Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

probleme avec antivirus XP 08

gguilhem

Par gguilhem
dans Analyses et éradication malwares

 Partager

Messages recommandés

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Pas grave. Prends le temps de lire tranquillement les infos, ça devrait fonctionner.

Sinon demain, tu as aussi le droit de dormir. :P

gguilhem Junior Member

gguilhem

Posté(e)
  • Auteur
Posté(e)

ça a l'air d'aller vraiment mieux..

 

Merci pour ton aide..

 

voici le rapport

c'est grave docteur?

 

 

 

 

SDFix: Version 1.222

Run by Administrateur on 08/09/2008 at 17:56

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Rootkit:

C:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku

 

Name :

tdssserv

{DEF85C80-216A-43ab-AF70-1665EDBE2780}

 

Path :

\systemroot\system32\drivers\TDSSserv.sys

\??\C:\WINDOWS\TEMP\37F.tmp

 

tdssserv - Deleted

{DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted

 

 

 

Restoring Default Security Values

Restoring Default Hosts File

Restoring Default Desktop Wallpaper

Restoring Default ScreenSaver value

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\lphcc6sj0e94g.exe - Deleted

C:\WINDOWS\system32\pphcc6sj0e94g.exe - Deleted

C:\Program Files\rhc96sj0e94g\database.dat - Deleted

C:\Program Files\rhc96sj0e94g\license.txt - Deleted

C:\Program Files\rhc96sj0e94g\MFC71.dll - Deleted

C:\Program Files\rhc96sj0e94g\MFC71ENU.DLL - Deleted

C:\Program Files\rhc96sj0e94g\msvcp71.dll - Deleted

C:\Program Files\rhc96sj0e94g\msvcr71.dll - Deleted

C:\Program Files\rhc96sj0e94g\rhc96sj0e94g.exe - Deleted

C:\Program Files\rhc96sj0e94g\rhc96sj0e94g.exe.local - Deleted

C:\Program Files\rhc96sj0e94g\Uninstall.exe - Deleted

C:\WINDOWS\system32\phcc6sj0e94g.bmp - Deleted

C:\WINDOWS\system32\blphcc6sj0e94g.scr - Deleted

C:\WINDOWS\SYSTEM32\WINDOW~1.EXE - Deleted

C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt177.tmp.exe - Deleted

C:\Documents and Settings\Administrateur\Mes documents\My Documents.url - Deleted

C:\Documents and Settings\Administrateur\Mes documents\Ma musique\My Music.url - Deleted

C:\Documents and Settings\Administrateur\Mes documents\Mes images\My Pictures.url - Deleted

C:\Documents and Settings\Administrateur\Mes documents\Mes vid‚os\My Video.url - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt16E.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2D.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2F.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt32.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt34.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3D.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3F.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5A.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt67.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6C.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt71.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt76.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7E.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt177.tmp.exe - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE.tmp.vbs - Deleted

C:\WINDOWS\system32\a.exe - Deleted

C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted

C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk - Deleted

C:\smp.bat - Deleted

C:\WINDOWS\system32\windows_update.exe - Deleted

C:\WINDOWS\system32\winsrc.dll.tmp - Deleted

C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted

C:\WINDOWS\Temp\ed47fa.$ - Deleted

C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted

C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted

C:\WINDOWS\system32\tdssinit.dll - Deleted

C:\WINDOWS\system32\tdssl.dll - Deleted

C:\WINDOWS\system32\tdsslog.dll - Deleted

C:\WINDOWS\system32\tdssmain.dll - Deleted

C:\WINDOWS\system32\tdssserf.dll - Deleted

C:\WINDOWS\system32\tdssservers.dat - Deleted

 

Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer

 

 

Folder C:\Program Files\rhc96sj0e94g - Removed

Folder C:\Documents and Settings\Administrateur\Application Data\rhc96sj0e94g - Removed

Folder C:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-08 18:03:37

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000091

"TracesSuccessful"=dword:00000009

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Mule\\eMule\\emule.exe"="C:\\Mule\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Secway\\SimpLite-MSN 2.1\\SimpLite-MSN.exe"="C:\\Program Files\\Secway\\SimpLite-MSN 2.1\\SimpLite-MSN.exe:*:Enabled:SimpLite-MSN"

"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Torrent P2P application"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"

"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"

"C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"="C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe:*:Enabled:Homeworld2"

"C:\\programmes\\Civilization4.exe"="C:\\programmes\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

"C:\\jeux\\HL2\\hl2.exe"="C:\\jeux\\HL2\\hl2.exe:*:Enabled:hl2"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application"

"C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*:Disabled:a"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Sun 31 Oct 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

Sun 31 Oct 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"

Wed 28 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Fri 20 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 1 Nov 2007 15,872 A.SH. --- "C:\Program Files\4Musics WAV to MP3 Converter\wdmdrvmgr\amd64\wdmdrvmgr.exe"

Thu 1 Nov 2007 9,216 A.SH. --- "C:\Program Files\4Musics WAV to MP3 Converter\wdmdrvmgr\i386\wdmdrvmgr.exe"

Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll"

 

Finished!

gguilhem Junior Member

gguilhem

Posté(e)
  • Auteur
Posté(e)

Voici le rapport SDfix:

Voila ça à l'air d'aller mieux..

merci pour ton aide

 

 

SDFix: Version 1.222

Run by Administrateur on 08/09/2008 at 17:56

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Rootkit:

C:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku

 

Name :

tdssserv

{DEF85C80-216A-43ab-AF70-1665EDBE2780}

 

Path :

\systemroot\system32\drivers\TDSSserv.sys

\??\C:\WINDOWS\TEMP\37F.tmp

 

tdssserv - Deleted

{DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted

 

 

 

Restoring Default Security Values

Restoring Default Hosts File

Restoring Default Desktop Wallpaper

Restoring Default ScreenSaver value

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\lphcc6sj0e94g.exe - Deleted

C:\WINDOWS\system32\pphcc6sj0e94g.exe - Deleted

C:\Program Files\rhc96sj0e94g\database.dat - Deleted

C:\Program Files\rhc96sj0e94g\license.txt - Deleted

C:\Program Files\rhc96sj0e94g\MFC71.dll - Deleted

C:\Program Files\rhc96sj0e94g\MFC71ENU.DLL - Deleted

C:\Program Files\rhc96sj0e94g\msvcp71.dll - Deleted

C:\Program Files\rhc96sj0e94g\msvcr71.dll - Deleted

C:\Program Files\rhc96sj0e94g\rhc96sj0e94g.exe - Deleted

C:\Program Files\rhc96sj0e94g\rhc96sj0e94g.exe.local - Deleted

C:\Program Files\rhc96sj0e94g\Uninstall.exe - Deleted

C:\WINDOWS\system32\phcc6sj0e94g.bmp - Deleted

C:\WINDOWS\system32\blphcc6sj0e94g.scr - Deleted

C:\WINDOWS\SYSTEM32\WINDOW~1.EXE - Deleted

C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt177.tmp.exe - Deleted

C:\Documents and Settings\Administrateur\Mes documents\My Documents.url - Deleted

C:\Documents and Settings\Administrateur\Mes documents\Ma musique\My Music.url - Deleted

C:\Documents and Settings\Administrateur\Mes documents\Mes images\My Pictures.url - Deleted

C:\Documents and Settings\Administrateur\Mes documents\Mes vid‚os\My Video.url - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt16E.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2D.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2F.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt32.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt34.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3D.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3F.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5A.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt67.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6C.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt71.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt76.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7E.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt177.tmp.exe - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp.vbs - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE.tmp.vbs - Deleted

C:\WINDOWS\system32\a.exe - Deleted

C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted

C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk - Deleted

C:\smp.bat - Deleted

C:\WINDOWS\system32\windows_update.exe - Deleted

C:\WINDOWS\system32\winsrc.dll.tmp - Deleted

C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted

C:\WINDOWS\Temp\ed47fa.$ - Deleted

C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted

C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted

C:\WINDOWS\system32\tdssinit.dll - Deleted

C:\WINDOWS\system32\tdssl.dll - Deleted

C:\WINDOWS\system32\tdsslog.dll - Deleted

C:\WINDOWS\system32\tdssmain.dll - Deleted

C:\WINDOWS\system32\tdssserf.dll - Deleted

C:\WINDOWS\system32\tdssservers.dat - Deleted

Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer

 

 

Folder C:\Program Files\rhc96sj0e94g - Removed

Folder C:\Documents and Settings\Administrateur\Application Data\rhc96sj0e94g - Removed

Folder C:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-08 18:03:37

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000091

"TracesSuccessful"=dword:00000009

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Mule\\eMule\\emule.exe"="C:\\Mule\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Secway\\SimpLite-MSN 2.1\\SimpLite-MSN.exe"="C:\\Program Files\\Secway\\SimpLite-MSN 2.1\\SimpLite-MSN.exe:*:Enabled:SimpLite-MSN"

"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Torrent P2P application"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"

"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"

"C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"="C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe:*:Enabled:Homeworld2"

"C:\\programmes\\Civilization4.exe"="C:\\programmes\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

"C:\\jeux\\HL2\\hl2.exe"="C:\\jeux\\HL2\\hl2.exe:*:Enabled:hl2"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application"

"C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*:Disabled:a"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Sun 31 Oct 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

Sun 31 Oct 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"

Wed 28 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Fri 20 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 1 Nov 2007 15,872 A.SH. --- "C:\Program Files\4Musics WAV to MP3 Converter\wdmdrvmgr\amd64\wdmdrvmgr.exe"

Thu 1 Nov 2007 9,216 A.SH. --- "C:\Program Files\4Musics WAV to MP3 Converter\wdmdrvmgr\i386\wdmdrvmgr.exe"

Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll"

 

Finished!

 

 

 

...et voici le rapport par le nouveau Hijackthis....

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:18:22, on 08/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\rmctrl.exe

C:\WINDOWS\system32\taskswitch.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1AC557C-5348-41E5-8393-05AB0FB0829F}: NameServer = 192.168.1.1

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7503 bytes

 

ok....

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Télécharge MBR Rootkit Detector 0.2.4 by gmer et enregistre-le sur le bureau

 

Désactiver provisoirement les programmes de protection (antivirus, firewall,anti-spyware...)

 

Double-clique sur mbr.exe, une fenêtre d'invite de commande va s'ouvrir et se refermer,

- Un rapport sera généré : mbr.log.

 

Copie/colle le résultat de ce log dans ta réponse.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...