Se connecter
Inscription
Mot de passe perdu
Supprimer un message
chou_
Voici le rapport de SDfix - bon, vais rentrer au bureau pour lire ça plus attentivement...
----
SDFix: Version 1.162
Run by Yves on jeu. 27/03/2008 at 14:10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Yves\Bureau\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\Yves\Local Settings\Temp\aax70.tmp.exe - Deleted
C:\WINDOWS\mrofinu1423.exe - Deleted
C:\WINDOWS\system32\real.txt - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 14:17:37
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
C:\DOCUME~1\Yves\LOCALS~1\Temp\yunuéé£'£'%''msn'è%'fix''.exe [1204] 0x820BCBE8
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000001d
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 6
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\f- irewallpolicy\standardprofile\authorizedapplications\list]
"\\system32\\sessmgr.exe"="\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Steam\\steamapps\\dokter_fiets\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\dokter_fiets\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Steam\\steamapps\\dokter_fiets\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\dokter_fiets\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\Yves\\LOCALS~1\\Temp\\ipconfig.exe"="C:\\DOCUME~1\\Yves\\LOCALS~- 1\\Temp\\ipconfig.exe:*:Enabled:Slave"
"C:\\Program Files\\NovaLogic\\Delta Force Xtreme Demo\\DFXDemo.exe"="C:\\Program Files\\NovaLogic\\Delta Force Xtreme Demo\\DFXDemo.exe:*:Enabled:DFXDemo"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\Yves\\LOCALS~1\\Temp\\yunu‚‚œ'œ'%''msn'Š%'fix''.exe"="C:\\DOCUME- ~1\\Yves\\LOCALS~1\\Temp\\yunu‚‚œ'œ'%''msn'Š%'fix''.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\f- irewallpolicy\domainprofile\authorizedapplications\list]
"\\system32\\sessmgr.exe"="\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\DOCUME~1\Yves\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 27 Oct 2007 56 ..SHR --- "C:\WINDOWS\system32\C1E09B1655.sys"
Sat 27 Oct 2007 1,682 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 11 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 19 Mar 2008 888 ...HR --- "C:\Documents and Settings\Yves\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 11 Nov 2007 4,348 ...H. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sun 11 Nov 2007 20 A..H. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sat 27 Oct 2007 312 A.SH. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Thu 17 May 2007 4,348 A..H. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat 27 Oct 2007 20 A..H. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 17 Dec 2006 312 A.SH. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Finished!
----
SDFix: Version 1.162
Run by Yves on jeu. 27/03/2008 at 14:10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Yves\Bureau\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\Yves\Local Settings\Temp\aax70.tmp.exe - Deleted
C:\WINDOWS\mrofinu1423.exe - Deleted
C:\WINDOWS\system32\real.txt - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 14:17:37
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
C:\DOCUME~1\Yves\LOCALS~1\Temp\yunuéé£'£'%''msn'è%'fix''.exe [1204] 0x820BCBE8
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000001d
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 6
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\f- irewallpolicy\standardprofile\authorizedapplications\list]
"\\system32\\sessmgr.exe"="\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Steam\\steamapps\\dokter_fiets\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\dokter_fiets\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Steam\\steamapps\\dokter_fiets\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\dokter_fiets\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\Yves\\LOCALS~1\\Temp\\ipconfig.exe"="C:\\DOCUME~1\\Yves\\LOCALS~- 1\\Temp\\ipconfig.exe:*:Enabled:Slave"
"C:\\Program Files\\NovaLogic\\Delta Force Xtreme Demo\\DFXDemo.exe"="C:\\Program Files\\NovaLogic\\Delta Force Xtreme Demo\\DFXDemo.exe:*:Enabled:DFXDemo"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\Yves\\LOCALS~1\\Temp\\yunu‚‚œ'œ'%''msn'Š%'fix''.exe"="C:\\DOCUME- ~1\\Yves\\LOCALS~1\\Temp\\yunu‚‚œ'œ'%''msn'Š%'fix''.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\f- irewallpolicy\domainprofile\authorizedapplications\list]
"\\system32\\sessmgr.exe"="\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\DOCUME~1\Yves\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 27 Oct 2007 56 ..SHR --- "C:\WINDOWS\system32\C1E09B1655.sys"
Sat 27 Oct 2007 1,682 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 11 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 19 Mar 2008 888 ...HR --- "C:\Documents and Settings\Yves\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 11 Nov 2007 4,348 ...H. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sun 11 Nov 2007 20 A..H. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sat 27 Oct 2007 312 A.SH. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Thu 17 May 2007 4,348 A..H. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat 27 Oct 2007 20 A..H. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 17 Dec 2006 312 A.SH. --- "C:\Documents and Settings\Yves\Mes documents\Ma musique\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Finished!
