[b]SDFix: Version 1.190 [/b]
Run by Propri‚taire on 2008-06-09 at 18:08

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\PROPRI~1\Bureau\SDFix

[b]Checking Services [/b]:

C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

[b]Checking files[/b]:

[b]Genuine[/b]:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

[b]Dummy[/b]:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

[b]Final Check[/b]:

[b]Genuine[/b]:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\WINPDC32.dll - Deleted
C:\WINDOWS\SYSTEM32\CBOCR.DLL - Deleted
C:\WINDOWS\system32\found.exe.exe - Deleted
C:\WINDOWS\b148.exe - Deleted
C:\WINDOWS\b155.exe - Deleted
C:\WINDOWS\b156.exe - Deleted
C:\WINDOWS\mrofinu.exe - Deleted
C:\WINDOWS\mrofinu27.exe - Deleted
C:\WINDOWS\mrofinu2000352.exe.tmp - Deleted
C:\WINDOWS\mrofinu27.exe.tmp - Deleted
C:\WINDOWS\system32\dllgh8jkd1q1.exe - Deleted
C:\WINDOWS\system32\dllgh8jkd1q8.exe - Deleted
C:\WINDOWS\system32\vedxga4me1.exe - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted

Could Not Remove C:\WINDOWS\system32\WinNt32.dll

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 18:21:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000

"khjeh"=hex:d7,be,33,20,0e,3c,61,51,ed,85,26,b6,0c
,91,70,24,ae,48,07,50,16,..
"p0"="D:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]

"a0"=hex:20,01,00,00,05,75,5a,21,73,b5,15,ee,45,42
,c6,22,03,7c,6c,18,fb,..

"khjeh"=hex:f8,98,b6,5f,d8,81,bd,9b,a3,5a,4d,bc,48
,72,b6,81,2a,48,b9,5e,58,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]

"khjeh"=hex:80,2e,a7,b9,c0,95,34,6a,45,fd,9d,54,8e
,8f,45,1e,15,7c,dd,29,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf41]

"khjeh"=hex:80,2e,a7,b9,c0,95,34,6a,45,fd,9d,54,8e
,8f,45,1e,15,7c,dd,29,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf42]

"khjeh"=hex:3e,02,02,5e,9f,db,f0,89,71,f8,5e,0f,26
,95,8c,60,a6,14,81,93,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf43]

"khjeh"=hex:3e,02,02,5e,9f,db,f0,89,71,f8,5e,0f,26
,95,8c,60,a6,14,81,93,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg]
"s1"=dword:fcbf2148
"s2"=dword:f0dc6c0b
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000

"khjeh"=hex:d7,be,33,20,0e,3c,61,51,ed,85,26,b6,0c
,91,70,24,ae,48,07,50,16,..
"p0"="D:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001]

"a0"=hex:20,01,00,00,05,75,5a,21,73,b5,15,ee,45,42
,c6,22,03,7c,6c,18,fb,..

"khjeh"=hex:f8,98,b6,5f,d8,81,bd,9b,a3,5a,4d,bc,48
,72,b6,81,2a,48,b9,5e,58,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001\0Jf40]

"khjeh"=hex:91,0c,7c,d4,51,7c,ee,47,ad,79,1c,47,5e
,83,e4,a6,f5,7f,ad,b8,ed,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001\0Jf41]

"khjeh"=hex:80,2e,a7,b9,c0,95,34,6a,45,fd,9d,54,8e
,8f,45,1e,15,7c,dd,29,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001\0Jf42]

"khjeh"=hex:3e,02,02,5e,9f,db,f0,89,71,f8,5e,0f,26
,95,8c,60,a6,14,81,93,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001\0Jf43]

"khjeh"=hex:3e,02,02,5e,9f,db,f0,89,71,f8,5e,0f,26
,95,8c,60,a6,14,81,93,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000

"khjeh"=hex:d7,be,33,20,0e,3c,61,51,ed,85,26,b6,0c
,91,70,24,ae,48,07,50,16,..
"p0"="D:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]

"a0"=hex:20,01,00,00,05,75,5a,21,73,b5,15,ee,45,42
,c6,22,03,7c,6c,18,fb,..

"khjeh"=hex:f8,98,b6,5f,d8,81,bd,9b,a3,5a,4d,bc,48
,72,b6,81,2a,48,b9,5e,58,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]

"khjeh"=hex:91,0c,7c,d4,51,7c,ee,47,ad,79,1c,47,5e
,83,e4,a6,f5,7f,ad,b8,ed,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf41]

"khjeh"=hex:80,2e,a7,b9,c0,95,34,6a,45,fd,9d,54,8e
,8f,45,1e,15,7c,dd,29,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf42]

"khjeh"=hex:3e,02,02,5e,9f,db,f0,89,71,f8,5e,0f,26
,95,8c,60,a6,14,81,93,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf43]

"khjeh"=hex:3e,02,02,5e,9f,db,f0,89,71,f8,5e,0f,26
,95,8c,60,a6,14,81,93,d5,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servi
ces\sharedaccess\parameters\firewallpolicy\standar
dprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\syste
m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program
Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou
r"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servi
ces\sharedaccess\parameters\firewallpolicy\domainp
rofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\syste
m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

C:\WINDOWS\system32\WinNt32.dll Found

File Backups: -
C:\DOCUME~1\PROPRI~1\Bureau\SDFix\backups\backups.
zip

[b]Files with Hidden Attributes [/b]:

Thu 15 Mar 2007 196 A.SHR --- "C:\BOOT.BAK"
Thu 6 Sep 2001 1,700,352 A..H. --- "C:\gdiplus.dll"
Thu 9 Nov 2006 4,900,464 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 1 Jul 2006 49,564 A.SHR --- "C:\WINDOWS\system32\WinMgCt.exe"
Wed 21 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 26 Oct 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"
Tue 7 Nov 2006 1,343,800 A..H. --- "C:\Program Files\Google\Google Desktop Search\BIT2C1.tmp"
Sun 10 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 8 Feb 2004 5,294,080 A..H. --- "C:\hp\patches\42WW1REC\src\App00153.exe"
Sun 8 Feb 2004 452,096 A..H. --- "C:\hp\patches\42WW1REC\src\App00292.exe"
Sun 8 Feb 2004 444,416 A..H. --- "C:\hp\patches\42WW1REC\src\App00491.exe"
Sun 8 Feb 2004 1,838,592 A..H. --- "C:\hp\patches\42WW1REC\src\App02995.exe"
Sun 8 Feb 2004 492,544 A..H. --- "C:\hp\patches\42WW1REC\src\App04827.exe"
Sun 8 Feb 2004 1,401,856 A..H. --- "C:\hp\patches\42WW1REC\src\App05447.exe"
Sun 8 Feb 2004 440,320 A..H. --- "C:\hp\patches\42WW1REC\src\App05705.exe"
Sun 8 Feb 2004 462,848 A..H. --- "C:\hp\patches\42WW1REC\src\App09961.exe"
Sun 8 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App14604.exe"
Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App16827.exe"
Sun 8 Feb 2004 3,668,992 A..H. --- "C:\hp\patches\42WW1REC\src\App17421.exe"
Wed 11 Feb 2004 696,832 A..H. --- "C:\hp\patches\42WW1REC\src\App18716.exe"
Sun 8 Feb 2004 423,936 A..H. --- "C:\hp\patches\42WW1REC\src\App19169.exe"
Sun 8 Feb 2004 1,157,632 A..H. --- "C:\hp\patches\42WW1REC\src\App19718.exe"
Wed 11 Feb 2004 995,328 A..H. --- "C:\hp\patches\42WW1REC\src\App19895.exe"
Sun 8 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App23281.exe"
Sun 8 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App24464.exe"
Sun 8 Feb 2004 2,251,776 A..H. --- "C:\hp\patches\42WW1REC\src\App26962.exe"
Sun 8 Feb 2004 481,792 A..H. --- "C:\hp\patches\42WW1REC\src\App29358.exe"
Sun 8 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App32391.exe"
Sun 8 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App99990.exe"
Sun 8 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App99992.exe"
Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App99993.exe"
Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\xApp14604.exe"
Wed 3 Oct 2007 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\64e594df
5de9258be376fcbfc53c7318\BIT125.tmp"
Wed 3 Oct 2007 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\778fd2fc
3fe6b905e366b5ddbba384c8\BIT47.tmp"
Thu 16 Nov 2006 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18
\5a0d771158cfd69be5ddd26d8f58c73b\BITB.tmp"
Sun 11 Jun 2006 233,472 A.SH. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Mes images\2004-2007\2006\Le trio en balade 18-06- 2006\SIV2B.tmp"
Sun 11 Jun 2006 393,216 A.SH. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Mes images\2004-2007\2006\Le trio en balade 18-06- 2006\SIV2C.tmp"

[b]Finished![/b]

Ça s'améliore.

ça me rassure déjà un peu!

Hé oui... , wiwi est toujours là pour aider les gens pomés

Il y a beaucoup d'infection. Faut dégrossir un peu :

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Démarre en mode sans échec :
http://www.malekal.com/modesansechec.php

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal, upload le rapport sur mediafire puis poste le lien :
http://www.mediafire.com/

Tutorial :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Mais j'ai toujours un avertissement pour un virus appelé "TSPY LEGMIR.XQ". Ouais c'est vrai il m'a déjà beaucoup aidé!

Salut, voila hier soir j'ai essayé deux fois de faire le scan avec MalwareByte's Anti-Malware et j'ai eu deux messages d'erreur a chaque fois. ( une fois au bout d'une heure et demi environet la 2eme au bout d'un peu plus de 2h) Donc je comprends pas pourquoi !

Commence par un scan rapide alors.

Et aprés je fais un scan complet ?

Fais un scan rapide et poste le rapport.

Puis essaie le complet.

Malwarebytes' Anti-Malware 1.15
Version de la base de données: 842

19:19:13 2008-06-11
mbam-log-6-11-2008 (19-19-12).txt

Type de recherche: Examen rapide
Eléments examinés: 39617
Temps écoulé: 30 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\fastsmell.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinNt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

Cool, essaie de faire un scan complet en mettant à jour le logiciel.

Okay, pas de probléme! Je posterai le scan demain matin. Et est ce que c'est normal que j'ai encore des messages d'alerte pour virus?

La désinfection n'est pas finie.

Les rogues ça pueeeeeee.