Sujet Précédent Sujet Suivant

C:\WINDOWS\system32\real.txt(suite)

Fermé
zarkette Messages postés 3 Date d'inscription lundi 31 mars 2008 Statut Membre Dernière intervention 31 mars 2008 - 31 mars 2008 à 13:56
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 31 mars 2008 à 14:01
Rebonjour jlpjlp,
Voilà j'ai suivi les instructions que tu m'as donnée et comme prévu je t'envoie le rapport de l'analyse


]SDFix: Version 1.165 [/b]

Run by Pascale on lun. 31/03/2008 at 13:29

Microsoft Windows XP [version 5.1.2600]
Running From: C:\PROGRA~1\SDFix\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\drivers\etc\BackupHosts.bak - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 13:42:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NovaLogic\\Delta Force Xtreme\\dfx.exe"="C:\\Program Files\\NovaLogic\\Delta Force Xtreme\\dfx.exe:*:Enabled:Delta Force Xtreme"
"C:\\Program Files\\NovaLogic\\Delta Force Xtreme\\dfxmed.exe"="C:\\Program Files\\NovaLogic\\Delta Force Xtreme\\dfxmed.exe:*:Enabled:Delta Force Xtreme Mission Editor"
"C:\\Program Files\\NovaLogic\\Delta Force Xtreme Demo\\DFXDemo.exe"="C:\\Program Files\\NovaLogic\\Delta Force Xtreme Demo\\DFXDemo.exe:*:Enabled:Delta Force Xtreme Demo"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Charly\\LOCALS~1\\Temp\\winlogon.exe"="C:\\DOCUME~1\\Charly\\LOCALS~1\\Temp\\winlogon.exe:*:Enabled:Streams Drivers"
"C:\\Program Files\\MSN Gaming Zone\\Windows\\shvlzm.exe"="C:\\Program Files\\MSN Gaming Zone\\Windows\\shvlzm.exe:*:Enabled:Atout Pique sur Internet"
"C:\\DOCUME~1\\Charly\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Charly\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\PROGRA~1\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun 16 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 29 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 9 Aug 2007 400 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COH32LU.reg"
Thu 9 Aug 2007 403 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COHDLU.reg"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\493c50fe9f23ee81559d491f3f423dc0\BIT46.tmp"
Mon 31 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Fri 5 Oct 2007 4,887,920 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\64e594df5de9258be376fcbfc53c7318\BIT48.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6658f544763a012c23109e05e811db81\BIT47.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\73e2e9ec90b2a8bdc65c191633d70158\BIT4E.tmp"
Tue 25 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\979d4ddb8065ffb2dc0cb3d515901710\BIT49.tmp"
Fri 5 Oct 2007 1,229,688 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a1feda554f795971fda237333f75243f\BIT4D.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b79817f6eaff5d013a81bd2aff4f2954\BIT4A.tmp"
Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8426e25532eb668f59dd4d969b4a550\BIT1.tmp"
Fri 5 Oct 2007 4,830,072 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\be055ba2b2ed973399d61482c6723317\BIT4C.tmp"
Fri 5 Oct 2007 12,396,400 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d87fb8947e75ca18dc081689c7a9b0bf\BIT4B.tmp"

[b]Finished![/b]

Encore merci
Bien à toi
Zarkette

1 réponse

Réponse 1 / 1
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
31 mars 2008 à 14:01
slt tu peux mettre le rapport et resté dans l'autre post débuté?
0