J'ai le virus: c'est pas toi, que faire.??

Résolu/Fermé
Mitsuka Messages postés 4 Date d'inscription jeudi 17 janvier 2008 Statut Membre Dernière intervention 18 janvier 2008 - 18 janv. 2008 à 18:28
 miguelito - 25 févr. 2008 à 20:45
Bonjour,
J'ai le virus "c'est pas toi" qui tourne en se moment sur msn
mon anti-virus "avast" n'a pas réagis.
J'ai donc etais sur ce forum et suivis les quelques instructions que j'avais trouver, malgré le nombre incalculable de scan avec AVG, ou de nettoyage avec CCleaner j'ai encore ce virus.
S'il vous plait, si vous savez comment faire ca m'arrangerai.

Merci

105 réponses

bonjour a tous, je pense avoir fait tout correctement mais je n'ai que ceci qui apparait dans le report ..
SDFix: Version 1.129

Run by Personne on 21/01/2008 at 14:53

Microsoft Windows XP [version 5.1.2600]

Running From: D:\Sytem\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File


pourquoi n'ai-je que ça?? merci!!
0
idem pour moi

SDFix: Version 1.129

Run by Administrateur on 21/01/2008 at 17:54

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\Router\Router.exe - Deleted
C:\Program Files\Router\UnInstall.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b15?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted



Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 17:58:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 10


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Steam\\SteamApps\\razer2158\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\razer2158\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\HP_ADM~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\HP_ADM~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\HP_Administrateur\\ejmobw.exe"="C:\\Documents and Settings\\HP_Administrateur\\ejmobw.exe:*:Enabled:Windows Service"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\HP_Administrateur\\plghol.exe"="C:\\Documents and Settings\\HP_Administrateur\\plghol.exe:*:Enabled:Windows Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 20 Jan 2008 9,296 ...H. --- "C:\Program Files\Softwin\BitDefender9\Quarantine\adwcwc.exe"
Mon 21 Jan 2008 5,684 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE3.tmp"
Mon 21 Jan 2008 5,938 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE4.tmp"

Finished!
0
j'ai telécharger SdFix je trouve RunThis,mais quand j'appuie sur Y il me lance quelque chose mais me dit qu'il y a une erreure et ne me demande pas d'appuier sur une touche pour redemarrer mon ordinateur !!!!que dois je faire???????????
0
Maijin Messages postés 1385 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 28 juin 2009 352
21 janv. 2008 à 19:22
changement de programme pour détruire ce virus vous pouvez aussi utilisez ceci :

* Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
o http://sosvirus.changelog.fr/MSNFix.zip
* Décompressez-le (clic droit >> Extraire ici) et double-cliquez sur le fichier MSNFix.bat.
* Exécutez l'option R.
o Si l'infection est détectée, exécutez l'option N.
o Sauvegardez ce rapport puis faites un copier/coller de ce rapport sur le forum virus securite
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
SDFix: Version 1.129

Run by OUEST IMPACT on 21/01/2008 at 20:03

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\OUESTI~1\Bureau\SDFix

Safe Mode:
Checking Services:

Name:
ldrsvc
runtime
smtpdrv

Path:
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\WINDOWS\System32\drivers\runtime.sys
System32\DRIVERS\smtpdrv.sys

ldrsvc - Deleted
runtime - Deleted
smtpdrv - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\114925~1 - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\script.txt - Deleted
C:\Program Files\Words\UnInstall.exe - Deleted
C:\Program Files\Words\Words.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\DOCUME~1\OUESTI~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b14?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
C:\WINDOWS\system32\*_exception.nls - Deleted
C:\WINDOWS\system32\adult.txt - Deleted
C:\WINDOWS\system32\alog.txt - Deleted
C:\WINDOWS\system32\btask.dll - Deleted
C:\WINDOWS\system32\cmds.txt - Deleted
C:\WINDOWS\system32\conf.dat - Deleted
C:\WINDOWS\system32\finance.txt - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\other.txt - Deleted
C:\WINDOWS\system32\pharma.txt - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\sft.res - Deleted



Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Words - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
: ADS Found!

svchost.exe: deleted 50688 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 20:07:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d1,4f,f3,6f,87,e1,0c,51,f3,95,be,5d,35,e0,bd,d0,ce,58,a5,50,69,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3b,20,f6,3c,b0,1b,11,1a,77,d9,7a,4d,5d,71,05,1f,6d,..
"khjeh"=hex:f4,36,62,f5,c7,ea,b9,7a,d0,49,11,74,87,86,93,07,28,23,93,ff,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ce,49,57,4d,9f,b7,70,f0,10,e6,03,65,17,dc,49,b0,58,2e,bc,c0,81,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d1,4f,f3,6f,87,e1,0c,51,f3,95,be,5d,35,e0,bd,d0,ce,58,a5,50,69,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3b,20,f6,3c,b0,1b,11,1a,77,d9,7a,4d,5d,71,05,1f,6d,..
"khjeh"=hex:f4,36,62,f5,c7,ea,b9,7a,d0,49,11,74,87,86,93,07,28,23,93,ff,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ce,49,57,4d,9f,b7,70,f0,10,e6,03,65,17,dc,49,b0,58,2e,bc,c0,81,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 41


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\DOCUME~1\\OUESTI~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\OUESTI~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"c:\\windows\\system32\\sldpj6.exe"="c:\\windows\\system32\\sldpj6.exe:*:Enabled:sldpj6"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\OUESTI~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 21 Jan 2008 42,496 ..SHR --- "C:\WINDOWS\system32\1037m.exe"
Mon 21 Jan 2008 17,920 A.SH. --- "C:\WINDOWS\system32\1041a.dll"
Mon 21 Jan 2008 17,920 A.SH. --- "C:\WINDOWS\system32\Adobep.dll"
Sat 13 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 11 Jun 2007 28,160 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\BSI\~WRL3258.tmp"
Mon 9 Jan 2006 439,296 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL0003.tmp"
Tue 10 Jan 2006 2,490,880 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL0312.tmp"
Wed 18 Jan 2006 109,568 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL0490.tmp"
Wed 18 Jan 2006 598,528 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL0677.tmp"
Thu 9 Feb 2006 102,400 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL0773.tmp"
Thu 25 Jan 2007 38,400 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL1009.tmp"
Mon 16 Jan 2006 762,368 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL1165.tmp"
Tue 17 Jul 2007 301,056 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL1613.tmp"
Mon 30 Jan 2006 2,038,272 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL1695.tmp"
Tue 12 Dec 2006 957,952 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL2327.tmp"
Mon 23 Apr 2007 1,648,128 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL2618.tmp"
Wed 11 Jan 2006 743,424 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\CATALOGUE LIGNES ET LUMIERES\~WRL3021.tmp"
Mon 28 Aug 2006 41,472 A..H. --- "C:\Documents and Settings\OUEST IMPACT\Mes documents\isd-jpr\~WRL2831.tmp"

Finished!

quelqu'un peut me dire pour quoi ja ne peut toujours pas allez sur inernet alors que c'est censer etre reparer? merci
0
voila j'ai essayé msn fix et voila le resultat!! je ne peut toujours pas allez sur internet.quelqu'un peut m'aider



MSNFix 1.639-2

C:\Documents and Settings\OUEST IMPACT\Bureau\MSNFix
Fix exécuté le 21/01/2008 - 20:28:09,51 By OUEST IMPACT
mode normal

************************ Recherche les fichiers présents

... C:\Documents and Settings\OUEST IMPACT\??????.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\Documents and Settings\OUEST IMPACT\??????.exe



************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\bhij.exe] E35BBFB29114DC915FB8FAF710EB8770
[C:\hkdjqaxv.exe] F1AECB15481D41FF7138A28647AC872F
[C:\upaq.exe] F6E57C3E854EE7780F960AA9B50BC69E



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21012008_20301840.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
MSNFix 1.639-2

C:\Documents and Settings\Flora LADUNE\Local Settings\Temporary Internet Files\Content.IE5\AG9X58YT\MSNFix[1]\MSNFix
Fix exécuté le 21/01/2008 - 20:26:07,56 By Flora LADUNE
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\DOCUME~1\FLORAL~1\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\FLORAL~1\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Flora LADUNE\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
... C:\WINDOWS\system32\urlmsnlink.dat

************************ Recherche les dossiers présents

... C:\WINDOWS\system32\openfile\
... C:\WINDOWS\system32\updatelinkmsn\




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
/!\ ... C:\DOCUME~1\FLORAL~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\FLORAL~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Flora LADUNE\??????.exe
/!\ ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
/!\ ... C:\WINDOWS\mrofinu*.exe.tmp
.. OK ... C:\WINDOWS\system32\urlmsnlink.dat


************************ Suppression des dossiers

.. OK ... C:\WINDOWS\system32\openfile\
.. OK ... C:\WINDOWS\system32\updatelinkmsn\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\FLORAL~1\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\FLORAL~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Flora LADUNE\??????.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21012008_21091092.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
mille merci


SDFix: Version 1.129

Run by Compaq_Propri‚taire on 21/01/2008 at 21:35

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
ldrsvc
runtime

Path:
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\WINDOWS\System32\drivers\runtime.sys

ldrsvc - Deleted
runtime - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\XV.TMP - Deleted
C:\191211~1 - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Clean_*.dll - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\system32\*_exception.nls - Deleted



Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\Temporary - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
:alg 15456
Total size: 15456 bytes.

system32: deleted 15456 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
0
Bonsoir, j'ai reçu également le fameux "c'est pas toi" d'un contact; comme je ne sais pas si je suis infecté ou pas, j'ai quand même exécuter SDFix par précaution.
Voici le rapport :

SDFix: Version 1.129

Run by admin on 21/01/2008 at 20:55

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\admin\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 21:01:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\admin\\Bureau\\telechargements\\Freeplayer-Win32-20050905\\Freeplayer\\vlc\\vlc.exe"="C:\\Documents and Settings\\admin\\Bureau\\telechargements\\Freeplayer-Win32-20050905\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"J:\\fscommand\\Vividas.exe"="J:\\fscommand\\Vividas.exe:*:Enabled:Vividas Player"
"J:\\fscommand\\Vividas_ep2.exe"="J:\\fscommand\\Vividas_ep2.exe:*:Enabled:Vividas Player"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

Fri 5 Jan 2007 5,224 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 2 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 13 Aug 2004 1,953,792 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
Fri 13 Aug 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
Fri 13 Aug 2004 94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
Mon 16 Aug 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
Fri 13 Aug 2004 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
Wed 17 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 21 Jan 2008 108 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"

Finished!


------Qu'en pensez-vous (je ne pense pas avoir été infecté, mais je préfère quand même demander confirmation),
D'avance merci.
0
SDFix: Version 1.129

Run by Arthur on 21/01/2008 at 22:08

Microsoft Windows XP [version 5.1.2600]

Running From: G:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

G:\Documents and Settings\Arthur\Local Settings\Temp\tem42.tmp.exe - Deleted
G:\Documents and Settings\Arthur\Local Settings\Temp\tem46.tmp.exe - Deleted
G:\Documents and Settings\Arthur\Local Settings\Temp\tem4A.tmp.exe - Deleted
G:\Documents and Settings\Arthur\Local Settings\Temp\upd3.tmp.exe - Deleted
G:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
G:\Program Files\Temporary\kernInst.exe - Deleted
G:\DOCUME~1\Arthur\LOCALS~1\Temp\services.exe - Deleted
G:\WINDOWS\17PHolmes*.exe - Deleted
G:\WINDOWS\b12?.exe - Deleted
G:\WINDOWS\mrofinu*.exe - Deleted
G:\WINDOWS\mrofinu*.exe.tmp - Deleted



Folder G:\Program Files\Dot1XCfg - Removed
Folder G:\Program Files\Temporary - Removed


Removing Temp Files...

ADS Check:

G:\WINDOWS
No streams found.

G:\WINDOWS\system32
No streams found.

G:\WINDOWS\system32\svchost.exe
No streams found.

G:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 22:12:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 327


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="G:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"G:\\Program Files\\eMule\\emule.exe"="G:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"G:\\WINDOWS\\system32\\dpvsetup.exe"="G:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"G:\\WINDOWS\\system32\\rundll32.exe"="G:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"G:\\Program Files\\LimeWire\\LimeWire.exe"="G:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"G:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="G:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"G:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="G:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"G:\\DOCUME~1\\Arthur\\LOCALS~1\\Temp\\services.exe"="G:\\DOCUME~1\\Arthur\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="G:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - G:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 6 Jan 2008 48 ..SH. --- G:\WINDOWS\S9AACB~1.TMP
Thu 3 Jan 2008 4,348 A.SH. --- G:\DOCUME~1\ALLUSE~1\DRM\DRMV1.BAK
Tue 7 Feb 2006 299,008 A..H. --- G:\PROGRA~1\CANON\MPNAVI~1.0\MAINT.EXE
Mon 25 Apr 2005 61,440 A..H. --- G:\PROGRA~1\CANON\MPNAVI~1.0\UINSTRSC.DLL
Sun 30 Dec 2007 0 A.SH. --- G:\DOCUME~1\ALLUSE~1\DRM\CACHE\INDIV01.TMP
Thu 10 Jan 2008 0 A..H. --- G:\WINDOWS\SOFTWA~1\DOWNLOAD\0A67B6~1\BIT3.TMP
Thu 10 Jan 2008 0 A..H. --- G:\WINDOWS\SOFTWA~1\DOWNLOAD\18B193~1\BIT6.TMP
Thu 10 Jan 2008 0 A..H. --- G:\WINDOWS\SOFTWA~1\DOWNLOAD\22FB97~1\BITA.TMP
Thu 10 Jan 2008 0 A..H. --- G:\WINDOWS\SOFTWA~1\DOWNLOAD\26924C~1\BIT2.TMP
Thu 10 Jan 2008 0 A..H. --- G:\WINDOWS\SOFTWA~1\DOWNLOAD\2769B1~1\BIT7.TMP
Thu 10 Jan 2008 0 A..H. --- G:\WINDOWS\SOFTWA~1\DOWNLOAD\302857~1\BIT4.TMP
Thu 10 Jan 2008 0 A..H. --- G:\WINDOWS\SOFTWA~1\DOWNLOAD\9E8705~1\BIT9.TMP
Thu 10 Jan 2008 0 A..H. --- G:\WINDOWS\SOFTWA~1\DOWNLOAD\CB8921~1\BIT5.TMP
Thu 10 Jan 2008 0 A..H. --- G:\WINDOWS\SOFTWA~1\DOWNLOAD\D77B9B~1\BIT8.TMP

Finished!
0
Même problème que tout le monde, j'ai suivi la procédure et voici le rapport:

SDFix: Version 1.129

Run by Aline on 21/01/2008 at 21:59

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Aline\Bureau\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\809961~1 - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\Aline\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
C:\WINDOWS\system32\btask.dll - Deleted
C:\WINDOWS\system32\cmds.txt - Deleted
C:\WINDOWS\system32\conf.dat - Deleted
C:\WINDOWS\system32\ktask.dll - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted



Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\Temporary - Removed


Removing Temp Files...

ADS Check:
0
J'ai aussi été infectée hier soir, j'ai pu y nettoyer grâce au procédé dis au début du post, un grand merci.
Mais le problème c'est que j'ai toujours 3 icônes sur mon bureau que je ne peux pas supprimer : tckdur.exe, hwveaf.exe, hyhklm.exe
Que faire ?


Sinon voici mon rapport :




SDFix: Version 1.129

Run by utilisateur on 22/01/2008 at 10:36

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DFR8A.TMP - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 10:43:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:fb,da,be,24,0f,9c,cf,7b,08,3a,75,f6,c1,78,0f,cc,17,8f,db,10,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,22,c8,4c,49,db,48,d6,55,36,7d,b4,06,82,bf,36,45,94,..
"khjeh"=hex:d0,f6,74,3a,37,d7,2f,43,95,bb,29,3d,d2,d7,2c,a3,3d,0c,00,f0,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1b,2e,41,fb,ce,f7,bb,37,93,04,b3,fe,57,88,9c,53,57,41,9c,e1,c6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:fb,da,be,24,0f,9c,cf,7b,08,3a,75,f6,c1,78,0f,cc,17,8f,db,10,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,22,c8,4c,49,db,48,d6,55,36,7d,b4,06,82,bf,36,45,94,..
"khjeh"=hex:d0,f6,74,3a,37,d7,2f,43,95,bb,29,3d,d2,d7,2c,a3,3d,0c,00,f0,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1b,2e,41,fb,ce,f7,bb,37,93,04,b3,fe,57,88,9c,53,57,41,9c,e1,c6,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 154


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\MSN Messenger\\msnmgr.exe"="C:\\Program Files\\MSN Messenger\\msnmgr.exe:*:Enabled:Messenger"
"C:\\WINDOWS\\system32\\jmqgxqvw.exe"="C:\\WINDOWS\\system32\\jmq"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Ankama Games\\Dofus_beta\\Dofus.exe"="C:\\Program Files\\Ankama Games\\Dofus_beta\\Dofus.exe:*:Enabled:Dofus Client"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Ankama Games\\Dofus\\Dofus.exe"="C:\\Program Files\\Ankama Games\\Dofus\\Dofus.exe:*:Enabled:Dofus Client"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\UTILIS~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\UTILIS~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 29 Jun 2007 923,895 ..SH. --- "C:\WINDOWS\system32\xbadd.tmp"
Mon 25 Jun 2007 6,369 ..SH. --- "C:\WINDOWS\system32\xbadd.bak1"
Sat 22 Sep 2007 824,109 ..SH. --- "C:\WINDOWS\system32\xbadd.bak2"
Sat 11 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 25 Feb 2007 6,789 A..H. --- "C:\WINDOWS\Drivers\Microsoft\script.dll"
Sat 17 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 1 Jul 2007 122,944 ...H. --- "C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\jmqgxqvw.exe"

Finished!
0
coucou!!
j'espère que ca a marché!!
merci pour le coup de main!!

SDFix: Version 1.130

Run by Famille Gacoin on 22/01/2008 at 12:25

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\FAMILL~1\Bureau\SDFix

Safe Mode:
Checking Services:

Name:
Generic Host Process for Win-32 Service

Path:
"C:\WINDOWS\svchost.exe"

Generic Host Process for Win-32 Service - Deleted


C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe




Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\17PHolmes1148.exe - Deleted
C:\WINDOWS\mrofinu1148.exe - Deleted
C:\WINDOWS\mrofinu1148.exe.tmp - Deleted
C:\DOCUME~1\FAMILL~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 12:35:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 391


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Documents and Settings\\Famille Gacoin\\Mes documents\\fichiers t‚l‚charg‚s\\Warcraft III\\Warcraft III.exe"="C:\\Documents and Settings\\Famille Gacoin\\Mes documents\\fichiers t‚l‚charg‚s\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Famille Gacoin\\Mes documents\\fichiers t‚l‚charg‚s\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Famille Gacoin\\Mes documents\\fichiers t‚l‚charg‚s\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Documents and Settings\\Famille Gacoin\\Mes documents\\fichiers t‚l‚charg‚s\\eMule\\emule.exe"="C:\\Documents and Settings\\Famille Gacoin\\Mes documents\\fichiers t‚l‚charg‚s\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"="C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe:*:Enabled:Navigateur Internet"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\DOCUME~1\\FAMILL~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\FAMILL~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\FAMILL~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 16 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Fri 2 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT2.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\825602f548d54de494879712d10e8261\BIT2.tmp"
Wed 28 May 2003 65,088 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 28 May 2003 12,732 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 28 May 2003 26,424 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 28 May 2003 28,062 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 28 May 2003 10,710 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 28 May 2003 10,083 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 28 May 2003 10,257 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 28 May 2003 29,499 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 28 May 2003 12,660 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 28 May 2003 11,031 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 28 May 2003 17,952 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 28 May 2003 9,424 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 28 May 2003 13,673 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 28 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 28 May 2003 7,243 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 28 May 2003 24,767 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 28 May 2003 7,463 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 28 May 2003 10,286 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 28 May 2003 25,460 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 28 May 2003 28,866 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 28 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 28 May 2003 8,544 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 28 May 2003 33,149 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 28 May 2003 35,340 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 28 May 2003 14,378 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 28 May 2003 37,984 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 28 May 2003 44,828 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 28 May 2003 29,628 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 28 May 2003 49,250 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 28 May 2003 50,600 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 28 May 2003 161,792 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 28 May 2003 174,080 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 28 May 2003 21,971 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 28 May 2003 30,955 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 28 May 2003 202,517 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 28 May 2003 374,038 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 28 May 2003 22,158 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 28 May 2003 1,608 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 28 May 2003 15,345 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 28 May 2003 7,840 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 28 May 2003 56,821 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 28 May 2003 64,425 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 28 May 2003 32,396 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 28 May 2003 14,160 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 28 May 2003 10,898 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 28 May 2003 53,556 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 28 May 2003 15,777 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 28 May 2003 37,681 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 28 May 2003 354,304 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 28 May 2003 21,180 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 28 May 2003 354,263 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 28 May 2003 8,513 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 28 May 2003 41,302 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 28 May 2003 129,240 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 28 May 2003 28,439 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 28 May 2003 13,770 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 28 May 2003 130,980 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 28 May 2003 11,854 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 28 May 2003 52,715 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 28 May 2003 62,391 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 28 May 2003 11,491 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 28 May 2003 17,791 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 28 May 2003 17,043 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 28 May 2003 11,786 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 28 May 2003 18,300 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 28 May 2003 48,224 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 28 May 2003 13,360 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 28 May 2003 9,190 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 28 May 2003 12,567 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 28 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 28 May 2003 56,896 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 28 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 28 May 2003 9,692 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 28 May 2003 9,537 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 28 May 2003 32,484 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 28 May 2003 52,225 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 28 May 2003 48,491 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 28 May 2003 50,405 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 28 May 2003 33,860 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 28 May 2003 50,175 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 28 May 2003 50,795 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 28 May 2003 48,223 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 28 May 2003 48,641 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 28 May 2003 49,015 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 28 May 2003 53,786 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 28 May 2003 44,240 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 28 May 2003 42,550 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

Finished!
0
SDFix: Version 1.130

Run by booba on 22/01/2008 at 14:11

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\booba\Bureau\SDFix

Safe Mode:
Checking Services:

Name:
ldrsvc

Path:
%SystemRoot%\System32\svchost.exe -k netsvcs

ldrsvc - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\195284~1 - Deleted
C:\TUWWP.EXE - Deleted
C:\DOCUME~1\booba\LOCALS~1\Temp\GLFE0.tmp.dll - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\booba\LOCALS~1\Temp\clean_45456.dll - Deleted
C:\WINDOWS\17PHolmes1148.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\mrofinu1148.exe - Deleted
C:\WINDOWS\mrofinu1148.exe.tmp - Deleted
C:\DOCUME~1\booba\LOCALS~1\Temp\services.exe - Deleted



Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\Temporary - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 14:21:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\ztx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\ztx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\svchost.exe:exm.exe 27648 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 428


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\DOCUME~1\\booba\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\booba\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\booba\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 22 Jan 2008 38,400 ..SHR --- "C:\WINDOWS\system32\appendi.exe"
Thu 18 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!



------------------------------

Mon virus a ete supprimer mais j'ai encore un probleme mon pare feu se desactive tout seul environ tout les 10minutes...
Une solution?
0
Maijin Messages postés 1385 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 28 juin 2009 352
22 janv. 2008 à 20:12
refais un message pour expliquer ton problème
0
SDFix: Version 1.130

Run by lisa conter on 22/01/2008 at 20:36

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Generic Host Process for Win-32 Service
Generic Host Process for Win-32 Service

Path:

Generic Host Process for Win-32 Service - Deleted
Generic Host Process for Win-32 Service - Deleted


C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe



C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe




Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\InetGet2\install_words.exe - Deleted
C:\Program Files\Router\Router.exe - Deleted
C:\Program Files\Router\UnInstall.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\UnInstall.exe - Deleted
C:\Program Files\Words\Words.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\b128.exe - Deleted
C:\WINDOWS\b143.exe - Deleted
C:\WINDOWS\b149.exe - Deleted
C:\WINDOWS\b151.exe - Deleted
C:\WINDOWS\mrofinu1148.exe - Deleted
C:\WINDOWS\mrofinu1148.exe.tmp - Deleted
C:\DOCUME~1\LISACO~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\svchost.exe - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted



Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Words - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 20:40:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 187


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\LISACO~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\LISACO~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\lisa conter\\scitwu.exe"="C:\\Documents and Settings\\lisa conter\\scitwu.exe:*:Enabled:Windows Service"
"C:\\Documents and Settings\\lisa conter\\zmbwyx.exe"="C:\\Documents and Settings\\lisa conter\\zmbwyx.exe:*:Enabled:Windows Service"
"C:\\Documents and Settings\\lisa conter\\xfnmjf.exe"="C:\\Documents and Settings\\lisa conter\\xfnmjf.exe:*:Enabled:Windows Service"
"C:\\Documents and Settings\\lisa conter\\seertz.exe"="C:\\Documents and Settings\\lisa conter\\seertz.exe:*:Enabled:Windows Service"
"C:\\Documents and Settings\\lisa conter\\pjbwlp.exe"="C:\\Documents and Settings\\lisa conter\\pjbwlp.exe:*:Enabled:Windows Service"
"C:\\Documents and Settings\\lisa conter\\ktgzud.exe"="C:\\Documents and Settings\\lisa conter\\ktgzud.exe:*:Enabled:Windows Service"
"C:\\Documents and Settings\\lisa conter\\cdsuxg.exe"="C:\\Documents and Settings\\lisa conter\\cdsuxg.exe:*:Enabled:Windows Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 19 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 15 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!
0
Bonjour,
J'ai fait tout ce qu'à dit Maiji, mais malheureusement cela n'a pas eu l'effet escmopté.

J'ai toujours les fenêtres publicitaires qui me harcélent, l'écran qui saute de temps en temps, le PC qui plante très souvent et mes fenêtres MSN qui ne veulent parfois pas s'ouvrir...

Je ne sais plus quoi faire, c'est la deuxième fois que je tente un nettoyage (la première via MSNFix) et rien n'y fait.

Voici le report obtenu avec SDFix.

SI quelqu'un a une solution... Merci d'avance de votre aide.

Julie






SDFix: Version 1.130

Run by GDS on 22/01/2008 at 20:46

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\GDS~1.NOM\Bureau\SDFix

Safe Mode:
Checking Services:

Name:
windows mail service

Path:
"C:\WINPRO\mail.exe"

windows mail service - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\GDS~1.NOM\APPLIC~1\MICROS~1\WINDOWS\WSGOT.EXE - Deleted
C:\Documents and Settings\GDS.NOM-PORT\Application Data\WinTouch\wintouch.cfg - Deleted
C:\Documents and Settings\GDS.NOM-PORT\Application Data\WinTouch\WinTouch.exe - Deleted
C:\Documents and Settings\GDS.NOM-PORT\Application Data\WinTouch\WTUninstaller.exe - Deleted
C:\WINPRO\system32\CatRoot\TMP4.tmp - Deleted
C:\Program Files\Router\Router.exe - Deleted
C:\Program Files\Router\UnInstall.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\Program Files\.autoreg - Deleted
C:\DOCUME~1\GDS~1.NOM\LOCALS~1\Temp\services.exe - Deleted
C:\WINPRO\mail.exe - Deleted



Folder C:\Documents and Settings\GDS.NOM-PORT\Application Data\WinTouch - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed


Removing Temp Files...

ADS Check:

C:\WINPRO
No streams found.

C:\WINPRO\system32
:{4B9A1497-0817-47C4-9612-D5A1C53ACF57} 12
Total size: 12 bytes.

system32: deleted 12 bytes in 1 streams.

Checking for remaining Streams

C:\WINPRO\system32
No streams found.

C:\WINPRO\system32\svchost.exe
No streams found.

C:\WINPRO\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 20:55:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 19


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\GDS\\Mes documents\\vlc\\vlc.exe"="C:\\Documents and Settings\\GDS\\Mes documents\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\FreeBrowser\\FreeBrowser\\FreeBrowser.exe"="C:\\Program Files\\FreeBrowser\\FreeBrowser\\FreeBrowser.exe:*:Enabled:FreeBrowser"
"C:\\Program Files\\FreeBrowser\\vlc\\vlc.exe"="C:\\Program Files\\FreeBrowser\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\FreePCvcR\\vlc\\vlc.exe"="C:\\Program Files\\FreePCvcR\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\FreepcVcr5.03\\vlc\\vlc.exe"="C:\\FreepcVcr5.03\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\DOCUME~1\\GDS~1.NOM\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\GDS~1.NOM\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\GDS.NOM-PORT\\fnhqnw.exe"="C:\\Documents and Settings\\GDS.NOM-PORT\\fnhqnw.exe:*:Enabled:Windows Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\GDS~1.NOM\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 15 Jan 2008 230,400 ..SHR --- "C:\Program Files\F?nts\t?skmgr.exe"
Mon 22 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 3 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 3 Oct 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Sun 25 Feb 2007 230,912 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0003.tmp"
Tue 30 Oct 2007 33,280 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0039.tmp"
Tue 30 Oct 2007 29,696 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0078.tmp"
Tue 30 Oct 2007 26,624 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0129.tmp"
Tue 6 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0340.tmp"
Tue 30 Oct 2007 25,600 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0348.tmp"
Tue 6 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0438.tmp"
Tue 30 Oct 2007 26,624 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0518.tmp"
Tue 6 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0561.tmp"
Tue 30 Oct 2007 29,696 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0728.tmp"
Tue 6 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0801.tmp"
Tue 30 Oct 2007 30,720 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0815.tmp"
Tue 30 Oct 2007 32,768 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL0954.tmp"
Tue 30 Oct 2007 29,696 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL1068.tmp"
Tue 30 Oct 2007 30,208 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL1093.tmp"
Tue 30 Oct 2007 24,576 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL1194.tmp"
Tue 30 Oct 2007 29,184 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL1262.tmp"
Tue 30 Oct 2007 25,088 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL1298.tmp"
Tue 30 Oct 2007 28,160 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL1302.tmp"
Tue 6 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL1540.tmp"
Tue 30 Oct 2007 31,744 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL1689.tmp"
Tue 6 Nov 2007 25,088 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL1833.tmp"
Tue 30 Oct 2007 29,696 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL1893.tmp"
Tue 6 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2013.tmp"
Tue 30 Oct 2007 26,624 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2244.tmp"
Tue 30 Oct 2007 31,744 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2266.tmp"
Tue 30 Oct 2007 28,160 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2276.tmp"
Tue 30 Oct 2007 31,744 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2361.tmp"
Tue 30 Oct 2007 24,576 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2410.tmp"
Tue 30 Oct 2007 25,600 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2464.tmp"
Tue 30 Oct 2007 26,624 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2515.tmp"
Tue 30 Oct 2007 27,648 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2640.tmp"
Tue 30 Oct 2007 24,064 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2680.tmp"
Tue 6 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2711.tmp"
Tue 30 Oct 2007 31,232 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2748.tmp"
Tue 30 Oct 2007 32,768 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2811.tmp"
Tue 30 Oct 2007 29,696 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2835.tmp"
Tue 30 Oct 2007 32,768 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2887.tmp"
Tue 6 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2899.tmp"
Tue 30 Oct 2007 30,720 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2916.tmp"
Tue 30 Oct 2007 29,184 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL2959.tmp"
Tue 30 Oct 2007 31,744 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL3230.tmp"
Tue 30 Oct 2007 32,768 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL3257.tmp"
Tue 30 Oct 2007 33,280 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL3349.tmp"
Tue 30 Oct 2007 27,648 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL3415.tmp"
Tue 30 Oct 2007 32,768 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL3522.tmp"
Tue 6 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL3614.tmp"
Tue 30 Oct 2007 28,160 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL3911.tmp"
Tue 6 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\GDS.NOM-PORT\Bureau\~WRL3970.tmp"
Sat 19 Jan 2008 68,608 ..SHR --- "C:\Documents and Settings\GDS.NOM-PORT\Application Data\T?sks\arpa.exe"
Sat 28 Oct 2006 24,064 A..H. --- "C:\Documents and Settings\GDS.NOM-PORT\Mes documents\ESG\memoire\~WRL2528.tmp"

Finished!
0
Jvois pas coment je pourais expliquais d'une autre facon mon probleme.
Depuis que j'ai eu le virus sur msn mon pare windows se desactive une bulle saffiche en bas a droite en me disant que je cour un danger a cause de mon apre desactiver je le reactive et 5 a 10 minute plus tars la bulle reapparait et me disant la meme chose ....
0
BONJOUR ^^
J'ai eu le même problème !!
Maintenant mon ordi RAAAAME --" , de la pub s'affiche et MSN bug bug.. grave ! --"
Voila le rapport:

(Merci d'me rep x)




SDFix: Version 1.130

Run by CLIENT on 23/01/2008 at 16:25

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Driver
ldrsvc
msupdate

Path:
\??\C:\WINDOWS\system32\nso12k.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
c:\windows\system32\msvcrtd.exe

Driver - Deleted
ldrsvc - Deleted
msupdate - Deleted


C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe




Restoring Windows Registry Values
Restoring Windows Default Hosts File
0
J'ai également fais le rapport avec msnfixe :

MSNFix 1.639-2

C:\Documents and Settings\CLIENT\Bureau\MSNFix\MSNFix
Fix exécuté le 23/01/2008 - 16:49:23,60 By CLIENT
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\?.exe
... C:\DOCUME~1\CLIENT\LOCALS~1\Temp\??.exe
... C:\DOCUME~1\CLIENT\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\CLIENT\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\CLIENT\LOCALS~1\Temp\winlogon.exe
... C:\Documents and Settings\CLIENT\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\system32\svcp.csv
... C:\WINDOWS\system32\winsub.xml

************************ Recherche les dossiers présents

... C:\Program Files\InetGet2\
... C:\Program Files\Temporary\




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
.. OK ... C:\?.exe
.. OK ... C:\DOCUME~1\CLIENT\LOCALS~1\Temp\??.exe
/!\ ... C:\DOCUME~1\CLIENT\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\CLIENT\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\CLIENT\LOCALS~1\Temp\winlogon.exe
/!\ ... C:\Documents and Settings\CLIENT\??????.exe
/!\ ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\system32\svcp.csv
.. OK ... C:\WINDOWS\system32\winsub.xml


************************ Suppression des dossiers

.. OK ... C:\Program Files\InetGet2\
/!\ ... C:\Program Files\Temporary\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\CLIENT\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\CLIENT\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\CLIENT\??????.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\bhij.exe] 3600983B596861FE65BE243847998824
[C:\m9w3l6u1g.exe] 50F31A79EF37407200276FEABAC02F0E
[C:\tuwwp.exe] A9E496103D06AA3187ED6FF9BFDD2354
[C:\upaq.exe] C954E938A76ECB6EFF209E24F12CBE26



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 23012008_16535281.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
voici le rapport :
MSNFix 1.639-2

C:\Documents and Settings\charrier\Bureau\Nouveau dossier\MSNFix
Fix exécuté le 24/01/2008 - 20:04:45,87 By charrier
mode normal

************************ Recherche les fichiers présents

... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\DOCUME~1\charrier\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\charrier\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\charrier\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp

************************ Recherche les dossiers présents

... C:\Program Files\Dot1XCfg\
... C:\Program Files\InetGet2\
... C:\Program Files\Temporary\




************************ Suppression des fichiers

.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
/!\ ... C:\DOCUME~1\charrier\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\charrier\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\charrier\??????.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp


************************ Suppression des dossiers

.. OK ... C:\Program Files\Dot1XCfg\
/!\ ... C:\Program Files\InetGet2\
/!\ ... C:\Program Files\Temporary\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\charrier\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\charrier\LOCALS~1\Temp\services.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\bhij.exe] E35BBFB29114DC915FB8FAF710EB8770
[C:\cvbkwtb.exe] DBA6ED92B588B923D26BE7250BC18020
[C:\upaq.exe] 68D9A79AA5906E4AF60AA2DBE0840DAE



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 24012008_20075076.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

mais sa ne marche tjs pas !!! sa a bloquer ma connexion internet. donc jenvoi ce message d'un autre poste
0