bon ca y est !!
après plusieurs frayeurs
après l'analyse l'ordi a beuger pendant plus d'une heure
je t'envois le rapport
SDFix: Version 1.141
Run by Administrateur on 12/02/2008 at 22:26
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service asc3550p - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\install\install.exe - Deleted
C:\WINDOWS\taskmon.exe - Deleted
C:\WINDOWS\system32\drivers\asc3550p.sys - Deleted
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 23:53:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:83,6b,1d,4e,dc,11,66,4f,4f,31,26,43,e1,65,0f,ce,c1,88,94,94,33,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,03,10,8a,d1,f6,2a,1f,98,9a,4a,96,c4,11,4b,cb,46,..
"khjeh"=hex:7a,f5,34,a6,f9,b4,b9,25,d7,30,dd,93,78,a1,b0,d8,90,c8,9a,9d,0a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:68,88,38,8e,44,0e,9c,81,e2,62,46,8e,8e,b6,65,ef,8e,bf,e3,65,8b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:29b62fda
"s1"=dword:255f21c8
"s2"=dword:ac386153
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:83,6b,1d,4e,dc,11,66,4f,4f,31,26,43,e1,65,0f,ce,c1,88,94,94,33,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,03,10,8a,d1,f6,2a,1f,98,9a,4a,96,c4,11,4b,cb,46,..
"khjeh"=hex:7a,f5,34,a6,f9,b4,b9,25,d7,30,dd,93,78,a1,b0,d8,90,c8,9a,9d,0a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:68,88,38,8e,44,0e,9c,81,e2,62,46,8e,8e,b6,65,ef,8e,bf,e3,65,8b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:83,6b,1d,4e,dc,11,66,4f,4f,31,26,43,e1,65,0f,ce,c1,88,94,94,33,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,03,10,8a,d1,f6,2a,1f,98,9a,4a,96,c4,11,4b,cb,46,..
"khjeh"=hex:7a,f5,34,a6,f9,b4,b9,25,d7,30,dd,93,78,a1,b0,d8,90,c8,9a,9d,0a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:68,88,38,8e,44,0e,9c,81,e2,62,46,8e,8e,b6,65,ef,8e,bf,e3,65,8b,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"F:\\Program Files\\eMule\\emule.exe"="F:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Messenger 8.0 Beta (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Messenger 8.0 Beta (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 23 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 14 Sep 2007 1,160 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 23 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 11 May 2006 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti6.tmp"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
Finished!