Eksplorasi.exe :(
Dernière réponse : dans Sécurité
Bonjour a tous.
Donc comme vous l'avez tous compris j'ai le fameux probleme du vers Brontok.
J'ai fait un scan complet de mon ordinateur avec plusieurs logiciels. J'ai suprimé toute les vilaines choses et j'ai reussi a reactiver regedit moi meme.
Sinon voila mon rapport HT pour explorasi.exe au demarage![:)]( ":)")
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:31, on 09/09/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Topro\tppoll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\a\Local Settings\Application Data\smss.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
--
End of file - 5815 bytes
Merci de m'aider a reparer ce fichier en mindiquant les etapes a suivre.
A bientot .
Donc comme vous l'avez tous compris j'ai le fameux probleme du vers Brontok.
J'ai fait un scan complet de mon ordinateur avec plusieurs logiciels. J'ai suprimé toute les vilaines choses et j'ai reussi a reactiver regedit moi meme.
Sinon voila mon rapport HT pour explorasi.exe au demarage
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:31, on 09/09/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Topro\tppoll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\a\Local Settings\Application Data\smss.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
--
End of file - 5815 bytes
Merci de m'aider a reparer ce fichier en mindiquant les etapes a suivre.
A bientot .
Autres pages sur : eksplorasi exe
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
voila le log :
ComboFix 08-09-05.12 - ****** 2008-09-09 18:58:37.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1033.18.2486 [GMT 2:00]
Running from: C:\Documents and Settings\a\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\RECYCLER\mani_server.cfg
C:\RECYCLER\server.cfg
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.
2008-09-09 16:17 . 2008-09-09 16:17 <REP> d-------- C:\Program Files\Trend Micro
2008-09-09 16:14 . 2008-09-09 16:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-09 16:14 . 2008-09-09 16:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-09 16:14 . 2008-09-09 16:14 <REP> d-------- C:\Documents and Settings\a\Application Data\Malwarebytes
2008-09-09 16:14 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 16:14 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 15:58 . 2008-09-09 16:31 <REP> d-------- C:\Program Files\SAV
2008-09-08 18:45 . 2008-09-08 18:45 <REP> d-------- C:\Program Files\Vilma
2008-09-07 13:55 . 2008-09-07 22:41 <REP> d-------- C:\WINDOWS\ShellNew
2008-09-07 13:54 . 2008-09-07 13:54 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-09-01 04:29 . 2008-09-01 04:29 533 --a------ C:\WINDOWS\eReg.dat
2008-09-01 04:11 . 1998-06-17 17:07 57,344 --a------ C:\WINDOWS\system32\Mfc42loc.dll
2008-09-01 04:05 . 2008-09-01 04:06 <REP> d-------- C:\Program Files\EA GAMES
2008-08-28 23:31 . 2007-12-01 00:25 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-28 23:31 . 2007-11-30 17:28 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-28 23:31 . 2007-11-30 17:28 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-28 23:31 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-16 19:59 . 2008-08-16 19:59 <REP> d-------- C:\Documents and Settings\a\Application Data\DivX
2008-08-16 19:45 . 2008-08-16 19:45 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-08-16 19:44 . 2008-08-16 19:44 <REP> d-------- C:\Program Files\eRightSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 16:45 --------- d-----w C:\Program Files\Steam
2008-09-08 16:41 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-09-05 21:37 --------- d-----w C:\Documents and Settings\a\Application Data\vmntoolbar
2008-09-05 16:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 16:55 --------- d-----w C:\Program Files\Webcam Surveyor
2008-09-04 20:56 --------- d-----w C:\Program Files\SpeedFan
2008-09-01 02:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-30 10:30 --------- d-----w C:\Documents and Settings\a\Application Data\FileZilla
2008-08-30 10:30 --------- d-----w C:\Documents and Settings\a\Application Data\Classes de site
2008-08-16 22:16 --------- d-----w C:\Documents and Settings\a\Application Data\Free Download Manager
2008-08-08 09:21 --------- d-----w C:\Program Files\DivX
2008-08-05 10:49 --------- d-----w C:\Documents and Settings\a\Application Data\teamspeak2
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-04-23 07:56 2,279 ----a-w C:\Program Files\ST6UNST.LOG
2008-03-17 23:41 113,664 ----a-w C:\WINDOWS\inf\hdaudio.sys
2003-08-27 09:01 94,208 ----a-w C:\Program Files\Winshut XP.exe
2006-05-24 14:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 15:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 14:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-11-30 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-06-30 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 8425472]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-22 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 147456]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"tppoll"="C:\Program Files\Topro\tppoll.exe" [2005-03-02 24576]
"nwiz"="nwiz.exe" [2007-03-22 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-11-30 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware_31\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware_31\\day of defeat source\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware_31\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware31\\counter-strike\\hl.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\lost planet dx9 trial\\LostPlanetDX9.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware_31\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware_31\\source sdk base\\hl2.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2006-05-11 472096]
S3 DCamUSBIntel;Topro USB Video Camera;C:\WINDOWS\system32\Drivers\TP6800.sys [2005-11-03 197832]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 USB28xxBGA;USB 2883 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-08-09 291200]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-09 28160]
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\6cpojcak.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
FF -: plugin - C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 19:00:28
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-09 19:01:07
ComboFix-quarantined-files.txt 2008-09-09 17:01:04
Pre-Run: 53,295,321,088 bytes free
Post-Run: 53,288,833,024 octets libres
155 --- E O F --- 2008-08-15 17:40:16
ComboFix 08-09-05.12 - ****** 2008-09-09 18:58:37.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1033.18.2486 [GMT 2:00]
Running from: C:\Documents and Settings\a\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\RECYCLER\mani_server.cfg
C:\RECYCLER\server.cfg
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.
2008-09-09 16:17 . 2008-09-09 16:17 <REP> d-------- C:\Program Files\Trend Micro
2008-09-09 16:14 . 2008-09-09 16:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-09 16:14 . 2008-09-09 16:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-09 16:14 . 2008-09-09 16:14 <REP> d-------- C:\Documents and Settings\a\Application Data\Malwarebytes
2008-09-09 16:14 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 16:14 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 15:58 . 2008-09-09 16:31 <REP> d-------- C:\Program Files\SAV
2008-09-08 18:45 . 2008-09-08 18:45 <REP> d-------- C:\Program Files\Vilma
2008-09-07 13:55 . 2008-09-07 22:41 <REP> d-------- C:\WINDOWS\ShellNew
2008-09-07 13:54 . 2008-09-07 13:54 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-09-01 04:29 . 2008-09-01 04:29 533 --a------ C:\WINDOWS\eReg.dat
2008-09-01 04:11 . 1998-06-17 17:07 57,344 --a------ C:\WINDOWS\system32\Mfc42loc.dll
2008-09-01 04:05 . 2008-09-01 04:06 <REP> d-------- C:\Program Files\EA GAMES
2008-08-28 23:31 . 2007-12-01 00:25 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-28 23:31 . 2007-11-30 17:28 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-28 23:31 . 2007-11-30 17:28 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-28 23:31 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-16 19:59 . 2008-08-16 19:59 <REP> d-------- C:\Documents and Settings\a\Application Data\DivX
2008-08-16 19:45 . 2008-08-16 19:45 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-08-16 19:44 . 2008-08-16 19:44 <REP> d-------- C:\Program Files\eRightSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 16:45 --------- d-----w C:\Program Files\Steam
2008-09-08 16:41 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-09-05 21:37 --------- d-----w C:\Documents and Settings\a\Application Data\vmntoolbar
2008-09-05 16:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 16:55 --------- d-----w C:\Program Files\Webcam Surveyor
2008-09-04 20:56 --------- d-----w C:\Program Files\SpeedFan
2008-09-01 02:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-30 10:30 --------- d-----w C:\Documents and Settings\a\Application Data\FileZilla
2008-08-30 10:30 --------- d-----w C:\Documents and Settings\a\Application Data\Classes de site
2008-08-16 22:16 --------- d-----w C:\Documents and Settings\a\Application Data\Free Download Manager
2008-08-08 09:21 --------- d-----w C:\Program Files\DivX
2008-08-05 10:49 --------- d-----w C:\Documents and Settings\a\Application Data\teamspeak2
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-04-23 07:56 2,279 ----a-w C:\Program Files\ST6UNST.LOG
2008-03-17 23:41 113,664 ----a-w C:\WINDOWS\inf\hdaudio.sys
2003-08-27 09:01 94,208 ----a-w C:\Program Files\Winshut XP.exe
2006-05-24 14:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 15:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 14:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-11-30 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-06-30 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 8425472]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-22 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 147456]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"tppoll"="C:\Program Files\Topro\tppoll.exe" [2005-03-02 24576]
"nwiz"="nwiz.exe" [2007-03-22 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-11-30 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware_31\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware_31\\day of defeat source\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware_31\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware31\\counter-strike\\hl.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\lost planet dx9 trial\\LostPlanetDX9.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware_31\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\darkware_31\\source sdk base\\hl2.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2006-05-11 472096]
S3 DCamUSBIntel;Topro USB Video Camera;C:\WINDOWS\system32\Drivers\TP6800.sys [2005-11-03 197832]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 USB28xxBGA;USB 2883 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-08-09 291200]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-09 28160]
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\6cpojcak.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
FF -: plugin - C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 19:00:28
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-09 19:01:07
ComboFix-quarantined-files.txt 2008-09-09 17:01:04
Pre-Run: 53,295,321,088 bytes free
Post-Run: 53,288,833,024 octets libres
155 --- E O F --- 2008-08-15 17:40:16
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
il vien de spotted un trojan spy et un brontok ... moi qui croyait qu'avast suffisait ^^ Lassé par la pub ? Créez un compte
