Salut à tous, suite à une infection de mon PC par plusieurs MALWARE (xxEXMODUL32xx.exe, xxSMSSxx.exe etc ...) j'ai suivi la procedure pour editer des rapport avec HIJACK THIS, voici donc ce rapport et en même temps celui généré par ANTIVIR ... merci pour votre aide!
AntiVir PersonalEdition Classic
Report file date: vendredi 29 septembre 2006 18:16
Scanning for 515411 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Kartouch
Computer name: PORT-LAURENT
Version information:
AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 10:06:56
AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 10:56:33
LUKE.DLL : 7.0.0.47 118824 07/09/2006 10:32:33
LUKERES.DLL : 7.0.0.47 9256 07/09/2006 10:56:33
ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 10:35:27
ANTIVIR1.VDF : 6.36.0.9 1424384 06/09/2006 07:12:24
ANTIVIR2.VDF : 6.36.0.71 284160 25/09/2006 15:58:11
ANTIVIR3.VDF : 6.36.0.83 38912 29/09/2006 15:58:11
AVEWIN32.DLL : 7.2.0.22 1860096 29/09/2006 15:58:11
AVPREF.DLL : 7.0.0.2 23592 24/07/2006 12:36:04
AVREP.DLL : 6.36.0.5 806952 29/09/2006 15:58:11
AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 08:43:31
AVPACK32.DLL : 7.2.0.0 368680 21/07/2006 06:00:28
AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36
NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49
NETNW.DLL : 7.0.0.0 9768 24/07/2006 12:35:55
RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 11:22:57
RCTEXT.DLL : 7.0.1.4 77864 29/09/2006 15:58:10
Configuration settings for the scan:
Jobname.......................: Local Drives
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Boot sectors..................: C,D
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 1
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Skipped archive types.........: 1000,1001,1002,1003,1004,1005,
Macro heuristic...............: 1
File heuristic................: 2
Primary action................: 1
Secondary action..............: 0
Start of the scan: vendredi 29 septembre 2006 18:16
The scan of running processes will be started
4 Processes were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system\smss.exe
[DETECTION] Contains suspicious code HEUR/Malware
[iNFO] The file was deleted!
C:\WINDOWS\system\smss.exe
[DETECTION] Contains suspicious code HEUR/Malware
The registry was scanned ( 33 files ).
Starting the file scan:
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Kartouch\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\Kartouch\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Kartouch\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\Kartouch\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
The path D:\ could not be found!
Le périphérique n'est pas prêt.
End of the scan: vendredi 29 septembre 2006 18:50
Used time: 33:52 min
The scan has been done completely.
3458 Scanning directories
100905 Files were scanned
1 viruses and/or unwanted programs were found
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
767 Archives were scanned
19 Warnings
0 Notes
Logfile of HijackThis v1.99.1
Scan saved at 23:19:39, on 29/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Kartouch\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Logiciels\Ulead InstaMedia 2.0\Monitor.exe
C:\Logiciels\Ulead InstaMedia 2.0\RMC.exe
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SoftPerfect Personal Firewall\fw.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Kartouch\DeeEnEs.exe
C:\Logiciels\SuperCopier2\SuperCopier2.exe
C:\Logiciels\Acrabat\Reader\reader_sl.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Logiciels\Acrabat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {568FCA80-8134-49A3-B987-5787FDE087F6} - C:\WINDOWS\system32\nnevtmsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Logiciels\Ulead InstaMedia 2.0\Monitor.exe
O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Logiciels\Ulead InstaMedia 2.0\RMC.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Kartouch\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [softPerfect Personal Firewall] C:\Program Files\SoftPerfect Personal Firewall\fw.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [DeeEnEs] C:\Kartouch\DeeEnEs.exe
O4 - HKCU\..\Run: [superCopier2.exe] C:\Logiciels\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Logiciels\Acrabat\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{288A33C6-3424-4DF0-ADCE-7446766853DB}: NameServer = 213.36.80.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Kartouch\FileZilla Server\FileZilla Server.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE