Rapport sdfix
skanky06
Messages postés
4
Statut
Membre
-
skanky06 Messages postés 4 Statut Membre -
skanky06 Messages postés 4 Statut Membre -
Bonjour,
[b]SDFix: Version 1.240 [/b]
Run by alexandre on 19/12/2008 at 19:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\alexandre.XPSP2-2D6043890\Local Settings\Temp\tem21.tmp.exe - Deleted
C:\Documents and Settings\alexandre.XPSP2-2D6043890\Local Settings\Temp\tem25.tmp.exe - Deleted
C:\Documents and Settings\alexandre.XPSP2-2D6043890\Local Settings\Temp\tem26.tmp.exe - Deleted
C:\Program Files\PlayMP3z\PlayMP3.exe - Deleted
C:\Program Files\PlayMP3z\uninstall.exe - Deleted
C:\WINDOWS\fxstaller.exe - Deleted
Folder C:\Program Files\PlayMP3z - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 19:27:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a1,ae,3c,20,e8,50,de,ce,fc,0d,20,01,d7,b1,2f,92,e3,07,82,9f,bd,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,74,69,09,d5,25,b7,fa,24,84,93,01,ca,88,8e,1b,5a,1a,..
"khjeh"=hex:e9,a1,68,1b,73,41,6f,89,65,07,f0,f0,16,62,b9,77,5d,67,5d,e8,37,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d0,3b,5b,68,43,7b,ab,40,e7,c6,b0,2e,16,2a,7a,1d,7a,b0,48,9f,77,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a1,ae,3c,20,e8,50,de,ce,fc,0d,20,01,d7,b1,2f,92,e3,07,82,9f,bd,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,74,69,09,d5,25,b7,fa,24,84,93,01,ca,88,8e,1b,5a,1a,..
"khjeh"=hex:e9,a1,68,1b,73,41,6f,89,65,07,f0,f0,16,62,b9,77,5d,67,5d,e8,37,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d0,3b,5b,68,43,7b,ab,40,e7,c6,b0,2e,16,2a,7a,1d,7a,b0,48,9f,77,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Piolet\\Piolet.exe"="C:\\Program Files\\Piolet\\Piolet.exe:*:Enabled:Piolet"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe"="C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sat 10 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 26 Nov 2001 40,448 A..H. --- "C:\Program Files\UpToTen\CD-ROM\JNetCheck.exe"
Fri 8 Mar 2002 35,328 A..H. --- "C:\Program Files\UpToTen\CD-ROM\JSAVE.exe"
Tue 26 Mar 2002 452,386 A..H. --- "C:\Program Files\UpToTen\CD-ROM\UTT-037-FR.exe"
[b]Finished![/b]
[b]SDFix: Version 1.240 [/b]
Run by alexandre on 19/12/2008 at 19:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\alexandre.XPSP2-2D6043890\Local Settings\Temp\tem21.tmp.exe - Deleted
C:\Documents and Settings\alexandre.XPSP2-2D6043890\Local Settings\Temp\tem25.tmp.exe - Deleted
C:\Documents and Settings\alexandre.XPSP2-2D6043890\Local Settings\Temp\tem26.tmp.exe - Deleted
C:\Program Files\PlayMP3z\PlayMP3.exe - Deleted
C:\Program Files\PlayMP3z\uninstall.exe - Deleted
C:\WINDOWS\fxstaller.exe - Deleted
Folder C:\Program Files\PlayMP3z - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 19:27:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a1,ae,3c,20,e8,50,de,ce,fc,0d,20,01,d7,b1,2f,92,e3,07,82,9f,bd,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,74,69,09,d5,25,b7,fa,24,84,93,01,ca,88,8e,1b,5a,1a,..
"khjeh"=hex:e9,a1,68,1b,73,41,6f,89,65,07,f0,f0,16,62,b9,77,5d,67,5d,e8,37,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d0,3b,5b,68,43,7b,ab,40,e7,c6,b0,2e,16,2a,7a,1d,7a,b0,48,9f,77,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a1,ae,3c,20,e8,50,de,ce,fc,0d,20,01,d7,b1,2f,92,e3,07,82,9f,bd,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,74,69,09,d5,25,b7,fa,24,84,93,01,ca,88,8e,1b,5a,1a,..
"khjeh"=hex:e9,a1,68,1b,73,41,6f,89,65,07,f0,f0,16,62,b9,77,5d,67,5d,e8,37,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d0,3b,5b,68,43,7b,ab,40,e7,c6,b0,2e,16,2a,7a,1d,7a,b0,48,9f,77,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Piolet\\Piolet.exe"="C:\\Program Files\\Piolet\\Piolet.exe:*:Enabled:Piolet"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe"="C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sat 10 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 26 Nov 2001 40,448 A..H. --- "C:\Program Files\UpToTen\CD-ROM\JNetCheck.exe"
Fri 8 Mar 2002 35,328 A..H. --- "C:\Program Files\UpToTen\CD-ROM\JSAVE.exe"
Tue 26 Mar 2002 452,386 A..H. --- "C:\Program Files\UpToTen\CD-ROM\UTT-037-FR.exe"
[b]Finished![/b]
