Tu es nue ?
tranduil
-
tranduil -
tranduil -
Bonjour,
j'ai attrapé ce virus il y a 2 jours
j'ai réussi a l'éradiqué a moitié, en effet maintenant il s'amuse a désactivé mon pare feu windows et ralentit mon PC
j'ai scanner mon PC en mode sans echecsavec "SDFix"
voici le rapport :
mon PC est il maintenant désinfecté?
SDFix: Version 1.131
Run by Administrateur on 26/01/2008 at 13:49
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
burito2cb5-2e6f
burito76e4-6522
Path:
\??\C:\WINDOWS\system32\burito2cb5-2e6f.sys
\??\C:\WINDOWS\system32\burito76e4-6522.sys
burito2cb5-2e6f - Deleted
burito76e4-6522 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\burito2cb5-2e6f.sys - Deleted
C:\WINDOWS\system32\burito76e4-6522.sys - Deleted
C:\-14734~1 - Deleted
C:\WINDOWS\system32\shift.exe.exe - Deleted
C:\Program Files\Helper\1201279328.dll - Deleted
C:\WINDOWS\system32\5_exception.nls - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\system32\burito.ini - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted
Folder C:\Program Files\Helper - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 14:01:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\Documents and Settings\benoît\kfkmuwcv.exe [2092] 0x86B678E8
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:12,90,f1,10,2a,42,6b,cd,57,9f,ef,71,29,cf,cf,60,bd,9d,80,8d,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:12,90,f1,10,2a,42,6b,cd,57,9f,ef,71,29,cf,cf,60,bd,9d,80,8d,0d,..
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Temp\_avast4_\unp222606861.tmp
C:\WINDOWS\Temp\_avast4_\unp234177499.tmp
C:\WINDOWS\Temp\_avast4_\unp4507315.tmp
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 228
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du MilieuT II"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Fichiers communs\\AOL\\1168060395\\ee\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1168060395\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Fichiers communs\\AOL\\1168060395\\ee\\aim6.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1168060395\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL Autoconnect"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:module de connexion AOL"
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"="C:\\Program Files\\AOL 9.0 VR\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\Electronic Arts\\L'AvŠnement du Roi-sorcier\\game.dat"="C:\\Program Files\\Electronic Arts\\L'AvŠnement du Roi-sorcier\\game.dat:*:Enabled:LSDA, L'AvŠnement du Roi-sorcierT"
"C:\\WINDOWS\\SYSTEM32\\rtcshare.exe"="C:\\WINDOWS\\SYSTEM32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe"="C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe:*:Enabled:battlefrontII"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Connecteur Wi-Fi USB Nintendo"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Disabled:Sunbelt Firewall GUI"
"C:\\Program Files\\Electronic Arts\\L'AvŠnement du Roi-sorcier\\patchget.dat"="C:\\Program Files\\Electronic Arts\\L'AvŠnement du Roi-sorcier\\patchget.dat:*:Enabled:patchgrabber"
"C:\\Documents and Settings\\benoŒt\\Bureau\\packmaj2012win\\Pack MAJ 2.0.12 Windows\\1. Downloader_Wow_BC_FR.exe"="C:\\Documents and Settings\\benoŒt\\Bureau\\packmaj2012win\\Pack MAJ 2.0.12 Windows\\1. Downloader_Wow_BC_FR.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"="C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\RStrike\\romustrike.exe"="C:\\RStrike\\romustrike.exe:*:Enabled:romustrike"
"C:\\Program Files\\AOL 9.0 VRa\\waol.exe"="C:\\Program Files\\AOL 9.0 VRa\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0 VRb\\waol.exe"="C:\\Program Files\\AOL 9.0 VRb\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AOL 9.0 VRc\\waol.exe"="C:\\Program Files\\AOL 9.0 VRc\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"="C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Disabled:Internet Download Manager (IDM)"
"C:\\Program Files\\AOL 9.0 VRd\\waol.exe"="C:\\Program Files\\AOL 9.0 VRd\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0 VRe\\waol.exe"="C:\\Program Files\\AOL 9.0 VRe\\waol.exe:*:Enabled:AOL"
"C:\\WINDOWS\\SYSTEM32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\SYSTEM32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"="C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"="C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Empire Interactive\\FlatOut2\\FlatOut2.exe"="C:\\Program Files\\Empire Interactive\\FlatOut2\\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
"C:\\Program Files\\Download Express\\dep.exe"="C:\\Program Files\\Download Express\\dep.exe:*:Enabled:Browser download plugin"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\BENOT~1\\LOCALS~1\\Temp\\dllhost.exe"="C:\\DOCUME~1\\BENOT~1\\LOCALS~1\\Temp\\dllhost.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\sylvia\\kfkmuwcv.exe"="C:\\Documents and Settings\\sylvia\\kfkmuwcv.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\benoŒt\\kfkmuwcv.exe"="C:\\Documents and Settings\\benoŒt\\kfkmuwcv.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\Administrateur\\kfkmuwcv.exe"="C:\\Documents and Settings\\Administrateur\\kfkmuwcv.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 13 Dec 1994 21,584 ...H. --- "C:\WCRYPO\WCREFFAK.EXE"
Tue 13 Dec 1994 18,480 ...H. --- "C:\WCRYPO\WCRETTAK.EXE"
Thu 21 Jun 2007 46,384 A..H. --- "C:\Program Files\AOL 9.0 VRe\AOLphx.exe"
Thu 24 May 2007 54,832 A..H. --- "C:\Program Files\AOL 9.0 VRe\AOLphxex.exe"
Thu 24 May 2007 33,328 A..H. --- "C:\Program Files\AOL 9.0 VRe\rbm.exe"
Thu 15 May 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Thu 15 May 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Thu 15 May 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Thu 15 May 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Thu 15 May 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0a\aolphx.exe"
Thu 15 May 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0a\aoltray.exe"
Thu 15 May 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0a\RBM.exe"
Thu 15 May 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0a\waol.exe"
Thu 15 May 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0b\aolphx.exe"
Thu 15 May 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0b\aoltray.exe"
Thu 15 May 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0b\RBM.exe"
Thu 15 May 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0b\waol.exe"
Fri 20 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 13 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 20 Feb 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 20 Feb 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Sun 13 Aug 2006 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sun 13 Aug 2006 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Sun 13 Aug 2006 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Tue 16 Oct 2007 69,120 ...H. --- "C:\Documents and Settings\sylvia\Bureau\~WRL2458.tmp"
Sat 2 Jun 2007 111,104 ...H. --- "C:\Documents and Settings\sylvia\Mes documents\~WRL1474.tmp"
Sat 2 Jun 2007 49,152 ...H. --- "C:\Documents and Settings\sylvia\Mes documents\~WRL2197.tmp"
Thu 15 May 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Thu 15 May 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0a\COMIT\cswitch.exe"
Thu 15 May 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0b\COMIT\cswitch.exe"
Wed 24 Oct 2007 615 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti2.tmp"
Fri 20 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe"
Wed 11 Jul 2007 28,160 ...H. --- "C:\Documents and Settings\All Users\Documents\PAROLES CHANSONS\~WRL1471.tmp"
Tue 24 Jul 2007 23,040 ...H. --- "C:\Documents and Settings\All Users\Documents\PAROLES CHANSONS\~WRL2065.tmp"
Sat 14 Jul 2007 30,720 ...H. --- "C:\Documents and Settings\All Users\Documents\PAROLES CHANSONS\~WRL2991.tmp"
Sat 14 Jul 2007 22,016 ...H. --- "C:\Documents and Settings\All Users\Documents\PAROLES CHANSONS\~WRL3845.tmp"
Wed 10 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 25 Jan 2008 13,980 A.SH. --- "C:\Documents and Settings\benoŒt\Local Settings\Temp\par685D.tmp"
Fri 25 Jan 2008 13,980 A.SH. --- "C:\Documents and Settings\benoŒt\Local Settings\Temp\parBC81.tmp"
Sat 30 Dec 2006 184,832 A..H. --- "C:\Documents and Settings\benoŒt\Mes documents\Stage\~WRL0002.tmp"
Wed 14 Feb 2007 3,470,336 A..H. --- "C:\Documents and Settings\benoŒt\Mes documents\Stage\~WRL0003.tmp"
Sat 30 Dec 2006 189,440 A..H. --- "C:\Documents and Settings\benoŒt\Mes documents\Stage\~WRL0220.tmp"
Sat 30 Dec 2006 189,952 A..H. --- "C:\Documents and Settings\benoŒt\Mes documents\Stage\~WRL1103.tmp"
Sat 30 Dec 2006 188,928 A..H. --- "C:\Documents and Settings\benoŒt\Mes documents\Stage\~WRL2033.tmp"
Thu 29 Mar 2007 1,031,680 A..H. --- "C:\Documents and Settings\sylvia\Local Settings\Temp\~WRD0900.tmp"
Tue 8 May 2007 208,896 A..H. --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\lame_enc.dll"
Tue 8 May 2007 56,320 A..H. --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\UnzDll.dll"
Tue 8 May 2007 64,512 A..H. --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\ZipDll.dll"
Mon 24 Dec 2007 2,793,472 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\5631\SIVDC2.tmp"
Mon 24 Dec 2007 1,269,760 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\5631\SIVDC3.tmp"
Mon 24 Dec 2007 561,152 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\5631\SIVDC4.tmp"
Mon 24 Dec 2007 344,064 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\5631\SIVDC5.tmp"
Mon 24 Dec 2007 192,512 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\5631\SIVDC6.tmp"
Mon 24 Dec 2007 2,793,472 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\a trier 5\SIVDC2.tmp"
Mon 24 Dec 2007 1,269,760 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\a trier 5\SIVDC3.tmp"
Mon 24 Dec 2007 561,152 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\a trier 5\SIVDC4.tmp"
Mon 24 Dec 2007 344,064 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\a trier 5\SIVDC5.tmp"
Mon 24 Dec 2007 192,512 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\a trier 5\SIVDC6.tmp"
Sun 8 Apr 2007 999,424 A..H. --- "C:\Documents and Settings\All Users\Documents\Mes images\pHOTOS\SIV1E2.tmp"
Sun 8 Apr 2007 1,925,120 A..H. --- "C:\Documents and Settings\All Users\Documents\Mes images\pHOTOS\SIV1E3.tmp"
Tue 8 May 2007 56,320 A..H. --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\Programmes\UnzDll.dll"
Tue 8 May 2007 64,512 A..H. --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\Programmes\ZipDll.dll"
Wed 5 Sep 2007 96,072 ...H. --- "C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\WBUnins.exe"
Tue 8 May 2007 53,248 A..HR --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\Documents Personnels\Mes Images\Detecteur de Mouvements.com"
Sun 8 Apr 2007 999,424 A..H. --- "C:\Documents and Settings\All Users\Documents\Mes images\pHOTOS\Nouveau dossier\101MSDCF\SIV1E2.tmp"
Sun 8 Apr 2007 1,925,120 A..H. --- "C:\Documents and Settings\All Users\Documents\Mes images\pHOTOS\Nouveau dossier\101MSDCF\SIV1E3.tmp"
Finished!
j'ai attrapé ce virus il y a 2 jours
j'ai réussi a l'éradiqué a moitié, en effet maintenant il s'amuse a désactivé mon pare feu windows et ralentit mon PC
j'ai scanner mon PC en mode sans echecsavec "SDFix"
voici le rapport :
mon PC est il maintenant désinfecté?
SDFix: Version 1.131
Run by Administrateur on 26/01/2008 at 13:49
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
burito2cb5-2e6f
burito76e4-6522
Path:
\??\C:\WINDOWS\system32\burito2cb5-2e6f.sys
\??\C:\WINDOWS\system32\burito76e4-6522.sys
burito2cb5-2e6f - Deleted
burito76e4-6522 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\burito2cb5-2e6f.sys - Deleted
C:\WINDOWS\system32\burito76e4-6522.sys - Deleted
C:\-14734~1 - Deleted
C:\WINDOWS\system32\shift.exe.exe - Deleted
C:\Program Files\Helper\1201279328.dll - Deleted
C:\WINDOWS\system32\5_exception.nls - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\system32\burito.ini - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted
Folder C:\Program Files\Helper - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 14:01:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\Documents and Settings\benoît\kfkmuwcv.exe [2092] 0x86B678E8
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:12,90,f1,10,2a,42,6b,cd,57,9f,ef,71,29,cf,cf,60,bd,9d,80,8d,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:12,90,f1,10,2a,42,6b,cd,57,9f,ef,71,29,cf,cf,60,bd,9d,80,8d,0d,..
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Temp\_avast4_\unp222606861.tmp
C:\WINDOWS\Temp\_avast4_\unp234177499.tmp
C:\WINDOWS\Temp\_avast4_\unp4507315.tmp
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 228
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du MilieuT II"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Fichiers communs\\AOL\\1168060395\\ee\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1168060395\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Fichiers communs\\AOL\\1168060395\\ee\\aim6.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1168060395\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL Autoconnect"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:module de connexion AOL"
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"="C:\\Program Files\\AOL 9.0 VR\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\Electronic Arts\\L'AvŠnement du Roi-sorcier\\game.dat"="C:\\Program Files\\Electronic Arts\\L'AvŠnement du Roi-sorcier\\game.dat:*:Enabled:LSDA, L'AvŠnement du Roi-sorcierT"
"C:\\WINDOWS\\SYSTEM32\\rtcshare.exe"="C:\\WINDOWS\\SYSTEM32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe"="C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe:*:Enabled:battlefrontII"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Connecteur Wi-Fi USB Nintendo"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Disabled:Sunbelt Firewall GUI"
"C:\\Program Files\\Electronic Arts\\L'AvŠnement du Roi-sorcier\\patchget.dat"="C:\\Program Files\\Electronic Arts\\L'AvŠnement du Roi-sorcier\\patchget.dat:*:Enabled:patchgrabber"
"C:\\Documents and Settings\\benoŒt\\Bureau\\packmaj2012win\\Pack MAJ 2.0.12 Windows\\1. Downloader_Wow_BC_FR.exe"="C:\\Documents and Settings\\benoŒt\\Bureau\\packmaj2012win\\Pack MAJ 2.0.12 Windows\\1. Downloader_Wow_BC_FR.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"="C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\RStrike\\romustrike.exe"="C:\\RStrike\\romustrike.exe:*:Enabled:romustrike"
"C:\\Program Files\\AOL 9.0 VRa\\waol.exe"="C:\\Program Files\\AOL 9.0 VRa\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0 VRb\\waol.exe"="C:\\Program Files\\AOL 9.0 VRb\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AOL 9.0 VRc\\waol.exe"="C:\\Program Files\\AOL 9.0 VRc\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"="C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Disabled:Internet Download Manager (IDM)"
"C:\\Program Files\\AOL 9.0 VRd\\waol.exe"="C:\\Program Files\\AOL 9.0 VRd\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0 VRe\\waol.exe"="C:\\Program Files\\AOL 9.0 VRe\\waol.exe:*:Enabled:AOL"
"C:\\WINDOWS\\SYSTEM32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\SYSTEM32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"="C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"="C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Empire Interactive\\FlatOut2\\FlatOut2.exe"="C:\\Program Files\\Empire Interactive\\FlatOut2\\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
"C:\\Program Files\\Download Express\\dep.exe"="C:\\Program Files\\Download Express\\dep.exe:*:Enabled:Browser download plugin"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\BENOT~1\\LOCALS~1\\Temp\\dllhost.exe"="C:\\DOCUME~1\\BENOT~1\\LOCALS~1\\Temp\\dllhost.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\sylvia\\kfkmuwcv.exe"="C:\\Documents and Settings\\sylvia\\kfkmuwcv.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\benoŒt\\kfkmuwcv.exe"="C:\\Documents and Settings\\benoŒt\\kfkmuwcv.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\Administrateur\\kfkmuwcv.exe"="C:\\Documents and Settings\\Administrateur\\kfkmuwcv.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 13 Dec 1994 21,584 ...H. --- "C:\WCRYPO\WCREFFAK.EXE"
Tue 13 Dec 1994 18,480 ...H. --- "C:\WCRYPO\WCRETTAK.EXE"
Thu 21 Jun 2007 46,384 A..H. --- "C:\Program Files\AOL 9.0 VRe\AOLphx.exe"
Thu 24 May 2007 54,832 A..H. --- "C:\Program Files\AOL 9.0 VRe\AOLphxex.exe"
Thu 24 May 2007 33,328 A..H. --- "C:\Program Files\AOL 9.0 VRe\rbm.exe"
Thu 15 May 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Thu 15 May 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Thu 15 May 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Thu 15 May 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Thu 15 May 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0a\aolphx.exe"
Thu 15 May 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0a\aoltray.exe"
Thu 15 May 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0a\RBM.exe"
Thu 15 May 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0a\waol.exe"
Thu 15 May 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0b\aolphx.exe"
Thu 15 May 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0b\aoltray.exe"
Thu 15 May 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0b\RBM.exe"
Thu 15 May 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0b\waol.exe"
Fri 20 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 13 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 20 Feb 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 20 Feb 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Sun 13 Aug 2006 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sun 13 Aug 2006 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Sun 13 Aug 2006 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Tue 16 Oct 2007 69,120 ...H. --- "C:\Documents and Settings\sylvia\Bureau\~WRL2458.tmp"
Sat 2 Jun 2007 111,104 ...H. --- "C:\Documents and Settings\sylvia\Mes documents\~WRL1474.tmp"
Sat 2 Jun 2007 49,152 ...H. --- "C:\Documents and Settings\sylvia\Mes documents\~WRL2197.tmp"
Thu 15 May 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Thu 15 May 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0a\COMIT\cswitch.exe"
Thu 15 May 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0b\COMIT\cswitch.exe"
Wed 24 Oct 2007 615 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti2.tmp"
Fri 20 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe"
Wed 11 Jul 2007 28,160 ...H. --- "C:\Documents and Settings\All Users\Documents\PAROLES CHANSONS\~WRL1471.tmp"
Tue 24 Jul 2007 23,040 ...H. --- "C:\Documents and Settings\All Users\Documents\PAROLES CHANSONS\~WRL2065.tmp"
Sat 14 Jul 2007 30,720 ...H. --- "C:\Documents and Settings\All Users\Documents\PAROLES CHANSONS\~WRL2991.tmp"
Sat 14 Jul 2007 22,016 ...H. --- "C:\Documents and Settings\All Users\Documents\PAROLES CHANSONS\~WRL3845.tmp"
Wed 10 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 25 Jan 2008 13,980 A.SH. --- "C:\Documents and Settings\benoŒt\Local Settings\Temp\par685D.tmp"
Fri 25 Jan 2008 13,980 A.SH. --- "C:\Documents and Settings\benoŒt\Local Settings\Temp\parBC81.tmp"
Sat 30 Dec 2006 184,832 A..H. --- "C:\Documents and Settings\benoŒt\Mes documents\Stage\~WRL0002.tmp"
Wed 14 Feb 2007 3,470,336 A..H. --- "C:\Documents and Settings\benoŒt\Mes documents\Stage\~WRL0003.tmp"
Sat 30 Dec 2006 189,440 A..H. --- "C:\Documents and Settings\benoŒt\Mes documents\Stage\~WRL0220.tmp"
Sat 30 Dec 2006 189,952 A..H. --- "C:\Documents and Settings\benoŒt\Mes documents\Stage\~WRL1103.tmp"
Sat 30 Dec 2006 188,928 A..H. --- "C:\Documents and Settings\benoŒt\Mes documents\Stage\~WRL2033.tmp"
Thu 29 Mar 2007 1,031,680 A..H. --- "C:\Documents and Settings\sylvia\Local Settings\Temp\~WRD0900.tmp"
Tue 8 May 2007 208,896 A..H. --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\lame_enc.dll"
Tue 8 May 2007 56,320 A..H. --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\UnzDll.dll"
Tue 8 May 2007 64,512 A..H. --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\ZipDll.dll"
Mon 24 Dec 2007 2,793,472 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\5631\SIVDC2.tmp"
Mon 24 Dec 2007 1,269,760 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\5631\SIVDC3.tmp"
Mon 24 Dec 2007 561,152 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\5631\SIVDC4.tmp"
Mon 24 Dec 2007 344,064 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\5631\SIVDC5.tmp"
Mon 24 Dec 2007 192,512 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\5631\SIVDC6.tmp"
Mon 24 Dec 2007 2,793,472 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\a trier 5\SIVDC2.tmp"
Mon 24 Dec 2007 1,269,760 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\a trier 5\SIVDC3.tmp"
Mon 24 Dec 2007 561,152 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\a trier 5\SIVDC4.tmp"
Mon 24 Dec 2007 344,064 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\a trier 5\SIVDC5.tmp"
Mon 24 Dec 2007 192,512 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\a trier 5\SIVDC6.tmp"
Sun 8 Apr 2007 999,424 A..H. --- "C:\Documents and Settings\All Users\Documents\Mes images\pHOTOS\SIV1E2.tmp"
Sun 8 Apr 2007 1,925,120 A..H. --- "C:\Documents and Settings\All Users\Documents\Mes images\pHOTOS\SIV1E3.tmp"
Tue 8 May 2007 56,320 A..H. --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\Programmes\UnzDll.dll"
Tue 8 May 2007 64,512 A..H. --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\Programmes\ZipDll.dll"
Wed 5 Sep 2007 96,072 ...H. --- "C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\WBUnins.exe"
Tue 8 May 2007 53,248 A..HR --- "C:\KAR\KAR_TOUT\KAR_TOUT\KAR\Documents Personnels\Mes Images\Detecteur de Mouvements.com"
Sun 8 Apr 2007 999,424 A..H. --- "C:\Documents and Settings\All Users\Documents\Mes images\pHOTOS\Nouveau dossier\101MSDCF\SIV1E2.tmp"
Sun 8 Apr 2007 1,925,120 A..H. --- "C:\Documents and Settings\All Users\Documents\Mes images\pHOTOS\Nouveau dossier\101MSDCF\SIV1E3.tmp"
Finished!
