Forum Clubic

TR/crypt.Zpack.gen "Résolu"

Bonjour à tous,

C’est à mon tour de subir TR/crypt.zpack.gen. Il est détecté par Antivir d’Avira lorsque j’essaye de jouer à un jeu utilisant punkbuster comme logiciel anti-triche. Antivir n’arrive pas à le supprimer mais il le “localise” la bête dans c:\Documents and setings\Nom\Local settings\Application data\Punkbuster\ET\pb\pnkbstrk.sys (qui se trouve être l’emplacement des deux applications de punkbuster).
Supprimé le dossier punkbuster ne sert à rien car le fait de lancer le jeu fait réapparaitre ce dossier (ce qui est à mon avis normal).
Spybot n’a rien trouvé.
… HELP :frown:

Voici un rapport hijackthis :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Documents and Settings\Séverine\Mes documents\Téléchargement\pbsetup\pbsetup.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Séverine\Bureau\severine2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM…\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKLM…\Policies\Explorer\Run: [2201092326] “C:\WINDOWS\system32\netvqdbg.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program… Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O8 - Extra context menu item: Save Flash with Flash Catcher - C:\Program… Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un favori mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra ‘Tools’ menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - www.fdjeux.net…
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - components.viewpoint.com…
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com…
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com…
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photobox.fr…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - singles.sfr.fr…
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Merci d’avance.:super:
Edité le 15/07/2009 à 22:34

C’est fait, voici le rapport (j’ai copié coller toute la page), il semble que tu as vu juste :wink: , le problème est-il réglé, dois-je dire à antivir d’ignorer ce fichier?

Fichier PnkBstrB.exe reçu le 2009.07.15 06:54:20 (UTC)
Situation actuelle: terminé

Résultat: 0/41 (0.00%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.22 2009.07.15 -
AhnLab-V3 5.0.0.2 2009.07.15 -
AntiVir 7.9.0.215 2009.07.14 -
Antiy-AVL 2.0.3.7 2009.07.15 -
Authentium 5.1.2.4 2009.07.14 -
Avast 4.8.1335.0 2009.07.14 -
AVG 8.5.0.387 2009.07.14 -
BitDefender 7.2 2009.07.15 -
CAT-QuickHeal 10.00 2009.07.15 -
ClamAV 0.94.1 2009.07.15 -
Comodo 1656 2009.07.15 -
DrWeb 5.0.0.12182 2009.07.15 -
eSafe 7.0.17.0 2009.07.14 -
eTrust-Vet 31.6.6615 2009.07.14 -
F-Prot 4.4.4.56 2009.07.14 -
F-Secure 8.0.14470.0 2009.07.15 -
Fortinet 3.120.0.0 2009.07.15 -
GData 19 2009.07.15 -
Ikarus T3.1.1.64.0 2009.07.15 -
Jiangmin 11.0.706 2009.07.15 -
K7AntiVirus 7.10.792 2009.07.14 -
Kaspersky 7.0.0.125 2009.07.15 -
McAfee 5676 2009.07.14 -
McAfee+Artemis 5676 2009.07.14 -
McAfee-GW-Edition 6.8.5 2009.07.14 -
Microsoft 1.4803 2009.07.15 -
NOD32 4244 2009.07.15 -
Norman 6.01.09 2009.07.14 -
nProtect 2009.1.8.0 2009.07.15 -
Panda 10.0.0.14 2009.07.14 -
PCTools 4.4.2.0 2009.07.14 -
Prevx 3.0 2009.07.15 -
Rising 21.38.20.00 2009.07.15 -
Sophos 4.43.0 2009.07.15 -
Sunbelt 3.2.1858.2 2009.07.15 -
Symantec 1.4.4.12 2009.07.15 -
TheHacker 6.3.4.3.367 2009.07.14 -
TrendMicro 8.950.0.1094 2009.07.15 -
VBA32 3.12.10.8 2009.07.15 -
ViRobot 2009.7.15.1836 2009.07.15 -
VirusBuster 4.6.5.0 2009.07.14 -
Information additionnelle
File size: 189744 bytes
MD5 : 73259f8f09837ba630adbcd9f5989232
SHA1 : 317c6d1cc736db5c0340e6830d18d6c57498f46e
SHA256: b38bbe17eba521bbdbace6f36f533ba913115f3adcb007d86f4b45190937149d
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xEA6C
timedatestamp…: 0x4A4AD490 (Wed Jul 1 05:14:24 2009)
machinetype…: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x15BC2 0x16000 6.73 7c6d30e7fb924ba7b6707d0325e5547a
.rdata 0x17000 0x2AEC 0x3000 4.95 72cd929d706e1b8b7893a015e478d902
.data 0x1A000 0x12FF3 0x12FF3 4.40 b6e74e2dc983ae499cd93b59b3e0bbab

( 7 imports )

advapi32.dll: OpenServiceA, RegQueryValueExA, RegOpenKeyExA, DeleteService, ControlService, CloseServiceHandle, OpenSCManagerA, StartServiceA, CreateServiceA, SetServiceStatus, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, RegCreateKeyExA, RegSetValueExA, RegCloseKey
crypt32.dll: CryptDecodeObject, CertFreeCertificateContext, CryptMsgClose, CertCloseStore, CertVerifyTimeValidity, CertFindCertificateInStore, CryptMsgGetParam, CryptQueryObject, CertGetNameStringA
kernel32.dll: FileTimeToLocalFileTime, SystemTimeToFileTime, GetFileAttributesA, SetFileAttributesA, lstrcmpA, lstrcpyW, FileTimeToSystemTime, MultiByteToWideChar, FormatMessageA, lstrlenA, LocalAlloc, LocalFree, LoadLibraryA, GetProcAddress, DeviceIoControl, GetPriorityClass, GetCurrentThread, GetThreadPriority, CloseHandle, CreateFileA, SetEnvironmentVariableA, CompareStringW, CompareStringA, HeapSize, SetEndOfFile, SetStdHandle, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, InitializeCriticalSection, VirtualProtect, GetOEMCP, GetACP, GetTickCount, GetSystemDirectoryA, CopyFileA, Sleep, GetVersionExA, GetSystemInfo, GetCurrentProcess, GetLastError, FreeLibrary, GetCurrentProcessId, ExitProcess, HeapAlloc, HeapFree, RtlUnwind, DeleteFileA, GetSystemTimeAsFileTime, WideCharToMultiByte, GetModuleHandleA, GetCommandLineA, TlsAlloc, SetLastError, GetCurrentThreadId, TlsFree, TlsSetValue, TlsGetValue, QueryPerformanceCounter, GetModuleFileNameA, LCMapStringA, LCMapStringW, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, ReadFile, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, SetFilePointer, InterlockedExchange, VirtualQuery, WriteFile, FlushFileBuffers, GetTimeZoneInformation, TerminateProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetStringTypeA, GetStringTypeW, GetCPInfo, GetLocaleInfoA, CreateDirectoryA
shell32.dll: SHGetFolderPathA
user32.dll: wsprintfA
wintrust.dll: WinVerifyTrust
wsock32.dll: -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )

TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 3072:Z9PcHT2p9isfyWzhy4MuM8bTbolNh5B+nQouWwvwNa:mT0ivahpBMafoh5B+nQouWwv+a
PEiD : -
RDS : NSRL Reference Data Set

Salut,
Pour l’exclure j’ai simplement relancer le jeu et attendu d’avoir à nouveau l’alerte pouis j’ai coché “ignorer”. Depuis ça a l’air d’être bon, j’ai pu rejouer normalement et je n’ai pas eu d’autres problèmes. Youpi :bounce:

Merci de ton aide :super:
Edité le 15/07/2009 à 22:34