Malware Ezula sur mon Win XP
Malware Ezula sur mon Win XP - Virus/Spywares - Windows & Software
Marsh Posté le 22-12-2007 à 13:32:11
Salut,
regarde ici: http://www.malekal.com/Adware.Magi [...] ocId213723
Sujets relatifs:
- Blocage Win XP PRO
- Pas d'activite dans Win xp pro!!
- Plantage Win ME
- Win 2000 sur disque SATA chipset P35, 4Go : possible ?
- Win Vista et nouveau PC
- historique de navigation sous WIN XP
- problème d'autologin sur Win XP
- Comment de débarasser de Trojan.Getobject.134 et Generic.Malware.SYBdd
- Barre de Tache Win XP
- Win XP : plantage explorer à l'ouverture d'un dossier (DEP)
Marsh Posté le 21-12-2007 à 20:31:43
Bonjour, j'ai un souci de malware ezula etc qui s'amplifie de jour en jour (ouvertures de pop up IE intempestives, un processus iexplore s'est rajouté, mon antivirus trouve des malwares mais même en les virant ils reviennent, de faux raccourcis vers windows updates se mettent sur mon bureau...) J'ai testé Vundofix, Sdfix, Spybot et adaware, au final ça revient toujours.
Voici mon dernier report Sdfix. Par pitié aidez moi car je ne peux plus travailler normalement...
SDFix: Version 1.119
Run by Administrateur on 21/12/2007 at 19:48
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 20:17:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:8c,38,1d,9c,d3,30,64,00,82,b1,02,4b,52,98,dd,a2,d3,9a,20,60,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,84,4d,c8,d8,4a,ad,49,df,64,44,a0,32,38,ce,7c,1a,0a,..
"hdf12"=hex:8b,26,dd,21,a8,d3,0d,44,e3,6a,9a,26,89,2c,4e,b6,bc,25,c7,9c,23,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:f5,37,be,00,4d,d5,93,47,59,80,59,e2,71,3c,b6,c5,24,95,2e,0c,9e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:79,07,dd,05,14,05,fd,ad,6a,cb,1f,55,f2,39,b9,4d,99,1d,9e,2c,87,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,48,c4,62,ff,29,f0,67,b3,80,ca,d8,6b,ac,f6,7c,38,0e,..
"khjeh"=hex:85,08,f6,8d,81,df,68,3c,ae,40,2a,55,e4,c5,7e,5a,07,9e,bc,28,e1,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:94,86,26,7d,83,fd,d4,bc,27,73,51,28,35,48,f9,8e,b0,e8,94,23,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:8c,38,1d,9c,d3,30,64,00,82,b1,02,4b,52,98,dd,a2,d3,9a,20,60,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,84,4d,c8,d8,4a,ad,49,df,64,44,a0,32,38,ce,7c,1a,0a,..
"hdf12"=hex:8b,26,dd,21,a8,d3,0d,44,e3,6a,9a,26,89,2c,4e,b6,bc,25,c7,9c,23,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:f5,37,be,00,4d,d5,93,47,59,80,59,e2,71,3c,b6,c5,24,95,2e,0c,9e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:79,07,dd,05,14,05,fd,ad,6a,cb,1f,55,f2,39,b9,4d,99,1d,9e,2c,87,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,48,c4,62,ff,29,f0,67,b3,80,ca,d8,6b,ac,f6,7c,38,0e,..
"khjeh"=hex:85,08,f6,8d,81,df,68,3c,ae,40,2a,55,e4,c5,7e,5a,07,9e,bc,28,e1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:94,86,26,7d,83,fd,d4,bc,27,73,51,28,35,48,f9,8e,b0,e8,94,23,54,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\ajfblrpm.exe"="C:\\WINDOWS\\system32\\ajf"
"C:\\Program Files\\Call of Duty 4\\iw3mp.exe"="C:\\Program Files\\Call of Duty 4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Files with Hidden Attributes:
Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri 21 Dec 2007 36,698 ..SH. --- "C:\WINDOWS\system32\gnjvjjhx.dllbox"
Fri 30 Nov 2007 63,223 ..SH. --- "C:\WINDOWS\system32\nqtwa.bak1"
Fri 21 Dec 2007 256,687 ..SH. --- "C:\WINDOWS\system32\nqtwa.bak2"
Wed 19 Dec 2007 5,405 ...HR --- "C:\Documents and Settings\ramenian\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 21 May 2006 24,064 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0005.tmp"
Sun 21 May 2006 28,672 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0076.tmp"
Sun 21 May 2006 26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0113.tmp"
Sun 21 May 2006 28,160 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0119.tmp"
Sun 21 May 2006 26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0179.tmp"
Sun 21 May 2006 25,088 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0299.tmp"
Sun 21 May 2006 26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0437.tmp"
Sun 21 May 2006 26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1086.tmp"
Sun 21 May 2006 26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1173.tmp"
Sun 21 May 2006 25,088 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1272.tmp"
Sun 21 May 2006 26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1304.tmp"
Sun 21 May 2006 26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1331.tmp"
Sun 21 May 2006 29,184 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1459.tmp"
Sun 21 May 2006 26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1633.tmp"
Sun 21 May 2006 24,576 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1698.tmp"
Sun 21 May 2006 24,064 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1960.tmp"
Sun 21 May 2006 28,672 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2085.tmp"
Sun 21 May 2006 29,184 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2524.tmp"
Sun 21 May 2006 29,696 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2580.tmp"
Sun 21 May 2006 26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2649.tmp"
Sun 21 May 2006 26,624 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2856.tmp"
Sun 21 May 2006 26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2987.tmp"
Sun 21 May 2006 29,184 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL3111.tmp"
Sun 21 May 2006 27,136 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL3590.tmp"
Sun 21 May 2006 27,136 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL3767.tmp"
Sun 21 May 2006 25,088 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL3824.tmp"
Sun 21 May 2006 29,696 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL3864.tmp"
Finished!
Que dois-je faire ?
Merci !