Mon pc ram !!! il ne veu plus rien faire
Forum Sécurité - Virus : Mon pc ram !!! il ne veu plus rien faire
Désoler du retard !!!
Voila le rapport SDFix !! :::
SDFix: Version 1.145
Run by HP_Administrateur on 05/03/2008 at 16:01
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name:
FCI
khtml
Path:
C:\WINDOWS\system32\svchost.exe:ext.exe
\??\C:\WINDOWS\system32\drivers\khtml.sys
FCI - Deleted
khtml - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Service Ujfk36 - Deleted after Reboot
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\drivers\Ujfk36.sys - Deleted
C:\-38848~1 - Deleted
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\aax221.tmp.exe - Deleted
C:\Program Files\Helper\1201459562.dll - Deleted
C:\WINDOWS\system32\drivers\khtml.sys - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
Folder C:\Program Files\Helper - Removed
Folder C:\WINDOWS\system32\wsnpoem - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 16:23:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1e,e1,6b,79,01,79,86,81,ff,cc,c8,41,0f,e1,51,2e,d3,ba,a5,ee,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00
000001]
"a0"=hex:20,01,00,00,9d,be,84,14,7a,78,e9,5b,a5,63,11,c3,8b,74,4a,00,e3,..
"khjeh"=hex:1c,d7,0b,03,d5,1c,8f,fa,08,de,5f,11,8c,6b,d0,0b,fe,e9,24,fb,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00
000001\0Jf40]
"khjeh"=hex:91,98,40,81,c7,01,a7,4a,6a,01,72,55,77,d1,83,35,89,cb,a3,98,4c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00
000001\0Jf41]
"khjeh"=hex:69,18,bf,e8,d6,cb,73,30,96,ab,45,21,c5,1b,b4,b7,fc,0e,df,34,85,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1e,e1,6b,79,01,79,86,81,ff,cc,c8,41,0f,e1,51,2e,d3,ba,a5,ee,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\000000
01]
"a0"=hex:20,01,00,00,9d,be,84,14,7a,78,e9,5b,a5,63,11,c3,8b,74,4a,00,e3,..
"khjeh"=hex:1c,d7,0b,03,d5,1c,8f,fa,08,de,5f,11,8c,6b,d0,0b,fe,e9,24,fb,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\000000
01\0Jf40]
"khjeh"=hex:91,98,40,81,c7,01,a7,4a,6a,01,72,55,77,d1,83,35,89,cb,a3,98,4c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\000000
01\0Jf41]
"khjeh"=hex:69,18,bf,e8,d6,cb,73,30,96,ab,45,21,c5,1b,b4,b7,fc,0e,df,34,85,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 17
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\stand
ardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program
Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers
communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers
communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN
Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN
Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Fichiers communs\\AOL\\1195902532\\ee\\aolsoftware.exe"="C:\\Program
Files\\Fichiers communs\\AOL\\1195902532\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program
Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*
isabled:Java(TM) 2 Platform Standard Edition binary"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program
Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program
Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program
Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program
Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program
Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Connecteur Wi-Fi USB Nintendo"
"C:\\Program Files\\Conference\\Conference.dll"="C:\\Program
Files\\Conference\\Conference.dll:*:Enabled:Audio/Video Conference"
"C:\\DOCUME~1\\mickael\\LOCALS~1\\Temp\\dllhost.exe"="C:\\DOCUME~1\\mickael\\LOCALS~1\\Temp\\dllho
st.exe:*:Enabled:Flash Player2"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domai
nprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers
communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers
communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN
Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN
Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 10 Dec 2006 211 A.SHR --- "C:\BOOT.BAK"
Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sat 16 Dec 2006 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Wed 2 Jan 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program
Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Mon 18 Feb 2008 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT4.tmp"
Finished!
Re,
Désolé, j'avais perdu ton sujet ! N'hésite pas à faire un UP !
Reposte un HijackThis 
Répondre à XmichouX
