|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour,
Alors voila depuis quelques temps bitdefender me detecte le virus "Trojan.Vundo.DVS" j'ai éssayer de suivre la procédure décrite dans un post mais rien a faire celui-ci est encore là.
Voici les messages qui apparaisse et cela toute les 30 secondes environ.
Virus Name: Trojan.Vundo.DVS
Path: c:\WINDOWS\system32\GOYacJjl.ini
Virus Name: Trojan.Vundo.DVS
Path: c:\WINDOWS\system32\GOYacJjl.ini2
|
|
Modérateur/Helper
|
|
|
Bonjour,
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
Double clique sur HJTInstall.exe pour lancer l'installation.
Clique sur Install.
Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.
Accepte la licence en cliquant sur Yes.
Clique sur "Do a system scan and save a logfile".
Poste ici le rapport généré.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
|
|
|
|
|
Voici mon rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:21, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\BitDefender 2008\bdagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cabal T-Helper\Launcher.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/tr(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\PowerDVD8\PowerDVD8\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe
O4 - Startup: MultiRes.lnk = C:\Program Files\MultiRes\MultiRes.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B85800A2-905E-4B60-8434-18FB4388FE6F}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cabal Official Wiki: Cabal Auto-Manual Updater update permissions manager. 7938. - Unknown owner - C:\Program Files\Cabal T-Helper\Launcher.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 5957 bytes
|
|
Modérateur/Helper
|
|
|
1) Télécharge ATF Cleaner de Attribune sur ton bureau.
Tuto : http://mickael.barroux.free.fr/securite/atf_cleaner.php
Lance ATF-Cleaner : Double-clique sur ATF-Cleaner.exe
Coche ceci :
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle Bin
Clique sur Empty Selected et au message "Done Cleaning" sur Ok
2) Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.
Télécharge Vundofix (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".
N.B : Il se peut que vundofix ne détecte rien, dans ce cas-là pas de rapport nécessaire, dis-moi juste qu'il n'a rien trouvé.
Une fois cela fait, on passera à la suite 
|
|
|
|
|
|
Modérateur/Helper
|
|
|
|
|
voici le rapport combofix
ComboFix 08-05-12.1 - Hikage 2008-05-15 19:06:00.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Hikage\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\windows\system32\mcrh.tmp
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.
2008-05-14 21:16 . 2008-05-14 21:16 <REP> d-------- C:\VundoFix Backups
2008-05-14 19:57 . 2008-05-14 19:57 4,624,647 --a------ C:\upload_moi_URANIUMOFCOURSE.tar.gz
2008-05-14 19:25 . 2008-05-14 19:25 <REP> d-------- C:\WINDOWS\system32\xircom
2008-05-14 19:25 . 2008-05-14 19:25 <REP> d-------- C:\Program Files\microsoft frontpage
2008-05-14 15:11 . 2008-05-14 15:11 316,064 --a------ C:\WINDOWS\system32\ljJcaYOG.dll
2008-05-12 15:06 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2008-05-12 15:06 . 2001-08-23 17:47 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2008-05-12 15:06 . 2001-08-17 22:05 48,000 --a------ C:\WINDOWS\system32\drivers\OVCam2.sys
2008-05-12 15:06 . 2001-08-23 17:47 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2008-05-12 15:06 . 2001-08-23 17:47 42,496 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2008-05-12 15:06 . 2001-08-23 17:47 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2008-05-12 15:06 . 2001-08-17 22:05 28,032 --a------ C:\WINDOWS\system32\drivers\OVCD.sys
2008-05-12 15:06 . 2001-08-23 17:47 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2008-05-12 05:33 . 2008-05-12 05:33 <REP> d-------- C:\Program Files\Fichiers communs\CyberLink
2008-05-12 05:28 . 2008-05-12 05:30 <REP> d-------- C:\Program Files\PowerDVD8
2008-05-12 05:28 . 2008-05-12 05:27 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-05-12 01:07 . 2008-05-15 19:32 <REP> d-------- C:\Program Files\Steam
2008-05-11 22:18 . 2008-05-14 15:20 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-11 22:03 . 2008-05-15 16:27 <REP> d-------- C:\Program Files\BitDefender 2008
2008-05-11 22:03 . 2008-05-11 22:03 <REP> d-------- C:\Documents and Settings\Hikage\Application Data\Bitdefender
2008-05-11 22:03 . 2008-05-11 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 22:01 . 2008-05-11 22:03 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-11 20:56 . 2008-05-11 20:56 <REP> d-------- C:\Documents and Settings\Hikage\Application Data\Thinking Minds Budiling Bytes
2008-05-11 20:06 . 2008-05-11 20:06 <REP> d-------- C:\Documents and Settings\Hikage\Application Data\RapidGet
2008-05-10 18:35 . 2008-05-07 11:28 196,608 --a------ C:\WINDOWS\system32\TubeFinder.exe
2008-05-09 07:06 . 2008-05-09 07:06 316,064 --a------ C:\WINDOWS\system32\opnmlMGV.dll
2008-05-08 14:02 . 2008-05-08 14:02 0 --a------ C:\WINDOWS\VCamera.INI
2008-05-08 13:57 . 2008-05-08 13:59 230,420 --a------ C:\WINDOWS\system32\LastVcImage.vci
2008-05-06 07:06 . 2008-05-06 07:06 316,128 --------- C:\WINDOWS\system32\jkkKBQhi.dll
2008-05-05 22:20 . 2008-05-14 19:17 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-29 17:47 . 2008-05-03 18:59 <REP> d-------- C:\Mes Sites Web
2008-04-29 17:04 . 2008-05-13 03:07 <REP> d-------- C:\Program Files\SnadBoy's Revelation v2
2008-04-26 19:14 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-26 19:14 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-25 10:10 . 2008-04-25 10:10 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-04-25 10:10 . 2008-04-25 10:10 <REP> d-------- C:\Documents and Settings\Hikage\Application Data\TomTom
2008-04-25 10:10 . 2008-04-25 10:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-04-25 09:51 . 2008-04-25 10:05 <REP> d-------- C:\Program Files\TomTom HOME
2008-04-25 05:04 . 2008-04-25 05:04 <REP> dr-h----- C:\Documents and Settings\Hikage\Application Data\SecuROM
2008-04-25 05:04 . 2008-04-25 05:04 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-25 00:36 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-24 11:24 . 2008-04-24 11:24 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-04-24 11:24 . 2008-04-24 11:24 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-04-22 21:39 . 2008-04-22 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-04-20 15:37 . 2008-05-11 22:45 <REP> d-------- C:\Program Files\No-IP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:18 --------- d-----w C:\Documents and Settings\Hikage\Application Data\BitTorrent
2008-05-14 23:56 --------- d-----w C:\Documents and Settings\Hikage\Application Data\teamspeak2
2008-05-14 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-13 10:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-12 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-12 03:34 --------- d-----w C:\Documents and Settings\Hikage\Application Data\CyberLink
2008-05-12 03:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 20:48 --------- d-----w C:\Program Files\DiffDoc
2008-05-11 20:47 --------- d-s---w C:\Program Files\HLSW
2008-05-11 20:47 --------- d-----w C:\Documents and Settings\Hikage\Application Data\HLSW
2008-05-11 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-11 20:41 --------- d-----w C:\Program Files\SWF Extractor
2008-05-11 20:39 --------- d-----w C:\Program Files\NSIS
2008-05-11 20:38 --------- d-----w C:\Program Files\MeuhMeuhTV
2008-05-11 18:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 16:35 --------- d-----w C:\Program Files\Free FLV Converter
2008-05-09 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-08 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-07 15:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-05 20:18 --------- d-----w C:\Program Files\Lavasoft
2008-05-05 20:18 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-04 23:23 --------- d-----w C:\Program Files\FlashFXP
2008-05-02 18:08 --------- d-----w C:\Program Files\Cabal T-Helper
2008-04-28 15:14 --------- d-----w C:\Program Files\Windows Live
2008-04-25 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-24 20:16 --------- d-----w C:\Program Files\QMacro
2008-04-24 20:15 --------- d-----w C:\Program Files\SolidWorks
2008-04-24 09:00 --------- d-----w C:\Program Files\YesMessenger
2008-04-20 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-19 14:12 --------- d-----w C:\Program Files\Notepad++
2008-04-10 14:24 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-10 05:36 --------- d-----w C:\Documents and Settings\Hikage\Application Data\Subversion
2008-04-08 23:25 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-06 21:37 --------- d-----w C:\Program Files\Disney
2008-04-04 14:28 --------- d-----w C:\Documents and Settings\Hikage\Application Data\atitray
2008-04-04 14:15 --------- d-----w C:\Program Files\MultiRes
2008-04-04 04:07 472,576 ----a-w C:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-04-04 04:07 --------- d-----w C:\Program Files\Radeon Omega Drivers
2008-03-29 06:21 2,873,856 ----a-w C:\windows\system32\drivers\ati2mtag.sys
2008-03-29 03:18 49,152 ----a-w C:\windows\system32\drivers\ati2erec.dll
2008-03-28 17:14 --------- d-----w C:\Program Files\SpeedFan
2008-03-28 15:34 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-03-26 20:15 --------- d-----w C:\Program Files\DDS Converter 2
2008-03-26 19:47 --------- d-----w C:\Program Files\Free Audio Pack
2008-03-25 18:06 --------- d-----w C:\Program Files\TSO
2008-03-25 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluebeam Software
2008-03-25 08:53 31,480 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
2008-03-25 04:29 --------- d-----w C:\Documents and Settings\Hikage\Application Data\SolidWorks
2008-03-25 01:04 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2008-03-24 23:57 --------- d-----w C:\Program Files\Mysterious Angel
2008-03-24 22:01 --------- d-----w C:\Program Files\Fichiers communs\Solidworks Data
2008-03-21 14:04 --------- d-----w C:\Program Files\MMTVConfig
2008-03-21 14:01 --------- d-----w C:\Documents and Settings\Hikage\Application Data\InstallShield
2008-03-21 13:59 --------- d-----w C:\Program Files\K!TV
2008-03-21 13:50 --------- d-----w C:\Program Files\GUILD WARS
2008-03-20 11:33 --------- d-----w C:\Program Files\MSBuild
2008-03-20 11:33 --------- d-----w C:\Program Files\Microsoft Works
2008-03-20 11:31 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-20 11:28 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-20 05:26 --------- d-----w C:\Program Files\directx
2008-03-17 18:27 --------- d-----w C:\Documents and Settings\Hikage\Application Data\VoipBuster
2008-03-17 06:25 --------- d-----w C:\Program Files\NeroInstall.bak
2008-03-17 06:20 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-03-17 06:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-17 04:55 --------- d-----w C:\Documents and Settings\Hikage\Application Data\MMTVConfig
2008-03-16 06:42 --------- d-----w C:\Program Files\QuickTime
2008-03-16 06:37 --------- d-----w C:\Documents and Settings\Hikage\Application Data\Lavasoft
2008-03-16 01:18 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-15 18:25 --------- d-----w C:\Program Files\Fake Webcam
2008-03-15 15:37 65,536 ----a-w C:\windows\IFinst27.exe
2008-03-15 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-15 13:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-15 13:09 --------- d-----w C:\Documents and Settings\Hikage\Application Data\Hide IP NG
2008-03-15 05:03 98,304 ----a-w C:\windows\fmsxwqs.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-14_19.36.33.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 17:25:36 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-05-15 17:29:57 2,048 --s-a-w C:\windows\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{165F742D-30EE-455F-8A07-141C786F7B1B}]
2008-05-14 15:11 316064 --a------ C:\windows\system32\ljJcaYOG.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-04 05:54 15360]
"SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-25 00:03 683520]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-05-14 02:27 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-05-12 01:07 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
"RemoteControl8"="C:\Program Files\PowerDVD8\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\PowerDVD8\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:54 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"ClearDocsOnExit"= 64 (0x40)
"NoBandCustomize"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"ClearDocsOnExit"= 64 (0x40)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"VIDC.PIM1"= PCLEPIM1.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\windows\system32\ljJcaYOG.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HackerDefender084]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station pour Livebox.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station pour Livebox.lnk
backup=C:\WINDOWS\pss\WiFi Station pour Livebox.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Hikage^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\Hikage\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2003-12-27 21:43 81920 C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-05-14 02:27 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 10:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPHost]
--a------ 2006-11-21 19:59 216576 C:\Program Files\PSPHost\PSPHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-12 01:07 1271032 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-04-23 21:43 202088 C:\Program Files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoader]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B2-25-58-80-DW}]
c:\windows\system32\rwwnw64d.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\PSPHost\\files\\PimpStreamer.exe"=
"C:\\Program Files\\PSPHost\\files\\sockettest.exe"=
"C:\\Program Files\\TrackMania United 2.0.0 FR\\TmUnited.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Counter-Strike\\hl.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.3\\bin\\httpd.exe"=
"E:\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"C:\\Documents and Settings\\Hikage\\Bureau\\Jeux\\WiFiController.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.4\\bin\\httpd.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.2\\bin\\httpd.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\tightvnc-1.3.9_x86\\WinVNC.exe"=
"C:\\Program Files\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:Wamp
R0 atiide;atiide;C:\windows\system32\DRIVERS\atiide.sys [2004-06-01 11:02]
R0 d344bus;d344bus;C:\windows\system32\DRIVERS\d344bus.sys [2003-12-27 21:42]
R0 d344prt;d344prt;C:\windows\system32\Drivers\d344prt.sys [2003-12-27 03:38]
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 09:55]
R2 Cabal Official Wiki: Cabal Auto-Manual Updater update permissions manager. 7938.;Cabal Official Wiki: Cabal Auto-Manual Updater update permissions manager. 7938.;C:\Program Files\Cabal T-Helper\Launcher.exe [2008-03-24 21:25]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\windows\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\windows\system32\drivers\PPJoyBus.sys [2004-10-24 09:11]
R3 PPortJoystick;Parallel Port Joystick device driver;C:\windows\system32\drivers\PPortJoy.sys [2004-10-24 09:11]
S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys []
S3 DoTspdpHz;DoTspdpHz;E:\MHS4.017\ITPCH []
S3 HackerDefenderDrv084;HackerDefenderDrv084;C:\Documents and Settings\Hikage\Bureau\hxdef084\hxdefdrv.sys []
S3 LvrNXHXkY;LvrNXHXkY;E:\MHS4.017\OECTBP []
S3 pctvvbi;PCTVVBI;C:\windows\system32\DRIVERS\pctvvbi.sys [2002-11-11 20:52]
S3 projectx1;projectx1;E:\Project X\FelipeZe.sys []
S3 SoRa01;SoRa01;E:\Hack\SoRa Engine 2.4\SoRa.sys [2007-07-27 21:31]
S3 SoRa1;SoRa1;E:\Hack\SoRa Engine 2.3\SoRa23.sys [2007-07-20 12:39]
S3 sora121;sora121;E:\SoRa Engine2.90\sora12.sys []
S3 TCSAlCr;TCSAlCr;E:\Hack\MHS4.017\UKQM []
S4 HackerDefender084;HackerDefender084;C:\Documents and Settings\Hikage\Bureau\hxdef084\hxdef084.exe []
S4 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S4 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-04 17:04:02 C:\windows\Tasks\Automatic Updates Checking for Cabal Auto-Manual Updater.job"
- C:\Program Files\Cabal T-Helper\Launcher.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 19:31:12
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
"ImagePath"="System32\Drivers\BTHUSB.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cabal Official Wiki: Cabal Auto-Manual Updater update permissions manager. 7938.]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DoTspdpHz]
"ImagePath"="\??\E:\MHS4.017\ITPCH"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LvrNXHXkY]
"ImagePath"="\??\E:\MHS4.017\OECTBP"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TCSAlCr]
"ImagePath"="\??\E:\Hack\MHS4.017\UKQM"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 19:41:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 17:40:44
ComboFix2.txt 2008-05-14 17:38:11
Pre-Run: 31,255,580,672 octets libres
Post-Run: 31,590,252,544 octets libres
317
|
|
|
|
|
et voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:13, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cabal T-Helper\Launcher.exe
C:\windows\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender 2008\bdagent.exe
C:\Program Files\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/tr(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\PowerDVD8\PowerDVD8\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe
O4 - Startup: MultiRes.lnk = C:\Program Files\MultiRes\MultiRes.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B85800A2-905E-4B60-8434-18FB4388FE6F}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cabal Official Wiki: Cabal Auto-Manual Updater update permissions manager. 7938. - Unknown owner - C:\Program Files\Cabal T-Helper\Launcher.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 5760 bytes
|
|
Modérateur/Helper
|
|
|
Nous allons installer la Console de Récupération sur ton pc. Cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.
Lorsque tu as cliqué sur le lien correspondant à la version de ton Windows, tu seras dirigé sur une page: clique sur le bouton Télécharger afin de récupérer le package d'installation et enregistre ce fichier sur le bureau. Ne modifie pas le nom du fichier surtout!
Windows XP sans Service Pack >
Microsoft Windows XP Édition familiale
Microsoft Windows XP Professionnel
Windows XP Service Pack 1 (SP1) >
Microsoft Windows XP Édition familiale SP1
Microsoft Windows XP Professionnel SP1
Windows XP Service Pack 2 (SP2) >
Microsoft Windows XP Édition familiale SP2
Microsoft Windows XP Professionnel SP2
Fait un glisser/déposer de ce fichier sur le fichier ComboFix.exe comme sur la capture >
Suis les indications à l'écran pour lancer ComboFix et lorsqu'on te le demande, accepte le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.
Lorsque ce sera terminé, un message te disant que la Console a bien été installée apparait, puis un rapport nommé CF_RC.txt va s'afficher: poste le contenu de ce rapport.
Note > à présent lorsque tu démarreras ton pc, tu auras un choix à faire: soit démarrer Windows normalement, ou utiliser la Console de Récupération.
|
|
|
|
|
j'ai essayé toute les versions cité dans ton poste mais toute me dise lors du lancement de combofix.
Erreur c:/boot.ini est mal formatté.
|
|
Modérateur/Helper
|
|
|
Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !
Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )
Driver::
ddsxeiservice
DoTspdpHz
HackerDefenderDrv084
LvrNXHXkY
projectx1
sora121
TCSAlCr
HackerDefender084
File::
C:\WINDOWS\system32\ljJcaYOG.dll
C:\WINDOWS\system32\opnmlMGV.dll
C:\WINDOWS\system32\jkkKBQhi.dll
C:\windows\fmsxwqs.exe
C:\Program Files\antiviirus.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{165F742D-30EE-455F-8A07-141C786F7B1B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes
- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
-->Message édité par Mérillym le 15/05/2008 21:32:10<--
|
|
|
|
|
Debut du rapport
ComboFix 08-05-12.1 - Hikage 2008-05-15 21:15:08.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.722 [GMT 2:00]
Endroit: C:\Documents and Settings\Hikage\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hikage\Bureau\CFScript
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\Program Files\antiviirus.exe
C:\windows\fmsxwqs.exe
C:\WINDOWS\system32\jkkKBQhi.dll
C:\WINDOWS\system32\ljJcaYOG.dll
C:\WINDOWS\system32\opnmlMGV.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\windows\fmsxwqs.exe
C:\windows\system32\_002936_.tmp.dll
C:\windows\system32\_002937_.tmp.dll
C:\windows\system32\_002938_.tmp.dll
C:\windows\system32\_002939_.tmp.dll
C:\windows\system32\_002946_.tmp.dll
C:\windows\system32\_002947_.tmp.dll
C:\windows\system32\_002948_.tmp.dll
C:\windows\system32\_002949_.tmp.dll
C:\windows\system32\_002951_.tmp.dll
C:\windows\system32\_002952_.tmp.dll
C:\windows\system32\_002955_.tmp.dll
C:\windows\system32\_002956_.tmp.dll
C:\windows\system32\_002958_.tmp.dll
C:\windows\system32\_002959_.tmp.dll
C:\windows\system32\_002960_.tmp.dll
C:\windows\system32\_002962_.tmp.dll
C:\windows\system32\_002965_.tmp.dll
C:\windows\system32\_002966_.tmp.dll
C:\windows\system32\_002970_.tmp.dll
C:\windows\system32\_002971_.tmp.dll
C:\windows\system32\_002973_.tmp.dll
C:\windows\system32\_002976_.tmp.dll
C:\windows\system32\_002978_.tmp.dll
C:\windows\system32\_002979_.tmp.dll
C:\windows\system32\_002980_.tmp.dll
C:\windows\system32\_002981_.tmp.dll
C:\windows\system32\_002982_.tmp.dll
C:\windows\system32\_002985_.tmp.dll
C:\windows\system32\_002986_.tmp.dll
C:\windows\system32\_002987_.tmp.dll
C:\windows\system32\_002988_.tmp.dll
C:\windows\system32\_002989_.tmp.dll
C:\windows\system32\_002994_.tmp.dll
C:\windows\system32\_002996_.tmp.dll
C:\WINDOWS\system32\GOYacJjl.ini
C:\WINDOWS\system32\GOYacJjl.ini2
C:\WINDOWS\system32\jkkKBQhi.dll
C:\WINDOWS\system32\ljJcaYOG.dll
C:\WINDOWS\system32\opnmlMGV.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DDSXEISERVICE
-------\Legacy_DOTSPDPHZ
-------\Legacy_HACKERDEFENDER084
-------\Legacy_HACKERDEFENDERDRV084
-------\Legacy_LVRNXHXKY
-------\Legacy_PROJECTX1
-------\Legacy_SORA121
-------\Legacy_TCSALCR
-------\Service_ddsxeiservice
-------\Service_DoTspdpHz
-------\Service_HackerDefender084
-------\Service_HackerDefenderDrv084
-------\Service_LvrNXHXkY
-------\Service_projectx1
-------\Service_sora121
-------\Service_TCSAlCr
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.
2008-05-15 21:04 . 2008-05-15 21:04 <REP> d-------- C:\WINDOWS\system32\fr
2008-05-15 21:04 . 2008-05-15 21:04 <REP> d-------- C:\WINDOWS\system32\bits
2008-05-15 21:04 . 2008-05-15 21:04 <REP> d-------- C:\WINDOWS\l2schemas
2008-05-15 21:02 . 2008-05-15 21:04 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-05-15 20:44 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-05-14 21:16 . 2008-05-14 21:16 <REP> d-------- C:\VundoFix Backups
2008-05-14 19:25 . 2008-05-14 19:25 <REP> d-------- C:\WINDOWS\system32\xircom
2008-05-14 19:25 . 2008-05-14 19:25 <REP> d-------- C:\Program Files\microsoft frontpage
2008-05-12 15:06 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2008-05-12 15:06 . 2001-08-23 17:47 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2008-05-12 15:06 . 2001-08-17 22:05 48,000 --a------ C:\WINDOWS\system32\drivers\OVCam2.sys
2008-05-12 15:06 . 2001-08-23 17:47 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2008-05-12 15:06 . 2001-08-23 17:47 42,496 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2008-05-12 15:06 . 2001-08-23 17:47 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2008-05-12 15:06 . 2001-08-17 22:05 28,032 --a------ C:\WINDOWS\system32\drivers\OVCD.sys
2008-05-12 15:06 . 2001-08-23 17:47 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2008-05-12 05:33 . 2008-05-12 05:33 <REP> d-------- C:\Program Files\Fichiers communs\CyberLink
2008-05-12 05:28 . 2008-05-12 05:30 <REP> d-------- C:\Program Files\PowerDVD8
2008-05-12 05:28 . 2008-05-12 05:27 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-05-12 01:07 . 2008-05-15 20:24 <REP> d-------- C:\Program Files\Steam
2008-05-11 22:18 . 2008-05-14 15:20 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-11 22:03 . 2008-05-15 21:23 <REP> d-------- C:\Program Files\BitDefender 2008
2008-05-11 22:03 . 2008-05-11 22:03 <REP> d-------- C:\Documents and Settings\Hikage\Application Data\Bitdefender
2008-05-11 22:03 . 2008-05-11 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 22:01 . 2008-05-11 22:03 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-11 20:56 . 2008-05-11 20:56 <REP> d-------- C:\Documents and Settings\Hikage\Application Data\Thinking Minds Budiling Bytes
2008-05-11 20:06 . 2008-05-11 20:06 <REP> d-------- C:\Documents and Settings\Hikage\Application Data\RapidGet
2008-05-10 18:35 . 2008-05-07 11:28 196,608 --a------ C:\WINDOWS\system32\TubeFinder.exe
2008-05-08 14:02 . 2008-05-08 14:02 0 --a------ C:\WINDOWS\VCamera.INI
2008-05-08 13:57 . 2008-05-08 13:59 230,420 --a------ C:\WINDOWS\system32\LastVcImage.vci
2008-05-05 22:20 . 2008-05-14 19:17 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-29 17:47 . 2008-05-03 18:59 <REP> d-------- C:\Mes Sites Web
2008-04-29 17:04 . 2008-05-13 03:07 <REP> d-------- C:\Program Files\SnadBoy's Revelation v2
2008-04-26 19:14 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-26 19:14 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-25 10:10 . 2008-04-25 10:10 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-04-25 10:10 . 2008-04-25 10:10 <REP> d-------- C:\Documents and Settings\Hikage\Application Data\TomTom
2008-04-25 10:10 . 2008-04-25 10:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-04-25 09:51 . 2008-04-25 10:05 <REP> d-------- C:\Program Files\TomTom HOME
2008-04-25 05:04 . 2008-04-25 05:04 <REP> dr-h----- C:\Documents and Settings\Hikage\Application Data\SecuROM
2008-04-25 05:04 . 2008-04-25 05:04 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-25 00:36 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-24 11:24 . 2008-04-24 11:24 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-04-24 11:24 . 2008-04-24 11:24 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-04-22 21:39 . 2008-04-22 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-04-20 15:37 . 2008-05-11 22:45 <REP> d-------- C:\Program Files\No-IP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:18 --------- d-----w C:\Documents and Settings\Hikage\Application Data\BitTorrent
2008-05-14 23:56 --------- d-----w C:\Documents and Settings\Hikage\Application Data\teamspeak2
2008-05-14 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-13 10:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-12 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-12 03:34 --------- d-----w C:\Documents and Settings\Hikage\Application Data\CyberLink
2008-05-12 03:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 20:48 --------- d-----w C:\Program Files\DiffDoc
2008-05-11 20:47 --------- d-s---w C:\Program Files\HLSW
2008-05-11 20:47 --------- d-----w C:\Documents and Settings\Hikage\Application Data\HLSW
2008-05-11 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-11 20:41 --------- d-----w C:\Program Files\SWF Extractor
2008-05-11 20:39 --------- d-----w C:\Program Files\NSIS
2008-05-11 20:38 --------- d-----w C:\Program Files\MeuhMeuhTV
2008-05-11 18:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 16:35 --------- d-----w C:\Program Files\Free FLV Converter
2008-05-09 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-08 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-07 15:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-05 20:18 --------- d-----w C:\Program Files\Lavasoft
2008-05-05 20:18 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-04 23:23 --------- d-----w C:\Program Files\FlashFXP
2008-05-02 18:08 --------- d-----w C:\Program Files\Cabal T-Helper
2008-04-28 15:14 --------- d-----w C:\Program Files\Windows Live
2008-04-25 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-24 20:16 --------- d-----w C:\Program Files\QMacro
2008-04-24 20:15 --------- d-----w C:\Program Files\SolidWorks
2008-04-24 09:00 --------- d-----w C:\Program Files\YesMessenger
2008-04-20 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-19 14:12 --------- d-----w C:\Program Files\Notepad++
2008-04-14 02:34 70,656 ----a-w C:\windows\notepad.exe
2008-04-14 02:34 40,840 ----a-w C:\windows\system32\drivers\termdd.sys
2008-04-14 02:34 32,866 ------w C:\windows\slrundll.exe
2008-04-14 02:34 288,256 ----a-w C:\windows\winhlp32.exe
2008-04-14 02:34 21,896 ----a-w C:\windows\system32\drivers\tdtcp.sys
2008-04-14 02:34 153,088 ----a-w C:\windows\regedit.exe
2008-04-14 02:34 139,656 ----a-w C:\windows\system32\drivers\rdpwd.sys
2008-04-14 02:34 12,040 ----a-w C:\windows\system32\drivers\tdpipe.sys
2008-04-14 02:34 10,752 ----a-w C:\windows\hh.exe
2008-04-14 02:34 1,037,824 ----a-w C:\windows\explorer.exe
2008-04-14 02:10 73,600 ----a-w C:\windows\system32\drivers\sr.sys
2008-04-14 02:09 80,384 ----a-w C:\windows\system32\drivers\parport.sys
2008-04-14 02:09 68,608 ----a-w C:\windows\system32\drivers\pci.sys
2008-04-14 02:09 46,848 ----a-w C:\windows\system32\drivers\p3.sys
2008-04-14 02:09 120,576 ----a-w C:\windows\system32\drivers\pcmcia.sys
2008-04-14 02:05 800,256 ----a-w C:\windows\system32\drivers\dmboot.sys
2008-04-14 02:05 25,216 ----a-w C:\windows\system32\drivers\kbdclass.sys
2008-04-14 02:05 154,496 ----a-w C:\windows\system32\drivers\dmio.sys
2008-04-14 02:04 37,632 ----a-w C:\windows\system32\drivers\isapnp.sys
2008-04-14 02:03 40,576 ----a-w C:\windows\system32\drivers\intelppm.sys
2008-04-14 02:02 40,960 ----a-w C:\windows\system32\drivers\crusoe.sys
2008-04-14 02:00 66,048 ----a-w C:\windows\system32\drivers\serial.sys
2008-04-14 02:00 54,144 ----a-w C:\windows\system32\drivers\i8042prt.sys
2008-04-14 01:59 25,856 ------w C:\windows\system32\drivers\hidbth.sys
2008-04-14 01:58 273,664 ----a-w C:\windows\system32\drivers\bthport.sys
2008-04-14 01:57 58,752 ----a-w C:\windows\system32\drivers\redbook.sys
2008-04-14 01:57 44,672 ----a-w C:\windows\system32\drivers\fips.sys
2008-04-14 01:56 53,376 ----a-w C:\windows\system32\drivers\volsnap.sys
2008-04-14 01:55 40,064 ----a-w C:\windows\system32\drivers\processr.sys
2008-04-14 01:54 41,856 ----a-w C:\windows\system32\drivers\amdk7.sys
2008-04-14 01:54 41,472 ----a-w C:\windows\system32\drivers\amdk6.sys
2008-04-14 01:53 30,336 ----a-w C:\windows\system32\drivers\modem.sys
2008-04-14 01:53 23,680 ----a-w C:\windows\system32\drivers\mouclass.sys
2008-04-14 01:52 188,672 ----a-w C:\windows\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\windows\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\windows\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\windows\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\windows\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\windows\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\windows\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\windows\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\windows\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\windows\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\windows\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\windows\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\windows\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\windows\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\windows\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\windows\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\windows\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\windows\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\windows\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\windows\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\windows\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\windows\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\windows\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\windows\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\windows\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\windows\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\windows\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\windows\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\windows\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\windows\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\windows\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\windows\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\windows\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\windows\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\windows\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\windows\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\windows\system32\drivers\usb8023.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-14_19.36.33.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-10-04 14:05:26 39,424 ------w C:\windows\AppPatch\acadproc.dll
+ 2008-04-14 02:33:18 39,424 ----a-w C:\windows\AppPatch\acadproc.dll
- 2004-11-11 01:58:38 1,852,928 ----a-w C:\windows\AppPatch\AcGenral.dll
+ 2008-04-14 02:33:18 1,852,928 ----a-w C:\windows\AppPatch\acgenral.dll
- 2004-08-04 03:54:22 450,048 ----a-w C:\windows\AppPatch\AcLayers.dll
+ 2008-04-14 02:33:18 451,072 ----a-w C:\windows\AppPatch\aclayers.dll
- 2004-08-04 03:54:22 137,728 ----a-w C:\windows\AppPatch\AcLua.dll
+ 2008-04-14 02:33:18 141,312 ----a-w C:\windows\AppPatch\aclua.dll
- 2004-09-24 06:21:48 244,736 ----a-w C:\windows\AppPatch\AcSpecfc.dll
+ 2008-04-14 02:33:18 245,248 ----a-w C:\windows\AppPatch\acspecfc.dll
- 2004-08-04 03:54:22 116,224 ----a-w C:\windows\AppPatch\AcXtrnal.dll
+ 2008-04-14 02:33:18 116,224 ----a-w C:\windows\AppPatch\acxtrnal.dll
- 2008-05-14 17:25:36 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-05-15 19:22:10 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-04-14 02:34:10 58,368 ------w C:\windows\ehome\medctrro.exe
- 2004-08-04 03:54:42 34,816 ----a-w C:\windows\Help\sniffpol.dll
+ 2008-04-14 02:33:41 34,816 ----a-w C:\windows\Help\sniffpol.dll
- 2004-08-04 03:54:42 33,280 ----a-w C:\windows\Help\sstub.dll
+ 2008-04-14 02:33:46 33,280 ----a-w C:\windows\Help\sstub.dll
- 2004-08-04 03:54:44 279,040 ----a-w C:\windows\Help\tshoot.dll
+ 2008-04-14 02:33:46 279,040 ----a-w C:\windows\Help\tshoot.dll
- 2004-08-03 22:31:50 175,104 ----a-w C:\windows\ime\CHSIME\APPLETS\PINTLCSA.DLL
+ 2008-04-14 02:32:16 175,104 ----a-w C:\windows\ime\CHSIME\APPLETS\pintlcsa.dll
- 2004-08-03 22:31:50 53,760 ----a-w C:\windows\ime\CHSIME\APPLETS\PINTLCSD.DLL
+ 2008-04-14 02:32:16 53,760 ----a-w C:\windows\ime\CHSIME\APPLETS\pintlcsd.dll
- 2004-08-03 22:31:52 97,792 ----a-w C:\windows\ime\CHTIME\Applets\CHTMBX.DLL
+ 2008-04-14 02:31:03 97,792 ----a-w C:\windows\ime\CHTIME\Applets\chtmbx.dll
- 2004-08-03 22:31:54 56,320 ----a-w C:\windows\ime\CHTIME\Applets\CHTSKDIC.DLL
+ 2008-04-14 02:31:03 56,320 ----a-w C:\windows\ime\CHTIME\Applets\chtskdic.dll
- 2004-08-03 22:31:54 173,568 ----a-w C:\windows\ime\CHTIME\Applets\CHTSKF.DLL
+ 2008-04-14 02:31:03 173,568 ----a-w C:\windows\ime\CHTIME\Applets\chtskf.dll
- 2001-08-28 14:00:00 13,463,552 ----a-w C:\windows\ime\IMJP8_1\APPLETS\hwxjpn.dll
+ 2008-04-14 02:31:30 13,463,552 ----a-w C:\windows\ime\IMJP8_1\APPLETS\hwxjpn.dll
- 2001-08-28 14:00:00 315,452 ----a-w C:\windows\ime\IMJP8_1\APPLETS\imskf.dll
+ 2008-04-14 02:31:34 315,455 ----a-w C:\windows\ime\IMJP8_1\APPLETS\imskf.dll
- 2004-08-03 22:32:36 426,041 ----a-w C:\windows\ime\IMJP8_1\APPLETS\voicepad.dll
+ 2008-04-14 02:32:46 426,041 ----a-w C:\windows\ime\IMJP8_1\APPLETS\voicepad.dll
- 2004-08-03 22:32:36 86,073 ----a-w C:\windows\ime\IMJP8_1\APPLETS\voicesub.dll
+ 2008-04-14 02:32:46 86,073 ----a-w C:\windows\ime\IMJP8_1\APPLETS\voicesub.dll
- 2004-08-03 22:31:52 368,696 ----a-w C:\windows\ime\IMJP8_1\imjpcic.dll
+ 2008-04-14 02:31:33 368,696 ----a-w C:\windows\ime\IMJP8_1\imjpcic.dll
- 2004-08-03 22:31:52 716,856 ----a-w C:\windows\ime\IMJP8_1\imjpcus.dll
+ 2008-04-14 02:31:33 716,856 ----a-w C:\windows\ime\IMJP8_1\imjpcus.dll
- 2004-08-03 22:31:54 81,976 ----a-w C:\windows\ime\IMJP8_1\imjpdct.dll
+ 2008-04-14 02:31:33 81,976 ----a-w C:\windows\ime\IMJP8_1\imjpdct.dll
- 2004-08-03 22:32:16 274,489 ----a-w C:\windows\ime\IMJP8_1\imjputyc.dll
+ 2008-04-14 02:31:34 274,489 ----a-w C:\windows\ime\IMJP8_1\imjputyc.dll
- 2004-08-03 23:04:34 86,016 ----a-w C:\windows\ime\IMKR6_1\Applets\imekrmbx.dll
+ 2008-04-14 02:31:33 86,016 ----a-w C:\windows\ime\IMKR6_1\Applets\imekrmbx.dll
- 2004-08-03 23:04:38 106,496 ----a-w C:\windows\ime\IMKR6_1\imekrcic.dll
+ 2008-04-14 02:31:33 106,496 ----a-w C:\windows\ime\IMKR6_1\imekrcic.dll
- 2004-08-04 03:54:32 220,160 ----a-w C:\windows\ime\mscandui.dll
+ 2008-04-14 02:33:30 220,160 ----a-w C:\windows\ime\mscandui.dll
- 2004-08-03 22:32:28 102,456 ----a-w C:\windows\ime\SHARED\imlang.dll
+ 2008-04-14 02:31:34 102,456 ----a-w C:\windows\ime\SHARED\imlang.dll
- 2004-08-03 22:32:12 15,872 ----a-w C:\windows\ime\SHARED\RES\PADRS404.DLL
+ 2008-04-14 02:32:16 15,872 ----a-w C:\windows\ime\SHARED\RES\padrs404.dll
- 2004-08-03 22:31:50 15,360 ----a-w C:\windows\ime\SHARED\RES\padrs804.dll
+ 2008-04-14 02:32:16 15,360 ----a-w C:\windows\ime\SHARED\RES\padrs804.dll
- 2004-08-04 03:54:42 130,048 ----a-w C:\windows\ime\SOFTKBD.DLL
+ 2008-04-14 02:33:41 130,048 ----a-w C:\windows\ime\softkbd.dll
- 2004-08-04 03:53:48 62,976 ----a-w C:\windows\ime\SPGRMR.dll
+ 2008-04-13 16:43:18 62,976 ----a-w C:\windows\ime\spgrmr.dll
- 2004-08-04 03:54:42 272,384 ----a-w C:\windows\ime\SPTIP.dll
+ 2008-04-14 02:33:46 272,384 ----a-w C:\windows\ime\sptip.dll
+ 2008-01-18 15:13:09 2,247 ------w C:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w C:\windows\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w C:\windows\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 02:33:06 25,600 ------w C:\windows\Installer\tsclientmsitrans\tscupdc.dll
- 2004-08-04 03:54:22 24,064 ----a-w C:\windows\msagent\agentanm.dll
+ 2008-04-14 02:33:18 24,064 ----a-w C:\windows\msagent\agentanm.dll
- 2004-08-04 03:54:22 214,016 ----a-w C:\windows\msagent\agentctl.dll
+ 2008-04-14 02:33:18 214,016 ----a-w C:\windows\msagent\agentctl.dll
- 2006-10-12 14:04:13 42,496 ----a-w C:\windows\msagent\agentdp2.dll
+ 2008-04-14 02:33:18 42,496 ----a-w C:\windows\msagent\agentdp2.dll
- 2007-03-09 13:48:06 57,344 ----a-w C:\windows\msagent\agentdpv.dll
+ 2008-04-14 02:33:18 57,344 ----a-w C:\windows\msagent\agentdpv.dll
- 2004-08-04 03:54:22 49,152 ----a-w C:\windows\msagent\agentmpx.dll
+ 2008-04-14 02:33:18 49,152 ----a-w C:\windows\msagent\agentmpx.dll
- 2004-08-04 03:54:22 24,064 ----a-w C:\windows\msagent\agentpsh.dll
+ 2008-04-14 02:33:18 24,064 ----a-w C:\windows\msagent\agentpsh.dll
- 2004-08-04 03:54:22 44,032 ----a-w C:\windows\msagent\agentsr.dll
+ 2008-04-14 02:33:18 44,032 ----a-w C:\windows\msagent\agentsr.dll
- 2006-10-12 11:09:53 256,512 ----a-w C:\windows\msagent\agentsvr.exe
+ 2008-04-14 02:33:53 256,512 ----a-w C:\windows\msagent\agentsvr.exe
- 2004-08-04 03:54:22 24,064 ----a-w C:\windows\msagent\agtintl.dll
+ 2008-04-14 02:33:19 24,064 ----a-w C:\windows\msagent\agtintl.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\windows\msagent\intl\agt0404.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\windows\msagent\intl\agt0405.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\windows\msagent\intl\agt0406.dll
- 2001-08-24 17:00:00 21,504 ----a-w C:\windows\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\windows\msagent\intl\agt0407.dll
- 2001-08-24 17:00:00 22,016 ----a-w C:\windows\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ----a-w C:\windows\msagent\intl\agt0408.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ----a-w C:\windows\msagent\intl\agt0409.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ----a-w C:\windows\msagent\intl\agt040b.dll
- 2001-08-24 17:00:00 21,504 ----a-w C:\windows\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\windows\msagent\intl\agt040c.dll
- 2001-08-24 17:00:00 19,968 ----a-w C:\windows\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ----a-w C:\windows\msagent\intl\agt040e.dll
- 2001-08-24 17:00:00 20,992 ----a-w C:\windows\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ----a-w C:\windows\msagent\intl\agt0410.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ----a-w C:\windows\msagent\intl\agt0411.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt0412.dll
+ 2007-04-02 18:26:00 19,456 ----a-w C:\windows\msagent\intl\agt0412.dll
- 2001-08-24 17:00:00 20,992 ----a-w C:\windows\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ----a-w C:\windows\msagent\intl\agt0413.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\windows\msagent\intl\agt0414.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\windows\msagent\intl\agt0415.dll
- 2001-08-24 17:00:00 20,480 ----a-w C:\windows\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ----a-w C:\windows\msagent\intl\agt0416.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\windows\msagent\intl\agt0419.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\windows\msagent\intl\agt041d.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\windows\msagent\intl\agt041f.dll
- 2001-08-24 17:00:00 19,456 ----a-w C:\windows\msagent\intl\agt0804.dll
+ 2007-04-02 18:26:02 19,456 ----a-w C:\windows\msagent\intl\agt0804.dll
- 2001-08-24 17:00:00 20,992 ----a-w C:\windows\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ----a-w C:\windows\msagent\intl\agt0816.dll
- 2001-08-24 17:00:00 20,480 ----a-w C:\windows\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ----a-w C:\windows\msagent\intl\agt0c0a.dll
- 2004-08-04 03:54:34 39,936 ----a-w C:\windows\msagent\mslwvtts.dll
+ 2008-04-14 02:33:32 39,936 ----a-w C:\windows\msagent\mslwvtts.dll
- 2006-06-02 19:32:20 33,792 ------w C:\windows\network diagnostic\custsat.dll
+ 2008-04-14 02:33:22 33,792 ------w C:\windows\network diagnostic\custsat.dll
- 2006-10-10 12:44:50 557,568 ------w C:\windows\network diagnostic\xpnetdiag.exe
+ 2008-04-13 18:53:32 558,080 ------w C:\windows\network diagnostic\xpnetdiag.exe
- 2004-08-04 03:54:52 768,512 ----a-w C:\windows\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 02:34:06 769,024 ----a-w C:\windows\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-04 03:54:52 743,936 ----a-w C:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 02:34:06 744,448 ----a-w C:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-04 03:54:52 18,944 ----a-w C:\windows\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 02:34:06 18,432 ----a-w C:\windows\pchealth\helpctr\binaries\hscupd.exe
- 2004-08-04 03:54:58 160,768 ----a-w C:\windows\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 02:34:12 172,544 ----a-w C:\windows\pchealth\helpctr\binaries\msconfig.exe
- 2004-08-04 03:54:34 381,952 ----a-w C:\windows\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 02:33:32 382,464 ----a-w C:\windows\pchealth\helpctr\binaries\msinfo.dll
- 2004-08-04 03:54:36 102,400 ----a-w C:\windows\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 02:33:38 102,912 ----a-w C:\windows\pchealth\helpctr\binaries\pchshell.dll
- 2004-08-04 03:54:36 38,912 ----a-w C:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 02:33:38 38,400 ----a-w C:\windows\pchealth\helpctr\binaries\pchsvc.dll
- 2008-03-02 23:34:15 86,331 ----a-w C:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2008-05-15 19:08:46 86,331 ----a-w C:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2008-03-02 23:34:15 2,430 ----a-w C:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-05-15 19:08:47 2,744 ----a-w C:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-04 03:55:02 151,040 ----a-w C:\windows\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 02:34:26 151,040 ----a-w C:\windows\pchealth\UploadLB\Binaries\uploadm.exe
- 2004-08-04 03:54:42 151,552 ----a-w C:\windows\PeerNet\sqldb20.dll
+ 2008-04-14 02:33:46 151,552 ----a-w C:\windows\PeerNet\sqldb20.dll
- 2004-08-04 03:54:42 462,848 ----a-w C:\windows\PeerNet\sqlqp20.dll
+ 2008-04-14 02:33:46 462,848 ----a-w C:\windows\PeerNet\sqlqp20.dll
- 2004-08-04 03:54:42 110,592 ----a-w C:\windows\PeerNet\sqlse20.dll
+ 2008-04-14 02:33:46 110,592 ----a-w C:\windows\PeerNet\sqlse20.dll
+ 2008-04-13 18:46:18 53,376 ------w C:\windows\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w C:\windows\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w C:\windows\ServicePackFiles\i386\61883.sys
+ 2008-04-14 02:33:18 100,352 ------w C:\windows\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 02:33:18 136,192 ------w C:\windows\ServicePackFiles\i386\aaclient.dll
+ 2004-08-03 20:32:22 231,552 ------w C:\windows\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-03 20:32:32 84,480 ------w C:\windows\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 02:33:18 39,424 ------w C:\windows\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 02:33:53 190,464 ------w C:\windows\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 02:33:18 1,852,928 ------w C:\windows\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 02:33:18 451,072 ------w C:\windows\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 02:33:18 141,312 ------w C:\windows\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 02:33:18 120,320 ------w C:\windows\ServicePackFiles\i386\aclui.dll
+ 2008-04-14 01:52:42 188,672 ------w C:\windows\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 02:33:18 245,248 ------w C:\windows\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 02:33:18 193,536 ------w C:\windows\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 02:33:53 4,096 ------w C:\windows\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 02:33:18 98,304 ------w C:\windows\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 02:33:18 116,224 ------w C:\windows\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 02:33:18 29,696 ------w C:\windows\ServicePackFiles\i386\admexs.dll
+ 2008-04-14 02:33:18 20,540 ------w C:\windows\ServicePackFiles\i386\admin.dll
+ 2008-04-14 02:33:53 16,439 ------w C:\windows\ServicePackFiles\i386\admin.exe
+ 2004-08-03 20:32:24 10,880 ------w C:\windows\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 02:33:18 61,440 ------w C:\windows\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 02:33:18 43,520 ------w C:\windows\ServicePackFiles\i386\admwprox.dll
+ 2008-04-14 02:33:18 290,816 ------w C:\windows\ServicePackFiles\i386\adsiis51.dll
+ 2008-04-14 02:33:18 175,616 ------w C:\windows\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 02:33:18 143,360 ------w C:\windows\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 02:33:18 68,096 ------w C:\windows\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 02:33:18 263,680 ------w C:\windows\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 02:33:18 123,392 ------w C:\windows\ServicePackFiles\i386\adsnw.dll
+ 2007-04-02 13:10:44 85,813 ------w C:\windows\ServicePackFiles\i386\adsutil.vbs
+ 2008-04-14 02:33:18 4,255 ------w C:\windows\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 02:33:18 3,967 ------w C:\windows\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 02:33:18 3,615 ------w C:\windows\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 02:33:18 3,647 ------w C:\windows\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 02:33:18 3,135 ------w C:\windows\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 02:33:18 3,711 ------w C:\windows\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 02:33:18 3,775 ------w C:\windows\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 02:33:18 685,568 ------w C:\windows\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 02:33:18 101,888 ------w C:\windows\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w C:\windows\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w C:\windows\ServicePackFiles\i386\afd.sys
+ 2008-04-14 02:33:18 24,064 ------w C:\windows\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 02:33:18 214,016 ------w C:\windows\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 02:33:18 42,496 ------w C:\windows\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 02:33:18 57,344 ------w C:\windows\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 02:33:18 49,152 ------w C:\windows\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 02:33:18 24,064 ------w C:\windows\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 02:33:18 44,032 ------w C:\windows\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 02:33:53 256,512 ------w C:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w C:\windows\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w C:\windows\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w C:\windows\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\windows\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\windows\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\windows\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\windows\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w C:\windows\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w C:\windows\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\windows\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\windows\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\windows\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w C:\windows\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w C:\windows\ServicePackFiles\i386\agt0410.dll
| | |
( bah oué je savais bien, ne voyant rien sur le hijackthis, j'ai su de suite que c'était du Vundo 
