Trojan.virtumonde
emiliano
-
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,
j'ai donc été infecté par un trojan le trojan.virtumonde
voici le scan de Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 21:03:50, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\LSUpdateManager.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {DD87866A-34C6-431E-85F1-BC621B81286C} - C:\WINDOWS\system32\vtsqn.dll
O2 - BHO: {b7c9ee7f-c431-ad6a-70c4-c2d1c59fd1ee} - {ee1df95c-1d2c-4c07-a6da-134cf7ee9c7b} - C:\WINDOWS\system32\oactpsju.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [e0b9feae] rundll32.exe "C:\WINDOWS\system32\sgjimuun.dll",b
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A0D4C.dat
O20 - Winlogon Notify: lekonqib - lekonqib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: printers - {69AAB65A-5A4B-4CCB-B8A1-943CCF771BFD} - libcintles3.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\uemmgaym.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
j'ai donc été infecté par un trojan le trojan.virtumonde
voici le scan de Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 21:03:50, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\LSUpdateManager.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {DD87866A-34C6-431E-85F1-BC621B81286C} - C:\WINDOWS\system32\vtsqn.dll
O2 - BHO: {b7c9ee7f-c431-ad6a-70c4-c2d1c59fd1ee} - {ee1df95c-1d2c-4c07-a6da-134cf7ee9c7b} - C:\WINDOWS\system32\oactpsju.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [e0b9feae] rundll32.exe "C:\WINDOWS\system32\sgjimuun.dll",b
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A0D4C.dat
O20 - Winlogon Notify: lekonqib - lekonqib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: printers - {69AAB65A-5A4B-4CCB-B8A1-943CCF771BFD} - libcintles3.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\uemmgaym.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
56 réponses
ok pas de probleme mais je pense que ça va prendre du temps et je dois partir donc je vous l'enverrer plus tard
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonjour girly dis moi comment on peux suppremer tous les fichiers cacher et les cles et sous cles de norton antivirus merci
salut david,
Desinstalleur Norton:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
@+
Desinstalleur Norton:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
@+
peux tu creer un nouveau topik sur le forum stp, car j´en ai pas fini avec emiliano, ca va etre le bordel sinon...
merci
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
@+
merci
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
@+
rapport de Mcafee virus scan
votre ordinateur contient plusieurs fichiers infectés.
nombre de fichiers analyser: 96492
nombre de fichiers infectés: 6
nombre de programmes potentiellement indésirable: 0
nombre de fichiers détectés nettoyés automatiquement: 5
Certains fichiers n'ont pas été nettoyés. Supprimez-les ou mettez-les en quarantaine.
votre ordinateur contient plusieurs fichiers infectés.
nombre de fichiers analyser: 96492
nombre de fichiers infectés: 6
nombre de programmes potentiellement indésirable: 0
nombre de fichiers détectés nettoyés automatiquement: 5
Certains fichiers n'ont pas été nettoyés. Supprimez-les ou mettez-les en quarantaine.
C:/Program Files/Adverts/uninst.exe supprimer
C:/qoobox/Quarantine/C/d.exe.vir supprimer
C:/qoobox/Quarantine/C/WINDOWS/system32/_c00F4678.dat.vir supprimer
C:/qoobox/Quarantine/C/WINDOWS/system32/hgagupat.exe.vir supprimer
C:/qoobox/Quarantine/C/WINDOWS/system32/rnrequdm.dll.vir supprimer
C:/qoobox/Quarantine/catchme2007-12-05_124953.84.zip mis en quarantaine
C:/qoobox/Quarantine/C/d.exe.vir supprimer
C:/qoobox/Quarantine/C/WINDOWS/system32/_c00F4678.dat.vir supprimer
C:/qoobox/Quarantine/C/WINDOWS/system32/hgagupat.exe.vir supprimer
C:/qoobox/Quarantine/C/WINDOWS/system32/rnrequdm.dll.vir supprimer
C:/qoobox/Quarantine/catchme2007-12-05_124953.84.zip mis en quarantaine
re,
ce sont les fichiers de la quarantaine de combofix que nous avons utiliser sauf le premier
fais ceci :
Télécharge Clean:
-> http://www.malekal.com/download/clean.zip
-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.
Un rapport va s'ouvrir, copie et colle le contenu sur le forum.
-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :
http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
@+
ce sont les fichiers de la quarantaine de combofix que nous avons utiliser sauf le premier
fais ceci :
Télécharge Clean:
-> http://www.malekal.com/download/clean.zip
-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.
Un rapport va s'ouvrir, copie et colle le contenu sur le forum.
-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :
http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
@+
j'ai toujours le meme soucis d'internet explorer le rapport ne se met pas sur mozilla mais sur internet explorer et vu que je n'ai pas de connexion je ne reçoit pas le rapport
C:\WINDOWS\System32\vsconfig.xml -->7/12/2007 17:35:51
C:\WINDOWS\System32\PerfStringBackup.INI -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfh00C.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfh009.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfc00C.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfc009.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\wpa.dbl -->1/12/2007 17:22:31
C:\WINDOWS\System32\CmdLineExt.dll -->28/11/2007 13:46:20
C:\WINDOWS\System32\FNTCACHE.DAT -->11/11/2007 11:39:51
C:\WINDOWS\System32\nscompat.tlb -->2/11/2007 11:59:45
C:\WINDOWS\System32\amcompat.tlb -->2/11/2007 11:59:45
C:\WINDOWS\System32\MRT.exe -->2/11/2007 8:12:57
C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
C:\WINDOWS\System32\sirenacm.dll -->18/10/2007 11:31:46
C:\WINDOWS\System32\TZLog.log -->12/09/2007 14:43:42
C:\WINDOWS\System32\shlwapi.dll -->22/08/2007 14:13:08
C:\WINDOWS\System32\shdocvw.dll -->22/08/2007 14:13:08
C:\WINDOWS\System32\danim.dll -->22/08/2007 14:13:05
C:\WINDOWS\System32\cdfview.dll -->22/08/2007 14:13:05
C:\WINDOWS\System32\browseui.dll -->22/08/2007 14:13:05
C:\WINDOWS\System32\inetcomm.dll -->21/08/2007 7:17:23
C:\WINDOWS\System32\mshtml.dll -->20/08/2007 15:29:32
C:\WINDOWS\System32\wininet.dll -->20/08/2007 10:59:31
C:\WINDOWS\System32\webcheck.dll -->20/08/2007 10:59:31
C:\WINDOWS\QTFont.qfn -->7/12/2007 17:39:52
C:\WINDOWS\WindowsUpdate.log -->7/12/2007 17:38:21
C:\WINDOWS\0.log -->7/12/2007 17:35:12
C:\WINDOWS\bootstat.dat -->7/12/2007 17:33:46
C:\WINDOWS\SchedLgU.Txt -->7/12/2007 17:32:39
C:\WINDOWS\setupapi.log -->7/12/2007 17:31:33
C:\WINDOWS\tsoc.log -->5/12/2007 16:47:38
C:\WINDOWS\tabletoc.log -->5/12/2007 16:47:38
C:\WINDOWS\ocmsn.log -->5/12/2007 16:47:38
C:\WINDOWS\ntdtcsetup.log -->5/12/2007 16:47:38
C:\WINDOWS\KB938127-IE7.log -->5/12/2007 16:47:38
C:\WINDOWS\imsins.log -->5/12/2007 16:47:38
C:\WINDOWS\iis6.log -->5/12/2007 16:47:38
C:\WINDOWS\comsetup.log -->5/12/2007 16:47:38
C:\WINDOWS\ocgen.log -->5/12/2007 16:47:37
C:\WINDOWS\System32\PerfStringBackup.INI -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfh00C.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfh009.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfc00C.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfc009.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\wpa.dbl -->1/12/2007 17:22:31
C:\WINDOWS\System32\CmdLineExt.dll -->28/11/2007 13:46:20
C:\WINDOWS\System32\FNTCACHE.DAT -->11/11/2007 11:39:51
C:\WINDOWS\System32\nscompat.tlb -->2/11/2007 11:59:45
C:\WINDOWS\System32\amcompat.tlb -->2/11/2007 11:59:45
C:\WINDOWS\System32\MRT.exe -->2/11/2007 8:12:57
C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
C:\WINDOWS\System32\sirenacm.dll -->18/10/2007 11:31:46
C:\WINDOWS\System32\TZLog.log -->12/09/2007 14:43:42
C:\WINDOWS\System32\shlwapi.dll -->22/08/2007 14:13:08
C:\WINDOWS\System32\shdocvw.dll -->22/08/2007 14:13:08
C:\WINDOWS\System32\danim.dll -->22/08/2007 14:13:05
C:\WINDOWS\System32\cdfview.dll -->22/08/2007 14:13:05
C:\WINDOWS\System32\browseui.dll -->22/08/2007 14:13:05
C:\WINDOWS\System32\inetcomm.dll -->21/08/2007 7:17:23
C:\WINDOWS\System32\mshtml.dll -->20/08/2007 15:29:32
C:\WINDOWS\System32\wininet.dll -->20/08/2007 10:59:31
C:\WINDOWS\System32\webcheck.dll -->20/08/2007 10:59:31
C:\WINDOWS\QTFont.qfn -->7/12/2007 17:39:52
C:\WINDOWS\WindowsUpdate.log -->7/12/2007 17:38:21
C:\WINDOWS\0.log -->7/12/2007 17:35:12
C:\WINDOWS\bootstat.dat -->7/12/2007 17:33:46
C:\WINDOWS\SchedLgU.Txt -->7/12/2007 17:32:39
C:\WINDOWS\setupapi.log -->7/12/2007 17:31:33
C:\WINDOWS\tsoc.log -->5/12/2007 16:47:38
C:\WINDOWS\tabletoc.log -->5/12/2007 16:47:38
C:\WINDOWS\ocmsn.log -->5/12/2007 16:47:38
C:\WINDOWS\ntdtcsetup.log -->5/12/2007 16:47:38
C:\WINDOWS\KB938127-IE7.log -->5/12/2007 16:47:38
C:\WINDOWS\imsins.log -->5/12/2007 16:47:38
C:\WINDOWS\iis6.log -->5/12/2007 16:47:38
C:\WINDOWS\comsetup.log -->5/12/2007 16:47:38
C:\WINDOWS\ocgen.log -->5/12/2007 16:47:37
salut emiliano
fais ceci :
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
@+
fais ceci :
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
@+
SDFix: Version 1.117
Run by Emilien on ven. 07/12/2007 at 22:25
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Emilien\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\Emilien\Favoris\Online Security Guide.lnk - Deleted
C:\Documents and Settings\Emilien\new.txt - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 22:41:05
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:74,b7,9e,4a,c3,b3,ae,cb,b2,2c,39,ca,44,90,41,5e,5d,44,a2,c4,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:09,66,77,61,b2,b4,34,fb,43,61,f3,b8,82,7b,12,51,c6,a1,1a,1a,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,c3,e4,34,11,47,7c,69,46,6d,c4,67,f3,9e,6b,02,62,c8,01,81,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,64,00,03,94,95,8e,d7,8e,aa,d6,b1,cd,4b,c9,6c,cb,db,84,eb,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:74,b7,9e,4a,c3,b3,ae,cb,b2,2c,39,ca,44,90,41,5e,5d,44,a2,c4,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:09,66,77,61,b2,b4,34,fb,43,61,f3,b8,82,7b,12,51,c6,a1,1a,1a,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,c3,e4,34,11,47,7c,69,46,6d,c4,67,f3,9e,6b,02,62,c8,01,81,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,64,00,03,94,95,8e,d7,8e,aa,d6,b1,cd,4b,c9,6c,cb,db,84,eb,1c,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\Emilien\Local Settings\Application Data\Microsoft\Messenger\bullrot111@hotmail.com\SharingMetadata\didil333@hotmail.com\DFSR\Staging\CS{3CA97CFB-72D5-4569-73C4-D43CC8A8CBBC}\01\15-{3CA97CFB-72D5-4569-73C4-D43CC8A8CBBC}-v1-{41DF30AC-7CAA-44F7-867F-27E2327EB055}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Emilien\Local Settings\Application Data\Microsoft\Messenger\bullrot111@hotmail.com\SharingMetadata\jeanrobertbrogniet@hotmail.com\DFSR\Staging\CS{0BA9F22A-74CA-14AB-8226-CBEEF9DEF4C2}\01\10-{0BA9F22A-74CA-14AB-8226-CBEEF9DEF4C2}-v1-{41DF30AC-7CAA-44F7-867F-27E2327EB055}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"="C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Emilien\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 21 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 3 May 2007 45,056 ...H. --- "C:\Documents and Settings\myriam\Mes documents\~WRL0003.tmp"
Sat 30 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 30 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\388e66e644283db0233c4a98f2fd08a0\BIT146.tmp"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
Wed 28 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\895429730abf1e933cbabe1c3fad3173\BIT3.tmp"
Finished!
Run by Emilien on ven. 07/12/2007 at 22:25
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Emilien\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\Emilien\Favoris\Online Security Guide.lnk - Deleted
C:\Documents and Settings\Emilien\new.txt - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 22:41:05
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:74,b7,9e,4a,c3,b3,ae,cb,b2,2c,39,ca,44,90,41,5e,5d,44,a2,c4,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:09,66,77,61,b2,b4,34,fb,43,61,f3,b8,82,7b,12,51,c6,a1,1a,1a,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,c3,e4,34,11,47,7c,69,46,6d,c4,67,f3,9e,6b,02,62,c8,01,81,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,64,00,03,94,95,8e,d7,8e,aa,d6,b1,cd,4b,c9,6c,cb,db,84,eb,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:74,b7,9e,4a,c3,b3,ae,cb,b2,2c,39,ca,44,90,41,5e,5d,44,a2,c4,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:09,66,77,61,b2,b4,34,fb,43,61,f3,b8,82,7b,12,51,c6,a1,1a,1a,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,c3,e4,34,11,47,7c,69,46,6d,c4,67,f3,9e,6b,02,62,c8,01,81,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,64,00,03,94,95,8e,d7,8e,aa,d6,b1,cd,4b,c9,6c,cb,db,84,eb,1c,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\Emilien\Local Settings\Application Data\Microsoft\Messenger\bullrot111@hotmail.com\SharingMetadata\didil333@hotmail.com\DFSR\Staging\CS{3CA97CFB-72D5-4569-73C4-D43CC8A8CBBC}\01\15-{3CA97CFB-72D5-4569-73C4-D43CC8A8CBBC}-v1-{41DF30AC-7CAA-44F7-867F-27E2327EB055}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Emilien\Local Settings\Application Data\Microsoft\Messenger\bullrot111@hotmail.com\SharingMetadata\jeanrobertbrogniet@hotmail.com\DFSR\Staging\CS{0BA9F22A-74CA-14AB-8226-CBEEF9DEF4C2}\01\10-{0BA9F22A-74CA-14AB-8226-CBEEF9DEF4C2}-v1-{41DF30AC-7CAA-44F7-867F-27E2327EB055}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"="C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Emilien\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 21 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 3 May 2007 45,056 ...H. --- "C:\Documents and Settings\myriam\Mes documents\~WRL0003.tmp"
Sat 30 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 30 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\388e66e644283db0233c4a98f2fd08a0\BIT146.tmp"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
Wed 28 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\895429730abf1e933cbabe1c3fad3173\BIT3.tmp"
Finished!