J'ai le virus: c'est pas toi, que faire.??
Résolu/Fermé
Mitsuka
Messages postés
4
Date d'inscription
jeudi 17 janvier 2008
Statut
Membre
Dernière intervention
18 janvier 2008
-
18 janv. 2008 à 18:28
miguelito - 25 févr. 2008 à 20:45
miguelito - 25 févr. 2008 à 20:45
A voir également:
- J'ai le virus: c'est pas toi, que faire.??
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- Softonic virus - Forum Virus / Sécurité
- 6 proccesus svchost.exe Virus? ✓ - Forum Virus / Sécurité
105 réponses
IDEM POUR MOI !!!!
SDFix: Version 1.131
Run by charrier on 24/01/2008 at 20:17
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\charrier\Bureau\Nouveau dossier\SDFix
Safe Mode:
Checking Services:
Name:
astq
runtime
ztx86
Path:
\??\C:\WINDOWS\system32\drivers\astq.tga
\??\C:\WINDOWS\System32\drivers\runtime.sys
\??\C:\WINDOWS\system32\ztx86.sys
astq - Deleted
runtime - Deleted
ztx86 - Deleted
Infected ip6fw.sys Found!
ip6fw.sys File Locations:
Infected File Listed Below:
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM
File copied to Backups Folder
Attempting to replace ip6fw.sys with original version...
Unable To Replace Infected File!
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\InetGet2\FINAL -- Fort 5.6_MST-ONLY.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\WINDOWS\system32\9_exception.nls - Deleted
C:\WINDOWS\system32\adult.txt - Deleted
C:\WINDOWS\system32\btask.dll - Deleted
C:\WINDOWS\system32\conf.dat - Deleted
C:\WINDOWS\system32\finance.txt - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\other.txt - Deleted
C:\WINDOWS\system32\pharma.txt - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\system32\socketa.dll - Deleted
C:\WINDOWS\system32\socksys.dll - Deleted
C:\WINDOWS\system32\drivers\astq.tga - Deleted
C:\WINDOWS\system32\ztx86.sys - Deleted
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 20:23:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,4e,75,51,87,bb,84,49,bf,4a,6b,3a,2d,44,06,dc,9d,86,..
"hj34z0"=hex:58,e3,0a,9d,f5,37,2c,59,55,5a,cb,e9,1a,39,4d,9a,fa,7b,c7,03,1b,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\DOCUME~1\\charrier\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\charrier\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
Files with Hidden Attributes:
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM
Finished!
SDFix: Version 1.131
Run by charrier on 24/01/2008 at 20:17
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\charrier\Bureau\Nouveau dossier\SDFix
Safe Mode:
Checking Services:
Name:
astq
runtime
ztx86
Path:
\??\C:\WINDOWS\system32\drivers\astq.tga
\??\C:\WINDOWS\System32\drivers\runtime.sys
\??\C:\WINDOWS\system32\ztx86.sys
astq - Deleted
runtime - Deleted
ztx86 - Deleted
Infected ip6fw.sys Found!
ip6fw.sys File Locations:
Infected File Listed Below:
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM
File copied to Backups Folder
Attempting to replace ip6fw.sys with original version...
Unable To Replace Infected File!
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\InetGet2\FINAL -- Fort 5.6_MST-ONLY.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\WINDOWS\system32\9_exception.nls - Deleted
C:\WINDOWS\system32\adult.txt - Deleted
C:\WINDOWS\system32\btask.dll - Deleted
C:\WINDOWS\system32\conf.dat - Deleted
C:\WINDOWS\system32\finance.txt - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\other.txt - Deleted
C:\WINDOWS\system32\pharma.txt - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\system32\socketa.dll - Deleted
C:\WINDOWS\system32\socksys.dll - Deleted
C:\WINDOWS\system32\drivers\astq.tga - Deleted
C:\WINDOWS\system32\ztx86.sys - Deleted
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 20:23:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,4e,75,51,87,bb,84,49,bf,4a,6b,3a,2d,44,06,dc,9d,86,..
"hj34z0"=hex:58,e3,0a,9d,f5,37,2c,59,55,5a,cb,e9,1a,39,4d,9a,fa,7b,c7,03,1b,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\DOCUME~1\\charrier\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\charrier\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
Files with Hidden Attributes:
Impossible d'ex‚cuter C:\DOCUME~1\CHARRIER\BUREAU\NOUVEAU DOSSIER\SDFIX\APPS\LOCATE.COM
Finished!
[b][u]SDFix: Version 1.143[/u][/b]
Run by Cedric on 18/02/2008 at 22:13
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Cedric\Bureau\SDfix\SDFix
[b][u]Checking Services[/u][/b]:
Name:
4fdw
FCI
FFI
Generic Host Process for Win-32 Service
ldrsvc
nested
protect
qwer78
USB2_04
ztx86
OUB31
UCI52
Path:
\??\C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\system32\svchost.exe:ext.exe
C:\WINDOWS\system32\svchost.exe:exm.exe
"C:\WINDOWS\svchost.exe"
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\WINDOWS\system32\nested.sys
System32\drivers\protect.sys
\??\C:\WINDOWS\system32\drivers\qwer78.sys
\??\C:\WINDOWS\system32\drivers\nkv2.sys
\??\C:\WINDOWS\system32\ztx86.sys
System32\Drivers\Oub31.sys
System32\Drivers\Uci52.sys
4fdw - Deleted
FCI - Deleted
FFI - Deleted
Generic Host Process for Win-32 Service - Deleted
ldrsvc - Deleted
nested - Deleted
protect - Deleted
qwer78 - Deleted
USB2_04 - Deleted
ztx86 - Deleted
OUB31 - Deleted
UCI52 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service OUB31 - Deleted after Reboot
Service asc3550o - Deleted after Reboot
[b][u]Checking Files[/u][/b]:
Trojan Files Found:
C:\WINDOWS\system32\drivers\OUB31.sys - Deleted
C:\WINDOWS\system32\drivers\UCI52.sys - Deleted
C:\121570~1 - Deleted
C:\WINDOWS\system32\acespy\systune.exe - Deleted
C:\WINDOWS\system32\acespy\__acelog.ndx - Deleted
C:\d.exe - Deleted
C:\DOCUME~1\Cedric\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\absolute key logger.lnk - Deleted
C:\WINDOWS\aconti.exe - Deleted
C:\WINDOWS\aconti.log - Deleted
C:\WINDOWS\acontidialer.txt - Deleted
C:\WINDOWS\adbar.dll - Deleted
C:\WINDOWS\daxtime.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\dp0.dll - Deleted
C:\WINDOWS\eventlowg.dll - Deleted
C:\WINDOWS\fhfmm-Uninstaller.exe - Deleted
C:\WINDOWS\hotporn.exe - Deleted
C:\WINDOWS\ie_32.exe - Deleted
C:\WINDOWS\jd2002.dll - Deleted
C:\WINDOWS\kkcomp$.exe - Deleted
C:\WINDOWS\liqad$.exe - Deleted
C:\WINDOWS\liqui-Uninstaller.exe - Deleted
C:\WINDOWS\ngd.dll - Deleted
C:\WINDOWS\pbar.dll - Deleted
C:\WINDOWS\spredirect.dll - Deleted
C:\WINDOWS\system32\adult.txt - Deleted
C:\WINDOWS\system32\ESHOPEE.exe - Deleted
C:\WINDOWS\system32\finance.txt - Deleted
C:\WINDOWS\system32\LogCrypt.dll - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\other.txt - Deleted
C:\WINDOWS\system32\pharma.txt - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\system32\vxddsk.exe - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\vxddsk.exe - Deleted
C:\WINDOWS\wml.exe - Deleted
C:\WINDOWS\xadbrk_.exe - Deleted
C:\WINDOWS\xxxvideo.exe - Deleted
C:\WINDOWS\system32\4fdw.dll - Deleted
C:\WINDOWS\System32\drivers\nkv2.sys - Deleted
C:\WINDOWS\system32\drivers\qwer78.sys - Deleted
C:\WINDOWS\system32\nested.sys - Deleted
C:\WINDOWS\system32\ztx86.sys - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\WINDOWS\system32\acespy - Removed
Removing Temp Files...
[b][u]ADS Check[/u][/b]:
C:\WINDOWS\system32\svchost.exe
: ADS Found!
svchost.exe: deleted 53248 bytes in 2 streams.
Checking for remaining Streams
C:\WINDOWS\system32\svchost.exe
No streams found.
[b][u]Final Check[/u][/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 22:22:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
[b][u]Remaining Services[/u][/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"C:\\Program Files\\Everest Poker\\cstart.exe"="C:\\Program Files\\Everest Poker\\cstart.exe:*:Enabled:Everest Poker"
"C:\\Program Files\\Norton SystemWorks\\Norton Utilities\\UE32.EXE"="C:\\Program Files\\Norton SystemWorks\\Norton Utilities\\UE32.EXE:*:Enabled:Assistant UnErase"
"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"="C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE"="C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE:*:Enabled:LiveUpdate"
"C:\\Program Files\\WinRAR\\WinRAR.exe"="C:\\Program Files\\WinRAR\\WinRAR.exe:*:Enabled:WinRAR"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Cedric\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Cedric\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\Cedric\\Bureau\\ottkwk.exe"="C:\\Documents and Settings\\Cedric\\Bureau\\ottkwk.exe:*:Enabled:Windows Service"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\DOCUME~1\\Cedric\\LOCALS~1\\Temp\\dllhost.exe"="C:\\DOCUME~1\\Cedric\\LOCALS~1\\Temp\\dllhost.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b][u]Remaining Files[/u][/b]:
File Backups: - C:\DOCUME~1\Cedric\Bureau\SDfix\SDFix\backups\backups.zip
[b][u]Files with Hidden Attributes[/u][/b]:
Mon 17 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 31 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 1 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a639c949e790d609251685186692b3a\BITF7.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Tue 1 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BITF4.tmp"
Tue 1 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BITF6.tmp"
Tue 1 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d6e228e44f2018dd79eeb427a0b47d06\BITF5.tmp"
[b]Finished![/b]
Run by Cedric on 18/02/2008 at 22:13
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Cedric\Bureau\SDfix\SDFix
[b][u]Checking Services[/u][/b]:
Name:
4fdw
FCI
FFI
Generic Host Process for Win-32 Service
ldrsvc
nested
protect
qwer78
USB2_04
ztx86
OUB31
UCI52
Path:
\??\C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\system32\svchost.exe:ext.exe
C:\WINDOWS\system32\svchost.exe:exm.exe
"C:\WINDOWS\svchost.exe"
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\WINDOWS\system32\nested.sys
System32\drivers\protect.sys
\??\C:\WINDOWS\system32\drivers\qwer78.sys
\??\C:\WINDOWS\system32\drivers\nkv2.sys
\??\C:\WINDOWS\system32\ztx86.sys
System32\Drivers\Oub31.sys
System32\Drivers\Uci52.sys
4fdw - Deleted
FCI - Deleted
FFI - Deleted
Generic Host Process for Win-32 Service - Deleted
ldrsvc - Deleted
nested - Deleted
protect - Deleted
qwer78 - Deleted
USB2_04 - Deleted
ztx86 - Deleted
OUB31 - Deleted
UCI52 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service OUB31 - Deleted after Reboot
Service asc3550o - Deleted after Reboot
[b][u]Checking Files[/u][/b]:
Trojan Files Found:
C:\WINDOWS\system32\drivers\OUB31.sys - Deleted
C:\WINDOWS\system32\drivers\UCI52.sys - Deleted
C:\121570~1 - Deleted
C:\WINDOWS\system32\acespy\systune.exe - Deleted
C:\WINDOWS\system32\acespy\__acelog.ndx - Deleted
C:\d.exe - Deleted
C:\DOCUME~1\Cedric\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\absolute key logger.lnk - Deleted
C:\WINDOWS\aconti.exe - Deleted
C:\WINDOWS\aconti.log - Deleted
C:\WINDOWS\acontidialer.txt - Deleted
C:\WINDOWS\adbar.dll - Deleted
C:\WINDOWS\daxtime.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\dp0.dll - Deleted
C:\WINDOWS\eventlowg.dll - Deleted
C:\WINDOWS\fhfmm-Uninstaller.exe - Deleted
C:\WINDOWS\hotporn.exe - Deleted
C:\WINDOWS\ie_32.exe - Deleted
C:\WINDOWS\jd2002.dll - Deleted
C:\WINDOWS\kkcomp$.exe - Deleted
C:\WINDOWS\liqad$.exe - Deleted
C:\WINDOWS\liqui-Uninstaller.exe - Deleted
C:\WINDOWS\ngd.dll - Deleted
C:\WINDOWS\pbar.dll - Deleted
C:\WINDOWS\spredirect.dll - Deleted
C:\WINDOWS\system32\adult.txt - Deleted
C:\WINDOWS\system32\ESHOPEE.exe - Deleted
C:\WINDOWS\system32\finance.txt - Deleted
C:\WINDOWS\system32\LogCrypt.dll - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\other.txt - Deleted
C:\WINDOWS\system32\pharma.txt - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\system32\vxddsk.exe - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\vxddsk.exe - Deleted
C:\WINDOWS\wml.exe - Deleted
C:\WINDOWS\xadbrk_.exe - Deleted
C:\WINDOWS\xxxvideo.exe - Deleted
C:\WINDOWS\system32\4fdw.dll - Deleted
C:\WINDOWS\System32\drivers\nkv2.sys - Deleted
C:\WINDOWS\system32\drivers\qwer78.sys - Deleted
C:\WINDOWS\system32\nested.sys - Deleted
C:\WINDOWS\system32\ztx86.sys - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\WINDOWS\system32\acespy - Removed
Removing Temp Files...
[b][u]ADS Check[/u][/b]:
C:\WINDOWS\system32\svchost.exe
: ADS Found!
svchost.exe: deleted 53248 bytes in 2 streams.
Checking for remaining Streams
C:\WINDOWS\system32\svchost.exe
No streams found.
[b][u]Final Check[/u][/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 22:22:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
[b][u]Remaining Services[/u][/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"C:\\Program Files\\Everest Poker\\cstart.exe"="C:\\Program Files\\Everest Poker\\cstart.exe:*:Enabled:Everest Poker"
"C:\\Program Files\\Norton SystemWorks\\Norton Utilities\\UE32.EXE"="C:\\Program Files\\Norton SystemWorks\\Norton Utilities\\UE32.EXE:*:Enabled:Assistant UnErase"
"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"="C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE"="C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE:*:Enabled:LiveUpdate"
"C:\\Program Files\\WinRAR\\WinRAR.exe"="C:\\Program Files\\WinRAR\\WinRAR.exe:*:Enabled:WinRAR"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Cedric\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Cedric\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\Cedric\\Bureau\\ottkwk.exe"="C:\\Documents and Settings\\Cedric\\Bureau\\ottkwk.exe:*:Enabled:Windows Service"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\DOCUME~1\\Cedric\\LOCALS~1\\Temp\\dllhost.exe"="C:\\DOCUME~1\\Cedric\\LOCALS~1\\Temp\\dllhost.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b][u]Remaining Files[/u][/b]:
File Backups: - C:\DOCUME~1\Cedric\Bureau\SDfix\SDFix\backups\backups.zip
[b][u]Files with Hidden Attributes[/u][/b]:
Mon 17 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 31 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 1 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a639c949e790d609251685186692b3a\BITF7.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Tue 1 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BITF4.tmp"
Tue 1 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BITF6.tmp"
Tue 1 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d6e228e44f2018dd79eeb427a0b47d06\BITF5.tmp"
[b]Finished![/b]
Bien le bonjour =)
J'ai, moi aussi, ce virus, le fameux "C'est pas toi ça ?" Voici comment cela s'est passé:
Une de mes amies m'a envoyer: C'est pas toi ça ? (suivie d'un lien genre lycos/membre/lovingstown machin truc ^^)
Par curiosité (j'avoue maintenant que c'est une vilain défault) j'ai clické sur ce lien.
J'ai eu une photo d'un mec que je ne connaissais point, bref, du n'importe quoi.
Ensuite, mon ordi s'est mis à envoyer ce lien à tous mes autres contacts.
Puis, bizarrement, il m'as coupé mon internet. Je n'avait internet que pendant 3 minutes.
Ce qui fait que je ne peut rien télécharger, car je suis sur un autre ordinateur. A moins de mettre le programme d'installation sur Clé USB.
Voila, je n'est pas entendue de 'coupage de net' dans la discussion (j'avoue que j'ai sauter des pages ^^), alors est-que c'est normal ?
Ensuite, j'aimerais poser quelques questions ^^
Pourquoi poster le rapport de fin sur le forum ?
Cette opération ne supprimera aucun fichier, photos, etc... ?
Combien de fois et à quelle fréquence dois-je appuyer sur la touche F8 au mise en action du Mode sans Echec ?
La procédure est-elle longue ?
Le rapport final est t'il le même pour tout les ordinateurs, ou il est à chaque fois different ?
En tout cas, merci pour vos prochaines réponsets, je vous en serais éxtremement reconnaissante <3 =)
Cordialement, LovingStown.
J'ai, moi aussi, ce virus, le fameux "C'est pas toi ça ?" Voici comment cela s'est passé:
Une de mes amies m'a envoyer: C'est pas toi ça ? (suivie d'un lien genre lycos/membre/lovingstown machin truc ^^)
Par curiosité (j'avoue maintenant que c'est une vilain défault) j'ai clické sur ce lien.
J'ai eu une photo d'un mec que je ne connaissais point, bref, du n'importe quoi.
Ensuite, mon ordi s'est mis à envoyer ce lien à tous mes autres contacts.
Puis, bizarrement, il m'as coupé mon internet. Je n'avait internet que pendant 3 minutes.
Ce qui fait que je ne peut rien télécharger, car je suis sur un autre ordinateur. A moins de mettre le programme d'installation sur Clé USB.
Voila, je n'est pas entendue de 'coupage de net' dans la discussion (j'avoue que j'ai sauter des pages ^^), alors est-que c'est normal ?
Ensuite, j'aimerais poser quelques questions ^^
Pourquoi poster le rapport de fin sur le forum ?
Cette opération ne supprimera aucun fichier, photos, etc... ?
Combien de fois et à quelle fréquence dois-je appuyer sur la touche F8 au mise en action du Mode sans Echec ?
La procédure est-elle longue ?
Le rapport final est t'il le même pour tout les ordinateurs, ou il est à chaque fois different ?
En tout cas, merci pour vos prochaines réponsets, je vous en serais éxtremement reconnaissante <3 =)
Cordialement, LovingStown.
[b]SDFix: Version 1.147 [/b]
Run by Administrateur on 25/02/2008 at 20:07
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~2\ADMINI~1\Bureau\SDFix
[b]Checking Services [/b]:
Name:
jnhjkfrn
nested
pcximg
Path:
\??\C:\WINDOWS\system32\jnhjkfrn
\??\C:\WINDOWS\system32\nested.sys
\??\C:\WINDOWS\system\pcximg.pif
jnhjkfrn - Deleted
nested - Deleted
pcximg - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\PROGRA~1\INTERN~1\LAGUS.DLL - Deleted
C:\WINDOWS\system32\WinNB58.dll - Deleted
C:\-93752~1 - Deleted
C:\PROGRA~1\MESSEN~1\HOCYPE~1.EXE - Deleted
C:\DOCUME~2\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\94WLBPCV\QWERTY~1.HTM - Deleted
C:\Program Files\Helper\1202304666.dll - Deleted
C:\Program Files\InetGet2\emg.exe - Deleted
C:\Program Files\InetGet2\Installeur.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\d.exe - Deleted
C:\WINDOWS\b111.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\b128.exe - Deleted
C:\WINDOWS\b147.exe - Deleted
C:\WINDOWS\mrofinu1148.exe - Deleted
C:\DOCUME~2\ADMINI~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\system32\msvcrtd.exe - Deleted
C:\WINDOWS\tk58.exe - Deleted
C:\WINDOWS\system\pcximg.pif - Deleted
C:\WINDOWS\system32\jnhjkfrn - Deleted
C:\WINDOWS\system32\nested.sys - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Insider - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 20:20:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000a94013f5b]
"001700a8eef3"=hex:c2,24,7d,07,e8,83,b4,f9,44,57,11,20,57,98,89,4f
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94013f5b]
"001700a8eef3"=hex:c2,24,7d,07,e8,83,b4,f9,44,57,11,20,57,98,89,4f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a94013f5b]
"001700a8eef3"=hex:c2,24,7d,07,e8,83,b4,f9,44,57,11,20,57,98,89,4f
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"OfflineDetectionPending"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 41
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft LifeCam\\IcePick.exe"="C:\\Program Files\\Microsoft LifeCam\\IcePick.exe:*:Enabled:Windows Live Call"
"C:\\WINDOWS\\system32\\spoolsvc.exe"="C:\\WINDOWS\\system32\\spoolsvc.exe:*:Disabled:spoolsvc"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\ReadPlease 2003\\ReadPlease2003.exe"="C:\\Program Files\\ReadPlease 2003\\ReadPlease2003.exe:*:Disabled: ReadPlease 2003 FREE"
"C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\services.exe"="C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\services.exe:*:Disabled:Flash Player2"
"C:\\DOCUME~2\\ADMINI~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~2\\ADMINI~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
"C:\\Documents and Settings\\Administrateur\\vtmhtd.exe"="C:\\Documents and Settings\\Administrateur\\vtmhtd.exe:*:Enabled:Windows Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~2\ADMINI~1\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
--- 4,263 ..SH. --- "C:\WINDOWS\windllreg1c.sys"
Mon 31 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 ..SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Tue 19 Dec 2006 78,336 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\documen mama\~WRL0129.tmp"
Mon 18 Dec 2006 106,496 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\documen mama\~WRL2806.tmp"
Mon 7 May 2007 83,456 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\POLO\~WRL0001.tmp"
Mon 22 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 9 Jan 2008 1,775,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8c2cd6ae63d9a68818031dc07c70ea54\BIT5CF.tmp"
Thu 8 Dec 2005 78,336 ...H. --- "C:\Documents and Settings\Administrateur\Application Data\Microsoft\Word\~WRL0336.tmp"
Thu 8 Dec 2005 77,312 ...H. --- "C:\Documents and Settings\Administrateur\Application Data\Microsoft\Word\~WRL2643.tmp"
Wed 17 Oct 2007 20,752 A..H. --- "C:\Documents and Settings\Administrateur\Local Settings\Temp\100000010000b7ae760032\IPCONFIG.exe"
[b]Finished![/b]
Run by Administrateur on 25/02/2008 at 20:07
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~2\ADMINI~1\Bureau\SDFix
[b]Checking Services [/b]:
Name:
jnhjkfrn
nested
pcximg
Path:
\??\C:\WINDOWS\system32\jnhjkfrn
\??\C:\WINDOWS\system32\nested.sys
\??\C:\WINDOWS\system\pcximg.pif
jnhjkfrn - Deleted
nested - Deleted
pcximg - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\PROGRA~1\INTERN~1\LAGUS.DLL - Deleted
C:\WINDOWS\system32\WinNB58.dll - Deleted
C:\-93752~1 - Deleted
C:\PROGRA~1\MESSEN~1\HOCYPE~1.EXE - Deleted
C:\DOCUME~2\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\94WLBPCV\QWERTY~1.HTM - Deleted
C:\Program Files\Helper\1202304666.dll - Deleted
C:\Program Files\InetGet2\emg.exe - Deleted
C:\Program Files\InetGet2\Installeur.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\d.exe - Deleted
C:\WINDOWS\b111.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\b128.exe - Deleted
C:\WINDOWS\b147.exe - Deleted
C:\WINDOWS\mrofinu1148.exe - Deleted
C:\DOCUME~2\ADMINI~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\system32\msvcrtd.exe - Deleted
C:\WINDOWS\tk58.exe - Deleted
C:\WINDOWS\system\pcximg.pif - Deleted
C:\WINDOWS\system32\jnhjkfrn - Deleted
C:\WINDOWS\system32\nested.sys - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Insider - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 20:20:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000a94013f5b]
"001700a8eef3"=hex:c2,24,7d,07,e8,83,b4,f9,44,57,11,20,57,98,89,4f
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94013f5b]
"001700a8eef3"=hex:c2,24,7d,07,e8,83,b4,f9,44,57,11,20,57,98,89,4f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a94013f5b]
"001700a8eef3"=hex:c2,24,7d,07,e8,83,b4,f9,44,57,11,20,57,98,89,4f
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"OfflineDetectionPending"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 41
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft LifeCam\\IcePick.exe"="C:\\Program Files\\Microsoft LifeCam\\IcePick.exe:*:Enabled:Windows Live Call"
"C:\\WINDOWS\\system32\\spoolsvc.exe"="C:\\WINDOWS\\system32\\spoolsvc.exe:*:Disabled:spoolsvc"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\ReadPlease 2003\\ReadPlease2003.exe"="C:\\Program Files\\ReadPlease 2003\\ReadPlease2003.exe:*:Disabled: ReadPlease 2003 FREE"
"C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\services.exe"="C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\services.exe:*:Disabled:Flash Player2"
"C:\\DOCUME~2\\ADMINI~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~2\\ADMINI~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
"C:\\Documents and Settings\\Administrateur\\vtmhtd.exe"="C:\\Documents and Settings\\Administrateur\\vtmhtd.exe:*:Enabled:Windows Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~2\ADMINI~1\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
--- 4,263 ..SH. --- "C:\WINDOWS\windllreg1c.sys"
Mon 31 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 ..SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Tue 19 Dec 2006 78,336 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\documen mama\~WRL0129.tmp"
Mon 18 Dec 2006 106,496 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\documen mama\~WRL2806.tmp"
Mon 7 May 2007 83,456 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\POLO\~WRL0001.tmp"
Mon 22 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 9 Jan 2008 1,775,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8c2cd6ae63d9a68818031dc07c70ea54\BIT5CF.tmp"
Thu 8 Dec 2005 78,336 ...H. --- "C:\Documents and Settings\Administrateur\Application Data\Microsoft\Word\~WRL0336.tmp"
Thu 8 Dec 2005 77,312 ...H. --- "C:\Documents and Settings\Administrateur\Application Data\Microsoft\Word\~WRL2643.tmp"
Wed 17 Oct 2007 20,752 A..H. --- "C:\Documents and Settings\Administrateur\Local Settings\Temp\100000010000b7ae760032\IPCONFIG.exe"
[b]Finished![/b]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
titmissaure
Messages postés
25
Date d'inscription
mercredi 23 janvier 2008
Statut
Membre
Dernière intervention
18 août 2008
24 janv. 2008 à 10:51
24 janv. 2008 à 10:51
Je te conseille de les tuer toi-même. C'est ce que j'ai fait, et je n'ai plus aucun problème.