-11-27 16:47 . 2006-02-20 11:12 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-27 16:47 . 2007-11-27 16:47 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2007-11-27 16:47 . 2007-11-27 16:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2007-11-27 16:03 . 2007-11-27 16:14 <REP> d-------- C:\Program Files\EA Sports
2007-11-25 13:02 . 2007-11-25 13:02 319 --a------ C:\WINDOWS\game.ini
2007-11-25 12:49 . 2007-11-25 12:49 <REP> d-------- C:\Program Files\Activision
2007-11-25 12:29 . 2007-11-25 12:29 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-21 17:56 . 2007-11-21 17:56 <REP> d-------- C:\WINDOWS\Sun
2007-11-17 14:42 . 2004-08-03 23:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-16 18:43 . 2003-04-10 03:58 1,902 --------- C:\WINDOWS\system32\SetupBD.din
2007-11-16 18:42 . 2003-03-04 20:56 145,408 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-11-16 18:42 . 2003-03-04 20:56 145,408 --a--c--- C:\WINDOWS\system32\dllcache\e100b325.sys
2007-11-16 18:42 . 2003-03-04 00:26 118,784 -ra------ C:\WINDOWS\system32\Prounstl.exe
2007-11-16 18:42 . 2002-12-29 13:00 24,064 -ra------ C:\WINDOWS\system32\IntelNic.dll
2007-11-16 18:42 . 2003-02-03 14:26 12,288 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2007-11-16 18:42 . 2003-07-15 16:58 5,110 -ra------ C:\WINDOWS\system32\e100b325.din
2007-11-16 18:41 . 2007-11-16 18:44 <REP> d-------- C:\TempEI4
2007-11-16 18:41 . 2003-06-17 23:38 35,012 --a------ C:\WINDOWS\system32\drivers\SMBios.sys
2007-11-10 00:59 . 2007-11-10 00:59 <REP> d-------- C:\Documents and Settings\User\Shared
2007-11-10 00:59 . 2007-11-13 01:47 <REP> d-------- C:\Documents and Settings\User\Incomplete
2007-11-10 00:59 . 2007-11-12 20:53 <REP> d-------- C:\Documents and Settings\User\Application Data\LimeWire
2007-11-09 19:20 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-09 19:19 . 2007-11-28 12:50 <REP> d-------- C:\Program Files\Java
2007-11-09 19:01 . 2007-11-09 19:01 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-09 19:00 . 2007-11-09 19:20 <REP> d-------- C:\Program Files\LimeWire
2007-11-09 14:28 . 2007-11-09 14:28 <REP> d-------- C:\Program Files\Valve
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 11:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 13:52 --------- d-----w C:\Program Files\PDF Editeur 2
2007-11-04 19:43 --------- d-----w C:\Program Files\MSN Messenger
2007-10-26 15:32 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
2007-10-26 10:49 --------- d-----w C:\Program Files\DivX
2007-10-26 10:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9AAE877-5A36-4D60-8AC0-5D5443DA2070}]
2002-09-07 01:00 84992 --a------ C:\WINDOWS\system32\crtdl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 10:49]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 17:29]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 12:48]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
R0 kgfqlboc;kgfqlboc;C:\WINDOWS\system32\drivers\qwjbbijp.dat
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys
*Newly Created Service* - CATCHME
*Newly Created Service* - PNKBSTRA
*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 19:24:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 19:25:38
.
--- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.745 [GMT 1:00]
Running from: C:\Documents and Settings\User\Bureau\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))))))))
.
2007-12-09 19:06 . 2007-12-09 19:06 <REP> d-------- C:\Program Files\Trend Micro
2007-12-09 17:03 . 2007-12-09 17:03 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-09 17:03 . 2007-12-09 17:03 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-09 17:03 . 2007-12-09 17:03 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-09 17:03 . 2007-12-09 17:03 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-09 15:16 . 2007-12-09 15:16 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-09 15:16 . 2007-12-09 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-09 15:16 . 2007-12-09 19:23 1,347,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-09 15:16 . 2007-12-09 15:24 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-09 15:16 . 2007-12-09 15:24 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-09 15:16 . 2007-12-09 19:24 7,200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-09 15:16 . 2007-12-09 15:24 3,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-09 15:16 . 2007-12-09 15:24 1,244 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-07 18:14 . 2002-09-07 01:00 84,992 --a------ C:\WINDOWS\system32\crtdl.dll
2007-12-07 18:14 . 19,456 C:\WINDOWS\system32\drivers\qwjbbijp.dat
2007-11-27 18:49 . 2007-11-30 13:19 <REP> d-------- C:\Program Files\PKR
2007-11-27 16:47 . 2007-11-27 16:47 <REP> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2007-11-27 16:47 . 2007-02-26 18:15 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2007-11-27 16:47 . 2007-02-26 18:15 61,984 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2007-11-27 16:47 . 2006-02-20 11:12 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-27 16:47 . 2007-11-27 16:47 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2007-11-27 16:47 . 2007-11-27 16:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2007-11-27 16:03 . 2007-11-27 16:14 <REP> d-------- C:\Program Files\EA Sports
2007-11-25 13:02 . 2007-11-25 13:02 319 --a------ C:\WINDOWS\game.ini
2007-11-25 12:49 . 2007-11-25 12:49 <REP> d-------- C:\Program Files\Activision
2007-11-25 12:29 . 2007-11-25 12:29 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-21 17:56 . 2007-11-21 17:56 <REP> d-------- C:\WINDOWS\Sun
2007-11-17 14:42 . 2004-08-03 23:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-16 18:43 . 2003-04-10 03:58 1,902 --------- C:\WINDOWS\system32\SetupBD.din
2007-11-16 18:42 . 2003-03-04 20:56 145,408 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-11-16 18:42 . 2003-03-04 20:56 145,408 --a--c--- C:\WINDOWS\system32\dllcache\e100b325.sys
2007-11-16 18:42 . 2003-03-04 00:26 118,784 -ra------ C:\WINDOWS\system32\Prounstl.exe
2007-11-16 18:42 . 2002-12-29 13:00 24,064 -ra------ C:\WINDOWS\system32\IntelNic.dll
2007-11-16 18:42 . 2003-02-03 14:26 12,288 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2007-11-16 18:42 . 2003-07-15 16:58 5,110 -ra------ C:\WINDOWS\system32\e100b325.din
2007-11-16 18:41 . 2007-11-16 18:44 <REP> d-------- C:\TempEI4
2007-11-16 18:41 . 2003-06-17 23:38 35,012 --a------ C:\WINDOWS\system32\drivers\SMBios.sys
2007-11-10 00:59 . 2007-11-10 00:59 <REP> d-------- C:\Documents and Settings\User\Shared
2007-11-10 00:59 . 2007-11-13 01:47 <REP> d-------- C:\Documents and Settings\User\Incomplete
2007-11-10 00:59 . 2007-11-12 20:53 <REP> d-------- C:\Documents and Settings\User\Application Data\LimeWire
2007-11-09 19:20 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-09 19:19 . 2007-11-28 12:50 <REP> d-------- C:\Program Files\Java
2007-11-09 19:01 . 2007-11-09 19:01 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-09 19:00 . 2007-11-09 19:20 <REP> d-------- C:\Program Files\LimeWire
2007-11-09 14:28 . 2007-11-09 14:28 <REP> d-------- C:\Program Files\Valve
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 11:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 13:52 --------- d-----w C:\Program Files\PDF Editeur 2
2007-11-04 19:43 --------- d-----w C:\Program Files\MSN Messenger
2007-10-26 15:32 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
2007-10-26 10:49 --------- d-----w C:\Program Files\DivX
2007-10-26 10:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9AAE877-5A36-4D60-8AC0-5D5443DA2070}]
2002-09-07 01:00 84992 --a------ C:\WINDOWS\system32\crtdl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 10:49]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 17:29]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 12:48]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
R0 kgfqlboc;kgfqlboc;C:\WINDOWS\system32\drivers\qwjbbijp.dat
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys
*Newly Created Service* - CATCHME
*Newly Created Service* - PNKBSTRA
*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 19:24:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 19:25:38
.
--- E O F ---
Ok ![:)]( ":)")
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
kgfqlboc
File::
C:\WINDOWS\system32\drivers\qwjbbijp.dat
C:\WINDOWS\system32\crtdl.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9AAE877-5A36-4D60-8AC0-5D5443DA2070}]
kgfqlboc
File::
C:\WINDOWS\system32\drivers\qwjbbijp.dat
C:\WINDOWS\system32\crtdl.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9AAE877-5A36-4D60-8AC0-5D5443DA2070}]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
ComboFix 07-12-09.1 - User 2007-12-09 21:08:17.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.722 [GMT 1:00]
Running from: C:\Documents and Settings\User\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Bureau\CFScript.txt..txt
* Created a new restore point
FILE
C:\WINDOWS\system32\crtdl.dll
C:\WINDOWS\system32\drivers\qwjbbijp.dat
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\crtdl.dll
C:\WINDOWS\system32\drivers\qwjbbijp.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_KGFQLBOC
-------\kgfqlboc
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))))))))
.
2007-12-09 19:06 . 2007-12-09 19:06 <REP> d-------- C:\Program Files\Trend Micro
2007-12-09 17:03 . 2007-12-09 17:03 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-09 17:03 . 2007-12-09 17:03 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-09 17:03 . 2007-12-09 17:03 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-09 17:03 . 2007-12-09 17:03 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-09 15:16 . 2007-12-09 15:16 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-09 15:16 . 2007-12-09 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-09 15:16 . 2007-12-09 21:11 1,514,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-09 15:16 . 2007-12-09 15:24 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-09 15:16 . 2007-12-09 15:24 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-09 15:16 . 2007-12-09 21:10 22,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-09 15:16 . 2007-12-09 21:11 10,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-09 15:16 . 2007-12-09 21:10 3,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-27 18:49 . 2007-11-30 13:19 <REP> d-------- C:\Program Files\PKR
2007-11-27 16:47 . 2007-11-27 16:47 <REP> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2007-11-27 16:47 . 2007-02-26 18:15 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2007-11-27 16:47 . 2007-02-26 18:15 61,984 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2007-11-27 16:47 . 2006-02-20 11:12 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-27 16:47 . 2007-11-27 16:47 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2007-11-27 16:47 . 2007-11-27 16:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2007-11-27 16:03 . 2007-11-27 16:14 <REP> d-------- C:\Program Files\EA Sports
2007-11-25 13:02 . 2007-11-25 13:02 319 --a------ C:\WINDOWS\game.ini
2007-11-25 12:49 . 2007-11-25 12:49 <REP> d-------- C:\Program Files\Activision
2007-11-25 12:29 . 2007-11-25 12:29 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-21 17:56 . 2007-11-21 17:56 <REP> d-------- C:\WINDOWS\Sun
2007-11-17 14:42 . 2004-08-03 23:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-16 18:43 . 2003-04-10 03:58 1,902 --------- C:\WINDOWS\system32\SetupBD.din
2007-11-16 18:42 . 2003-03-04 20:56 145,408 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-11-16 18:42 . 2003-03-04 20:56 145,408 --a--c--- C:\WINDOWS\system32\dllcache\e100b325.sys
2007-11-16 18:42 . 2003-03-04 00:26 118,784 -ra------ C:\WINDOWS\system32\Prounstl.exe
2007-11-16 18:42 . 2002-12-29 13:00 24,064 -ra------ C:\WINDOWS\system32\IntelNic.dll
2007-11-16 18:42 . 2003-02-03 14:26 12,288 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2007-11-16 18:42 . 2003-07-15 16:58 5,110 -ra------ C:\WINDOWS\system32\e100b325.din
2007-11-16 18:41 . 2007-11-16 18:44 <REP> d-------- C:\TempEI4
2007-11-16 18:41 . 2003-06-17 23:38 35,012 --a------ C:\WINDOWS\system32\drivers\SMBios.sys
2007-11-10 00:59 . 2007-11-10 00:59 <REP> d-------- C:\Documents and Settings\User\Shared
2007-11-10 00:59 . 2007-11-13 01:47 <REP> d-------- C:\Documents and Settings\User\Incomplete
2007-11-10 00:59 . 2007-11-12 20:53 <REP> d-------- C:\Documents and Settings\User\Application Data\LimeWire
2007-11-09 19:20 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-09 19:19 . 2007-11-28 12:50 <REP> d-------- C:\Program Files\Java
2007-11-09 19:01 . 2007-11-09 19:01 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-09 19:00 . 2007-11-09 19:20 <REP> d-------- C:\Program Files\LimeWire
2007-11-09 14:28 . 2007-11-09 14:28 <REP> d-------- C:\Program Files\Valve
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 11:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 13:52 --------- d-----w C:\Program Files\PDF Editeur 2
2007-11-04 19:43 --------- d-----w C:\Program Files\MSN Messenger
2007-10-26 15:32 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
2007-10-26 10:49 --------- d-----w C:\Program Files\DivX
2007-10-26 10:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-09_19.24.51,51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 10:49]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 17:29]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 12:48]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\User\LOCALS~1\Temp\mwhferfq6A0A80A.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 21:12:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 21:13:24 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-09 19:25
.
--- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.722 [GMT 1:00]
Running from: C:\Documents and Settings\User\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Bureau\CFScript.txt..txt
* Created a new restore point
FILE
C:\WINDOWS\system32\crtdl.dll
C:\WINDOWS\system32\drivers\qwjbbijp.dat
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\crtdl.dll
C:\WINDOWS\system32\drivers\qwjbbijp.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_KGFQLBOC
-------\kgfqlboc
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))))))))
.
2007-12-09 19:06 . 2007-12-09 19:06 <REP> d-------- C:\Program Files\Trend Micro
2007-12-09 17:03 . 2007-12-09 17:03 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-09 17:03 . 2007-12-09 17:03 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-09 17:03 . 2007-12-09 17:03 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-09 17:03 . 2007-12-09 17:03 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-09 15:16 . 2007-12-09 15:16 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-09 15:16 . 2007-12-09 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-09 15:16 . 2007-12-09 21:11 1,514,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-09 15:16 . 2007-12-09 15:24 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-09 15:16 . 2007-12-09 15:24 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-09 15:16 . 2007-12-09 21:10 22,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-09 15:16 . 2007-12-09 21:11 10,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-09 15:16 . 2007-12-09 21:10 3,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-27 18:49 . 2007-11-30 13:19 <REP> d-------- C:\Program Files\PKR
2007-11-27 16:47 . 2007-11-27 16:47 <REP> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2007-11-27 16:47 . 2007-02-26 18:15 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2007-11-27 16:47 . 2007-02-26 18:15 61,984 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2007-11-27 16:47 . 2006-02-20 11:12 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-27 16:47 . 2007-11-27 16:47 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2007-11-27 16:47 . 2007-11-27 16:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2007-11-27 16:03 . 2007-11-27 16:14 <REP> d-------- C:\Program Files\EA Sports
2007-11-25 13:02 . 2007-11-25 13:02 319 --a------ C:\WINDOWS\game.ini
2007-11-25 12:49 . 2007-11-25 12:49 <REP> d-------- C:\Program Files\Activision
2007-11-25 12:29 . 2007-11-25 12:29 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-21 17:56 . 2007-11-21 17:56 <REP> d-------- C:\WINDOWS\Sun
2007-11-17 14:42 . 2004-08-03 23:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-16 18:43 . 2003-04-10 03:58 1,902 --------- C:\WINDOWS\system32\SetupBD.din
2007-11-16 18:42 . 2003-03-04 20:56 145,408 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-11-16 18:42 . 2003-03-04 20:56 145,408 --a--c--- C:\WINDOWS\system32\dllcache\e100b325.sys
2007-11-16 18:42 . 2003-03-04 00:26 118,784 -ra------ C:\WINDOWS\system32\Prounstl.exe
2007-11-16 18:42 . 2002-12-29 13:00 24,064 -ra------ C:\WINDOWS\system32\IntelNic.dll
2007-11-16 18:42 . 2003-02-03 14:26 12,288 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2007-11-16 18:42 . 2003-07-15 16:58 5,110 -ra------ C:\WINDOWS\system32\e100b325.din
2007-11-16 18:41 . 2007-11-16 18:44 <REP> d-------- C:\TempEI4
2007-11-16 18:41 . 2003-06-17 23:38 35,012 --a------ C:\WINDOWS\system32\drivers\SMBios.sys
2007-11-10 00:59 . 2007-11-10 00:59 <REP> d-------- C:\Documents and Settings\User\Shared
2007-11-10 00:59 . 2007-11-13 01:47 <REP> d-------- C:\Documents and Settings\User\Incomplete
2007-11-10 00:59 . 2007-11-12 20:53 <REP> d-------- C:\Documents and Settings\User\Application Data\LimeWire
2007-11-09 19:20 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-09 19:19 . 2007-11-28 12:50 <REP> d-------- C:\Program Files\Java
2007-11-09 19:01 . 2007-11-09 19:01 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-09 19:00 . 2007-11-09 19:20 <REP> d-------- C:\Program Files\LimeWire
2007-11-09 14:28 . 2007-11-09 14:28 <REP> d-------- C:\Program Files\Valve
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 11:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 13:52 --------- d-----w C:\Program Files\PDF Editeur 2
2007-11-04 19:43 --------- d-----w C:\Program Files\MSN Messenger
2007-10-26 15:32 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
2007-10-26 10:49 --------- d-----w C:\Program Files\DivX
2007-10-26 10:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-09_19.24.51,51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 10:49]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 17:29]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 12:48]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\User\LOCALS~1\Temp\mwhferfq6A0A80A.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 21:12:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 21:13:24 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-09 19:25
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:13, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4144 bytes
Scan saved at 21:15:13, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4144 bytes
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumSupprimer Virus Trojan Win32/sefnit.g
- ForumComment supprimer le cheval de troie Trojan Downloader win32 Agent dfhk
- ForumY'a quelqu'un ?, supprimer win32 trojan-gen other
- ForumSupprimer Virus win32:Trojan-gen. {Other}
- Forumcomment supprimer Trojan-Downloader.Win32.Small.tnt
- Forumcomment supprimer trojan.win32.agent.aoy/.anr
- ForumComment supprimer définitivement Win32:Small-EL et Win32:Trojan-gen
- Forumcomment supprimer win32:trojan-gen.{other}
- ForumComment supprimer le virus win32:trojan-gen (delphi)?
- Voir plus
