kartouch

Salut à tous, suite à une infection de mon PC par plusieurs MALWARE (xxEXMODUL32xx.exe, xxSMSSxx.exe etc ...) j'ai suivi la procedure pour editer des rapport avec HIJACK THIS, voici donc ce rapport et en même temps celui généré par ANTIVIR ... merci pour votre aide! AntiVir PersonalEdition Classic Report file date: vendredi 29 septembre 2006 18:16 Scanning for 515411 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Kartouch Computer name: PORT-LAURENT Version information: AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 10:06:56 AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 10:56:33 LUKE.DLL : 7.0.0.47 118824 07/09/2006 10:32:33 LUKERES.DLL : 7.0.0.47 9256 07/09/2006 10:56:33 ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 10:35:27 ANTIVIR1.VDF : 6.36.0.9 1424384 06/09/2006 07:12:24 ANTIVIR2.VDF : 6.36.0.71 284160 25/09/2006 15:58:11 ANTIVIR3.VDF : 6.36.0.83 38912 29/09/2006 15:58:11 AVEWIN32.DLL : 7.2.0.22 1860096 29/09/2006 15:58:11 AVPREF.DLL : 7.0.0.2 23592 24/07/2006 12:36:04 AVREP.DLL : 6.36.0.5 806952 29/09/2006 15:58:11 AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 08:43:31 AVPACK32.DLL : 7.2.0.0 368680 21/07/2006 06:00:28 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49 NETNW.DLL : 7.0.0.0 9768 24/07/2006 12:35:55 RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 11:22:57 RCTEXT.DLL : 7.0.1.4 77864 29/09/2006 15:58:10 Configuration settings for the scan: Jobname.......................: Local Drives Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Boot sectors..................: C,D Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Skipped archive types.........: 1000,1001,1002,1003,1004,1005, Macro heuristic...............: 1 File heuristic................: 2 Primary action................: 1 Secondary action..............: 0 Start of the scan: vendredi 29 septembre 2006 18:16 The scan of running processes will be started 4 Processes were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. C:\WINDOWS\system\smss.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was deleted! C:\WINDOWS\system\smss.exe [DETECTION] Contains suspicious code HEUR/Malware The registry was scanned ( 33 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Kartouch\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Kartouch\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Kartouch\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Kartouch\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! The path D:\ could not be found! Le périphérique n'est pas prêt. End of the scan: vendredi 29 septembre 2006 18:50 Used time: 33:52 min The scan has been done completely. 3458 Scanning directories 100905 Files were scanned 1 viruses and/or unwanted programs were found 1 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 767 Archives were scanned 19 Warnings 0 Notes Logfile of HijackThis v1.99.1 Scan saved at 23:19:39, on 29/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Kartouch\FileZilla Server\FileZilla Server.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Logiciels\Ulead InstaMedia 2.0\Monitor.exe C:\Logiciels\Ulead InstaMedia 2.0\RMC.exe C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\SoftPerfect Personal Firewall\fw.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\lclock.exe C:\Kartouch\DeeEnEs.exe C:\Logiciels\SuperCopier2\SuperCopier2.exe C:\Logiciels\Acrabat\Reader\reader_sl.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\lxcgcoms.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Logiciels\Acrabat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {568FCA80-8134-49A3-B987-5787FDE087F6} - C:\WINDOWS\system32\nnevtmsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Logiciels\Ulead InstaMedia 2.0\Monitor.exe O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Logiciels\Ulead InstaMedia 2.0\RMC.exe O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Kartouch\FileZilla Server\FileZilla Server Interface.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [softPerfect Personal Firewall] C:\Program Files\SoftPerfect Personal Firewall\fw.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] lclock.exe O4 - HKCU\..\Run: [DeeEnEs] C:\Kartouch\DeeEnEs.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Logiciels\SuperCopier2\SuperCopier2.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Logiciels\Acrabat\Reader\reader_sl.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{288A33C6-3424-4DF0-ADCE-7446766853DB}: NameServer = 213.36.80.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Kartouch\FileZilla Server\FileZilla Server.exe O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing) O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE