Virus (funny scandal, smss...)
Fermé
infrabassnioc
-
eZula Messages postés 3509 Statut Contributeur -
eZula Messages postés 3509 Statut Contributeur -
Bonjour,
j'ai utilisé SDFix en mode sans echec,
que dois-je faire avec la page suivante:
[b]SDFix: Version 1.240 [/b]
Run by Fran‡ois on 12/06/2009 at 18:10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\autorun.inf - Deleted
C:\smss.exe - Deleted
C:\WINDOWS\autorun.inf - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 18:15:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583b686a0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583b686a0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b686a0]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe:*:Disabled:Livecom Player"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
C:\smss.exe Found
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 30 Dec 2007 229,888 A.SHR --- "C:\Funny UST Scandal.avi.exe"
Sun 30 Dec 2007 229,888 A.SHR --- "C:\smss.exe"
Sun 30 Dec 2007 229,888 A.SHR --- "C:\WINDOWS\killer.exe"
Sun 30 Dec 2007 229,888 A.SHR --- "C:\WINDOWS\smss.exe"
Thu 16 Oct 2008 70,144 A.SHR --- "C:\WINDOWS\system32\amvo0.dll"
Thu 27 Mar 2008 70,144 A.SHR --- "C:\WINDOWS\system32\amvo1.dll"
Fri 18 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 28 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 21 May 2005 1,137 A..H. --- "C:\Program Files\Fichiers communs\Microsoft Shared\S1GVSafgx\GcyujgEKg0M.tmp"
Mon 20 Oct 2003 73,688 A.SHR --- "C:\Program Files\prog images\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 5 Feb 2004 18,432 A.SHR --- "C:\Program Files\prog images\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 5 Feb 2004 5,120 A.SHR --- "C:\Program Files\prog images\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Fri 18 Feb 2005 4,348 A..H. --- "C:\Documents and Settings\Fran‡ois\Mes documents\Ma musique\My Playlists\Sauvegarde de la licence\drmv1key.bak"
Fri 18 Feb 2005 20 A..H. --- "C:\Documents and Settings\Fran‡ois\Mes documents\Ma musique\My Playlists\Sauvegarde de la licence\drmv1lic.bak"
Sat 15 Jan 2005 312 A.SH. --- "C:\Documents and Settings\Fran‡ois\Mes documents\Ma musique\My Playlists\Sauvegarde de la licence\drmv2key.bak"
[b]Finished![/b]
j'ai utilisé SDFix en mode sans echec,
que dois-je faire avec la page suivante:
[b]SDFix: Version 1.240 [/b]
Run by Fran‡ois on 12/06/2009 at 18:10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\autorun.inf - Deleted
C:\smss.exe - Deleted
C:\WINDOWS\autorun.inf - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 18:15:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583b686a0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583b686a0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b686a0]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe:*:Disabled:Livecom Player"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
C:\smss.exe Found
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 30 Dec 2007 229,888 A.SHR --- "C:\Funny UST Scandal.avi.exe"
Sun 30 Dec 2007 229,888 A.SHR --- "C:\smss.exe"
Sun 30 Dec 2007 229,888 A.SHR --- "C:\WINDOWS\killer.exe"
Sun 30 Dec 2007 229,888 A.SHR --- "C:\WINDOWS\smss.exe"
Thu 16 Oct 2008 70,144 A.SHR --- "C:\WINDOWS\system32\amvo0.dll"
Thu 27 Mar 2008 70,144 A.SHR --- "C:\WINDOWS\system32\amvo1.dll"
Fri 18 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 28 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 21 May 2005 1,137 A..H. --- "C:\Program Files\Fichiers communs\Microsoft Shared\S1GVSafgx\GcyujgEKg0M.tmp"
Mon 20 Oct 2003 73,688 A.SHR --- "C:\Program Files\prog images\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 5 Feb 2004 18,432 A.SHR --- "C:\Program Files\prog images\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 5 Feb 2004 5,120 A.SHR --- "C:\Program Files\prog images\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Fri 18 Feb 2005 4,348 A..H. --- "C:\Documents and Settings\Fran‡ois\Mes documents\Ma musique\My Playlists\Sauvegarde de la licence\drmv1key.bak"
Fri 18 Feb 2005 20 A..H. --- "C:\Documents and Settings\Fran‡ois\Mes documents\Ma musique\My Playlists\Sauvegarde de la licence\drmv1lic.bak"
Sat 15 Jan 2005 312 A.SH. --- "C:\Documents and Settings\Fran‡ois\Mes documents\Ma musique\My Playlists\Sauvegarde de la licence\drmv2key.bak"
[b]Finished![/b]
A voir également:
- Virus (funny scandal, smss...)
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
