Virus MSN - rapport SDFix
redcozmo
-
youss -
youss -
Bonjour,
J'ai chopé un virus sur MSN. Un contact m'a dit "c'est pas toi sur la photo" avec le lien et comme un C** j'ai cliquer dessus.
Et j'ai vu sur le forum qu'il fallait executer SDFix en mode sans echec, ce que j'ai fait et donc voila le rapport:
SDFix: Version 1.127
Run by Joss on 17/01/2008 at 20:30
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Joss\Bureau\virus\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\Joss\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 20:42:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:ee,f3,46,d0,64,64,40,23,eb,f9,f3,59,94,6d,f6,6b,5f,4c,34,33,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:ee,f3,46,d0,64,64,40,23,eb,f9,f3,59,94,6d,f6,6b,5f,4c,34,33,02,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Program Files\Alwil Software\Avast4\Setup\vps-8011600.vpu 10739483 bytes
C:\Program Files\Alwil Software\Avast4\Setup\vps-8011700-8011600.vpu 24945 bytes
C:\Program Files\Alwil Software\Avast4\Setup\vpsm-8011601.vpu 2649 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Maple 11\\jre\\bin\\java.exe"="C:\\Program Files\\Maple 11\\jre\\bin\\java.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\orbixd.exe"="C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\orbixd.exe:*:Enabled:orbixd"
"C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe"="C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe:*:Enabled:CATIA"
"C:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe"="C:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe:*:Enabled:Hummingbird Exceed 2007"
"E:\\Autres\\Telechargements\\Logiciels Grav‚s sur DVD\\Freeplayer-Win32\\vlc\\vlc.exe"="E:\\Autres\\Telechargements\\Logiciels Grav‚s sur DVD\\Freeplayer-Win32\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"="C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe:*:Enabled:Maple 11"
"C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CATUTIL.exe"="C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CATUTIL.exe:*:Disabled:V5 Batch Management"
"C:\\DOCUME~1\\Joss\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Joss\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Joss\Bureau\virus\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 24 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 30 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
J'ai chopé un virus sur MSN. Un contact m'a dit "c'est pas toi sur la photo" avec le lien et comme un C** j'ai cliquer dessus.
Et j'ai vu sur le forum qu'il fallait executer SDFix en mode sans echec, ce que j'ai fait et donc voila le rapport:
SDFix: Version 1.127
Run by Joss on 17/01/2008 at 20:30
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Joss\Bureau\virus\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\Joss\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 20:42:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:ee,f3,46,d0,64,64,40,23,eb,f9,f3,59,94,6d,f6,6b,5f,4c,34,33,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:ee,f3,46,d0,64,64,40,23,eb,f9,f3,59,94,6d,f6,6b,5f,4c,34,33,02,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Program Files\Alwil Software\Avast4\Setup\vps-8011600.vpu 10739483 bytes
C:\Program Files\Alwil Software\Avast4\Setup\vps-8011700-8011600.vpu 24945 bytes
C:\Program Files\Alwil Software\Avast4\Setup\vpsm-8011601.vpu 2649 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Maple 11\\jre\\bin\\java.exe"="C:\\Program Files\\Maple 11\\jre\\bin\\java.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\orbixd.exe"="C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\orbixd.exe:*:Enabled:orbixd"
"C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe"="C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe:*:Enabled:CATIA"
"C:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe"="C:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe:*:Enabled:Hummingbird Exceed 2007"
"E:\\Autres\\Telechargements\\Logiciels Grav‚s sur DVD\\Freeplayer-Win32\\vlc\\vlc.exe"="E:\\Autres\\Telechargements\\Logiciels Grav‚s sur DVD\\Freeplayer-Win32\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"="C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe:*:Enabled:Maple 11"
"C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CATUTIL.exe"="C:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CATUTIL.exe:*:Disabled:V5 Batch Management"
"C:\\DOCUME~1\\Joss\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Joss\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Joss\Bureau\virus\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 24 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 30 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
A voir également:
- Virus MSN - rapport SDFix
- Virus mcafee - Accueil - Piratage
- Plan rapport de stage - Guide
- Telecharger msn - Télécharger - Messagerie
- Msn messenger - Télécharger - Messagerie
- Virus facebook demande d'amis - Accueil - Facebook
24 réponses
Re
Eh bien comment se comporte ton PC ?
Msn
Logiciels
Connexion internet
...
Sert toi de Ccleaner de temps en temps ainsi que d'autres comme Ad-aware ...
(Une fois par semaine par exemple)
A+
Eh bien comment se comporte ton PC ?
Msn
Logiciels
Connexion internet
...
Sert toi de Ccleaner de temps en temps ainsi que d'autres comme Ad-aware ...
(Une fois par semaine par exemple)
A+
Ok : tout a l'air de bien tourner, j'ai moin de ram d'utiliser et je viens de lancer MSN et ça fonctionne bien.
Je te remercie et te souhaite bonne chance avec les problemes des autres.
Bonne fin de week end.
Je te remercie et te souhaite bonne chance avec les problemes des autres.
Bonne fin de week end.
Re
alors met l'état du post sur résolu
Et bon week-end à toi aussi
Bye
PS : désinstalle tous les logiciels que j'aurai pu te demander d'installer !
alors met l'état du post sur résolu
Et bon week-end à toi aussi
Bye
PS : désinstalle tous les logiciels que j'aurai pu te demander d'installer !
salut j'ai été infecté par le meme virus (c pas toi sur la foto) et g suivi pluieurs étapes voici le lien de la discussion correspondant a mon blem
http://www.commentcamarche.net/forum/affich 5178888 en detresse
peux tu m'aider stp
MERCI D AVANCE
http://www.commentcamarche.net/forum/affich 5178888 en detresse
peux tu m'aider stp
MERCI D AVANCE
