Help virus please
![[Deadskull666]](https://image.jeuxvideo.com/avatar-md/default.jpg)
en passant BitDefender est un bon antivirus...au meme niveau que Kaspersky
je vien de dl SDFix je vai faire ce qui est dit
par contre on m avit dit que je n'aurai plus de fond d'écran ce qui est vrai mais par contre je me retrouve avec le theme windows classique et je ne peux plus avoir le theme xp
tu fais une nouvelle session
hey evilelf , tu peu continuer a me guider sur mon topic stp ; merci
Si tu es en mode sans échec, c'est normal que tu te retrouves avec le thème classique.
rapport sdfix
[b]SDFix: Version 1.187 [/b]
Run by R‚mi on 01/06/2008 at 13:36
Microsoft Windows XP [version 5.1.2600]
Running From: D:\DOCUME~1\RMI~1\Bureau\SDFix
[b]Checking Services [/b]:
[b]Name [/b]:
msupdate
ELR53
HOU86
JQW17
JRX52
MTA41
NUC31
QXE07
RYF06
RYG86
VCJ42
WEK42
WEL06
[b]Path [/b]:
c:\windows\system32\mssrv32.exe
\??\C:\WINDOWS\System32\drivers\elR53.sys
\??\C:\WINDOWS\System32\drivers\hoU86.sys
\??\C:\WINDOWS\System32\drivers\jqW17.sys
\??\C:\WINDOWS\System32\drivers\jrX52.sys
\??\C:\WINDOWS\System32\drivers\mtA41.sys
\??\C:\WINDOWS\System32\drivers\nuC31.sys
\??\C:\WINDOWS\System32\drivers\qxE07.sys
\??\C:\WINDOWS\System32\drivers\ryF06.sys
\??\C:\WINDOWS\System32\drivers\ryG86.sys
\??\C:\WINDOWS\System32\drivers\vcJ42.sys
\??\C:\WINDOWS\System32\drivers\weK42.sys
\??\C:\WINDOWS\System32\drivers\weL06.sys
msupdate - Deleted
ELR53 - Deleted
HOU86 - Deleted
JQW17 - Deleted
JRX52 - Deleted
MTA41 - Deleted
NUC31 - Deleted
QXE07 - Deleted
RYF06 - Deleted
RYG86 - Deleted
VCJ42 - Deleted
WEK42 - Deleted
WEL06 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\ljJDVmMc.dll - Deleted
C:\WINDOWS\embd.exe - Deleted
C:\WINDOWS\system32\818646\818646.dll - Deleted
C:\WINDOWS\system32\h@tkeysh@@k.dll - Deleted
C:\WINDOWS\system32\mssrv32.exe - Deleted
C:\WINDOWS\system32\plugin1.dat - Deleted
C:\WINDOWS\system32\SysPr.prx - Deleted
C:\WINDOWS\system32\web.dat - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted
C:\WINDOWS\vregfwlx.dll - Deleted
C:\WINDOWS\system32\drivers\ELR53.sys - Deleted
C:\WINDOWS\system32\drivers\HOU86.sys - Deleted
C:\WINDOWS\system32\drivers\JQW17.sys - Deleted
C:\WINDOWS\system32\drivers\JRX52.sys - Deleted
C:\WINDOWS\system32\drivers\KRY52.sys - Deleted
C:\WINDOWS\system32\drivers\MTA41.sys - Deleted
C:\WINDOWS\system32\drivers\NUC31.sys - Deleted
C:\WINDOWS\system32\drivers\QXE07.sys - Deleted
C:\WINDOWS\system32\drivers\RYF06.sys - Deleted
C:\WINDOWS\system32\drivers\RYG86.sys - Deleted
C:\WINDOWS\system32\drivers\VCJ42.sys - Deleted
C:\WINDOWS\system32\drivers\WEK42.sys - Deleted
C:\WINDOWS\system32\drivers\WEL06.sys - Deleted
Folder C:\WINDOWS\system32\818646 - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 14:03:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d9,1b,e7,e8,6b,08,1f,0b,5a,82,5a,d5,3a
,e7,4b,e4,85,6d,4b,b6,a2,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]
"a0"=hex:20,01,00,00,0f,37,b2,5f,24,a8,9a,f6,73,14
,9c,0c,71,ad,96,60,51,..
"khjeh"=hex:cd,b3,d6,6e,ca,79,12,28,ac,aa,40,d9,93
,52,56,f2,01,49,df,a8,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]
"khjeh"=hex:b8,18,d5,99,ef,94,15,bf,78,61,1c,f0,d6
,5a,4e,e3,f6,2e,2c,ed,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d9,1b,e7,e8,6b,08,1f,0b,5a,82,5a,d5,3a
,e7,4b,e4,85,6d,4b,b6,a2,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]
"a0"=hex:20,01,00,00,0f,37,b2,5f,24,a8,9a,f6,73,14
,9c,0c,71,ad,96,60,51,..
"khjeh"=hex:cd,b3,d6,6e,ca,79,12,28,ac,aa,40,d9,93
,52,56,f2,01,49,df,a8,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]
"khjeh"=hex:b8,18,d5,99,ef,94,15,bf,78,61,1c,f0,d6
,5a,4e,e3,f6,2e,2c,ed,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1d,52,3e,77,64,d2,d8,55,b9,f1,a3,43,5e
,ff,21,b8,ec,8a,9f,89,66,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1d,52,3e,77,64,d2,d8,55,b9,f1,a3,43,5e
,ff,21,b8,ec,8a,9f,89,66,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1d,52,3e,77,64,d2,d8,55,b9,f1,a3,43,5e
,ff,21,b8,ec,8a,9f,89,66,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1d,52,3e,77,64,d2,d8,55,b9,f1,a3,43,5e
,ff,21,b8,ec,8a,9f,89,66,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\
sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:e5,13,e6,45,cb,ef,95,d8,d9,32,94,c3,82
,50,d8,ad,48,6c,8c,34,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,4d,bd,d6,36,2f,72,37,25,c6,df,1d,b6
,8a,c2,01,ba,7a,9a,03,fb,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]
"khjeh"=hex:85,ba,ab,4e,03,81,84,8d,1e,97,7a,9e,3d
,b7,d2,27,00,11,8b,b6,a9,..
"a0"=hex:20,01,00,00,36,a9,9e,64,5f,ab,b3,dc,62,24
,7c,0c,e6,9a,40,a0,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]
"khjeh"=hex:88,39,90,d6,7d,a2,c9,15,60,fb,4f,b0,8f
,e0,4e,b3,5f,28,74,dc,76,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf41]
"khjeh"=hex:f3,3b,1e,6a,15,76,b9,dc,bb,16,2b,df,b4
,08,0e,a0,0d,df,5d,3f,97,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf42]
"khjeh"=hex:55,f8,ef,8f,b0,21,87,cd,7b,05,f4,65,91
,10,ce,fb,e3,8c,4c,d5,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf43]
"khjeh"=hex:55,f8,ef,8f,b0,21,87,cd,7b,05,f4,65,91
,10,ce,fb,e3,8c,4c,d5,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\
sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:e5,13,e6,45,cb,ef,95,d8,d9,32,94,c3,82
,50,d8,ad,48,6c,8c,34,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,4d,bd,d6,36,2f,72,37,25,c6,df,1d,b6
,8a,c2,01,ba,7a,9a,03,fb,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]
"khjeh"=hex:3a,00,2a,75,3a,5e,3b,eb,4c,cd,3c,84,f9
,f8,ae,d2,ce,e7,f4,33,00,..
"a0"=hex:20,01,00,00,36,a9,9e,64,5f,ab,b3,dc,62,24
,7c,0c,e6,9a,40,a0,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]
"khjeh"=hex:67,6c,df,31,53,40,c0,f6,79,c9,26,9b,0c
,18,a7,95,00,24,20,bd,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf41]
"khjeh"=hex:79,55,6f,af,05,dd,11,6c,5b,a9,5e,72,28
,bd,00,8d,f0,a0,fb,7c,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf42]
"khjeh"=hex:b5,05,a7,46,6e,47,ce,89,00,52,e9,a2,35
,8a,1d,2e,25,de,e3,a1,c0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf43]
"khjeh"=hex:a9,08,3c,c5,04,4a,7d,96,c0,3b,02,38,3f
,da,ab,8e,c0,4e,ab,3f,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\
sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:e5,13,e6,45,cb,ef,95,d8,d9,32,94,c3,82
,50,d8,ad,48,6c,8c,34,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,4d,bd,d6,36,2f,72,37,25,c6,df,1d,b6
,8a,c2,01,ba,7a,9a,03,fb,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]
"khjeh"=hex:3a,00,2a,75,3a,5e,3b,eb,4c,cd,3c,84,f9
,f8,ae,d2,ce,e7,f4,33,00,..
"a0"=hex:20,01,00,00,36,a9,9e,64,5f,ab,b3,dc,62,24
,7c,0c,e6,9a,40,a0,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]
"khjeh"=hex:67,6c,df,31,53,40,c0,f6,79,c9,26,9b,0c
,18,a7,95,00,24,20,bd,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf41]
"khjeh"=hex:79,55,6f,af,05,dd,11,6c,5b,a9,5e,72,28
,bd,00,8d,f0,a0,fb,7c,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf42]
"khjeh"=hex:b5,05,a7,46,6e,47,ce,89,00,52,e9,a2,35
,8a,1d,2e,25,de,e3,a1,c0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf43]
"khjeh"=hex:a9,08,3c,c5,04,4a,7d,96,c0,3b,02,38,3f
,da,ab,8e,c0,4e,ab,3f,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\
sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:e5,13,e6,45,cb,ef,95,d8,d9,32,94,c3,82
,50,d8,ad,48,6c,8c,34,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,4d,bd,d6,36,2f,72,37,25,c6,df,1d,b6
,8a,c2,01,ba,7a,9a,03,fb,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]
"khjeh"=hex:3a,00,2a,75,3a,5e,3b,eb,4c,cd,3c,84,f9
,f8,ae,d2,ce,e7,f4,33,00,..
"a0"=hex:20,01,00,00,36,a9,9e,64,5f,ab,b3,dc,62,24
,7c,0c,e6,9a,40,a0,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]
"khjeh"=hex:c9,f2,e3,38,2e,30,d3,1a,9c,fc,a7,0f,7a
,c5,af,fe,bd,a3,f0,73,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf41]
"khjeh"=hex:6b,f8,43,aa,bb,9b,fb,ad,4c,75,0e,be,6d
,1b,e2,5b,51,59,e6,21,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf42]
"khjeh"=hex:4f,43,47,5a,04,05,65,45,3e,dd,f5,2e,50
,63,33,e9,6a,0c,e4,b2,1e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf43]
"khjeh"=hex:1b,ab,63,c4,b0,d5,f9,f8,f3,e9,01,66,45
,ff,2c,e1,36,c8,06,5f,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\
BTHPORT\Parameters\Keys\000272c0860f]
"0016200e095d"=hex:76,2f,ff,fa,36,a3,76,1a,16,53,c
8,a7,cf,33,19,72
"0015b922241e"=hex:f1,7e,50,1c,49,c0,d6,7a,ad,19,9
0,30,fd,a7,a3,d9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\
sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:e5,13,e6,45,cb,ef,95,d8,d9,32,94,c3,82
,50,d8,ad,48,6c,8c,34,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,4d,bd,d6,36,2f,72,37,25,c6,df,1d,b6
,8a,c2,01,ba,7a,9a,03,fb,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]
"khjeh"=hex:3a,00,2a,75,3a,5e,3b,eb,4c,cd,3c,84,f9
,f8,ae,d2,ce,e7,f4,33,00,..
"a0"=hex:20,01,00,00,36,a9,9e,64,5f,ab,b3,dc,62,24
,7c,0c,e6,9a,40,a0,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]
"khjeh"=hex:c9,f2,e3,38,2e,30,d3,1a,9c,fc,a7,0f,7a
,c5,af,fe,bd,a3,f0,73,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf41]
"khjeh"=hex:6b,f8,43,aa,bb,9b,fb,ad,4c,75,0e,be,6d
,1b,e2,5b,51,59,e6,21,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf42]
"khjeh"=hex:4f,43,47,5a,04,05,65,45,3e,dd,f5,2e,50
,63,33,e9,6a,0c,e4,b2,1e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf43]
"khjeh"=hex:1b,ab,63,c4,b0,d5,f9,f8,f3,e9,01,66,45
,ff,2c,e1,36,c8,06,5f,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\BTHPORT\Parameters\Keys\000272c0860f]
"0016200e095d"=hex:76,2f,ff,fa,36,a3,76,1a,16,53,c
8,a7,cf,33,19,72
"0015b922241e"=hex:f1,7e,50,1c,49,c0,d6,7a,ad,19,9
0,30,fd,a7,a3,d9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg]
"s1"=dword:9f8b6b6d
"s2"=dword:6c28f93f
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:e5,13,e6,45,cb,ef,95,d8,d9,32,94,c3,82
,50,d8,ad,48,6c,8c,34,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,4d,bd,d6,36,2f,72,37,25,c6,df,1d,b6
,8a,c2,01,ba,7a,9a,03,fb,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001]
"khjeh"=hex:3a,00,2a,75,3a,5e,3b,eb,4c,cd,3c,84,f9
,f8,ae,d2,ce,e7,f4,33,00,..
"a0"=hex:20,01,00,00,36,a9,9e,64,5f,ab,b3,dc,62,24
,7c,0c,e6,9a,40,a0,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001\0Jf40]
"khjeh"=hex:c9,f2,e3,38,2e,30,d3,1a,9c,fc,a7,0f,7a
,c5,af,fe,bd,a3,f0,73,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001\0Jf41]
"khjeh"=hex:6b,f8,43,aa,bb,9b,fb,ad,4c,75,0e,be,6d
,1b,e2,5b,51,59,e6,21,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001\0Jf42]
"khjeh"=hex:4f,43,47,5a,04,05,65,45,3e,dd,f5,2e,50
,63,33,e9,6a,0c,e4,b2,1e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001\0Jf43]
"khjeh"=hex:1b,ab,63,c4,b0,d5,f9,f8,f3,e9,01,66,45
,ff,2c,e1,36,c8,06,5f,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\
BTHPORT\Parameters\Keys\000272c0860f]
"0016200e095d"=hex:76,2f,ff,fa,36,a3,76,1a,16,53,c
8,a7,cf,33,19,72
"0015b922241e"=hex:f1,7e,50,1c,49,c0,d6,7a,ad,19,9
0,30,fd,a7,a3,d9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\
sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:e5,13,e6,45,cb,ef,95,d8,d9,32,94,c3,82
,50,d8,ad,48,6c,8c,34,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,4d,bd,d6,36,2f,72,37,25,c6,df,1d,b6
,8a,c2,01,ba,7a,9a,03,fb,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]
"khjeh"=hex:3a,00,2a,75,3a,5e,3b,eb,4c,cd,3c,84,f9
,f8,ae,d2,ce,e7,f4,33,00,..
"a0"=hex:20,01,00,00,36,a9,9e,64,5f,ab,b3,dc,62,24
,7c,0c,e6,9a,40,a0,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]
"khjeh"=hex:c9,f2,e3,38,2e,30,d3,1a,9c,fc,a7,0f,7a
,c5,af,fe,bd,a3,f0,73,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf41]
"khjeh"=hex:6b,f8,43,aa,bb,9b,fb,ad,4c,75,0e,be,6d
,1b,e2,5b,51,59,e6,21,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf42]
"khjeh"=hex:4f,43,47,5a,04,05,65,45,3e,dd,f5,2e,50
,63,33,e9,6a,0c,e4,b2,1e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf43]
"khjeh"=hex:1b,ab,63,c4,b0,d5,f9,f8,f3,e9,01,66,45
,ff,2c,e1,36,c8,06,5f,1c,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servi
ces\sharedaccess\parameters\firewallpolicy\standar
dprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora
Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\
Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora
Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\S
plinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste
m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime
\\my.exe:*:Enabled:INVENTIME"
"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Ena
bled:eMule"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\sky
pe\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\APPS\\Powercinema\\PowerCinema.exe"="C:\\APPS
\\Powercinema\\PowerCinema.exe:*:Enabled:PowerCine
ma"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program
Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor
rent"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,
-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servi
ces\sharedaccess\parameters\firewallpolicy\domainp
rofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste
m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,
-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: -
D:\DOCUME~1\RMI~1\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Sat 16 Aug 2003 579,584 A.SHR --- "C:\WINDOWS\system32\cd.exe"
Fri 30 May 2008 177 ..SH. --- "C:\WINDOWS\system32\mrwsyjlm.tmp"
Mon 28 Jan 2008 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\523d0569
29e13eacf8392044f602e53e\BIT2E.tmp"
Mon 28 Jan 2008 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\afa5528a
2269b5106016bdbc1ea3037f\BIT2D.tmp"
Mon 28 Jan 2008 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\f1d01f18
8c8132c12d35c3222b7723a4\BIT2C.tmp"
Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
[b]Finished![/b]
non j'ai le thème classique en mode normal pas en sans échec
Ok, poste un nouveau rapport HijackThis.
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:57, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [ec1729d1] rundll32.exe "C:\WINDOWS\system32\kwpcrngi.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orangege.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequiremirementslab.com/sysreqlab2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_9.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxenligne.orange.fr/orange2.0/OnlineHSS/zuma/Popcap.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 7066 bytes
Ne jamais mettre deux antivirus en même temps.
- Télécharge Deckard's System Scanner (DSS) sur ton bureau :
http://www.techsupportforum.com/sectools/Deckard/dss.exe
- Ferme toutes les applications en cours antivirus y compris
- Double-clique sur dss.exe pour lancer le soft
- S'il ne trouve pas HijackThis, clique sur Oui
- Clique sur OK à chaque fois que cela sera demandé
- L'analyse finie, un fichier texte s'affichera. Enregistre-le et upload-le sur mediafire et poste le lien pour qu'on puisse télécharger le rapport DSS :
http://www.mediafire.com/
- Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt
je ne peux pas up le file il me marque ca
This file could not be processed because it may be infected with a virus or trojan.
Please check the file and try uploading it again.
C'est le fichier texte main qu'il faut uploader.
voila le lien
http://www.mediafire.com/download.php?g0noll5bjyd
c'est le bon lien ?
Oui, c'est bon. Tu es infecté par Vundo et d'autres trucs.
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Démarre en mode sans échec :
http://www.malekal.com/modesansechec.php
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php
C'trop fun à lire ces trucs Tu es infecté par vundo et autre Télécharges et met à jour Chuck noriss.exe , ce tool de désinfection est utilisé pour détruire tout type d'infection 
il est super long a scanner sa prend combien de tps a peu près ? sa dépend de ce que j'ai sur le disque ?
Oui, ça peut prendre 45 minutes comme ça peut prendre 3h voire plus.
- Aide à l'achat Mac
- Création de Jeux
- Linux
- Création de sites web
- Programmation
- Internet
- Steam Deck
- Macintosh
- Hardware