Rapport Hijachkthis

[Thanos]

He oui!! pas mal de choses ont dû être désactivées par des malwares...!

 

Essaie de faire ceci d'abord >

 

Passe par Démarrer > Exécuter et copie/colle ceci >

 

REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f

 

Clique sur le bouton [ok] pour valider.

 

Réessaie de lancer DaigHelp après ca

[Dokiato]

Ok merci maintenant j'ai fait 1

[Dokiato]

!!!! ATTENTION !!!

Le programme va maintenant lancer scan catchme.

une fois le scan termine (avec le nombre de files/processes/services hidden dete

ctes)..

Appuyez sur la touche ENTREE du clavier pour continuer l'analyse avec DiagHelp !

 

!!!! ATTENTION !!!

 

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gme

r.net

Rootkit scan 2007-05-11 21:08:51

Windows 5.1.2600 Service Pack 2 FAT

 

scanning hidden processes ...

 

scanning hidden services ...

 

HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk

 

HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt

 

HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc

 

HKLM\SYSTEM\CurrentControlSet\Services\poofcyAgent

 

HKLM\SYSTEM\CurrentControlSet\Services\Processorort

 

HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage

 

HKLM\SYSTEM\CurrentControlSet\Services\ql108020

 

HKLM\SYSTEM\CurrentControlSet\Services\ql12400

 

HKLM\SYSTEM\CurrentControlSet\Services\RasManp

 

HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe

 

HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi

 

HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD

 

HKLM\SYSTEM\CurrentControlSet\Services\redbookgr

 

HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry

 

HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator

 

HKLM\SYSTEM\CurrentControlSet\Services\RSVPs

 

HKLM\SYSTEM\CurrentControlSet\Services\SCardSvrBranding Service 1

 

HKLM\SYSTEM\CurrentControlSet\Services\SCDEmuvr

 

HKLM\SYSTEM\CurrentControlSet\Services\sdcplhrt

 

HKLM\SYSTEM\CurrentControlSet\Services\SENSogon

 

HKLM\SYSTEM\CurrentControlSet\Services\Serialm

 

HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection

 

HKLM\SYSTEM\CurrentControlSet\Services\sisagp2

 

HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr

 

HKLM\SYSTEM\CurrentControlSet\Services\sptdler

 

HKLM\SYSTEM\CurrentControlSet\Services\srtd

 

HKLM\SYSTEM\CurrentControlSet\Services\Srvervice

 

HKLM\SYSTEM\CurrentControlSet\Services\stisvcV

 

HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi

 

HKLM\SYSTEM\CurrentControlSet\Services\swwdv

 

HKLM\SYSTEM\CurrentControlSet\Services\sym_hix

 

HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog

 

HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv

 

HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE

 

HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice

 

HKLM\SYSTEM\CurrentControlSet\Services\TosIder

 

HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs

 

HKLM\SYSTEM\CurrentControlSet\Services\UdfsD

 

HKLM\SYSTEM\CurrentControlSet\Services\UPSphost

 

HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt

 

HKLM\SYSTEM\CurrentControlSet\Services\VgaSavev

 

HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee

 

HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap

 

HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme

 

HKLM\SYSTEM\CurrentControlSet\Services\WDICAw

 

HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt

 

HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNP Service

 

HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN

 

HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrv

 

HKLM\SYSTEM\CurrentControlSet\Services\wscsvcL

 

HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv

 

HKLM\SYSTEM\CurrentControlSet\Services\ad1i93ck4-255F-4F3F-9FE5-2C6DDD5F8333}

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h?????

?s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????>?????w???w??????

??\???\???????????U??w???w\???\???????8?`??????C@?\???\??????s????\??????s\????=

??A??s?=???C@?x???`|?w\?????@

Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X?????????????

??????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???

A????? ?A???????B???@?????P?????@?@??????????w??????????@???????????????????B???

???????????????????????P??????r?B

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 0

hidden services: 52

hidden files: 0

Modifié le 11 mai 2007 par Dokiato

[Thanos]

Le rapport n'est pas complêt!! est ce que le pc a redémarré entre temps? as tu bien appuyé sur une touche à la fin du rapport CatchMe ?? >

une fois le scan termine (avec le nombre de files/processes/services hidden dete

ctes)..

Appuyez sur la touche ENTREE du clavier pour continuer l'analyse avec DiagHelp !

Réessaie stp :le rapport se trouvera ici > C:\ et il se nomme "resultat.txt"

 

 

Etant donné que ton gestionnaire de tâches est aussi désactivé, tu vas télécharger regtmcmdrestore.vbs.

Pour celà tu vas sur le site de kellys-korner > http://www.kellys-korner-xp.com/xp_tweaks.htm

et tu vas sur le panneau de gauche > tu repères le N° 275 ( Lift Restrictions - TM, Regedit and CMD ) et tu cliques dessus.

Tu double clique ensuite sur le fichier téléchargé . Normalement tu dois avoir accès de nouveau à ton gestionnaire de tâches après ca (ainsi qu'au registre).

[Dokiato]

Réessaie stp :le rapport se trouvera ici > C:\ et il se nomme "resultat.txt"

 

DiagHelp version v1.07.4 - http://www.malekal.com

excute le 2007-05-11 à 21:06:44,53

 

 

Liste des fichiers modifies/crees dans les 24 dernieres heures...

C:\pagefile.sys

C:\WINDOWS\system32\wsock32.sys

C:\WINDOWS\system32\wpa.dbl

C:\WINDOWS\system32\settings.sfm

C:\WINDOWS\system32\nvapps.xml

C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat

C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat

C:\WINDOWS\system32\settingsbkup.sfm

C:\WINDOWS\system32\BMXState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.rfx

C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.rfx

C:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.rfx

C:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.rfx

C:\WINDOWS\Web\avjadrha.ini2

C:\WINDOWS\Web\avjadrha.bak2

C:\WINDOWS\Temp\Cookies\index.dat

C:\WINDOWS\Temp\WGANotify.settings

C:\WINDOWS\Temp\WGAErrLog.txt

C:\WINDOWS\Debug\UserMode\userenv.log

C:\WINDOWS\Debug\PASSWD.LOG

C:\WINDOWS\Tasks\SA.DAT

C:\WINDOWS\Tasks\AF62DA2791F94F9F.job

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

C:\WINDOWS\bootstat.dat

C:\WINDOWS\SchedLgU.Txt

C:\WINDOWS\CSC�000001

C:\WINDOWS\CSC�000002

C:\WINDOWS.log

C:\WINDOWS\WindowsUpdate.log

C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000004-005A1102}.CDF

C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000004-005A1102}.BAK

C:\WINDOWS\NeroDigital.ini

C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Hijackthis Version Française

C:\Documents and Settings\All Users\Start Menu\Programs\Hijackthis Version Française\Hijackthis Version Française.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Hijackthis Version Française\Page d'accueil de Hijackthis Version Française.lnk

C:\Documents and Settings\NetworkService\NTUSER.DAT

C:\Documents and Settings\NetworkService\Local Settings\desktop.ini

C:\Documents and Settings\NetworkService\Cookies\index.dat

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

C:\Documents and Settings\LocalService\NTUSER.DAT

C:\Documents and Settings\LocalService\Local Settings\desktop.ini

C:\Documents and Settings\LocalService\Cookies\index.dat

C:\Documents and Settings\LocalService\ntuser.dat.LOG

C:\Documents and Settings\Scan\NTUSER.DAT

C:\Documents and Settings\Scan\NTUSER.DAT.LOG

C:\Documents and Settings\Scan\Local Settings\Temp\miunst_.exe

C:\Documents and Settings\Scan\Local Settings\Temp\fla2.tmp

C:\Documents and Settings\Scan\Local Settings\Temp\~DF30AA.tmp

C:\Documents and Settings\Scan\Local Settings\Temp\rpt-1.htm

C:\Documents and Settings\Scan\Local Settings\desktop.ini

C:\Documents and Settings\Scan\My Documents\NeroVision\Projet sans-titre.0003.nvc

C:\Documents and Settings\Scan\Desktop\Hijackthis Version Française.lnk

C:\Documents and Settings\Scan\Cookies\index.dat

C:\Documents and Settings\Scan\ntuser.ini

C:\Documents and Settings\Scan\Contacts\[email protected]\7BDABC66-4961-41F4-99DB-905FD307043F.WindowsLiveContact

C:\Documents and Settings\Scan\Contacts\[email protected]\7148364C-DD60-4507-B809-570895A962CC.WindowsLiveContact

C:\Documents and Settings\Scan\Contacts\[email protected]\32A7DF9C-6985-4928-8E3A-7898E8AAFCFE.WindowsLiveContact

C:\Documents and Settings\Scan\Contacts\[email protected]\F1F9D166-0AF8-4DD9-AAC7-E5185C6D8E28.WindowsLiveContact

C:\Documents and Settings\Scan\Contacts\[email protected]\F7B6B2E0-1CF7-436E-9A02-A46D745A7ED5.WindowsLiveContact

C:\Documents and Settings\Scan\Contacts\[email protected]\DA0E2344-8097-4853-A919-F3C70F1258EE.WindowsLiveContact

C:\Documents and Settings\Scan\Contacts\[email protected]\FDB0C05D-FB02-4E57-9F9C-3F56D820F8F0.WindowsLiveContact

C:\Documents and Settings\Scan\Contacts\[email protected]\AE130951-859F-4CE9-A879-708632FF6051.WindowsLiveContact

C:\Program Files\Lavalys\EVEREST Home Edition\everest.rpf

C:\Program Files\Diskeeper\Diskeep.ctl

C:\Program Files\Apple Software Update\Packages

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\de.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\es.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\fi.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\fr.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\it.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ja.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ko.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\nb.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\nl.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ru.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\sv.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_CN.lproj

C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_TW.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\da.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\de.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\en.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\fi.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\fr.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\it.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ja.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ko.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\nb.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\nl.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ru.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_CN.lproj

C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_TW.lproj

C:\Program Files\Apple Software Update\plugins

C:\Program Files\MSN Messenger\ErrorResponse.xml

C:\Recycled\desktop.ini

C:\Recycled\INFO2

C:\vm404.log

C:\Config.Msi

C:\VundoFix Backups

C:\VundoFix Backups\addmorefiles.txt

C:\VundoFix Backups\aagrprwg.dll.bad

C:\VundoFix Backups\aaheucyw.dll.bad

C:\VundoFix Backups\acsoyuim.dll.bad

C:\VundoFix Backups\adsjqfjf.ini.bad

C:\VundoFix Backups\aijrrhuc.exe.bad

C:\VundoFix Backups\auemrukr.ini.bad

C:\VundoFix Backups\awlgmhpv.dll.bad

C:\VundoFix Backups\awmqdxdi.dll.bad

C:\VundoFix Backups\bafljihr.dll.bad

C:\VundoFix Backups\bbhvwqqc.exe.bad

C:\VundoFix Backups\bhtffxlh.exe.bad

C:\VundoFix Backups\biyidwhx.dll.bad

C:\VundoFix Backups\bmnhjddd.exe.bad

C:\VundoFix Backups\boxfsdvy.ini.bad

C:\VundoFix Backups\brehddkr.dll.bad

C:\VundoFix Backups\bwpyvkhw.exe.bad

C:\VundoFix Backups\cnksefse.dll.bad

C:\VundoFix Backups\ctradjbx.dll.bad

C:\VundoFix Backups\dbqycoyo.dll.bad

C:\VundoFix Backups\despodbo.dll.bad

C:\VundoFix Backups\dgweaube.dll.bad

C:\VundoFix Backups\ebuaewgd.ini.bad

C:\VundoFix Backups\eedgtxux.dll.bad

C:\VundoFix Backups\eggamfin.dll.bad

C:\VundoFix Backups\eieskwbp.exe.bad

C:\VundoFix Backups\emldalkt.ini.bad

C:\VundoFix Backups\esirxfjv.ini.bad

C:\VundoFix Backups\fbqprvil.exe.bad

C:\VundoFix Backups\fiywmipv.dll.bad

C:\VundoFix Backups\fjcugnle.dll.bad

C:\VundoFix Backups\fjfqjsda.dll.bad

C:\VundoFix Backups\fkyqjehr.dll.bad

C:\VundoFix Backups\flmscwgt.exe.bad

C:\VundoFix Backups\fpfqpfki.dll.bad

C:\VundoFix Backups\ftppyfdu.dll.bad

C:\VundoFix Backups\futhtwnh.exe.bad

C:\VundoFix Backups\fxcsjana.dll.bad

C:\VundoFix Backups\fyceuivg.dll.bad

C:\VundoFix Backups\fyiegget.dll.bad

C:\VundoFix Backups\gmjldhlo.dll.bad

C:\VundoFix Backups\gqjffrhn.dll.bad

C:\VundoFix Backups\gwrprgaa.ini.bad

C:\VundoFix Backups\heperrcp.ini.bad

C:\VundoFix Backups\hhqrbsyx.ini.bad

C:\VundoFix Backups\hidayiyu.dll.bad

C:\VundoFix Backups\hiwfyqyl.ini.bad

C:\VundoFix Backups\hkiujrkb.exe.bad

C:\VundoFix Backups\hkxixbbl.dll.bad

C:\VundoFix Backups\hlyeakpn.dll.bad

C:\VundoFix Backups\hqnevngi.dll.bad

C:\VundoFix Backups\hvkjydfp.dll.bad

C:\VundoFix Backups\hwhmidji.exe.bad

C:\VundoFix Backups\idatualb.dll.bad

C:\VundoFix Backups\iemjsury.dll.bad

C:\VundoFix Backups\ihsyswtl.dll.bad

C:\VundoFix Backups\ikfpqfpf.ini.bad

C:\VundoFix Backups\iogyliqu.dll.bad

C:\VundoFix Backups\itnieftr.ini.bad

C:\VundoFix Backups\itxsqobk.dll.bad

C:\VundoFix Backups\jdbromtl.dll.bad

C:\VundoFix Backups\jjvcbsup.dll.bad

C:\VundoFix Backups\jmsatpae.dll.bad

C:\VundoFix Backups\jxtvkcfr.exe.bad

C:\VundoFix Backups\kboqsxti.ini.bad

C:\VundoFix Backups\kdggvbru.ini.bad

C:\VundoFix Backups\kedkmajc.dll.bad

C:\VundoFix Backups\knfmlurp.dll.bad

C:\VundoFix Backups\kvfavwrg.dll.bad

C:\VundoFix Backups\lbbxixkh.ini.bad

C:\VundoFix Backups\leuphjgk.exe.bad

C:\VundoFix Backups\lptabbwh.dll.bad

C:\VundoFix Backups\lvyxuirx.ini.bad

C:\VundoFix Backups\lyqyfwih.dll.bad

C:\VundoFix Backups\najcklyc.dll.bad

C:\VundoFix Backups\ndwtrutu.dll.bad

C:\VundoFix Backups\nhrffjqg.ini.bad

C:\VundoFix Backups\npcykfnq.exe.bad

C:\VundoFix Backups\ntpraaxp.exe.bad

C:\VundoFix Backups\nweipeg.dll.bad

C:\VundoFix Backups\ohbaqphj.dll.bad

C:\VundoFix Backups\ookeiihv.dll.bad

C:\VundoFix Backups\oqarbnaa.dll.bad

C:\VundoFix Backups\oyocyqbd.ini.bad

C:\VundoFix Backups\pbcsvntf.exe.bad

C:\VundoFix Backups\pcrrepeh.dll.bad

C:\VundoFix Backups\piuacanl.dll.bad

C:\VundoFix Backups\prulmfnk.ini.bad

C:\VundoFix Backups\pubfckpc.dll.bad

C:\VundoFix Backups\qgexbfft.ini.bad

C:\VundoFix Backups\qgkbchla.dll.bad

C:\VundoFix Backups\rhejqykf.ini.bad

C:\VundoFix Backups\rhijlfab.ini.bad

C:\VundoFix Backups\rimgygab.exe.bad

C:\VundoFix Backups\rkodupwt.dll.bad

C:\VundoFix Backups\rkurmeua.dll.bad

C:\VundoFix Backups\rkydrsea.exe.bad

C:\VundoFix Backups\rtfeinti.dll.bad

C:\VundoFix Backups\rwoaymiy.dll.bad

C:\VundoFix Backups\rxmtsprb.dll.bad

C:\VundoFix Backups\sbupggnu.dll.bad

C:\VundoFix Backups\scysrofw.dll.bad

C:\VundoFix Backups\sxrpcvew.ini.bad

C:\VundoFix Backups\sytpbtar.dll.bad

C:\VundoFix Backups\teggeiyf.ini.bad

C:\VundoFix Backups\tffbxegq.dll.bad

C:\VundoFix Backups\tfluqycq.dll.bad

C:\VundoFix Backups\tiermnxw.ini.bad

C:\VundoFix Backups\tkladlme.dll.bad

C:\VundoFix Backups\tqrdcwpu.dll.bad

C:\VundoFix Backups\tvicyfgi.dll.bad

C:\VundoFix Backups\uecswfvu.dll.bad

C:\VundoFix Backups\uhnvbopx.ini.bad

C:\VundoFix Backups\unggpubs.ini.bad

C:\VundoFix Backups\upitbwix.ini.bad

C:\VundoFix Backups\upwcdrqt.ini.bad

C:\VundoFix Backups\uqilygoi.ini.bad

C:\VundoFix Backups\uqqjtweg.dll.bad

C:\VundoFix Backups\urbvggdk.dll.bad

C:\VundoFix Backups\uyiyadih.ini.bad

C:\VundoFix Backups\vhiiekoo.ini.bad

C:\VundoFix Backups\vimkrodt.dll.bad

C:\VundoFix Backups\vipcvpxk.dll.bad

C:\VundoFix Backups\vjfxrise.dll.bad

C:\VundoFix Backups\vpimwyif.ini.bad

C:\VundoFix Backups\vssarute.dll.bad

C:\VundoFix Backups\wevcprxs.dll.bad

C:\VundoFix Backups\wforsycs.ini.bad

C:\VundoFix Backups\whastyes.exe.bad

C:\VundoFix Backups\whnojvpo.exe.bad

C:\VundoFix Backups\wiwcgiow.exe.bad

C:\VundoFix Backups\wmqafytx.dll.bad

C:\VundoFix Backups\wvwlgiqx.dll.bad

C:\VundoFix Backups\wxnmreit.dll.bad

C:\VundoFix Backups\wyyokiyb.dll.bad

C:\VundoFix Backups\xghuwoeq.dll.bad

C:\VundoFix Backups\xhimjrts.exe.bad

C:\VundoFix Backups\xhwdiyib.ini.bad

C:\VundoFix Backups\xiwbtipu.dll.bad

C:\VundoFix Backups\xpobvnhu.dll.bad

C:\VundoFix Backups\xqffuuvy.ini.bad

C:\VundoFix Backups\xqiglwvw.ini.bad

C:\VundoFix Backups\xriuxyvl.dll.bad

C:\VundoFix Backups\xsmpdcqy.dll.bad

C:\VundoFix Backups\xtxbdoxk.dll.bad

C:\VundoFix Backups\xtyfaqmw.ini.bad

C:\VundoFix Backups\xuxtgdee.ini.bad

C:\VundoFix Backups\xysbrqhh.dll.bad

C:\VundoFix Backups\yccnpauv.dll.bad

C:\VundoFix Backups\ycsahxoi.dll.bad

C:\VundoFix Backups\yfcbdkjo.dll.bad

C:\VundoFix Backups\yimyaowr.ini.bad

C:\VundoFix Backups\yjwhafgy.dll.bad

C:\VundoFix Backups\ykyjaanp.dll.bad

C:\VundoFix Backups\ylkjvxav.exe.bad

C:\VundoFix Backups\yrusjmei.ini.bad

C:\VundoFix Backups\yvdsfxob.dll.bad

C:\VundoFix Backups\yvuuffqx.dll.bad

C:\VundoFix Backups\yxaskoyr.dll.bad

C:\VundoFix Backups\ahrdajva.dll.bad

C:\VundoFix.txt

 

 

Liste des derniers fichies modifies/crees dans windir\system32

C:\WINDOWS\System32/drivers\secdrv.sys -->2006-12-19 16:55:28

C:\WINDOWS\System32/drivers\scdemu.sys -->2006-11-06 04:28:12

C:\WINDOWS\System32/drivers\sptd.sys -->2006-10-31 17:56:10

C:\WINDOWS\System32/drivers\sptddrv1.sys -->2006-10-31 17:56:10

C:\WINDOWS\System32/drivers\nwrdr.sys -->2006-10-13 05:23:16

C:\WINDOWS\System32/drivers\MmedFilter.sys -->2006-09-06 08:30:38

C:\WINDOWS\System32/drivers\PxHelp20.sys -->2006-08-24 23:47:00

 

C:\WINDOWS\System32\wpa.dbl -->2007-05-11 20:54:48

C:\WINDOWS\System32\nvapps.xml -->2007-05-11 20:54:44

C:\WINDOWS\System32\wsock32.sys -->2007-05-11 20:54:42

C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.rfx -->2007-05-11 20:53:22

C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.rfx -->2007-05-11 20:53:22

C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.rfx -->2007-05-11 20:53:22

C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.rfx -->2007-05-11 20:53:22

C:\WINDOWS\System32\settingsbkup.sfm -->2007-05-11 20:53:22

C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat -->2007-05-11 20:53:22

C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat -->2007-05-11 20:53:22

C:\WINDOWS\System32\settings.sfm -->2007-05-11 20:53:22

C:\WINDOWS\System32\docqqpoq.ini -->2007-05-10 20:35:24

C:\WINDOWS\System32\feiumdcv.ini -->2007-05-10 11:48:14

C:\WINDOWS\System32\xgcmndql.ini -->2007-05-09 06:42:38

C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log -->2007-05-08 19:01:04

C:\WINDOWS\System32\mcrh.tmp -->2007-05-04 16:36:48

C:\WINDOWS\System32\spgnufsi.ini -->2007-05-04 16:14:08

C:\WINDOWS\System32\yieblrdg.ini -->2007-05-01 16:12:52

C:\WINDOWS\System32\kyvxraop.ini -->2007-04-29 18:44:12

C:\WINDOWS\System32\qifexufw.ini -->2007-04-29 18:42:38

C:\WINDOWS\System32\ilvulngr.ini -->2007-04-18 17:16:08

C:\WINDOWS\System32\ntflotau.ini2 -->2007-04-15 10:19:40

C:\WINDOWS\System32\5ZI4VzBqtz.ini -->2007-04-14 16:08:22

C:\WINDOWS\System32\camacttiv.exe -->2007-04-14 16:08:22

C:\WINDOWS\System32\sokiuecw.ini -->2007-04-12 22:54:08

 

C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000004-005A1102}.BAK -->2007-05-11 20:55:00

C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000004-005A1102}.CDF -->2007-05-11 20:55:00

C:\WINDOWS.log -->2007-05-11 20:54:38

C:\WINDOWS\bootstat.dat -->2007-05-11 20:54:14

C:\WINDOWS\WindowsUpdate.log -->2007-05-11 20:53:02

C:\WINDOWS\SchedLgU.Txt -->2007-05-11 20:53:02

C:\WINDOWS\NeroDigital.ini -->2007-05-11 10:37:42

C:\WINDOWS\ModemLog_Intel® 537 Modem.txt -->2007-05-09 21:00:02

C:\WINDOWS\LEXSTAT.INI -->2007-05-09 08:24:56

C:\WINDOWS\mozver.dat -->2007-05-08 19:02:28

C:\WINDOWS\QTFont.qfn -->2007-05-08 17:57:00

C:\WINDOWS\wmsetup.log -->2007-05-05 06:36:26

C:\WINDOWS\wiadebug.log -->2007-04-30 13:29:38

C:\WINDOWS\wiaservc.log -->2007-04-30 13:29:36

C:\WINDOWS\DPINST.LOG -->2007-04-28 17:49:02

 

 

Volume in drive C has no label.

Volume Serial Number is 409E-34A0

 

Directory of C:\WINDOWS\system32

 

2004-08-04 00:56 6 144 csrss.exe

1 File(s) 6 144 bytes

0 Dir(s) 6 390 972 416 bytes free

 

Contenu de Downloaded Program Files

Volume in drive C has no label.

Volume Serial Number is 409E-34A0

 

Directory of C:\WINDOWS\Downloaded Program Files

 

2004-07-06 01:32 <DIR> .

2004-07-06 01:32 <DIR> ..

2004-07-06 01:32 65 desktop.ini

2004-04-19 11:36 735 default.inf

2002-06-19 14:11 117 088 PURen-us.dll

2004-10-08 16:01 372 736 MsnPUpld.dll

2004-10-08 16:13 587 MSNPupld.inf

2002-05-31 09:20 117 328 PURfr-ca.dll

2000-01-20 15:25 1 162 Microsoft XML Parser for Java.osd

2005-08-27 13:30 5 065 swflash.inf

2004-10-15 07:59 110 592 PURfr-xx.dll

2006-04-20 15:22 69 632 USYP_0001_N76M2004NetInstaller.exe

2006-05-10 11:09 173 189 USYP_0001_N76M1005NetInstaller.exe

2006-02-07 17:16 75 776 UERSV_0001_N68M0602NetInstaller.exe

2006-05-25 06:05 <DIR> CONFLICT.1

12 File(s) 1 043 955 bytes

 

Directory of C:\WINDOWS\Downloaded Program Files\CONFLICT.1

 

2006-05-25 06:05 <DIR> .

2006-05-25 06:05 <DIR> ..

0 File(s) 0 bytes

 

Total Files Listed:

12 File(s) 1 043 955 bytes

5 Dir(s) 6 390 448 128 bytes free

 

Recherche de rootkit! (Merci S!Ri)

pe386 présent!

 

Recherche d'infections connues

Possible infection chinoise : MMAssist/Boran, l'utilisation de combofix ou boran-remover

 

 

 

 

 

 

En passant merci t vremant une beast

Modifié le 11 mai 2007 par Dokiato

[Thanos]

Et des rootkits en plus !!!

 

Télécharge rustbfix (par ejvindh) de l'un de ces deux liens :

 

http://www.uploads.ejvindh.net/rustbfix.exe

http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe

...et sauvegarde-le sur ton Bureau.

 

Double clique rustbfix.exe afin de lancer l'outil.

Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer l'ordi. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.

Suite au(x) redémarrage(s), deux rapports s'ouvriront : (C:\avenger.txt & C:\rustbfix\pelog.txt).

Poste (Copie/Colle) le contenu de ces deux rapports, ainsi qu'un nouveau log HijackThis (en mode normal) dans ta prochaine réponse.

[Dokiato]

Ok la je vais reboot

[Dokiato]

Logfile of HijackThis v1.99.1

Scan saved at 21:31:07, on 2007-05-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Diskeeper\DkService.exe

C:\WINDOWS\system32\msasvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Creative\ShareDLL\MediaDet.exe

C:\WINDOWS\system32\ctfmon.exe

F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe

C:\Program Files\internet explorer\iexplore.exe

F:\Programe\Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {248AEE7B-BA53-47C1-BC59-4520A9D7C9F3} - C:\WINDOWS\Web\ahrdajva.dll (file missing)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll

O2 - BHO: (no name) - {669F1F99-1244-4872-B690-DFC5CB4ADECb} - C:\WINDOWS\system32\hpwrrvuv.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: (no name) - {ADA2AEC6-C2A3-4C1E-833F-0BB49DDDBA85} - C:\WINDOWS\system32\hpwrrvuv.dll (file missing)

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe

O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe

O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe

O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe

O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe

O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe

O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe

O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe

O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe

O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe

O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe

O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe

O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe

O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe

O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe

O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe

O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe

O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe

O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe

O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe

O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe

O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe

O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe

O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe

O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe

O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe

O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe

O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe

O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe

O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe

O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe

O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe

O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe

O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe

O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe"

O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {750A64D8-DFAA-485B-A335-F7093333FBB7} - (no file) (HKCU)

O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: fccyy - fccyy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe

O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

 

 

 

Pas de avenger . txt / et pas de pelog.txt

Modifié le 11 mai 2007 par Dokiato

[Thanos]

regarde ici stp pour les deux rapports, car ils sont important!

 

Dans C:\ tout les deux >

 

C:\avenger.txt

C:\rustbfix\pelog.txt

[Dokiato]

J'ai un dossier avenger mais vide et pour l'autre rien du tout (wtf) :S

 

parcontre plusieurs (.exe),(.bat) qui n'étaient pas la avant le reboot .

Modifié le 11 mai 2007 par Dokiato