no save
Identification
Assistance
Achat
News

Forum | virus/sécurité
Logger.Zbot.cns m'a tué!
Mobutu, le ven. 27 juin 2008 à 21:44:40
[b]SDFix: Version 1.197 /b
Run by Administrateur on 27/06/2008 at 20:25

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files /b:

Trojan Files Found:

C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll - Deleted
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted



Folder C:\WINDOWS\system32\wsnpoem - Removed


Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 20:32:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon Demo\\rct.exe"="C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon Demo\\rct.exe:*:Disabled:rct"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Honeywell\\PCFMS5.2\\Fms_main.exe"="C:\\Program Files\\Honeywell\\PCFMS5.2\\Fms_main.exe:*:Enabled:Fms_main"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[b]Remaining Files /b:


File Backups: - C:\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Fri 16 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 26 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 4 Apr 2004 53,760 A..H. --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Airplanes\~WRL0004.tmp"
Wed 7 Apr 2004 49,664 A..H. --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Airplanes\~WRL0118.tmp"
Wed 7 Apr 2004 49,664 A..H. --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Airplanes\~WRL0695.tmp"
Wed 7 Apr 2004 49,664 A..H. --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Airplanes\~WRL0843.tmp"
Wed 7 Apr 2004 49,152 A..H. --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Airplanes\~WRL1099.tmp"
Sun 4 Apr 2004 51,712 A..H. --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Airplanes\~WRL1780.tmp"
Wed 7 Apr 2004 46,592 A..H. --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Airplanes\~WRL3769.tmp"
Sat 1 Sep 2007 63,721,472 ...H. --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Books\C“te d'Ivoire\~WRL1251.tmp"
Tue 15 Nov 2005 78,104 A.SHR --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Employers\S‚n‚gal Air Services\Autodesk DWF Viewer\Setup.exe"
Thu 24 Nov 2005 17,920 A.SHR --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Employers\S‚n‚gal Air Services\Autodesk DWF Viewer\_Setup.dll"
Thu 24 Nov 2005 12,880 A.SHR --- "C:\Documents and Settings\S‚bastien Grand-Cl‚m\Mes documents\My Employers\S‚n‚gal Air Services\Autodesk DWF Viewer\_Setupx.dll"

[b]Finished!/b
PrécédentMalekal_morte-
juin 08
Mobutu
juin 08
Suivant
REPONSES
Tipala
juin 08
netrider92
juin 08
Malekal_morte-
juin 08
chimay8
juin 08
Mobutu
juin 08
Malekal_morte-
juin 08
Mobutu
juin 08
Mobutu
juin 08
Malekal_morte-
juin 08
g!rly
juin 08
Version Web
Mentions légales (c)2009
Réalisé par RedShift
no save