Sujet Précédent Sujet Suivant

Moi oci j'ai eu ce virus!

celia59330 Messages postés 1 Statut Membre -  
Vyger Messages postés 392 Statut Membre -
Bonjour,

SDFix: Version 1.129

Run by celia trojanowicz on 21/01/2008 at 20:57

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\CELIAT~1\Bureau\SDFix

Safe Mode:
Checking Services:

Name:
Generic Host Process for Win-32 Service
ldrsvc

Path:
"C:\WINDOWS\svchost.exe"
%SystemRoot%\System32\svchost.exe -k netsvcs

Generic Host Process for Win-32 Service - Deleted
ldrsvc - Deleted

C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\839718~1 - Deleted
C:\TUWWP.EXE - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\DOCUME~1\CELIAT~1\LOCALS~1\Temp\Clean_*.dll - Deleted
C:\DOCUME~1\CELIAT~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\antiv.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
C:\WINDOWS\svchost.exe - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted

Folder C:\Program Files\Helper - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 21:01:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\DOCUME~1\\CELIAT~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CELIAT~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\CELIAT~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 10 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 14 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 13 Jan 2008 578 ...H. --- "C:\Program Files\InterActual\InterActual Player\itiE0.tmp"
Sat 15 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\60f98441524da959e4cfd96533bfcea5\BITE7.tmp"
Sun 21 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Finished!
A voir également:

2 réponses

Réponse 1 / 2
Vyger Messages postés 392 Statut Membre 45
 
et alors ?
0
Réponse 2 / 2
Vyger Messages postés 392 Statut Membre 45
 
je me suis fait avoir comme un bleu....lol
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses