Bonjour,
Et oui, une amie a chopé le fameux virus...je fais suivre le rapport SD fixe, je n'ai pas accès au rapport Hijack This, je l'aurai demain
SDFix: Version 1.160
Run by *********‚ on 23/03/2008 at 22:21
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\SCPSSSH2.DLL - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\WINDOWS\mrofinu1423.exe - Deleted
C:\WINDOWS\mrofinu1423.exe.tmp - Deleted
C:\WINDOWS\system32\real.txt - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-03-23 22:30:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\system32\lwnvrgi.exe [2348] 0x844D94B0
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 17
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
@=""
"C:\\WINDOWS\\system32\\lwnvrgi.exe"="C:\\WINDOWS\\system32\\lwnvrgi.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-2
(22:41) Clo' : 2019"
Remaining Files :
C:\WINDOWS\mrofinu1423.exe Found
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 4 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 10 Jan 2008 3,518,240 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ac3334c888335b67e2adaa89be66e02\BIT4E5.tmp"
Wed 1 Feb 2006 2
(22:41) Clo' : ,951,168 A..H. --- "C:\Documents and Settings\ASTOR Chlo‚\Mes documents\Chlo‚\CLOE\Mes documents\Fichier Tpe\~WRL3417.tmp"
Finished!
