Xp antispyware 2009

Réponse 1 / 77

Destrio5 Messages postés 85985 Date d'inscription Statut Modérateur Dernière intervention 10 302

---> Désinstalle Navilog1.

---> Télécharge Toolbar S&D (Team IDN) sur ton Bureau :
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

Réponse 2 / 77

Destrio5 Messages postés 85985 Date d'inscription Statut Modérateur Dernière intervention 10 302

Tu es beaucoup infecté à cause de tes cracks et keygens. Si tu ne les supprimes pas, la désinfection perd de l'intérêt.

---> Relance Toolbar S&D, fais l'option 2 et poste le rapport.

Réponse 3 / 77

Destrio5 Messages postés 85985 Date d'inscription Statut Modérateur Dernière intervention 10 302

- Télécharge et installe Malwarebytes' Anti-Malware :
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware

- Mets-le à jour.

- Redémarre en mode sans échec (Recommandé) :
https://blog.sosordi.net/

- Choisis ta session habituelle.

- Fais un scan complet avec Malwarebytes' Anti-Malware .

- Supprime tout ce que le logiciel trouve, enregistre le rapport.

- Redémarre en mode normal et poste le rapport ici.

Réponse 4 / 77

Destrio5 Messages postés 85985 Date d'inscription Statut Modérateur Dernière intervention 10 302

J'ai bien reçu le rapport MBAM.

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Refais un scan avec ComboFix et poste le rapport.

Réponse 5 / 77

loic-7

Bonjour lorsque je fais un scan avec malware en mode sans echec au bout de 2/3h environ l'ordi plante (ça fait 5fois que je le fais) quelqu'un aurait-il une solution?

Réponse 6 / 77

loic-7

Bonjour,
j'ai fait une recherche avec SmitfraudFix je vous pose le rapport

SmitFraudFix v2.366

Rapport fait à 11:23:02,46, 26/10/2008
Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\PnkBstrA.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINXP\vVX3000.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\XP_Antispyware\XP_AntiSpyware.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINXP\system32\drivers\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINXP\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINXP\system32\rundll32.exe
C:\WINXP\system32\jhmwqkqo.exe
C:\Documents and Settings\Admin\Bureau\SmitfraudFix\Policies.exe
C:\WINXP\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINXP

C:\WINXP\karna.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINXP\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINXP\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINXP\system32

C:\WINXP\system32\brastk.exe PRESENT !
C:\WINXP\system32\karna.dat PRESENT !
C:\WINXP\system32\drivers\svchost.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINXP\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINXP\\system32\\karna.dat"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINXP\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

C:\WINXP\system32\drivers\beep.sys infecté !

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS1\Services\Tcpip\..\{6131F926-D30A-4233-A55A-A091A8061242}: NameServer=84.103.237.142 86.64.145.142
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6131F926-D30A-4233-A55A-A091A8061242}: NameServer=84.103.237.140 86.64.145.140

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 7 / 77

loic-7

??

Réponse 8 / 77

loic-7

j'ai réussi à ouvrir hijackthis voici le log si ça peut vous aider

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:46, on 26/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINXP\vVX3000.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\XP_Antispyware\XP_AntiSpyware.exe
C:\WINXP\brastk.exe
C:\WINXP\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINXP\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\PnkBstrA.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINXP\vVX3000.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [XP Antispyware 2009] "C:\Program Files\XP_Antispyware\XP_AntiSpyware.exe" /hide
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [809c913f] rundll32.exe "C:\WINXP\system32\mdgkmisl.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINXP\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINXP\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINXP\system32\brastk.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6131F926-D30A-4233-A55A-A091A8061242}: NameServer = 86.64.145.141 84.103.237.141
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINXP\system32\PnkBstrA.exe
End of file - 8002 bytes

Réponse 9 / 77

loic-7

Enfin je n'ai plus ce maudit message :)

Une question à la fin il me dise que des fichiers ont été remplacé ... Ce n'est pas grave??

voici le rapport

[b]SDFix: Version 1.237 [/b]
Run by Admin on 26/10/2008 at 14:56

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Infected beep.sys Found![/b]

beep.sys File Locations:

"C:\WINXP\system32\dllcache\beep.sys" 28160 19/10/2008 15:02
"C:\WINXP\system32\drivers\beep.sys" 4224 28/08/2001 13:00

Infected File Listed Below:

C:\WINXP\system32\dllcache\beep.sys

File copied to Backups Folder
Attempting to replace beep.sys with original version

Original beep.sys Restored

"C:\WINXP\system32\dllcache\beep.sys" 4224 07/08/2008 16:27
"C:\WINXP\system32\drivers\beep.sys" 4224 07/08/2008 16:27

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINXP\system32\ddcYsTli.dll - Deleted
C:\DOCUME~1\ADMIN\COOKIES\UVEQEG~1.DLL - Deleted
C:\DOCUME~1\ADMIN\COOKIES\EPUH._SY - Deleted
C:\DOCUME~1\ADMIN\COOKIES\DANINUL.PIF - Deleted
C:\DOCUME~1\ADMIN\COOKIES\YXYFUWO.PIF - Deleted
C:\DOCUME~1\ADMIN\COOKIES\EXUKUW~1.REG - Deleted
C:\DOCUME~1\ADMIN\COOKIES\WECY.SYS - Deleted
C:\DOCUME~1\ADMIN\COOKIES\IRYXOFOS.VBS - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\xp34\cPH.log - Deleted
C:\WINXP\system32\EV02\EV022328.exe - Deleted
C:\Program Files\XP_Antispyware\AVEngn.dll - Deleted
C:\Program Files\XP_Antispyware\htmlayout.dll - Deleted
C:\Program Files\XP_Antispyware\pthreadVC2.dll - Deleted
C:\Program Files\XP_Antispyware\Uninstall.exe - Deleted
C:\Program Files\XP_Antispyware\wscui.cpl - Deleted
C:\Program Files\XP_Antispyware\XP_Antispyware.cfg - Deleted
C:\Program Files\XP_Antispyware\XP_AntiSpyware.exe - Deleted
C:\Program Files\XP_Antispyware\data\daily.cvd - Deleted
C:\Program Files\XP_Antispyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest - Deleted
C:\Program Files\XP_Antispyware\Microsoft.VC80.CRT\msvcm80.dll - Deleted
C:\Program Files\XP_Antispyware\Microsoft.VC80.CRT\msvcp80.dll - Deleted
C:\Program Files\XP_Antispyware\Microsoft.VC80.CRT\msvcr80.dll - Deleted
C:\WINXP\system32\wini10801.exe - Deleted
C:\WINXP\Temp\TDSS1ce.tmp - Deleted
C:\Documents and Settings\Admin\services.exe - Deleted
C:\WINXP\brastk.exe - Deleted
C:\WINXP\system32\delself.bat - Deleted
C:\WINXP\system32\pac.txt - Deleted
C:\WINXP\system32\dllcache\figaro.sys - Deleted

Folder C:\Program Files\XP_Antispyware - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\xp34 - Removed
Folder C:\WINXP\system32\EV02 - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 16:06:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:8c,3b,c6,be,0f,fd,98,d5,a5,f0,c6,71,61,3e,be,8c,51,f0,f1,e1,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9a,ba,4b,57,02,b3,dc,18,26,1e,3c,9b,aa,2e,89,d4,9c,..
"khjeh"=hex:a5,9f,87,a0,4a,97,8e,68,1f,d0,b4,53,6d,da,bf,5e,05,26,a9,c5,28,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:00,fa,4e,cf,0c,2e,2d,c4,52,6f,12,1d,8b,f7,5d,42,5f,a5,c6,d8,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0b,76,b2,69,a1,85,a3,61,d6,01,a2,2e,73,27,18,cd,12,cc,8a,c2,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:8c,3b,c6,be,0f,fd,98,d5,a5,f0,c6,71,61,3e,be,8c,51,f0,f1,e1,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9a,ba,4b,57,02,b3,dc,18,26,1e,3c,9b,aa,2e,89,d4,9c,..
"khjeh"=hex:a5,9f,87,a0,4a,97,8e,68,1f,d0,b4,53,6d,da,bf,5e,05,26,a9,c5,28,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:00,fa,4e,cf,0c,2e,2d,c4,52,6f,12,1d,8b,f7,5d,42,5f,a5,c6,d8,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0b,76,b2,69,a1,85,a3,61,d6,01,a2,2e,73,27,18,cd,12,cc,8a,c2,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:8c,3b,c6,be,0f,fd,98,d5,a5,f0,c6,71,61,3e,be,8c,51,f0,f1,e1,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9a,ba,4b,57,02,b3,dc,18,26,1e,3c,9b,aa,2e,89,d4,9c,..
"khjeh"=hex:a5,9f,87,a0,4a,97,8e,68,1f,d0,b4,53,6d,da,bf,5e,05,26,a9,c5,28,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:00,fa,4e,cf,0c,2e,2d,c4,52,6f,12,1d,8b,f7,5d,42,5f,a5,c6,d8,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0b,76,b2,69,a1,85,a3,61,d6,01,a2,2e,73,27,18,cd,12,cc,8a,c2,38,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus.exe"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINXP\\system32\\PnkBstrA.exe"="C:\\WINXP\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINXP\\system32\\PnkBstrB.exe"="C:\\WINXP\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 21 Apr 2004 193 ..SH. --- "C:\BOOT.BAK"
Sun 12 Mar 2006 10,311,680 ..SH. --- "C:\Program Files\AVIConverter\MENCODER.EXE"
Sat 31 Dec 2005 8,578,048 ..SH. --- "C:\Program Files\AVIConverter\mencoder1.exe"
Tue 18 Apr 2006 4,789,792 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 14 Aug 2008 1,499,588 ..SH. --- "C:\WINXP\system32\yahxtdbm.tmp"
Sat 18 Feb 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 Feb 2007 308,832 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\uinstrsc.dll"
Fri 21 Jul 2006 2,291 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti2A.tmp"
Fri 27 Jun 2008 53,248 A.SH. --- "C:\System Volume Information\_restore{BB87EF84-BF62-4CD9-B4FF-53D09A3A7347}\RP16\A0007025.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\System Volume Information\_restore{BB87EF84-BF62-4CD9-B4FF-53D09A3A7347}\RP52\A0018314.dll"
Thu 15 Feb 2007 308,832 A..H. --- "C:\System Volume Information\_restore{BB87EF84-BF62-4CD9-B4FF-53D09A3A7347}\RP52\A0018315.exe"
Thu 1 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINXP\DRM\Cache\Indiv01.tmp"
Sat 13 Nov 2004 37,376 A..H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITA.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT7.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT4.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT9.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT5.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT8.tmp"
Mon 4 Aug 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Sat 22 Jan 2005 0 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT11.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT1E.tmp"
Thu 29 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT1F.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT20.tmp"
Thu 29 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT22.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT23.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT24.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT25.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT26.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT27.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT28.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT29.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT2A.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT2B.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT2C.tmp"
Thu 27 Jan 2005 0 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT2D.tmp"
Sun 9 Jan 2005 0 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT3.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT30.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT347.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT398.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT40.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT49.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT51.tmp"
Sun 26 Dec 2004 0 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT7.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT8.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT9F.tmp"
Thu 13 Oct 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7e808a3c27f845e09ebb11aa4251afd5\BIT7.tmp"
Tue 4 Nov 2003 75,264 A..H. --- "C:\Documents and Settings\Admin\Mes documents\ancien ordi\muzik mp3\Licence3\Licence3\1er Semestre\SCIENCE CO\~WRL1311.tmp"
Fri 20 Feb 2004 26,624 A..H. --- "C:\Documents and Settings\Admin\Mes documents\ancien ordi\muzik mp3\Licence3\Licence3\2e Semestre\Elaboration Contenu\~WRL2344.tmp"
Wed 18 Feb 2004 19,968 A..H. --- "C:\Documents and Settings\Admin\Mes documents\ancien ordi\muzik mp3\Licence3\Licence3\2e Semestre\Histoire\~WRL0132.tmp"
Mon 3 Nov 2003 19,456 A..H. --- "C:\Documents and Settings\Admin\Mes documents\ancien ordi\muzik mp3\Licence3\Licence3\1er Semestre\Education Motricit‚\Fabron\~WRL0504.tmp"

[b]Finished![/b]

Réponse 10 / 77

loic-7

Enfin je n'ai plus ce maudit message :)

Une question à la fin il me dise que des fichiers ont été remplacé ... Ce n'est pas grave??

voici le rapport

[b]SDFix: Version 1.237 [/b]
Run by Admin on 26/10/2008 at 14:56

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Infected beep.sys Found![/b]

beep.sys File Locations:

"C:\WINXP\system32\dllcache\beep.sys" 28160 19/10/2008 15:02
"C:\WINXP\system32\drivers\beep.sys" 4224 28/08/2001 13:00

Infected File Listed Below:

C:\WINXP\system32\dllcache\beep.sys

File copied to Backups Folder
Attempting to replace beep.sys with original version

Original beep.sys Restored

"C:\WINXP\system32\dllcache\beep.sys" 4224 07/08/2008 16:27
"C:\WINXP\system32\drivers\beep.sys" 4224 07/08/2008 16:27

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINXP\system32\ddcYsTli.dll - Deleted
C:\DOCUME~1\ADMIN\COOKIES\UVEQEG~1.DLL - Deleted
C:\DOCUME~1\ADMIN\COOKIES\EPUH._SY - Deleted
C:\DOCUME~1\ADMIN\COOKIES\DANINUL.PIF - Deleted
C:\DOCUME~1\ADMIN\COOKIES\YXYFUWO.PIF - Deleted
C:\DOCUME~1\ADMIN\COOKIES\EXUKUW~1.REG - Deleted
C:\DOCUME~1\ADMIN\COOKIES\WECY.SYS - Deleted
C:\DOCUME~1\ADMIN\COOKIES\IRYXOFOS.VBS - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\xp34\cPH.log - Deleted
C:\WINXP\system32\EV02\EV022328.exe - Deleted
C:\Program Files\XP_Antispyware\AVEngn.dll - Deleted
C:\Program Files\XP_Antispyware\htmlayout.dll - Deleted
C:\Program Files\XP_Antispyware\pthreadVC2.dll - Deleted
C:\Program Files\XP_Antispyware\Uninstall.exe - Deleted
C:\Program Files\XP_Antispyware\wscui.cpl - Deleted
C:\Program Files\XP_Antispyware\XP_Antispyware.cfg - Deleted
C:\Program Files\XP_Antispyware\XP_AntiSpyware.exe - Deleted
C:\Program Files\XP_Antispyware\data\daily.cvd - Deleted
C:\Program Files\XP_Antispyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest - Deleted
C:\Program Files\XP_Antispyware\Microsoft.VC80.CRT\msvcm80.dll - Deleted
C:\Program Files\XP_Antispyware\Microsoft.VC80.CRT\msvcp80.dll - Deleted
C:\Program Files\XP_Antispyware\Microsoft.VC80.CRT\msvcr80.dll - Deleted
C:\WINXP\system32\wini10801.exe - Deleted
C:\WINXP\Temp\TDSS1ce.tmp - Deleted
C:\Documents and Settings\Admin\services.exe - Deleted
C:\WINXP\brastk.exe - Deleted
C:\WINXP\system32\delself.bat - Deleted
C:\WINXP\system32\pac.txt - Deleted
C:\WINXP\system32\dllcache\figaro.sys - Deleted

Folder C:\Program Files\XP_Antispyware - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\xp34 - Removed
Folder C:\WINXP\system32\EV02 - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 16:06:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:8c,3b,c6,be,0f,fd,98,d5,a5,f0,c6,71,61,3e,be,8c,51,f0,f1,e1,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9a,ba,4b,57,02,b3,dc,18,26,1e,3c,9b,aa,2e,89,d4,9c,..
"khjeh"=hex:a5,9f,87,a0,4a,97,8e,68,1f,d0,b4,53,6d,da,bf,5e,05,26,a9,c5,28,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:00,fa,4e,cf,0c,2e,2d,c4,52,6f,12,1d,8b,f7,5d,42,5f,a5,c6,d8,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0b,76,b2,69,a1,85,a3,61,d6,01,a2,2e,73,27,18,cd,12,cc,8a,c2,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:8c,3b,c6,be,0f,fd,98,d5,a5,f0,c6,71,61,3e,be,8c,51,f0,f1,e1,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9a,ba,4b,57,02,b3,dc,18,26,1e,3c,9b,aa,2e,89,d4,9c,..
"khjeh"=hex:a5,9f,87,a0,4a,97,8e,68,1f,d0,b4,53,6d,da,bf,5e,05,26,a9,c5,28,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:00,fa,4e,cf,0c,2e,2d,c4,52,6f,12,1d,8b,f7,5d,42,5f,a5,c6,d8,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0b,76,b2,69,a1,85,a3,61,d6,01,a2,2e,73,27,18,cd,12,cc,8a,c2,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:8c,3b,c6,be,0f,fd,98,d5,a5,f0,c6,71,61,3e,be,8c,51,f0,f1,e1,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9a,ba,4b,57,02,b3,dc,18,26,1e,3c,9b,aa,2e,89,d4,9c,..
"khjeh"=hex:a5,9f,87,a0,4a,97,8e,68,1f,d0,b4,53,6d,da,bf,5e,05,26,a9,c5,28,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:00,fa,4e,cf,0c,2e,2d,c4,52,6f,12,1d,8b,f7,5d,42,5f,a5,c6,d8,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0b,76,b2,69,a1,85,a3,61,d6,01,a2,2e,73,27,18,cd,12,cc,8a,c2,38,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus.exe"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINXP\\system32\\PnkBstrA.exe"="C:\\WINXP\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINXP\\system32\\PnkBstrB.exe"="C:\\WINXP\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 21 Apr 2004 193 ..SH. --- "C:\BOOT.BAK"
Sun 12 Mar 2006 10,311,680 ..SH. --- "C:\Program Files\AVIConverter\MENCODER.EXE"
Sat 31 Dec 2005 8,578,048 ..SH. --- "C:\Program Files\AVIConverter\mencoder1.exe"
Tue 18 Apr 2006 4,789,792 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 14 Aug 2008 1,499,588 ..SH. --- "C:\WINXP\system32\yahxtdbm.tmp"
Sat 18 Feb 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 Feb 2007 308,832 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\uinstrsc.dll"
Fri 21 Jul 2006 2,291 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti2A.tmp"
Fri 27 Jun 2008 53,248 A.SH. --- "C:\System Volume Information\_restore{BB87EF84-BF62-4CD9-B4FF-53D09A3A7347}\RP16\A0007025.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\System Volume Information\_restore{BB87EF84-BF62-4CD9-B4FF-53D09A3A7347}\RP52\A0018314.dll"
Thu 15 Feb 2007 308,832 A..H. --- "C:\System Volume Information\_restore{BB87EF84-BF62-4CD9-B4FF-53D09A3A7347}\RP52\A0018315.exe"
Thu 1 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINXP\DRM\Cache\Indiv01.tmp"
Sat 13 Nov 2004 37,376 A..H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITA.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT7.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT4.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT9.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT5.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT8.tmp"
Mon 4 Aug 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Sat 22 Jan 2005 0 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT11.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT1E.tmp"
Thu 29 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT1F.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT20.tmp"
Thu 29 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT22.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT23.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT24.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT25.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT26.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT27.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT28.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT29.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT2A.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT2B.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT2C.tmp"
Thu 27 Jan 2005 0 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT2D.tmp"
Sun 9 Jan 2005 0 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT3.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT30.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT347.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT398.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT40.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT49.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT51.tmp"
Sun 26 Dec 2004 0 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT7.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT8.tmp"
Mon 26 Jul 2004 7,155 A..H. --- "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\BIT9F.tmp"
Thu 13 Oct 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7e808a3c27f845e09ebb11aa4251afd5\BIT7.tmp"
Tue 4 Nov 2003 75,264 A..H. --- "C:\Documents and Settings\Admin\Mes documents\ancien ordi\muzik mp3\Licence3\Licence3\1er Semestre\SCIENCE CO\~WRL1311.tmp"
Fri 20 Feb 2004 26,624 A..H. --- "C:\Documents and Settings\Admin\Mes documents\ancien ordi\muzik mp3\Licence3\Licence3\2e Semestre\Elaboration Contenu\~WRL2344.tmp"
Wed 18 Feb 2004 19,968 A..H. --- "C:\Documents and Settings\Admin\Mes documents\ancien ordi\muzik mp3\Licence3\Licence3\2e Semestre\Histoire\~WRL0132.tmp"
Mon 3 Nov 2003 19,456 A..H. --- "C:\Documents and Settings\Admin\Mes documents\ancien ordi\muzik mp3\Licence3\Licence3\1er Semestre\Education Motricit‚\Fabron\~WRL0504.tmp"

[b]Finished![/b]

Réponse 11 / 77

loic-7

le voici

SmitFraudFix v2.366

Rapport fait à 16:50:06,82, 26/10/2008
Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6131F926-D30A-4233-A55A-A091A8061242}: NameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6131F926-D30A-4233-A55A-A091A8061242}: NameServer=84.103.237.142 86.64.145.142
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6131F926-D30A-4233-A55A-A091A8061242}: NameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6131F926-D30A-4233-A55A-A091A8061242}: NameServer=86.64.145.141 84.103.237.141

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 12 / 77

loic-7

Un problème je n'ai pas de console de récupération

Mon log est assez conséquent je pense une dizaine de pages word....

Réponse 13 / 77

loic-7

^^ j'ai colé sous word ça fait 400pages es-ce normal

Réponse 14 / 77

loic-7

Voila qui est fait!!

Réponse 15 / 77

loic-7

Search Navipromo version 3.6.7 commencé le 26/10/2008 à 18:22:34,57

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Admin"

Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINXP" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINXP\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINXP\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Admin\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Admin\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Admin\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINXP\system32" *

* Recherche dans "C:\Documents and Settings\Admin\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINXP\system32" :

* Dans "C:\Documents and Settings\Admin\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 26/10/2008 à 18:38:34,96 ***

Réponse 16 / 77

loic-7

je n'arrive pas à le poster je vous l'envoie

Réponse 17 / 77

loic-7

Je vous l'ai envoyé à (adresse mail supprimée)

Réponse 18 / 77

loic-7

je vous envoir le rapport par mp

Réponse 19 / 77

loic-7

J'ai supprimer manuellement tous les craks et keygens

ensuite effectué les étapes suivantes

Télécharge Toolbar S&D (Team IDN) sur ton Bureau :
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

le rapport m'indique qu'il n'y en a plus....

Que faire maintenant?

Réponse 20 / 77

loic-7

je l'ai envoyé par mp car un peu long

Xp antispyware 2009

77 réponses

Votre réponse

Discussions similaires