Hijack this
Résolu/Fermé
msaharni
-
2 févr. 2008 à 13:43
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 - 2 févr. 2008 à 16:36
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 - 2 févr. 2008 à 16:36
A voir également:
- Hijack this
- This program cannot be run in dos mode ✓ - Forum Programmation
- This product requires the java language, which is either disabled or not available on this browser. ✓ - Forum Réseau
- Press up to unlock this screen ✓ - Forum Logiciels
- This is the mail system at host ✓ - Forum Mail
- This media cannot boot in legacy mode - Forum logiciel systeme
3 réponses
jfkpresident
Messages postés
13408
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 175
2 févr. 2008 à 13:47
2 févr. 2008 à 13:47
bonjour,efffectivement tu es infecté par "backdoor .sd bot"
fais ceci:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
fais ceci:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
merci. voila le report.txt de sdfix
SDFix: Version 1.135
Run by jawad on 02/02/2008 at 13:20
Microsoft Windows XP [version 5.1.2600]
Running From: E:\DOCUME~1\jawad\Bureau\fix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
E:\WINDOWS\system32\bpk.dat - Deleted
E:\WINDOWS\system32\inst.dat - Deleted
E:\WINDOWS\system32\pk.bin - Deleted
E:\WINDOWS\system32\setting.ini - Deleted
E:\WINDOWS\system32\Setup\setup.exe - Deleted
E:\WINDOWS\system32\svchosts.exe - Deleted
E:\WINDOWS\system32\web.dat - Deleted
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 13:27:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ca00fcd1
"s2"=dword:997703cc
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fb,df,a7,8a,95,97,67,9b,a6,3d,16,40,af,d3,d6,0d,ff,f8,1f,d6,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fb,df,a7,8a,95,97,67,9b,a6,3d,16,40,af,d3,d6,0d,ff,f8,1f,d6,f5,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F4D3142-A0EB-5710-F3DE-F0E54AA1EA4A}]
"jalbndopnjpepkgoceig"=hex:62,61,70,70,00,f8
"jalbndopnjpepkgocemg"=hex:62,61,70,70,00,f8
"ialajaajeciinfpgdf"=hex:6b,61,6d,70,63,6a,6f,6e,6d,62,65,70,68,6c,65,70,63,64,68,6e,6a,..
"habbpbgpkjelcidn"=hex:6b,61,6d,70,63,6a,6f,6e,6d,62,65,70,68,6c,63,70,6c,64,6c,6b,68,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\X-Lite\\X-Lite.exe"="E:\\Program Files\\X-Lite\\X-Lite.exe:*:Enabled:X-Lite"
"E:\\Program Files\\Pineapple\\pineapple.exe"="E:\\Program Files\\Pineapple\\pineapple.exe:*:Enabled:The Pineapple"
"E:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"="E:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe:*:Enabled:X-Lite"
"E:\\Program Files\\uTorrent\\uTorrent.exe"="E:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"E:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"="E:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe:*:Enabled:12Voip"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Shareaza\\Shareaza.exe"="E:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"E:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe"="E:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe:*:Enabled:talk"
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="E:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"E:\\Program Files\\SopCast\\SopCast.exe"="E:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"E:\\Documents and Settings\\jawad\\Application Data\\SopCast\\adv\\SopAdver.exe"="E:\\Documents and Settings\\jawad\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"E:\\Program Files\\Ares\\Ares.exe"="E:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"E:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="E:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"E:\\Program Files\\Skype\\Phone\\Skype.exe"="E:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="E:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
Remaining Files:
---------------
File Backups: - E:\DOCUME~1\jawad\Bureau\fix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Visual_Puk.dll"
Wed 4 Aug 2004 60,416 A.SH. --- "E:\Program Files\Outlook Express\msimn.exe"
Wed 4 Aug 2004 4,639 A.SH. --- "E:\Program Files\Windows Media Player\mplayer2.exe"
Fri 3 Nov 2006 64,000 A.SH. --- "E:\Program Files\Windows Media Player\wmplayer.exe"
Fri 24 Aug 2001 12,288 A..H. --- "E:\Resources_standar\Profiles_\Database.dll"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\scriptpw.dll"
Tue 3 Aug 2004 21,504 A..H. --- "E:\Resources_standar\Profiles_\security.dll"
Sun 4 Nov 2007 4,348 A.SH. --- "E:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\Data_security\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\Data_security\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\Data_security\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\Data_security\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\Data_security\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\Data_security\scriptpw.dll"
Wed 4 Aug 2004 28,672 A..H. --- "E:\Resources_standar\Profiles_\security\nmmkcert.dll"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\security\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\security\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\security\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\security\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\security\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\security\scriptpw.dll"
Sat 4 Aug 2007 0 A.SH. --- "E:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 28 Jul 2006 337,320 A..H. --- "E:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\Database\MSJTER35.DLL"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\Database\MSJTER356.DLL"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\logs\MSJTER35.DLL"
Wed 4 Aug 2004 28,672 A..H. --- "E:\Resources_standar\Profiles_\security\templates\nmmkcert.dll"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT4.tmp"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Wed 23 Jan 2008 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT5.tmp"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT3.tmp"
Mon 27 Apr 1998 570,128 A..H. --- "E:\Resources_standar\Profiles_\security\logs\Database\DAO350.DLL"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\logs\Database\MSJTER35.DLL"
Fri 24 Apr 1998 407,312 A..H. --- "E:\Resources_standar\Profiles_\security\logs\Database\MSREPL35.DLL"
Thu 29 Aug 2002 569,344 A..H. --- "E:\Resources_standar\Profiles_\security\logs\Database\oleaut32.dll"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\MSJTER35.DLL"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\scriptpw.dll"
Tue 28 Aug 2001 77,824 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\asycfilt.dll"
Sun 31 May 1998 22,288 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\COMCAT.DLL"
Mon 27 Apr 1998 570,128 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\DAO350.DLL"
Fri 24 Apr 1998 1,045,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSJET35.DLL"
Mon 6 Jul 1998 149,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSJINT35.DLL"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSJTER35.DLL"
Fri 24 Apr 1998 252,176 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSRD2X35.DLL"
Fri 24 Apr 1998 407,312 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSREPL35.DLL"
Sun 31 May 1998 326,656 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSVCRT40.DLL"
Thu 29 Aug 2002 569,344 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\oleaut32.dll"
Tue 28 Aug 2001 106,496 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\olepro32.dll"
Wed 17 Jun 1998 89,360 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\VB5DB.DLL"
Sun 12 Jul 1998 119,568 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\VB6FR.DLL"
Sun 12 Jul 1998 102,912 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\VB6STKIT.DLL"
Thu 28 Oct 2004 258,048 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\vbajet.exe"
Tue 28 Aug 2001 30,992 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\vbajet32.dll"
Fri 24 Aug 2001 121,856 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Database\inetcplc.dll"
Tue 3 Aug 2004 33,280 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Database\inetmib1.dll"
Tue 3 Aug 2004 75,264 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Database\inetpp.dll"
Mon 6 Jul 1998 149,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Profiles\MSJINT35.DLL"
Sun 12 Jul 1998 143,872 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Resources\setup.exe"
Tue 28 Aug 2001 77,824 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\asycfilt.dll"
Sun 31 May 1998 22,288 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\COMCAT.DLL"
Mon 27 Apr 1998 570,128 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\DAO350.DLL"
Tue 30 May 2006 217,088 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Documents.exe"
Thu 29 Aug 2002 380,445 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\expsrv.dll"
Fri 24 Apr 1998 1,045,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSJET35.DLL"
Mon 6 Jul 1998 149,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSJINT35.DLL"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSJTER35.DLL"
Fri 24 Apr 1998 252,176 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSRD2X35.DLL"
Fri 24 Apr 1998 407,312 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSREPL35.DLL"
Tue 28 Aug 2001 1,388,544 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\msvbvm60.dll"
Sun 31 May 1998 326,656 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSVCRT40.DLL"
Thu 29 Aug 2002 569,344 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\oleaut32.dll"
Tue 28 Aug 2001 106,496 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\olepro32.dll"
Sun 12 Jul 1998 290,816 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\SETUPs.EXE"
Sun 12 Jul 1998 74,752 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\ST6UNST.EXE"
Wed 17 Jun 1998 89,360 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\VB5DB.DLL"
Sun 12 Jul 1998 119,568 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\VB6FR.DLL"
Sun 12 Jul 1998 102,912 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\VB6STKIT.DLL"
Tue 28 Aug 2001 30,992 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\vbajet32.dll"
Wed 27 Oct 2004 110,592 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\www.com1.sup.fr.exe"
Fri 24 Apr 1998 1,045,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\MSJET35.DLL"
Mon 6 Jul 1998 149,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\MSJINT35.DLL"
Fri 24 Aug 2001 121,856 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Database\inetcplc.dll"
Tue 3 Aug 2004 33,280 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Database\inetmib1.dll"
Tue 3 Aug 2004 75,264 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Database\inetpp.dll"
Fri 24 Apr 1998 1,045,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\MSJET35.DLL"
Mon 6 Jul 1998 149,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\MSJINT35.DLL"
Sun 12 Jul 1998 143,872 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Resources\SETUP.exe"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\scriptpw.dll"
Fri 24 Aug 2001 121,856 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\inetcplc.dll"
Tue 3 Aug 2004 33,280 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\inetmib1.dll"
Tue 3 Aug 2004 75,264 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\inetpp.dll"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\scriptpw.dll"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\scriptpw.dll"
Sun 12 Jul 1998 119,568 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\Resources\Profiles\Profiles\VB6FR.DLL"
Sun 12 Jul 1998 102,912 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\Resources\Profiles\Profiles\VB6STKIT.DLL"
Tue 28 Aug 2001 30,992 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\Resources\Profiles\Profiles\vbajet32.dll"
Mon 21 May 2007 33,758,559 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\Resources\Profiles\Resources\Quitter_Meditel_Meditel_Meditel_Meditel_Meditel_Meditel_www.com1.sup.fr.zip"
Mon 21 May 2007 55,907 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\Resources\Profiles\Resources\www.com1.sup.fr.exe"
Finished!
je pense pas que c "backdoor .sd bot n'est ce pas precident
SDFix: Version 1.135
Run by jawad on 02/02/2008 at 13:20
Microsoft Windows XP [version 5.1.2600]
Running From: E:\DOCUME~1\jawad\Bureau\fix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
E:\WINDOWS\system32\bpk.dat - Deleted
E:\WINDOWS\system32\inst.dat - Deleted
E:\WINDOWS\system32\pk.bin - Deleted
E:\WINDOWS\system32\setting.ini - Deleted
E:\WINDOWS\system32\Setup\setup.exe - Deleted
E:\WINDOWS\system32\svchosts.exe - Deleted
E:\WINDOWS\system32\web.dat - Deleted
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 13:27:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ca00fcd1
"s2"=dword:997703cc
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fb,df,a7,8a,95,97,67,9b,a6,3d,16,40,af,d3,d6,0d,ff,f8,1f,d6,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fb,df,a7,8a,95,97,67,9b,a6,3d,16,40,af,d3,d6,0d,ff,f8,1f,d6,f5,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F4D3142-A0EB-5710-F3DE-F0E54AA1EA4A}]
"jalbndopnjpepkgoceig"=hex:62,61,70,70,00,f8
"jalbndopnjpepkgocemg"=hex:62,61,70,70,00,f8
"ialajaajeciinfpgdf"=hex:6b,61,6d,70,63,6a,6f,6e,6d,62,65,70,68,6c,65,70,63,64,68,6e,6a,..
"habbpbgpkjelcidn"=hex:6b,61,6d,70,63,6a,6f,6e,6d,62,65,70,68,6c,63,70,6c,64,6c,6b,68,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\X-Lite\\X-Lite.exe"="E:\\Program Files\\X-Lite\\X-Lite.exe:*:Enabled:X-Lite"
"E:\\Program Files\\Pineapple\\pineapple.exe"="E:\\Program Files\\Pineapple\\pineapple.exe:*:Enabled:The Pineapple"
"E:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"="E:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe:*:Enabled:X-Lite"
"E:\\Program Files\\uTorrent\\uTorrent.exe"="E:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"E:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"="E:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe:*:Enabled:12Voip"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Shareaza\\Shareaza.exe"="E:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"E:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe"="E:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe:*:Enabled:talk"
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="E:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"E:\\Program Files\\SopCast\\SopCast.exe"="E:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"E:\\Documents and Settings\\jawad\\Application Data\\SopCast\\adv\\SopAdver.exe"="E:\\Documents and Settings\\jawad\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"E:\\Program Files\\Ares\\Ares.exe"="E:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"E:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="E:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"E:\\Program Files\\Skype\\Phone\\Skype.exe"="E:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="E:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
Remaining Files:
---------------
File Backups: - E:\DOCUME~1\jawad\Bureau\fix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Visual_Puk.dll"
Wed 4 Aug 2004 60,416 A.SH. --- "E:\Program Files\Outlook Express\msimn.exe"
Wed 4 Aug 2004 4,639 A.SH. --- "E:\Program Files\Windows Media Player\mplayer2.exe"
Fri 3 Nov 2006 64,000 A.SH. --- "E:\Program Files\Windows Media Player\wmplayer.exe"
Fri 24 Aug 2001 12,288 A..H. --- "E:\Resources_standar\Profiles_\Database.dll"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\scriptpw.dll"
Tue 3 Aug 2004 21,504 A..H. --- "E:\Resources_standar\Profiles_\security.dll"
Sun 4 Nov 2007 4,348 A.SH. --- "E:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\Data_security\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\Data_security\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\Data_security\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\Data_security\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\Data_security\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\Data_security\scriptpw.dll"
Wed 4 Aug 2004 28,672 A..H. --- "E:\Resources_standar\Profiles_\security\nmmkcert.dll"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\security\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\security\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\security\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\security\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\security\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\security\scriptpw.dll"
Sat 4 Aug 2007 0 A.SH. --- "E:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 28 Jul 2006 337,320 A..H. --- "E:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\Database\MSJTER35.DLL"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\Database\MSJTER356.DLL"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\logs\MSJTER35.DLL"
Wed 4 Aug 2004 28,672 A..H. --- "E:\Resources_standar\Profiles_\security\templates\nmmkcert.dll"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT4.tmp"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Wed 23 Jan 2008 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT5.tmp"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Sun 23 Dec 2007 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT3.tmp"
Mon 27 Apr 1998 570,128 A..H. --- "E:\Resources_standar\Profiles_\security\logs\Database\DAO350.DLL"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\logs\Database\MSJTER35.DLL"
Fri 24 Apr 1998 407,312 A..H. --- "E:\Resources_standar\Profiles_\security\logs\Database\MSREPL35.DLL"
Thu 29 Aug 2002 569,344 A..H. --- "E:\Resources_standar\Profiles_\security\logs\Database\oleaut32.dll"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\MSJTER35.DLL"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\security\logs\templates\scriptpw.dll"
Tue 28 Aug 2001 77,824 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\asycfilt.dll"
Sun 31 May 1998 22,288 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\COMCAT.DLL"
Mon 27 Apr 1998 570,128 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\DAO350.DLL"
Fri 24 Apr 1998 1,045,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSJET35.DLL"
Mon 6 Jul 1998 149,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSJINT35.DLL"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSJTER35.DLL"
Fri 24 Apr 1998 252,176 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSRD2X35.DLL"
Fri 24 Apr 1998 407,312 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSREPL35.DLL"
Sun 31 May 1998 326,656 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\MSVCRT40.DLL"
Thu 29 Aug 2002 569,344 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\oleaut32.dll"
Tue 28 Aug 2001 106,496 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\olepro32.dll"
Wed 17 Jun 1998 89,360 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\VB5DB.DLL"
Sun 12 Jul 1998 119,568 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\VB6FR.DLL"
Sun 12 Jul 1998 102,912 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\VB6STKIT.DLL"
Thu 28 Oct 2004 258,048 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\vbajet.exe"
Tue 28 Aug 2001 30,992 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\vbajet32.dll"
Fri 24 Aug 2001 121,856 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Database\inetcplc.dll"
Tue 3 Aug 2004 33,280 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Database\inetmib1.dll"
Tue 3 Aug 2004 75,264 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Database\inetpp.dll"
Mon 6 Jul 1998 149,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Profiles\MSJINT35.DLL"
Sun 12 Jul 1998 143,872 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Resources\setup.exe"
Tue 28 Aug 2001 77,824 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\asycfilt.dll"
Sun 31 May 1998 22,288 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\COMCAT.DLL"
Mon 27 Apr 1998 570,128 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\DAO350.DLL"
Tue 30 May 2006 217,088 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Documents.exe"
Thu 29 Aug 2002 380,445 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\expsrv.dll"
Fri 24 Apr 1998 1,045,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSJET35.DLL"
Mon 6 Jul 1998 149,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSJINT35.DLL"
Fri 24 Apr 1998 24,848 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSJTER35.DLL"
Fri 24 Apr 1998 252,176 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSRD2X35.DLL"
Fri 24 Apr 1998 407,312 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSREPL35.DLL"
Tue 28 Aug 2001 1,388,544 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\msvbvm60.dll"
Sun 31 May 1998 326,656 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\MSVCRT40.DLL"
Thu 29 Aug 2002 569,344 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\oleaut32.dll"
Tue 28 Aug 2001 106,496 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\olepro32.dll"
Sun 12 Jul 1998 290,816 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\SETUPs.EXE"
Sun 12 Jul 1998 74,752 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\ST6UNST.EXE"
Wed 17 Jun 1998 89,360 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\VB5DB.DLL"
Sun 12 Jul 1998 119,568 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\VB6FR.DLL"
Sun 12 Jul 1998 102,912 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\VB6STKIT.DLL"
Tue 28 Aug 2001 30,992 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\vbajet32.dll"
Wed 27 Oct 2004 110,592 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\www.com1.sup.fr.exe"
Fri 24 Apr 1998 1,045,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\MSJET35.DLL"
Mon 6 Jul 1998 149,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\MSJINT35.DLL"
Fri 24 Aug 2001 121,856 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Database\inetcplc.dll"
Tue 3 Aug 2004 33,280 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Database\inetmib1.dll"
Tue 3 Aug 2004 75,264 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Database\inetpp.dll"
Fri 24 Apr 1998 1,045,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\MSJET35.DLL"
Mon 6 Jul 1998 149,776 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\MSJINT35.DLL"
Sun 12 Jul 1998 143,872 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Resources\SETUP.exe"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\scriptpw.dll"
Fri 24 Aug 2001 121,856 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\inetcplc.dll"
Tue 3 Aug 2004 33,280 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\inetmib1.dll"
Tue 3 Aug 2004 75,264 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\inetpp.dll"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\scriptpw.dll"
Tue 3 Aug 2004 22,016 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\sclgntfy.dll"
Fri 24 Aug 2001 24,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\scofr.dll"
Mon 14 Aug 1995 12,976 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\SCP.dll"
Wed 25 Mar 1998 15,872 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\SCP32.DLL"
Fri 24 Aug 2001 26,624 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\scredir.dll"
Fri 24 Aug 2001 10,240 A..H. --- "E:\Resources_standar\Profiles_\security\templates\logs\Database\templates\Database\security\templates\logs\scriptpw.dll"
Sun 12 Jul 1998 119,568 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\Resources\Profiles\Profiles\VB6FR.DLL"
Sun 12 Jul 1998 102,912 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\Resources\Profiles\Profiles\VB6STKIT.DLL"
Tue 28 Aug 2001 30,992 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\Resources\Profiles\Profiles\vbajet32.dll"
Mon 21 May 2007 33,758,559 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\Resources\Profiles\Resources\Quitter_Meditel_Meditel_Meditel_Meditel_Meditel_Meditel_www.com1.sup.fr.zip"
Mon 21 May 2007 55,907 A..H. --- "E:\Resources_standar\Profiles_\security\templates\Database\security\Support\Profiles\Profiles\Database\Resources\Profiles\Resources\www.com1.sup.fr.exe"
Finished!
je pense pas que c "backdoor .sd bot n'est ce pas precident
jfkpresident
Messages postés
13408
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 175
2 févr. 2008 à 16:36
2 févr. 2008 à 16:36
re,
fais un scan en ligne pour vérifier :
E - Scan online avec BitDefender
Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X;
la barre anti-popup du SP2 (en haut) va se mettre à clignoter,
clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Copie/Colle le rapport
http://www.malekal.com/tutorial_BitDefender_AntiSpyware.php
https://kerio.probb.fr/
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
ensuite tu recolle un nouveau hijack .
fais un scan en ligne pour vérifier :
E - Scan online avec BitDefender
Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X;
la barre anti-popup du SP2 (en haut) va se mettre à clignoter,
clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Copie/Colle le rapport
http://www.malekal.com/tutorial_BitDefender_AntiSpyware.php
https://kerio.probb.fr/
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
ensuite tu recolle un nouveau hijack .
