windows XP infecté par trojan-gen
windows XP infecté par trojan-gen - Win NT/2K/XP - Windows & Software
Marsh Posté le 18-12-2008 à 12:40:04
Rien chez Malware-Byte ?
---------------
Décentralisons Internet-Bépo-Troll Bingo - "Pour adoucir le mélange, pressez trois quartiers d’orange !"
Marsh Posté le 18-12-2008 à 18:35:01
bonjour mon pc (windows xp) est infectté par un virus qui empeche de se connecter à internet, qui empeche d'ouvrir avast, ccleaner et nombres de programmes
j'ai utilisé combofix sans résultat
voilà ce que dit le rapport.
ComboFix 08-12-17.01 - johanne 2008-12-18 18:16:41.1 - [color=red]FAT32[/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.894.602 [GMT 1:00]
Lancé depuis: c:\documents and settings\johanne\Bureau\Combo-Fix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
/wow section non terminée
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\johanne\Application Data\drivers\srosa.sys
c:\documents and settings\johanne\Application Data\drivers\srosa2.sys
c:\documents and settings\johanne\Application Data\drivers\winupgro.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-18 au 2008-12-18 ))))))))))))))))))))))))))))))))))))
.
2008-12-18 13:53 . 2008-12-18 14:34 820,184,128 --a------ c:\program files\Adobe.zip
2008-12-18 01:37 . 2008-12-18 01:37 <REP> d--h----- c:\documents and settings\johanne\Application Data\m
2008-12-18 01:28 . 2008-12-18 01:28 <REP> d--h----- c:\documents and settings\johanne\Application Data\drivers
2008-12-17 22:13 . 2008-12-17 22:13 <REP> d-------- c:\program files\eMule
2008-12-17 13:07 . 2008-12-17 13:07 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-17 13:07 . 2008-12-17 13:07 <REP> d-------- c:\program files\Microsoft
2008-12-15 13:16 . 2008-12-15 13:15 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-14 13:33 . 2008-12-14 13:33 <REP> d-------- c:\program files\MSXML 4.0
2008-12-13 22:41 . 2008-12-13 22:41 0 --a------ c:\windows\musicmaker.INI
2008-12-13 22:38 . 2003-04-18 16:29 82,432 --a------ c:\windows\system32\msxml4r.dll
2008-12-13 22:38 . 2003-04-18 16:29 44,544 --a------ c:\windows\system32\msxml4a.dll
2008-12-13 22:36 . 2008-12-13 22:36 <REP> d-------- c:\program files\Fichiers communs\MAGIX Shared
2008-12-13 22:35 . 2008-12-13 22:35 <REP> d-------- c:\windows\system32\MAGIX
2008-12-13 22:35 . 2002-09-21 00:33 1,089,536 --a------ c:\windows\system32\ROBOEX32.DLL
2008-12-13 22:35 . 2006-09-13 13:44 643,072 --a------ c:\windows\system32\mgxoschk.dll
2008-12-13 22:35 . 1998-10-15 17:28 85,504 --a------ c:\windows\system32\HtmlWH.dll
2008-12-13 22:35 . 1999-01-28 14:44 49,152 --a------ c:\windows\system32\INETWH32.dll
2008-12-13 22:35 . 2008-12-13 22:37 6,423 --a------ c:\windows\mgxoschk.ini
2008-12-13 22:30 . 2008-12-18 17:54 60,788 --a------ c:\windows\Zapotec.jpg
2008-12-13 22:27 . 2008-12-13 22:27 <REP> d-------- c:\program files\EoRezo
2008-12-13 22:27 . 2008-12-13 22:28 <REP> d-------- c:\documents and settings\johanne\Application Data\EoRezo
2008-12-09 20:50 . 2008-12-09 20:50 <REP> d-------- c:\program files\Veoh Networks
2008-12-08 22:51 . 2008-12-08 22:52 <REP> d-------- c:\documents and settings\johanne\Application Data\AidMaker
2008-12-08 21:32 . 2008-12-08 21:32 <REP> d-------- c:\windows\AidMaker
2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
2008-12-02 17:46 . 2008-12-02 17:47 1,762 --ah----- C:\aaw7boot.cmd
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 12:22 --------- d-----w c:\documents and settings\johanne\Application Data\Vidalia
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 00:48 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-03-15 00:17 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-30 06:11 128 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
2008-11-18 15:15 42792 --a------ c:\program files\EoRezo\EoAdv\EoRezoBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"sogoe"="c:\documents and settings\johanne\local settings\application data\sogoe.exe" [2004-04-12 856072]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-22 602112]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"BisonBar"="c:\windows\BUtilityBar\BisonBar.exe" [2006-09-08 245760]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"TPP Auto Loader"="c:\windows\tppaldr.exe" [2002-01-25 118784]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-05 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2008-11-25 472872]
"SoftwareHelper"="c:\documents and settings\johanne\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-12-18 81000]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\johanne\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
UltimateZip Quick Start.lnk - c:\program files\UltimateZip 2007\uzqkst.exe [2007-06-29 834048]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 45056]
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WebCallDirect.com\\WebCallDirect\\WebCallDirect.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 sK9Ou0s;sK9Ou0s;\??\c:\documents and settings\johanne\Application Data\drivers\srosa2.sys []
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys []
S3 fhlppppoe;PPPOE/ADSL miniport;c:\windows\system32\DRIVERS\fhlpppoe.sys [2007-07-31 49264]
S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\DRIVERS\TPP200.SYS [2007-07-17 36096]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c82f810-6521-11dc-b3a0-0016d46437c2}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cf3bf23-652c-11dc-b3a2-0016d46437c2}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60c5f66c-66cd-11dc-b3b2-0016d46437c2}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ebcbda8-651c-11dc-b39f-0016d46437c2}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b13addb-669a-11dc-b3ac-0016d46437c2}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b06e6fa-669d-11dc-b3ad-0016d46437c2}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95f22bb6-68f9-11dc-b3bb-0016d46437c2}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47bf102-661e-11dc-b3aa-0016cf9b5d06}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47bf103-661e-11dc-b3aa-0016cf9b5d06}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47bf105-661e-11dc-b3aa-0016cf9b5d06}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2b51c32-a69a-11dc-b440-0016d46437c2}]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-12-18 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{620395C9-5C2B-4474-89B6-D2A63CEA2EF8} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-gfxtray - ctccw32.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\johanne\Application Data\Mozilla\Firefox\Profiles\tq35mu8n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/thebigpinkhead
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MICWV2&q=
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.
.
------- Associations de fichier -------
.
JSEFile=c:\program files\AnalogX\Script Defender\sdefend.exe %1 %*
VBEFile=c:\program files\AnalogX\Script Defender\sdefend.exe %1 %*
VBSFile=c:\program files\AnalogX\Script Defender\sdefend.exe %1 %*
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 18:17:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2008-12-18 18:18:34
ComboFix-quarantined-files.txt 2008-12-18 17:18:32
Avant-CF: 2,064,384 octets libres
Après-CF: 34,701,312 octets libres
234 --- E O F --- 2008-12-14 12:33:10
Marsh Posté le 18-12-2008 à 18:36:31
en outre combo dit que mon pc n'a pas de console de récuperation windows, mais pour l'intaller il faudtrait que je puisse me connecter
comment faire?
merci cordialement
Sujets relatifs:
- Instaltion Xp Bloqué par vista
- Sauvegarde de données d'un Windows Serveur 2008 vers un portable
- Problème de connection internet aléatoire et redémarrage/arrêt windows
- Vista buisness ou XP pro
- [Tutoriel] Comment optimiser Windows Vista
- [Resolu][XP] Je boot plus
- proble explorateur windows
- Reparer Windows XP avec disquette ? possible ?
- Windows vista Award Bios/ CMOS
Marsh Posté le 18-12-2008 à 12:36:51
Bonjour.Mon ordinateur est infecté par trojan-gen/other ( scan d'avast ).Il ne peut pas le supprimer.Le fichier est introuvable et je n'ai pas de serveur.J'ai essayé de mettre en route spybot mais pas de serveur.Que dois-je faire?Merci par avance.