Decrypter mon rapport sdfix

coyote -  
 grulie -
Bonjour,

Si quequ' un peut traduire ça et me dire si tout va bien se serait cool ! Merci d' avance .


Run by user on 15/11/2008 at 19:18

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 19:21:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:fbe971f5
"s2"=dword:744063a4
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ea,ef,b5,b2,e6,0d,89,c9,b7,20,ee,ad,e4,fc,a1,2e,21,6f,b1,34,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4e,30,1c,c6,a7,95,04,a3,3a,0f,2e,e5,ee,16,84,66,a0,..
"khjeh"=hex:72,e8,21,a4,02,33,0f,6b,be,52,30,28,1c,7e,83,af,3e,90,8b,30,31,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ae,45,51,c7,67,9b,00,bc,4d,eb,e8,50,ba,99,ec,d6,11,07,94,23,97,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ea,ef,b5,b2,e6,0d,89,c9,b7,20,ee,ad,e4,fc,a1,2e,21,6f,b1,34,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4e,30,1c,c6,a7,95,04,a3,3a,0f,2e,e5,ee,16,84,66,a0,..
"khjeh"=hex:72,e8,21,a4,02,33,0f,6b,be,52,30,28,1c,7e,83,af,3e,90,8b,30,31,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ae,45,51,c7,67,9b,00,bc,4d,eb,e8,50,ba,99,ec,d6,11,07,94,23,97,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ea,ef,b5,b2,e6,0d,89,c9,b7,20,ee,ad,e4,fc,a1,2e,21,6f,b1,34,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4e,30,1c,c6,a7,95,04,a3,3a,0f,2e,e5,ee,16,84,66,a0,..
"khjeh"=hex:72,e8,21,a4,02,33,0f,6b,be,52,30,28,1c,7e,83,af,3e,90,8b,30,31,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ae,45,51,c7,67,9b,00,bc,4d,eb,e8,50,ba,99,ec,d6,11,07,94,23,97,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sat 29 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\user\Application Data\U3\temp\Launchpad Removal.exe"

[b]Finished![/b]

1 réponse

Réponse 1 / 1
Utilisateur anonyme
 
ca veut dire qu il n as rien trouvé.....
0
coyote
 
Merci archet9 !

Si je poste un rapport hijackthis saurais-tu me repondre également ?
0
Utilisateur anonyme > coyote
 
oui ,tout a fait
vas-y...

a+
0
grulie > Utilisateur anonyme
 
Bonjour archet,

Peux tu décrypter le mien ??? sachant que j'ai été infecté par un virus win 32 cutwail-Y

[b]SDFix: Version 1.240 [/b]
Run by Gael on 30/09/2009 at 21:05

Microsoft Windows XP [version 5.1.2600]
Running From: D:\Documents and Settings\Gael\Bureau\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

D:\DOCUME~1\GAEL\COOKIES\MYRENO~1.DB - Deleted
D:\DOCUME~1\GAEL\COOKIES\PIFA._SY - Deleted
D:\Program Files\Fichiers communs\urocy._sy - Deleted
D:\Program Files\Fichiers communs\domataqym.scr - Deleted
D:\WINDOWS\system32\_scui.cpl - Deleted
D:\WINDOWS\system32\qtplugin.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 21:19:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9C4A054D-ECC8-2E14-B57F-8C77E06B88CD}]
"padpcaaobpfdmmmemdpneknonngpccic"=hex:6a,61,6d,6e,65,62,6a,6c,6d,6d,68,63,66,62,64,6d,6b,6a,6d,6b,00,..
"oajolomiecofgdnapphojifkmpdjoa"=hex:6a,61,6d,6e,65,62,6a,6c,6d,6d,68,63,66,62,64,6d,6b,6a,6d,6b,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"="D:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="D:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"D:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="D:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"D:\\Program Files\\GameSpy Arcade\\Aphex.exe"="D:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"="D:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="D:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="D:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[b]Remaining Files [/b]:


File Backups: - D:\DOCUME~1\Gael\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun 24 Apr 2005 215 ..SH. --- "D:\BOOT.BAK"
Mon 28 Jun 2004 54,384 A..H. --- "D:\Program Files\AOL 9.0\aolphx.exe"
Mon 28 Jun 2004 156,784 A..H. --- "D:\Program Files\AOL 9.0\aoltray.exe"
Mon 28 Jun 2004 31,344 A..H. --- "D:\Program Files\AOL 9.0\RBM.exe"
Wed 13 Oct 2004 1,694,208 ..SH. --- "D:\Program Files\Messenger\msmsgs.exe"
Mon 13 Jul 1998 15,360 A..H. --- "D:\Program Files\SOUNDVISION\INETFR.dll"
Thu 25 Aug 2005 4,348 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 29 Nov 2005 4,348 ..SH. --- "D:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sat 29 Mar 2008 0 A.SH. --- "D:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Tue 29 Nov 2005 4,348 ...H. --- "D:\Documents and Settings\Gael\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 11 Jun 2009 20 A..H. --- "D:\Documents and Settings\Gael\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Thu 11 Jun 2009 11,755 A.SH. --- "D:\Documents and Settings\Gael\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Mon 28 Jun 2004 106,496 A..H. --- "D:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

[b]Finished![/b]
0

Discussions similaires

Décryptage de chaînes précédées de '$'.
Cubde -
Rachid -

5 réponses
Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
DECRYPTAGE DES CHAINES CRYPTES
A +++++++ -
madmyke -

2 réponses
Comment décrypter les chaines cryptées sur BADR-2,3,4
Neskom -
MPMP10 -

1 réponse
écrire un rapport de travail
asi -
REGINALD -

3 réponses