Virus myphoto...
xiffix
Messages postés
8
Statut
Membre
-
valjean -
valjean -
Malgré mon alerte Spybot, j'ai accepté la modification de registre du virus myphoto!
Je sais plus parlé a personne sur msn! et AVG me guérri 2 erreurs toutes les 10 minutes! appart ça j'ai rien vu d'annormale. je crois que mes contacts l'on reçu aussi.. J'ose pas éteindre mon pc..
Voici le rapport du prog conseillé:
Logfile of HijackThis v1.99.1
Scan saved at 1:38:19, on 2/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Merging Technologies\VS3\MTSSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\MUSTEK 1248UB\Driver\WATCH.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\SynCor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\VANHAM~1\LOCALS~1\Temp\Rar$EX00.328\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://szukaj.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C9399E24-5191-6395-B36F-6289898987C2} - StatusCheck.dll (file missing)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ActiveX Control - {4283D676-5994-4C23-96F9-02D34F233496} - C:\WINDOWS\System32\mskhy.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ActiveX Control - {5E6EA5AF-1D76-480D-B2A4-4B8AE9501BBC} - C:\WINDOWS\System32\mskhy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll
O2 - BHO: IE SP2 AddOn - {C2593943-2612-4395-A3B6-E3E278A77BA8} - C:\WINDOWS\System32\spyke.dll (file missing)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpyElim] sbin.exe
O4 - HKLM\..\Run: [cmon14] WTFCTF.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TMIRQ] net start tmirq
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "\\192.168.1.2\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [TemplateDongle] hyandex.exe
O4 - HKCU\..\Run: [AppMasterCenter] FLKPT.exe
O4 - HKCU\..\Run: [runload32] progmen.exe
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\MUSTEK 1248UB\Driver\WATCH.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ABD2617-0D39-424C-9634-6B45F2912E14}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{575E0587-C895-4A99-8FCF-476818BA8F57}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA19A9D3-3D14-4FC4-A4BE-039C0E7F1224}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ABD2617-0D39-424C-9634-6B45F2912E14}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{1ABD2617-0D39-424C-9634-6B45F2912E14}: NameServer = 69.50.176.156,195.225.176.31
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: system32 - {6070083F-5655-415A-9B33-43216783A06D} - sysprinters.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Merging Technologies Security Server (MTSSrv) - Merging Technologies S.A. - C:\Program Files\Fichiers communs\Merging Technologies\VS3\MTSSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
J'ai lancé msnfix mais il ne trouve rien..
Merci d'avance pour votre aide.
Je sais plus parlé a personne sur msn! et AVG me guérri 2 erreurs toutes les 10 minutes! appart ça j'ai rien vu d'annormale. je crois que mes contacts l'on reçu aussi.. J'ose pas éteindre mon pc..
Voici le rapport du prog conseillé:
Logfile of HijackThis v1.99.1
Scan saved at 1:38:19, on 2/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Merging Technologies\VS3\MTSSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\MUSTEK 1248UB\Driver\WATCH.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\SynCor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\VANHAM~1\LOCALS~1\Temp\Rar$EX00.328\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://szukaj.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C9399E24-5191-6395-B36F-6289898987C2} - StatusCheck.dll (file missing)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ActiveX Control - {4283D676-5994-4C23-96F9-02D34F233496} - C:\WINDOWS\System32\mskhy.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ActiveX Control - {5E6EA5AF-1D76-480D-B2A4-4B8AE9501BBC} - C:\WINDOWS\System32\mskhy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll
O2 - BHO: IE SP2 AddOn - {C2593943-2612-4395-A3B6-E3E278A77BA8} - C:\WINDOWS\System32\spyke.dll (file missing)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpyElim] sbin.exe
O4 - HKLM\..\Run: [cmon14] WTFCTF.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TMIRQ] net start tmirq
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "\\192.168.1.2\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [TemplateDongle] hyandex.exe
O4 - HKCU\..\Run: [AppMasterCenter] FLKPT.exe
O4 - HKCU\..\Run: [runload32] progmen.exe
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\MUSTEK 1248UB\Driver\WATCH.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ABD2617-0D39-424C-9634-6B45F2912E14}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{575E0587-C895-4A99-8FCF-476818BA8F57}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA19A9D3-3D14-4FC4-A4BE-039C0E7F1224}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ABD2617-0D39-424C-9634-6B45F2912E14}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{1ABD2617-0D39-424C-9634-6B45F2912E14}: NameServer = 69.50.176.156,195.225.176.31
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: system32 - {6070083F-5655-415A-9B33-43216783A06D} - sysprinters.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Merging Technologies Security Server (MTSSrv) - Merging Technologies S.A. - C:\Program Files\Fichiers communs\Merging Technologies\VS3\MTSSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
J'ai lancé msnfix mais il ne trouve rien..
Merci d'avance pour votre aide.
A voir également:
- Virus myphoto...
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
2 réponses
Bonjour
Pas très propre en effet :
- Clic sur démarrer, exécuter, tape : cmd
Une fenêtre va s'ouvrir, tape exactement ceci, puis valide par la touche entrée de ton clavier:
ipconfig /flushdns
¤ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
Pas très propre en effet :
- Clic sur démarrer, exécuter, tape : cmd
Une fenêtre va s'ouvrir, tape exactement ceci, puis valide par la touche entrée de ton clavier:
ipconfig /flushdns
¤ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
[b]SDFix: Version 1.162 [/b]
Run by Admin on 26/03/2008 at 20:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Admin\Bureau\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\msnstartup.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 20:13:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,0c,f5,e3,91,37,bb,97,0b,94,ba,34,b2,0d,d5,12,b2,98,2d,48,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,47,2d,6e,dd,9c,55,85,33,1b,0b,8b,a2,d9,ba,e5,8c,19,..
"khjeh"=hex:e5,a8,8c,e2,fc,e1,85,1b,0b,cf,76,44,e8,a7,1b,84,6f,f3,96,de,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:65,11,e2,09,a1,42,68,87,15,22,46,09,47,8b,ea,3d,94,b0,ce,ad,d5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,0c,f5,e3,91,37,bb,97,0b,94,ba,34,b2,0d,d5,12,b2,98,2d,48,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,47,2d,6e,dd,9c,55,85,33,1b,0b,8b,a2,d9,ba,e5,8c,19,..
"khjeh"=hex:e5,a8,8c,e2,fc,e1,85,1b,0b,cf,76,44,e8,a7,1b,84,6f,f3,96,de,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:65,11,e2,09,a1,42,68,87,15,22,46,09,47,8b,ea,3d,94,b0,ce,ad,d5,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"RefCount"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 128
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\Admin\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 15 Jan 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 15 Jan 2008 4,348 ...H. --- "C:\Documents and Settings\Admin\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 17 Mar 2008 20 A..H. --- "C:\Documents and Settings\Admin\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 17 Mar 2008 9,654 A.SH. --- "C:\Documents and Settings\Admin\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Wed 26 Mar 2008 15,234 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT71.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT72.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT73.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT74.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT75.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT76.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT77.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT78.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT79.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7A.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7B.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7C.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7D.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7E.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7F.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT80.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT81.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT82.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT83.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT84.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT85.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT86.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT87.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT88.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT89.tmp"
[b]Finished![/b]
Run by Admin on 26/03/2008 at 20:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Admin\Bureau\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\msnstartup.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 20:13:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,0c,f5,e3,91,37,bb,97,0b,94,ba,34,b2,0d,d5,12,b2,98,2d,48,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,47,2d,6e,dd,9c,55,85,33,1b,0b,8b,a2,d9,ba,e5,8c,19,..
"khjeh"=hex:e5,a8,8c,e2,fc,e1,85,1b,0b,cf,76,44,e8,a7,1b,84,6f,f3,96,de,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:65,11,e2,09,a1,42,68,87,15,22,46,09,47,8b,ea,3d,94,b0,ce,ad,d5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,0c,f5,e3,91,37,bb,97,0b,94,ba,34,b2,0d,d5,12,b2,98,2d,48,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,47,2d,6e,dd,9c,55,85,33,1b,0b,8b,a2,d9,ba,e5,8c,19,..
"khjeh"=hex:e5,a8,8c,e2,fc,e1,85,1b,0b,cf,76,44,e8,a7,1b,84,6f,f3,96,de,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:65,11,e2,09,a1,42,68,87,15,22,46,09,47,8b,ea,3d,94,b0,ce,ad,d5,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"RefCount"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 128
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\Admin\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 15 Jan 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 15 Jan 2008 4,348 ...H. --- "C:\Documents and Settings\Admin\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 17 Mar 2008 20 A..H. --- "C:\Documents and Settings\Admin\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 17 Mar 2008 9,654 A.SH. --- "C:\Documents and Settings\Admin\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Wed 26 Mar 2008 15,234 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT71.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT72.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT73.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT74.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT75.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT76.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT77.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT78.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT79.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7A.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7B.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7C.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7D.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7E.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT7F.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT80.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT81.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT82.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT83.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT84.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT85.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT86.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT87.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT88.tmp"
Wed 26 Mar 2008 0 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop\7b96edad2ef4\Slideshow\horribletattoos.blogspot.com~atom.xml\BIT89.tmp"
[b]Finished![/b]
