Trojan downloader VBS.BL - Page 7
Résolu
Précédent
- 1
- 2
- 3
- 4
- 5
- 6
- 7
Je n'ai pas réussi à démarrer l'ordi en mode sans échec...F8 me met un menu :
Boot Menu
Select a Boot First device=
+ST380011A
CDROM
Int. Lan.
Mais en fouillant ce menu, je n'ai pas trouvé à démarrer en sans échec...
Je voulais savoir si on pouvait toujours supprimer les fichiers TEMP de n'importa quel utilisateur et sur n'importe quel ordi???
Boot Menu
Select a Boot First device=
+ST380011A
CDROM
Int. Lan.
Mais en fouillant ce menu, je n'ai pas trouvé à démarrer en sans échec...
Je voulais savoir si on pouvait toujours supprimer les fichiers TEMP de n'importa quel utilisateur et sur n'importe quel ordi???
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voilà, j'ai réussi à démarrer en sans echec et voici le rapport SDFix...
[b]SDFix: Version 1.185 [/b]
Run by Elisabeth on 14/09/2008 at 11:03
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\smp.bat - Deleted
C:\WINDOWS\mdtgkswr.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 11:10:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Disabled:NAVBrowser"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Elisabeth\\Local Settings\\Temporary Internet Files\\Content.IE5\\W3JJI4TT\\incredimail_install[1].exe"="C:\\Documents and Settings\\Elisabeth\\Local Settings\\Temporary Internet Files\\Content.IE5\\W3JJI4TT\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Elisabeth\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\Elisabeth\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 14 Mar 2005 215 A.SHR --- "C:\BOOT.BAK"
Fri 12 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Fri 12 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Fri 12 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Sun 25 Feb 2007 5,355,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 2 Jan 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 2 Jan 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Sat 3 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 14 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\07e9590ace389445bb024d9d25aedaa6\BITF.tmp"
Sun 2 Oct 2005 20,992 ...H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 2 Oct 2005 23,552 ...H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Word\~WRL0467.tmp"
Sun 2 Oct 2005 21,504 ...H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Word\~WRL0889.tmp"
Sun 2 Oct 2005 23,040 ...H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Word\~WRL1429.tmp"
Sun 2 Oct 2005 22,528 ...H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Word\~WRL2935.tmp"
Sun 26 Mar 2006 5,421,568 ...H. --- "C:\Documents and Settings\Thomas\Application Data\Microsoft\Word\~WRL0004.tmp"
Sun 26 Mar 2006 5,422,592 ...H. --- "C:\Documents and Settings\Thomas\Application Data\Microsoft\Word\~WRL0602.tmp"
Sun 26 Mar 2006 5,423,104 ...H. --- "C:\Documents and Settings\Thomas\Application Data\Microsoft\Word\~WRL1956.tmp"
Fri 12 Mar 2004 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Tue 29 Apr 2008 7,318 A..H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Office\Shortcut Bar\OffE6.tmp"
Tue 13 Nov 2007 86,528 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\~WRL2243.tmp"
Thu 16 Nov 2006 2,118,656 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S5\Arts Am. lat\~WRL2060.tmp"
Thu 16 Nov 2006 1,992,704 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S5\Arts Am. lat\~WRL3683.tmp"
Sat 11 Nov 2006 1,987,584 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S5\Arts Am. lat\~WRL3694.tmp"
Wed 31 Jan 2007 433,152 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL0003.tmp"
Wed 31 Jan 2007 192,512 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL0005.tmp"
Thu 1 Feb 2007 436,736 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL0006.tmp"
Thu 1 Feb 2007 500,736 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL1615.tmp"
Thu 1 Feb 2007 503,296 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL3095.tmp"
Thu 1 Feb 2007 433,664 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL3856.tmp"
[b]Finished![/b]
Voilà...
Au fait, tu ne m'as pas répondu.... Peux t-on vider tous les fichier contenu dans TEMP de tous les utilisateur et sur tous les ordi sans que cela n'affecte l'ordi???
[b]SDFix: Version 1.185 [/b]
Run by Elisabeth on 14/09/2008 at 11:03
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\smp.bat - Deleted
C:\WINDOWS\mdtgkswr.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 11:10:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Disabled:NAVBrowser"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Elisabeth\\Local Settings\\Temporary Internet Files\\Content.IE5\\W3JJI4TT\\incredimail_install[1].exe"="C:\\Documents and Settings\\Elisabeth\\Local Settings\\Temporary Internet Files\\Content.IE5\\W3JJI4TT\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Elisabeth\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\Elisabeth\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 14 Mar 2005 215 A.SHR --- "C:\BOOT.BAK"
Fri 12 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Fri 12 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Fri 12 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Sun 25 Feb 2007 5,355,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 2 Jan 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 2 Jan 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Sat 3 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 14 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\07e9590ace389445bb024d9d25aedaa6\BITF.tmp"
Sun 2 Oct 2005 20,992 ...H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 2 Oct 2005 23,552 ...H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Word\~WRL0467.tmp"
Sun 2 Oct 2005 21,504 ...H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Word\~WRL0889.tmp"
Sun 2 Oct 2005 23,040 ...H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Word\~WRL1429.tmp"
Sun 2 Oct 2005 22,528 ...H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Word\~WRL2935.tmp"
Sun 26 Mar 2006 5,421,568 ...H. --- "C:\Documents and Settings\Thomas\Application Data\Microsoft\Word\~WRL0004.tmp"
Sun 26 Mar 2006 5,422,592 ...H. --- "C:\Documents and Settings\Thomas\Application Data\Microsoft\Word\~WRL0602.tmp"
Sun 26 Mar 2006 5,423,104 ...H. --- "C:\Documents and Settings\Thomas\Application Data\Microsoft\Word\~WRL1956.tmp"
Fri 12 Mar 2004 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Tue 29 Apr 2008 7,318 A..H. --- "C:\Documents and Settings\Elisabeth\Application Data\Microsoft\Office\Shortcut Bar\OffE6.tmp"
Tue 13 Nov 2007 86,528 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\~WRL2243.tmp"
Thu 16 Nov 2006 2,118,656 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S5\Arts Am. lat\~WRL2060.tmp"
Thu 16 Nov 2006 1,992,704 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S5\Arts Am. lat\~WRL3683.tmp"
Sat 11 Nov 2006 1,987,584 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S5\Arts Am. lat\~WRL3694.tmp"
Wed 31 Jan 2007 433,152 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL0003.tmp"
Wed 31 Jan 2007 192,512 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL0005.tmp"
Thu 1 Feb 2007 436,736 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL0006.tmp"
Thu 1 Feb 2007 500,736 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL1615.tmp"
Thu 1 Feb 2007 503,296 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL3095.tmp"
Thu 1 Feb 2007 433,664 A..H. --- "C:\Documents and Settings\Thomas\Bureau\Lili\Linda\Cours\Licence\cours L3\S6\Arts de l'esp\~WRL3856.tmp"
[b]Finished![/b]
Voilà...
Au fait, tu ne m'as pas répondu.... Peux t-on vider tous les fichier contenu dans TEMP de tous les utilisateur et sur tous les ordi sans que cela n'affecte l'ordi???
Précédent
- 1
- 2
- 3
- 4
- 5
- 6
- 7
