rapport hijackthis aide merci

[Drog-]

voila je met mon rapports ici j aimerais savoir ce qui va pas merci d avance.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:53:33, on 16/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

I:\WINDOWS\System32\smss.exe

I:\WINDOWS\system32\csrss.exe

I:\WINDOWS\system32\winlogon.exe

I:\WINDOWS\system32\services.exe

I:\WINDOWS\system32\lsass.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\System32\svchost.exe

I:\WINDOWS\System32\svchost.exe

I:\WINDOWS\System32\svchost.exe

I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

I:\WINDOWS\Explorer.EXE

I:\WINDOWS\system32\spoolsv.exe

I:\program files\powerstrip\pstrip.exe

I:\Program Files\Home Cinema\PowerCinema\PCMService.exe

I:\WINDOWS\VM_STI.EXE

I:\Program Files\a-squared Anti-Malware\a2guard.exe

I:\WINDOWS\system32\ctfmon.exe

I:\program files\valve\steam\steam.exe

I:\Program Files\Google\Google Updater\GoogleUpdater.exe

I:\Program Files\a-squared Anti-Malware\a2service.exe

I:\Program Files\AntiVir PersonalEdition Classic\sched.exe

I:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

I:\WINDOWS\System32\FTRTSVC.exe

I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

I:\WINDOWS\system32\nvsvc32.exe

I:\WINDOWS\system32\oodag.exe

I:\WINDOWS\system32\PnkBstrA.exe

I:\WINDOWS\System32\svchost.exe

I:\WINDOWS\System32\alg.exe

I:\Program Files\MSN Messenger\usnsvc.exe

I:\Program Files\Internet Explorer\IEXPLORE.EXE

I:\Program Files\WinRAR\WinRAR.exe

I:\DOCUME~1\BENOIT~1\LOCALS~1\Temp\Rar$EX00.562\HijackThis.exe

I:\WINDOWS\System32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [unlockerAssistant] "I:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [PowerStrip] i:\program files\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [PCMService] "I:\Program Files\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [OODefragTray] I:\WINDOWS\system32\oodtray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Microsoft Corporation Svchost Service] mssvc.exe

O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [bigDogPath] I:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera

O4 - HKLM\..\Run: [{7147f2b1-74f9-82c9-6bdd-49be6cbfe9fb}] I:\WINDOWS\System32\Rundll32.exe "I:\WINDOWS\system32\kcjzxnuekosgnnaxj.dll" DllStart

O4 - HKLM\..\Run: [a-squared] "I:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Service] mssvc.exe

O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [steam] "i:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Orb] "I:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Microsoft Corporation Svchost Service] mssvc.exe

O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Service] mssvc.exe

O4 - Global Startup: InstantTimeZone.lnk = I:\Program Files\InstantTimeZone\InstantTimeZone.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &ICQ Toolbar Search - res://I:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O10 - Broken Internet access because of LSP provider 'i:\program files\bonjour\mdnsnsp.dll' missing

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215792905944

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game08.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Game...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: SF3.DLL

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - I:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - I:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - I:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - I:\WINDOWS\System32\appdrvrem01.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - I:\WINDOWS\system32\oodag.exe

O23 - Service: PnkBstrA - Unknown owner - I:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - I:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - I:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - I:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 9824 bytes

[guigui14100]

Salut

 

Envoi ce fichier sur virus total et colle le rapport stp

 

I:\WINDOWS\system32\kcjzxnuekosgnnaxj.dll

 

http://www.virustotal.com/fr/

 

AVG antispyware est dépasé il me semble qui n'y a plus de mise a jour

 

Fait un scan avec malwarebytes antimalware

http://malwarebytes.org/mbam.php

 

Désinstalle les toolbars, il ne serve a rien.

 

  Citation

The unsafe files using this name are associated with the malware group NGV.Some files using the name MSSVC.EXE are also associated with the malware groups:

 

* Trojan.Vundo

* Downloader.Small.27.AE

 

Tu es infecté utilise vundofix http://www.atribune.org/ccount/click.php?id=4

  Citation

* Double-click VundoFix.exe to run it.

* When VundoFix opens, click the Scan for Vundo button.

* Once it's done scanning, click the Remove Vundo button.

* You will receive a prompt asking if you want to remove the files, click YES

* Once you click yes, your desktop will go blank as it starts removing Vundo.

* When completed, it will prompt that it will reboot your computer, click OK.

Modifié le 16 juillet 2008 par guigui14100

[Drog-]

merci de ta réponse je te poste le rapport avec virus total :

 

Fichier kcjzxnuekosgnnaxj.dll reçu le 2008.07.17 18:22:52 (CET)

Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

 

 

Résultat: 1/31 (3.23%)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.7.17.0 2008.07.17 -

AntiVir 7.8.0.68 2008.07.17 -

Authentium 5.1.0.4 2008.07.16 -

Avast 4.8.1195.0 2008.07.17 -

AVG 8.0.0.130 2008.07.17 -

BitDefender 7.2 2008.07.17 -

CAT-QuickHeal 9.50 2008.07.17 -

ClamAV 0.93.1 2008.07.17 -

DrWeb 4.44.0.09170 2008.07.17 -

eSafe 7.0.17.0 2008.07.17 -

eTrust-Vet 31.6.5962 2008.07.17 -

Ewido 4.0 2008.07.17 -

F-Prot 4.4.4.56 2008.07.16 -

F-Secure 7.60.13501.0 2008.07.17 -

Fortinet 3.14.0.0 2008.07.17 -

GData 2.0.7306.1023 2008.07.17 -

Ikarus T3.1.1.34.0 2008.07.17 -

Kaspersky 7.0.0.125 2008.07.17 -

McAfee 5340 2008.07.16 -

Microsoft 1.3704 2008.07.17 -

NOD32v2 3276 2008.07.17 -

Norman 5.80.02 2008.07.16 -

Panda 9.0.0.4 2008.07.16 -

Prevx1 V2 2008.07.17 Malicious Software

Rising 20.53.32.00 2008.07.17 -

Sophos 4.31.0 2008.07.17 -

Sunbelt 3.1.1536.1 2008.07.17 -

TheHacker 6.2.96.381 2008.07.16 -

TrendMicro 8.700.0.1004 2008.07.17 -

VirusBuster 4.5.11.0 2008.07.17 -

Webwasher-Gateway 6.6.2 2008.07.17 -

 

Information additionnelle

File size: 158208 bytes

MD5...: 6c792f798f11b23a4379c18b363aac8f

SHA1..: 6fb4e7851b74a59289843ea985b842ec6637d61a

SHA256: ba94bc7531733b81fe8a0ed5869eb07d44ae3badc38a520d87a07606a04e94ed

SHA512: a0a483b4801ba16429ca5e93707a9d08eb65c98e0f5e8727c96063b0c620be77

4e6eebbc1b58b34500b1e40a9975ab66aeb6e3bad1ec2f8ece0a7d7e63c5fbe5

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x1000fe28

timedatestamp.....: 0x4871fd0d (Mon Jul 07 11:25:01 2008)

machinetype.......: 0x14c (I386)

 

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x1cc7e 0x1ce00 6.60 ead23f93499418c785aeea3c5b66d47c

.rdata 0x1e000 0x597d 0x5a00 5.30 89d79eadbeac3f10587de7a028e2ceae

.data 0x24000 0x3440 0x1400 3.74 a7ec6e13a846f6fcad6597f26741b779

.rsrc 0x28000 0x370 0x400 4.63 688f151042092891e7221d464b5ef6a3

.reloc 0x29000 0x240c 0x2600 4.61 45e4e57064c8b358d43a641d1b1fb46d

 

( 9 imports )

> RPCRT4.dll: UuidToStringW, RpcStringFreeW

> VERSION.dll: VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW

> imagehlp.dll: MapAndLoad, UnMapAndLoad

> SHLWAPI.dll: SHSetValueW, StrStrIW, UrlEscapeW, StrCmpIW, SHDeleteKeyW

> KERNEL32.dll: GetStringTypeW, GetStringTypeA, LCMapStringA, GetLocaleInfoA, GetConsoleMode, GetConsoleCP, lstrlenW, CloseHandle, SetEvent, CreateProcessW, GetProcAddress, LoadLibraryW, ExitThread, WaitForSingleObject, CreateThread, CreateEventW, OpenProcess, Sleep, CreateMutexW, GetSystemTime, GlobalFree, GlobalAlloc, LocalFree, LocalAlloc, InterlockedIncrement, InterlockedDecrement, lstrcmpW, GetModuleFileNameW, SystemTimeToFileTime, GetLocalTime, LoadLibraryA, ExpandEnvironmentStringsW, WideCharToMultiByte, MultiByteToWideChar, GetTempFileNameW, GetTickCount, GetEnvironmentVariableW, VirtualQuery, GetVolumeInformationW, GetWindowsDirectoryW, GetSystemInfo, SetFilePointer, HeapSize, HeapReAlloc, VirtualAlloc, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, VirtualFree, HeapDestroy, HeapCreate, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, DeleteCriticalSection, GetStartupInfoA, GetFileType, SetHandleCount, ExitProcess, LCMapStringW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, InitializeCriticalSectionAndSpinCount, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, FlushFileBuffers, FreeLibrary, GetModuleFileNameA, GetStdHandle, WriteFile, GetModuleHandleA, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleHandleW, HeapAlloc, HeapFree, GetLastError, GetCommandLineA, GetCurrentThreadId, RtlUnwind, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent

> USER32.dll: GetWindowTextW, EnumChildWindows, RealGetWindowClassW, CallWindowProcW, SetWindowLongW, SetPropW, SetWindowPos, SetActiveWindow, PostMessageW, SetCursorPos, GetWindowThreadProcessId, GetPropW, SendInput, SetWindowTextW, EnumWindows, GetSystemMetrics, GetWindowInfo, GetWindowRect, TranslateMessage, PeekMessageW, RemovePropW, DispatchMessageW, GetCursorPos, GetClassNameW, SendMessageW, MsgWaitForMultipleObjects

> ADVAPI32.dll: CryptGenRandom, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptAcquireContextW, CryptReleaseContext, RegQueryValueExW, RegCreateKeyW, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW, RegCloseKey

> ole32.dll: CoCreateInstance, CoInitializeEx, CoTaskMemFree, CoUninitialize

> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -

 

( 5 exports )

DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllStart, DllUnregisterServer

 

Prevx info: http://info.prevx.com/aboutprogramtext.asp...A58E60047BE53FD

[angelique]

il a reposté là http://forum.zebulon.fr/mon-rapport-hijact...80#entry1254580

 

je lui ai donné qlqs consignes pour qu'il te poste ses rapport ici , guigui14100 \o_

 

Vu l'absence de O2&O20 y'a p't être du Vundo en plus ; MP si besoin d'aide , fait lui DL :

 

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau en le renommant dans la fenetre d'enregistrement par Combo-Fix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* Double-clique combofix.exe afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

ou MBAM http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

[Drog-]

[ok merci v essaye tous se que tu ma dit et désolé pour le doublon

Modifié le 17 juillet 2008 par angelique
tu fais ce qui est dit sur ton sujet Fermé avant!!

[Drog-]

[REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

"path"="I:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"

"backup"="I:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

"location"="Common Startup"

"command"="I:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"

"item"="Microsoft Office"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\!AVG Anti-Spyware]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="avgas"

"hkey"="HKLM"

"command"="\"I:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\a-squared]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="a2guard"

"hkey"="HKLM"

"command"="\"I:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\" /d=60"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="avgnt"

"hkey"="HKLM"

"command"="\"I:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="daemon"

"hkey"="HKCU"

"command"="\"I:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HiYo]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HiYo"

"hkey"="HKLM"

"command"="I:\\Program Files\\HiYo\\bin\\HiYo.exe /RunFromStartup"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ICQ"

"hkey"="HKCU"

"command"="\"I:\\Program Files\\ICQ6\\ICQ.exe\" silent"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Corporation Svchost Service]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mssvc"

"hkey"="HKLM"

"command"="mssvc.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="I:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OODefragTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="oodtray"

"hkey"="HKLM"

"command"="I:\\WINDOWS\\system32\\oodtray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Orb]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="OrbTray"

"hkey"="HKCU"

"command"="\"I:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCMService]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PCMService"

"hkey"="HKLM"

"command"="\"I:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="\"I:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TomTomHOME"

"hkey"="HKLM"

"command"="\"I:\\Program Files\\TomTom HOME\\TomTomHOME.exe\" -s"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnlockerAssistant]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="UnlockerAssistant"

"hkey"="HKLM"

"command"="\"I:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winampa"

"hkey"="HKLM"

"command"="\"I:\\Program Files\\Winamp\\winampa.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{7147f2b1-74f9-82c9-6bdd-49be6cbfe9fb}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="kcjzxnuekosgnnaxj"

"hkey"="HKLM"

"command"="I:\\WINDOWS\\System32\\Rundll32.exe \"I:\\WINDOWS\\system32\\kcjzxnuekosgnnaxj.dll\" DllStart"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

"system.ini"=dword:00000000

"win.ini"=dword:00000000

"services"=dword:00000000

"startup"=dword:00000002

[angelique]

attaque SDFix comme je t'ai dis dans mon message fermé + ComboFix, on finalisera demain , je serais connect vers 09:00 ~~

[Drog-]

dans runthis quand j appuie sur Y ca me ferme la fenetre dos est ce normale

[angelique]

• copie_colle la ligne ci dessous pour lancer SDFix en mode sans echec , toujours, dans executer et valide la:

 

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

 

et relance RunThis.bat

[Drog-]

voici mon rapport sdfix :

 

SDFix: Version 1.206

Run by benoit pellissier on 18/07/2008 at 14:14

 

Microsoft Windows XP [version 5.1.2600]

Running From: I:\DOCUME~1\BENOIT~1\Bureau\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-18 14:20:33

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:e5,3f,6a,04,77,cd,e0,e1,f1,7a,92,23,b2,1d,4d,61,bf,8c,31,d6,25,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:62,6c,85,bd,75,53,15,09,dd,71,37,68,49,0b,b4,28,d5,c0,46,4f,04,..

"p0"="I:\Program Files\DAEMON Tools Lite\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:7e,74,aa,9a,1f,f5,c6,02,54,f0,5b,32,02,11,0e,e2,74,e6,32,30,83,..

"a0"=hex:20,01,00,00,5b,6d,ff,d5,d1,ad,99,35,1f,fb,67,73,3d,c9,a1,0a,4d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:c0,11,79,80,e9,99,7a,22,5c,ff,60,24,b2,c4,bc,ee,68,b3,7a,76,5d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:c0,11,79,80,e9,99,7a,22,5c,ff,60,24,b2,c4,bc,ee,68,b3,7a,76,5d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:d7,43,4b,86,f5,04,08,a7,3c,9d,8a,d0,be,24,ab,78,b5,74,d6,da,25,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:d7,43,4b,86,f5,04,08,a7,3c,9d,8a,d0,be,24,ab,78,b5,74,d6,da,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:e5,3f,6a,04,77,cd,e0,e1,f1,7a,92,23,b2,1d,4d,61,bf,8c,31,d6,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:62,6c,85,bd,75,53,15,09,dd,71,37,68,49,0b,b4,28,d5,c0,46,4f,04,..

"p0"="I:\Program Files\DAEMON Tools Lite\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:7e,74,aa,9a,1f,f5,c6,02,54,f0,5b,32,02,11,0e,e2,74,e6,32,30,83,..

"a0"=hex:20,01,00,00,5b,6d,ff,d5,d1,ad,99,35,1f,fb,67,73,3d,c9,a1,0a,4d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:c0,11,79,80,e9,99,7a,22,5c,ff,60,24,b2,c4,bc,ee,68,b3,7a,76,5d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:c0,11,79,80,e9,99,7a,22,5c,ff,60,24,b2,c4,bc,ee,68,b3,7a,76,5d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:d7,43,4b,86,f5,04,08,a7,3c,9d,8a,d0,be,24,ab,78,b5,74,d6,da,25,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:d7,43,4b,86,f5,04,08,a7,3c,9d,8a,d0,be,24,ab,78,b5,74,d6,da,25,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]

"OODEFRAG10.00.00.01WORKSTATION"="7DDD3B15AB46C087185BF2F41D52BD4927046B6821CCDA04A66FB2339EEC93D7E017499904B

316210B0BF5D27E2B092729BAFAFB8E321E5C49468BA9EA5FF7B18DEB1DFC2CEB5DFB7D7801515032

3D63B7D0D37508BF87E76488B5755E6FC971FE86DA76A01B2B7572BDE42123572FA6F973131DD2C44

5B860913B16936EB4B2881598DFEF33CA523FFBE4161D4DE3FCE9514ADE4857BCC27F431B34387199

F1CCC761383E6D38B80D5238A6F50B17D6581F7D4E554E06DFD48246188F510E9345D43423C1BFA63

5DBEA8CF0784D36886692A51E7AC469CE483623AE6E2C59DB3EF705E6C6EAF936FA6D013386FEBC9E

127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E1

27BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA9C6AECB7A5D1407BA7FD869164D6794B9A6C01C

D3B2297768560EDDE1AB67DFDE2D0514CFADB85F28972958D65D1837F0B3B8A957076681B246CC050

E725AECF3008CC75593F3509591F0F003891089300F94A34BE3FB3008239981B4442191831B1BD1A4

C94206BFB1AD7B6ECF438EAD3772CF82F48647BE8BBC9D9BFAD327A3D7411E8F75538DA02ED8AA9B4

21CA76064D4C550D7CB9FEF4FDF7809E12E99B14571706F2D7D0872F2500593E5294B087B22F390A0

B0A27B749382C63910684A2686E09F80382BB61FD46762B61A04241BA4999FD6414F02B54B01A3B57

EA9D1F03BD97EEF22BE32878C8198A0466F79138BCBDFF32BBAEAFEDC10F17E1F04EF4FAF18EFEE79

236BB200D74D87A7401267E8F2B5E7438A5FF2061B09AFC0B40F216A30DC6826462FDB1E4096BF5BB

CBB5232CD8C15FEFA4EE6E465C35A500C5EF7D109B038AFAF8DF3B669911425BF06BE42EA51D3795B

E9E3FC030001E3EDD11A33DC5AB043F75B9DFE505FC3E8B547CDD830F4EE718EA727B5DF211CB1D11

F82BE39CD95314C2FB092C9247D30A3975416566DA34A8C41235A388C981745C1E088038320EEECE6

376DFD89EB2B9D555A82E936270BDEB67D1A9FAED593E8F995097175FD94B122726FE7BBA4AA4EA01

C084CC91FDD26C78E097974274BEF4AB91D8CA3CEDF81C455E0D8EAB824F45F8BF2B0ACA612957DE5

1E80D1560522F995063414A8B1DA760869724C29B1E3BACB7821E2CD1AF42042B5433D1DAD5D1428E

51DCA168ECD2565162E97EB117F1FB5AD7AF5170E9E3D1B8D23B02ED411E724464B5591A0817E7CD9

570B6BA443BD568D6D7479A802A89AC955AB2BAE4107F0949B440DB2ADF812898D660572BD8D6C757

E70DE4723F79BF2E330AD9286CBA79FBB2A6DB621CB1CDDC3ED8AA391C4EFA806FD286D988432722D

45C07C0ECE971DAE9E0C42BBF148F4436A4386746306CD31B728C38DED231962F4648C1770C3A3CAB

C368DF12DF3CF272AE70EB0A80DED"

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"I:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="I:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"

"I:\\Nexon\\KartRider\\NMService.exe"="I:\\Nexon\\KartRider\\NMService.exe:*:Enabled:Nexon Messenger Core"

"I:\\Program Files\\MSN Messenger\\livecall.exe"="I:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Call"

"I:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="I:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"

"I:\\Program Files\\ICQ6\\ICQ.exe"="I:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"

"I:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"="I:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"

"I:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"="I:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"

"I:\\Program Files\\LimeWire\\LimeWire.exe"="I:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"I:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"="I:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2008"

"I:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"="I:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2008 - AutoRun"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Thu 5 Jun 2003 24,576 A..H. --- I:\PROGRA~1\RAMBOO~1\STOPRAM.EXE

Wed 29 Aug 2007 4,348 ..SH. --- I:\DOCUME~1\ALLUSE~1\DRM\DRMV1.BAK

Mon 30 Jun 2008 0 A.SH. --- I:\DOCUME~1\ALLUSE~1\DRM\CACHE\INDIV01.TMP

Mon 30 Jun 2008 0 A.SH. --- I:\DOCUME~1\ALLUSE~1\DRM\CACHE\INDIV02.TMP

Wed 15 Aug 2007 72 A..H. --- I:\PROGRA~1\COMMON~1\X10\COMMON\X10PROD.SYS

Wed 29 Aug 2007 4,348 ...H. --- I:\DOCUME~1\BENOIT~1\MESDOC~1\MAMUSI~1\SAUVEG~1\DRMV1KEY.BAK

Wed 29 Aug 2007 20 A..H. --- I:\DOCUME~1\BENOIT~1\MESDOC~1\MAMUSI~1\SAUVEG~1\DRMV1LIC.BAK

Wed 29 Aug 2007 400 ...H. --- I:\DOCUME~1\BENOIT~1\MESDOC~1\MAMUSI~1\SAUVEG~1\DRMV2KEY.BAK

Wed 29 Aug 2007 1,536 A..H. --- I:\DOCUME~1\BENOIT~1\MESDOC~1\MAMUSI~1\SAUVEG~1\DRMV2LIC.BAK

 

Finished!