Virus win 32 small jmh
Chouette
-
PurpleStorm Messages postés 3273 Statut Contributeur -
PurpleStorm Messages postés 3273 Statut Contributeur -
Pouvez vous nous aider ?
Un grand merci,
[b]SDFix: Version 1.158 [/b]
Run by Administrateur on 16/03/2008 at 16:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\antiv.exe - Deleted
C:\WINDOWS\system32\autorun.ini - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\DOCUME~1\Pauline\LOCALS~1\Temp\services.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 16:14:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
C:\DOCUME~1\Pauline\LOCALS~1\Temp\services.exe [1996] 0x858F58B8
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\\Documents and Settings\\Pauline\\Mes documents\\installateurs\\BitComet\\BitComet.exe"="C:\\Documents and Settings\\Pauline\\Mes documents\\installateurs\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE:*:Enabled:Age of Empires II"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\Pauline\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Pauline\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 22 May 2007 38,095 ...H. --- "C:\Documents and Settings\Pauline\Bureau\~WRL0064.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT8.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT9.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT5.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT4.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT2.tmp"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
Mon 6 Mar 2006 905,216 A.SH. --- "C:\Documents and Settings\Pauline\Mes documents\Mes images\photos Rep. Dom\SIV9.tmp"
Thu 30 Nov 2006 857 ...HR --- "C:\Documents and Settings\Pauline\Application Data\SecuROM\UserData\securom_v7_01.bak"
[b]Finished![/b]
Un grand merci,
[b]SDFix: Version 1.158 [/b]
Run by Administrateur on 16/03/2008 at 16:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\antiv.exe - Deleted
C:\WINDOWS\system32\autorun.ini - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\DOCUME~1\Pauline\LOCALS~1\Temp\services.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 16:14:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
C:\DOCUME~1\Pauline\LOCALS~1\Temp\services.exe [1996] 0x858F58B8
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\\Documents and Settings\\Pauline\\Mes documents\\installateurs\\BitComet\\BitComet.exe"="C:\\Documents and Settings\\Pauline\\Mes documents\\installateurs\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE:*:Enabled:Age of Empires II"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\Pauline\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Pauline\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 22 May 2007 38,095 ...H. --- "C:\Documents and Settings\Pauline\Bureau\~WRL0064.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT8.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT9.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT5.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT4.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT2.tmp"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
Mon 6 Mar 2006 905,216 A.SH. --- "C:\Documents and Settings\Pauline\Mes documents\Mes images\photos Rep. Dom\SIV9.tmp"
Thu 30 Nov 2006 857 ...HR --- "C:\Documents and Settings\Pauline\Application Data\SecuROM\UserData\securom_v7_01.bak"
[b]Finished![/b]
A voir également:
- Virus win 32 small jmh
- 32 bits - Guide
- Power iso 32 bit - Télécharger - Gravure
- Win rar - Télécharger - Compression & Décompression
- Damn small linux - Télécharger - Systèmes d'exploitation
- Virus mcafee - Accueil - Piratage
2 réponses
C'est simple :
Arrêtes ta connexion internet puis effectues les opérations suivantes :
Arrêtes le processus correspondant à ce virus (dans le gestionnaire de tâche - Ctrl+Alt Gr +Suppr), efface les fichiers temporaires (pages internet etc dans panneau de configuration - options internet - supprimer les coockies, supprimer les fichiers) et scannes ton PC avec ton anti-virus pour détruire le virus.
Redémarre le PC et recommences l'opération pour être certain que le processus ne revient pas, qu'il est mort.
Et voilà.
Un logiciel de détection et de destruction :
Ad-aware :
http://www.infos-du-net.com/telecharger/2007-Ad-Aware-Free,0301-9812.html
Spybot :
https://www.01net.com/
Spyware Blaster :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
Arrêtes ta connexion internet puis effectues les opérations suivantes :
Arrêtes le processus correspondant à ce virus (dans le gestionnaire de tâche - Ctrl+Alt Gr +Suppr), efface les fichiers temporaires (pages internet etc dans panneau de configuration - options internet - supprimer les coockies, supprimer les fichiers) et scannes ton PC avec ton anti-virus pour détruire le virus.
Redémarre le PC et recommences l'opération pour être certain que le processus ne revient pas, qu'il est mort.
Et voilà.
Un logiciel de détection et de destruction :
Ad-aware :
http://www.infos-du-net.com/telecharger/2007-Ad-Aware-Free,0301-9812.html
Spybot :
https://www.01net.com/
Spyware Blaster :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
Essaye déjà avec ça :
Ad-aware :
http://www.infos-du-net.com/telecharger/2007-Ad-Aware-Free,0301-9812.html
Spybot :
https://www.01net.com/
Et s'il est toujours là apres plusieur scannes, marque nous la liste des processus qui tournent que nous puissions t'indiquer lequel est un malveillant.
Ad-aware :
http://www.infos-du-net.com/telecharger/2007-Ad-Aware-Free,0301-9812.html
Spybot :
https://www.01net.com/
Et s'il est toujours là apres plusieur scannes, marque nous la liste des processus qui tournent que nous puissions t'indiquer lequel est un malveillant.
Mais quel est le nom du processus ... ?
Amicalement,