Win32:Agent-OKM [Trj]
Fermé
albator81_1
-
17 déc. 2007 à 12:48
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 19 déc. 2007 à 23:08
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 19 déc. 2007 à 23:08
A voir également:
- Win32:Agent-OKM [Trj]
- Trojan win32 - Forum Virus
- Win32 pup gen ✓ - Forum Linux / Unix
- Win32:malware-gen ✓ - Forum Virus
- Win32/offercore ✓ - Forum Virus
- Win32:bogent - Forum Virus
12 réponses
Utilisateur anonyme
17 déc. 2007 à 12:50
17 déc. 2007 à 12:50
Salut,
Tu n'es pas en SP2 pour être bien protégé !
Commence par télécharger le SP2
Tu n'es pas en SP2 pour être bien protégé !
Commence par télécharger le SP2
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 déc. 2007 à 12:53
17 déc. 2007 à 12:53
slt,
tu as F SECURE ET AVAST???
il ne faut garder qu'un seul antivirus sur ton ordi
__________________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
______________________
AVG antispyware
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_________________________
recolle hijackthis et dis tes soucis
rq: il faudra mettre windows a jour une fois que la desinfection sera finie
tu as F SECURE ET AVAST???
il ne faut garder qu'un seul antivirus sur ton ordi
__________________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
______________________
AVG antispyware
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_________________________
recolle hijackthis et dis tes soucis
rq: il faudra mettre windows a jour une fois que la desinfection sera finie
Utilisateur anonyme
17 déc. 2007 à 13:03
17 déc. 2007 à 13:03
Salut jlpjlp,
OUI, qu'un seul AV d'activé à la fois.
Laisse lui le temps de faire les MAJ SP2 avant...
OUI, qu'un seul AV d'activé à la fois.
Laisse lui le temps de faire les MAJ SP2 avant...
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 déc. 2007 à 13:06
17 déc. 2007 à 13:06
slt DID,
je prefererai que l'ordi soit desinfécté avant les mises a jour car il a un parefeu qui le protege
et que certains virus font planter avec le sp2
je prefererai que l'ordi soit desinfécté avant les mises a jour car il a un parefeu qui le protege
et que certains virus font planter avec le sp2
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici le résultat de SDFix :
SDFix: Version 1.118
Run by Mauxion on 17/12/2007 at 15:42
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
ctl_w32
Path:
\SystemRoot\system32\drivers\ctl_w32.sys
ctl_w32 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service NdisWon - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\7_exception.nls - Deleted
C:\WINDOWS\system32\RunOnce.t__ - Deleted
C:\WINDOWS\system32\RunOnce.tmp - Deleted
Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 15:48:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Temp\_av_proI.tm~a02316
C:\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
C:\WINDOWS\system32\drivers\symavc32.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\atmlane.sys 55936 bytes executable
C:\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
C:\WINDOWS\system32\drivers\atv01nt5.dll 21183 bytes executable
C:\WINDOWS\system32\drivers\atv02nt5.dll 11359 bytes executable
C:\WINDOWS\system32\drivers\atv04nt5.dll 25471 bytes executable
C:\WINDOWS\system32\drivers\atv06nt5.dll 14143 bytes executable
C:\WINDOWS\system32\drivers\atv10nt5.dll 17279 bytes executable
C:\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
C:\WINDOWS\system32\drivers\Axmq83.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\ati1mdxx.sys 11615 bytes executable
C:\WINDOWS\system32\drivers\ati1pdxx.sys 12047 bytes executable
C:\WINDOWS\system32\drivers\ati1raxx.sys 30671 bytes executable
C:\WINDOWS\system32\drivers\ati1rvxx.sys 63663 bytes executable
C:\WINDOWS\system32\drivers\ati1snxx.sys 26367 bytes executable
C:\WINDOWS\system32\drivers\ati1ttxx.sys 21343 bytes executable
C:\WINDOWS\system32\drivers\ati1tuxx.sys 36463 bytes executable
C:\WINDOWS\system32\drivers\ati1xbxx.sys 29455 bytes executable
C:\WINDOWS\system32\drivers\ati1xsxx.sys 34735 bytes executable
C:\WINDOWS\system32\drivers\ati2mtaa.sys 327168 bytes executable
C:\WINDOWS\system32\drivers\ati2mtag.sys 701440 bytes executable
C:\WINDOWS\system32\drivers\atinbtxx.sys 57856 bytes executable
C:\WINDOWS\system32\drivers\atinmdxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atinpdxx.sys 14336 bytes executable
C:\WINDOWS\system32\drivers\atinraxx.sys 52224 bytes executable
C:\WINDOWS\system32\drivers\atinrvxx.sys 104960 bytes executable
C:\WINDOWS\system32\drivers\atinsnxx.sys 28672 bytes executable
C:\WINDOWS\system32\drivers\atinttxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atintuxx.sys 73216 bytes executable
C:\WINDOWS\system32\drivers\atinxbxx.sys 31744 bytes executable
C:\WINDOWS\system32\drivers\atinxsxx.sys 63488 bytes executable
C:\WINDOWS\system32\drivers\ativmc20.cod 64352 bytes
C:\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\01\10-{B10C5A70-5F52-6B02-540E-4621F4794CE7}-v1-{8058391C-C4EF-490A-BFA6-0228011399B4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\04\304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\05\305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 456 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\06\306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4134 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\08\308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\09\309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\10\310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 424 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\11\311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\12\312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\13\313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\14\314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\15\315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\16\316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\17\317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\18\318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\19\319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\20\320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\tizibou@hotmail.com\SharingMetadata\cecilia_huet@hotmail.fr\DFSR\Staging\CS{AA62AF11-2777-76FC-41D3-082309C9F36E}\01\11-{AA62AF11-2777-76FC-41D3-082309C9F36E}-v1-{FB8C97F1-9154-4269-BD49-A2621F0CE8C4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 55
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 1 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\BIT4C.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c938fdf4fabf9a9109aa1fa9ac821c2\BIT36.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84c8ebea30ffe407ee908e9caa0bd074\BIT4E.tmp"
Thu 1 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 1 Mar 2007 20 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 26 Feb 2007 312 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Thu 1 Mar 2007 1,536 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c94fdf84dc55e9a818c8222bafc1812\download\BIT60.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4eeab5e9badabf8752919b7df37ed651\download\BIT6F.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\download\BIT71.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT69.tmp"
Finished!
SDFix: Version 1.118
Run by Mauxion on 17/12/2007 at 15:42
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
ctl_w32
Path:
\SystemRoot\system32\drivers\ctl_w32.sys
ctl_w32 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service NdisWon - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\7_exception.nls - Deleted
C:\WINDOWS\system32\RunOnce.t__ - Deleted
C:\WINDOWS\system32\RunOnce.tmp - Deleted
Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 15:48:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Temp\_av_proI.tm~a02316
C:\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
C:\WINDOWS\system32\drivers\symavc32.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\atmlane.sys 55936 bytes executable
C:\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
C:\WINDOWS\system32\drivers\atv01nt5.dll 21183 bytes executable
C:\WINDOWS\system32\drivers\atv02nt5.dll 11359 bytes executable
C:\WINDOWS\system32\drivers\atv04nt5.dll 25471 bytes executable
C:\WINDOWS\system32\drivers\atv06nt5.dll 14143 bytes executable
C:\WINDOWS\system32\drivers\atv10nt5.dll 17279 bytes executable
C:\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
C:\WINDOWS\system32\drivers\Axmq83.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\ati1mdxx.sys 11615 bytes executable
C:\WINDOWS\system32\drivers\ati1pdxx.sys 12047 bytes executable
C:\WINDOWS\system32\drivers\ati1raxx.sys 30671 bytes executable
C:\WINDOWS\system32\drivers\ati1rvxx.sys 63663 bytes executable
C:\WINDOWS\system32\drivers\ati1snxx.sys 26367 bytes executable
C:\WINDOWS\system32\drivers\ati1ttxx.sys 21343 bytes executable
C:\WINDOWS\system32\drivers\ati1tuxx.sys 36463 bytes executable
C:\WINDOWS\system32\drivers\ati1xbxx.sys 29455 bytes executable
C:\WINDOWS\system32\drivers\ati1xsxx.sys 34735 bytes executable
C:\WINDOWS\system32\drivers\ati2mtaa.sys 327168 bytes executable
C:\WINDOWS\system32\drivers\ati2mtag.sys 701440 bytes executable
C:\WINDOWS\system32\drivers\atinbtxx.sys 57856 bytes executable
C:\WINDOWS\system32\drivers\atinmdxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atinpdxx.sys 14336 bytes executable
C:\WINDOWS\system32\drivers\atinraxx.sys 52224 bytes executable
C:\WINDOWS\system32\drivers\atinrvxx.sys 104960 bytes executable
C:\WINDOWS\system32\drivers\atinsnxx.sys 28672 bytes executable
C:\WINDOWS\system32\drivers\atinttxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atintuxx.sys 73216 bytes executable
C:\WINDOWS\system32\drivers\atinxbxx.sys 31744 bytes executable
C:\WINDOWS\system32\drivers\atinxsxx.sys 63488 bytes executable
C:\WINDOWS\system32\drivers\ativmc20.cod 64352 bytes
C:\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\01\10-{B10C5A70-5F52-6B02-540E-4621F4794CE7}-v1-{8058391C-C4EF-490A-BFA6-0228011399B4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\04\304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\05\305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 456 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\06\306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4134 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\08\308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\09\309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\10\310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 424 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\11\311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\12\312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\13\313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\14\314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\15\315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\16\316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\17\317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\18\318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\19\319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\20\320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\tizibou@hotmail.com\SharingMetadata\cecilia_huet@hotmail.fr\DFSR\Staging\CS{AA62AF11-2777-76FC-41D3-082309C9F36E}\01\11-{AA62AF11-2777-76FC-41D3-082309C9F36E}-v1-{FB8C97F1-9154-4269-BD49-A2621F0CE8C4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 55
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 1 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\BIT4C.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c938fdf4fabf9a9109aa1fa9ac821c2\BIT36.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84c8ebea30ffe407ee908e9caa0bd074\BIT4E.tmp"
Thu 1 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 1 Mar 2007 20 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 26 Feb 2007 312 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Thu 1 Mar 2007 1,536 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c94fdf84dc55e9a818c8222bafc1812\download\BIT60.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4eeab5e9badabf8752919b7df37ed651\download\BIT6F.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\download\BIT71.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT69.tmp"
Finished!
Voici le résultat de SDFix :
SDFix: Version 1.118
Run by Mauxion on 17/12/2007 at 15:42
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
ctl_w32
Path:
\SystemRoot\system32\drivers\ctl_w32.sys
ctl_w32 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service NdisWon - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\7_exception.nls - Deleted
C:\WINDOWS\system32\RunOnce.t__ - Deleted
C:\WINDOWS\system32\RunOnce.tmp - Deleted
Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 15:48:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Temp\_av_proI.tm~a02316
C:\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
C:\WINDOWS\system32\drivers\symavc32.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\atmlane.sys 55936 bytes executable
C:\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
C:\WINDOWS\system32\drivers\atv01nt5.dll 21183 bytes executable
C:\WINDOWS\system32\drivers\atv02nt5.dll 11359 bytes executable
C:\WINDOWS\system32\drivers\atv04nt5.dll 25471 bytes executable
C:\WINDOWS\system32\drivers\atv06nt5.dll 14143 bytes executable
C:\WINDOWS\system32\drivers\atv10nt5.dll 17279 bytes executable
C:\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
C:\WINDOWS\system32\drivers\Axmq83.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\ati1mdxx.sys 11615 bytes executable
C:\WINDOWS\system32\drivers\ati1pdxx.sys 12047 bytes executable
C:\WINDOWS\system32\drivers\ati1raxx.sys 30671 bytes executable
C:\WINDOWS\system32\drivers\ati1rvxx.sys 63663 bytes executable
C:\WINDOWS\system32\drivers\ati1snxx.sys 26367 bytes executable
C:\WINDOWS\system32\drivers\ati1ttxx.sys 21343 bytes executable
C:\WINDOWS\system32\drivers\ati1tuxx.sys 36463 bytes executable
C:\WINDOWS\system32\drivers\ati1xbxx.sys 29455 bytes executable
C:\WINDOWS\system32\drivers\ati1xsxx.sys 34735 bytes executable
C:\WINDOWS\system32\drivers\ati2mtaa.sys 327168 bytes executable
C:\WINDOWS\system32\drivers\ati2mtag.sys 701440 bytes executable
C:\WINDOWS\system32\drivers\atinbtxx.sys 57856 bytes executable
C:\WINDOWS\system32\drivers\atinmdxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atinpdxx.sys 14336 bytes executable
C:\WINDOWS\system32\drivers\atinraxx.sys 52224 bytes executable
C:\WINDOWS\system32\drivers\atinrvxx.sys 104960 bytes executable
C:\WINDOWS\system32\drivers\atinsnxx.sys 28672 bytes executable
C:\WINDOWS\system32\drivers\atinttxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atintuxx.sys 73216 bytes executable
C:\WINDOWS\system32\drivers\atinxbxx.sys 31744 bytes executable
C:\WINDOWS\system32\drivers\atinxsxx.sys 63488 bytes executable
C:\WINDOWS\system32\drivers\ativmc20.cod 64352 bytes
C:\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\01\10-{B10C5A70-5F52-6B02-540E-4621F4794CE7}-v1-{8058391C-C4EF-490A-BFA6-0228011399B4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\04\304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\05\305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 456 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\06\306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4134 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\08\308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\09\309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\10\310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 424 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\11\311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\12\312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\13\313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\14\314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\15\315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\16\316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\17\317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\18\318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\19\319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\20\320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\tizibou@hotmail.com\SharingMetadata\cecilia_huet@hotmail.fr\DFSR\Staging\CS{AA62AF11-2777-76FC-41D3-082309C9F36E}\01\11-{AA62AF11-2777-76FC-41D3-082309C9F36E}-v1-{FB8C97F1-9154-4269-BD49-A2621F0CE8C4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 55
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 1 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\BIT4C.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c938fdf4fabf9a9109aa1fa9ac821c2\BIT36.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84c8ebea30ffe407ee908e9caa0bd074\BIT4E.tmp"
Thu 1 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 1 Mar 2007 20 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 26 Feb 2007 312 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Thu 1 Mar 2007 1,536 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c94fdf84dc55e9a818c8222bafc1812\download\BIT60.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4eeab5e9badabf8752919b7df37ed651\download\BIT6F.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\download\BIT71.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT69.tmp"
Finished!
SDFix: Version 1.118
Run by Mauxion on 17/12/2007 at 15:42
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
ctl_w32
Path:
\SystemRoot\system32\drivers\ctl_w32.sys
ctl_w32 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service NdisWon - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\7_exception.nls - Deleted
C:\WINDOWS\system32\RunOnce.t__ - Deleted
C:\WINDOWS\system32\RunOnce.tmp - Deleted
Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 15:48:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Temp\_av_proI.tm~a02316
C:\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
C:\WINDOWS\system32\drivers\symavc32.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\atmlane.sys 55936 bytes executable
C:\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
C:\WINDOWS\system32\drivers\atv01nt5.dll 21183 bytes executable
C:\WINDOWS\system32\drivers\atv02nt5.dll 11359 bytes executable
C:\WINDOWS\system32\drivers\atv04nt5.dll 25471 bytes executable
C:\WINDOWS\system32\drivers\atv06nt5.dll 14143 bytes executable
C:\WINDOWS\system32\drivers\atv10nt5.dll 17279 bytes executable
C:\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
C:\WINDOWS\system32\drivers\Axmq83.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\ati1mdxx.sys 11615 bytes executable
C:\WINDOWS\system32\drivers\ati1pdxx.sys 12047 bytes executable
C:\WINDOWS\system32\drivers\ati1raxx.sys 30671 bytes executable
C:\WINDOWS\system32\drivers\ati1rvxx.sys 63663 bytes executable
C:\WINDOWS\system32\drivers\ati1snxx.sys 26367 bytes executable
C:\WINDOWS\system32\drivers\ati1ttxx.sys 21343 bytes executable
C:\WINDOWS\system32\drivers\ati1tuxx.sys 36463 bytes executable
C:\WINDOWS\system32\drivers\ati1xbxx.sys 29455 bytes executable
C:\WINDOWS\system32\drivers\ati1xsxx.sys 34735 bytes executable
C:\WINDOWS\system32\drivers\ati2mtaa.sys 327168 bytes executable
C:\WINDOWS\system32\drivers\ati2mtag.sys 701440 bytes executable
C:\WINDOWS\system32\drivers\atinbtxx.sys 57856 bytes executable
C:\WINDOWS\system32\drivers\atinmdxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atinpdxx.sys 14336 bytes executable
C:\WINDOWS\system32\drivers\atinraxx.sys 52224 bytes executable
C:\WINDOWS\system32\drivers\atinrvxx.sys 104960 bytes executable
C:\WINDOWS\system32\drivers\atinsnxx.sys 28672 bytes executable
C:\WINDOWS\system32\drivers\atinttxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atintuxx.sys 73216 bytes executable
C:\WINDOWS\system32\drivers\atinxbxx.sys 31744 bytes executable
C:\WINDOWS\system32\drivers\atinxsxx.sys 63488 bytes executable
C:\WINDOWS\system32\drivers\ativmc20.cod 64352 bytes
C:\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\01\10-{B10C5A70-5F52-6B02-540E-4621F4794CE7}-v1-{8058391C-C4EF-490A-BFA6-0228011399B4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\04\304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\05\305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 456 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\06\306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4134 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\08\308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\09\309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\10\310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 424 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\11\311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\12\312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\13\313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\14\314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\15\315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\16\316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\17\317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\18\318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\19\319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\20\320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\tizibou@hotmail.com\SharingMetadata\cecilia_huet@hotmail.fr\DFSR\Staging\CS{AA62AF11-2777-76FC-41D3-082309C9F36E}\01\11-{AA62AF11-2777-76FC-41D3-082309C9F36E}-v1-{FB8C97F1-9154-4269-BD49-A2621F0CE8C4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 55
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 1 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\BIT4C.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c938fdf4fabf9a9109aa1fa9ac821c2\BIT36.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84c8ebea30ffe407ee908e9caa0bd074\BIT4E.tmp"
Thu 1 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 1 Mar 2007 20 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 26 Feb 2007 312 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Thu 1 Mar 2007 1,536 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c94fdf84dc55e9a818c8222bafc1812\download\BIT60.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4eeab5e9badabf8752919b7df37ed651\download\BIT6F.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\download\BIT71.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT69.tmp"
Finished!
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 déc. 2007 à 16:45
17 déc. 2007 à 16:45
ok passe a la suite:
AVG antispyware
https://www.01net.com/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_________________________
recolle hijackthis et dis tes soucis
AVG antispyware
https://www.01net.com/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_________________________
recolle hijackthis et dis tes soucis
Voici les 2 rapports ( AVG et Combo Fix ) :
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 18:58:29 17/12/2007
+ Résultat de l'analyse:
C:\WINDOWS\system32\d4ghggf4g.dll -> Downloader.Small.fyx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{22D37528-AAD5-405E-BEA4-FAF2844C6EDD}\RP218\A0091319.exe -> Downloader.Small.gxd : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIZ1YBOT\nn[1].exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\_svchosta.exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\update1121.exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine).
[536] C:\WINDOWS\System32\_svchosta.exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\mmall.exe -> Proxy.Wopla.ac : Nettoyé et sauvegardé (mise en quarantaine).
[680] C:\WINDOWS\mmall.exe -> Proxy.Wopla.ac : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Mauxion\Cookies\mauxion@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@aolfr.122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIZ1YBOT\goeasysearch[1].exe -> Trojan.Agent.dep : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DGT85FF1\e[1].exe -> Trojan.Pakes.bqt : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\97CLSZ9U\tor[1].exe -> Trojan.Pakes.bsd : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\update241.exe -> Trojan.Pakes.bsd : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
ComboFix 07-12-17.1 - Mauxion 2007-12-17 19:02:04.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.50 [GMT 1:00]
Running from: C:\Documents and Settings\Mauxion\Mes documents\laurent\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\AXMQ83.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\e404d.dll
C:\WINDOWS\system32\update252.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_AXMQ83
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-17 to 2007-12-17 ))))))))))))))))))))))))))))))))))))
.
2007-12-17 17:55 . <REP> C:\WINDOWS\LastGood.Tmp
2007-12-17 17:44 . 2007-12-17 17:44 <REP> d-------- C:\Documents and Settings\Mauxion\Application Data\Grisoft
2007-12-17 17:44 . 2007-12-17 17:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-17 17:44 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-17 15:42 . 2007-12-17 15:42 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-17 15:32 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-17 15:32 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-17 15:32 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-17 15:32 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-17 15:32 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-17 15:32 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-17 15:32 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-17 15:32 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-17 15:32 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-17 15:31 . 2007-12-17 15:33 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-12-17 15:25 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-17 15:12 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-17 15:12 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-17 15:12 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-17 15:06 . 2007-12-17 15:06 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-17 14:55 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-17 14:22 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]00001_.tmp
2007-12-17 14:14 . 2007-12-17 18:54 37,888 --a------ C:\WINDOWS\mm_tmphr.exe
2007-12-17 13:19 . 2007-12-17 13:19 <REP> d-------- C:\WINDOWS\provisioning
2007-12-17 13:19 . 2007-12-17 14:32 <REP> d-------- C:\WINDOWS\peernet
2007-12-17 13:17 . 2007-12-17 13:17 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-12-17 13:13 . 2004-08-03 22:43 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2007-12-17 13:12 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02271_.tmp
2007-12-17 13:08 . 2007-12-17 14:21 <REP> d-------- C:\WINDOWS\EHome
2007-12-17 10:55 . 2007-12-17 10:55 3,120 --a------ C:\WINDOWS\system32\118290.54
2007-12-17 10:55 . 2007-12-17 10:55 3,120 --a------ C:\WINDOWS\118294.78
2007-12-17 10:54 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2007-12-17 10:54 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-12-17 10:54 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-12-12 17:20 . 2007-12-17 18:56 14 --ah----- C:\WINDOWS\mmax.ini
2007-12-08 16:57 . 2005-01-28 08:53 5,525,504 --a------ C:\WINDOWS\system32\setb0.tmp
2007-12-08 16:37 . 2007-12-08 16:37 29 --a------ C:\WINDOWS\DEBUGSM.INI
2007-12-08 15:44 . 2007-12-08 15:44 <REP> d-------- C:\WINDOWS\Options
2007-12-08 14:36 . 2007-12-08 14:36 <REP> d-------- C:\Program Files\Trend Micro
2007-12-07 21:56 . 2007-12-07 21:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-07 21:56 . 2007-12-07 21:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-07 21:55 . 2007-12-17 19:07 <REP> d-------- C:\WINDOWS\Internet Logs
2007-12-07 21:47 . 2007-12-17 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 21:36 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-07 21:36 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-07 21:35 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-07 21:35 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-07 21:35 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-07 21:35 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-07 21:35 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-07 21:35 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-07 20:50 . 2007-12-07 20:50 <REP> d-------- C:\Program Files\Yahoo!
2007-12-07 20:50 . 2007-12-07 21:15 <REP> d-------- C:\Program Files\CCleaner
2007-12-07 17:57 . 2007-12-16 10:30 532,480 --a------ C:\WINDOWS\mmoc1.exe
2007-12-07 17:57 . 2007-12-17 15:56 532,480 --a------ C:\WINDOWS\mm_tmpoc1.exe
2007-12-07 17:57 . 2007-12-17 18:54 4 --a------ C:\WINDOWS\c.pid
2007-12-07 17:56 . 2007-12-17 18:54 38,400 --a------ C:\WINDOWS\mmyh_co.exe
2007-12-07 17:56 . 2007-12-17 18:54 38,400 --a------ C:\WINDOWS\mm_tmpyh_co.exe
2007-12-06 16:27 . 2007-12-06 16:27 533,504 --a------ C:\WINDOWS\mmoc.bin
2007-12-06 16:26 . 2007-12-06 16:26 533,504 --a------ C:\WINDOWS\mm_tmpoc.bin
2007-12-06 16:26 . 2007-12-17 17:53 37,888 --a------ C:\WINDOWS\mmhr.exe
2007-12-04 13:13 . 2007-12-04 13:13 40,960 --a------ C:\WINDOWS\mmhot_reg.exe
2007-12-04 13:12 . 2007-12-04 13:12 40,960 --a------ C:\WINDOWS\mm_tmphot_reg.exe
2007-12-04 13:11 . 2007-12-04 13:11 29 --a------ C:\WINDOWS\system32\ywuthsdg.tmp
2007-12-03 20:15 . 2007-12-03 20:15 <REP> d-------- C:\Documents and Settings\Mauxion\Application Data\DivX
2007-12-03 18:55 . 2007-12-17 15:13 <REP> d-------- C:\Program Files\DivX
2007-12-03 17:21 . 2007-12-03 17:34 137,728 --a------ C:\WINDOWS\system32\dllcache\ijl10.dll
2007-12-03 15:48 . 2007-12-07 17:58 <REP> d-------- C:\Documents and Settings\Mauxion\Application Data\CallingID
2007-12-03 15:47 . 2007-12-03 15:47 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-03 15:46 . 2007-12-03 15:46 6 --a------ C:\WINDOWS\system32\mkghj.dll
2007-12-03 15:45 . 2007-12-07 21:23 <REP> d-------- C:\WINDOWS\rnapxs
2007-12-03 14:07 . 2007-12-03 14:07 <REP> d-------- C:\stdtsa
2007-12-03 11:26 . 2007-12-03 11:26 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
2007-12-03 09:48 . 2007-12-03 13:42 533,504 --a------ C:\WINDOWS\mmc2.bin
2007-12-03 09:47 . 2007-12-04 13:13 533,504 --a------ C:\WINDOWS\mm_tmpc2.bin
2007-12-03 09:46 . 2007-12-17 17:54 37,376 --a------ C:\WINDOWS\mmgr.exe
2007-12-03 09:45 . 2007-12-04 13:11 81,408 --a------ C:\WINDOWS\mmres_drop.exe
2007-12-03 09:45 . 2007-12-04 13:11 81,408 --a------ C:\WINDOWS\mm_tmpres_drop.exe
2007-12-03 09:45 . 2007-12-17 18:55 37,376 --a------ C:\WINDOWS\mm_tmpgr.exe
2007-12-03 09:44 . 2007-12-03 09:44 44 --a------ C:\WINDOWS\system32\p2hhr.bat
2007-11-22 18:40 . 2007-11-22 18:42 <REP> d-------- C:\Program Files\IZArc
2007-11-20 19:46 . 2007-11-20 19:46 <REP> d-------- C:\Program Files\PrimeBackgammon
2007-11-20 17:09 . 2007-11-20 17:13 <REP> d-------- C:\Program Files\Thegrideon Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 13:14 --------- d-----w C:\Program Files\MSN Messenger
2007-12-17 09:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 10:09 --------- d-----w C:\Documents and Settings\Mauxion\Application Data\OpenOffice.org2
2007-12-08 14:48 --------- d-----w C:\Program Files\AOL Security Toolbar
2007-12-08 14:18 --------- d-----w C:\Program Files\eMule
2007-12-07 20:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-19 17:05 --------- d-----w C:\Program Files\Live_TV
2007-11-03 18:13 --------- d-----w C:\Program Files\sony
2007-11-03 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-11-03 18:09 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2007-11-03 18:09 --------- d-----w C:\Documents and Settings\Mauxion\Application Data\Sony Corporation
2007-10-27 12:59 --------- d-----w C:\Program Files\Shareaza
2007-10-26 07:16 --------- d-----w C:\Program Files\Azureus
2007-10-25 18:57 --------- d-----w C:\Documents and Settings\Mauxion\Application Data\Azureus
2007-10-25 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-25 15:36 --------- d-----w C:\Program Files\Pack Securite
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft all"="C:\WINDOWS\mmall.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-02-13 16:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"AGRSMMSG"="AGRSMMSG.exe" [2003-03-31 12:54 C:\WINDOWS\AGRSMMSG.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft all"="C:\WINDOWS\mmall.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {acc3899e-5d6f-48b3-81ba-a692590ccff1} - e404d.dll [ ]
R2 SonyKBS;Keyboard State Detection Service;C:\WINDOWS\system32\DRIVERS\SonyKBS.sys [2003-02-28 14:12]
R3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS [2002-12-18 06:03]
S2 Microsoft Inet Servicea;Microsoft Inet Servicea;C:\WINDOWS\System32\_svchosta.exe -A []
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 06:58]
S3 PentaxUsb;PENTAX Optio 60 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 13:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - HTTPFILTER
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 19:07:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 18:58:29 17/12/2007
+ Résultat de l'analyse:
C:\WINDOWS\system32\d4ghggf4g.dll -> Downloader.Small.fyx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{22D37528-AAD5-405E-BEA4-FAF2844C6EDD}\RP218\A0091319.exe -> Downloader.Small.gxd : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIZ1YBOT\nn[1].exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\_svchosta.exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\update1121.exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine).
[536] C:\WINDOWS\System32\_svchosta.exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\mmall.exe -> Proxy.Wopla.ac : Nettoyé et sauvegardé (mise en quarantaine).
[680] C:\WINDOWS\mmall.exe -> Proxy.Wopla.ac : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Mauxion\Cookies\mauxion@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@aolfr.122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Mauxion\Cookies\mauxion@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIZ1YBOT\goeasysearch[1].exe -> Trojan.Agent.dep : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DGT85FF1\e[1].exe -> Trojan.Pakes.bqt : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\97CLSZ9U\tor[1].exe -> Trojan.Pakes.bsd : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\update241.exe -> Trojan.Pakes.bsd : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
ComboFix 07-12-17.1 - Mauxion 2007-12-17 19:02:04.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.50 [GMT 1:00]
Running from: C:\Documents and Settings\Mauxion\Mes documents\laurent\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\AXMQ83.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\e404d.dll
C:\WINDOWS\system32\update252.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_AXMQ83
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-17 to 2007-12-17 ))))))))))))))))))))))))))))))))))))
.
2007-12-17 17:55 . <REP> C:\WINDOWS\LastGood.Tmp
2007-12-17 17:44 . 2007-12-17 17:44 <REP> d-------- C:\Documents and Settings\Mauxion\Application Data\Grisoft
2007-12-17 17:44 . 2007-12-17 17:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-17 17:44 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-17 15:42 . 2007-12-17 15:42 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-17 15:32 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-17 15:32 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-17 15:32 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-17 15:32 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-17 15:32 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-17 15:32 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-17 15:32 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-17 15:32 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-17 15:32 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-17 15:31 . 2007-12-17 15:33 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-12-17 15:25 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-17 15:12 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-17 15:12 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-17 15:12 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-17 15:06 . 2007-12-17 15:06 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-17 14:55 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-17 14:22 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]00001_.tmp
2007-12-17 14:14 . 2007-12-17 18:54 37,888 --a------ C:\WINDOWS\mm_tmphr.exe
2007-12-17 13:19 . 2007-12-17 13:19 <REP> d-------- C:\WINDOWS\provisioning
2007-12-17 13:19 . 2007-12-17 14:32 <REP> d-------- C:\WINDOWS\peernet
2007-12-17 13:17 . 2007-12-17 13:17 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-12-17 13:13 . 2004-08-03 22:43 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2007-12-17 13:12 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02271_.tmp
2007-12-17 13:08 . 2007-12-17 14:21 <REP> d-------- C:\WINDOWS\EHome
2007-12-17 10:55 . 2007-12-17 10:55 3,120 --a------ C:\WINDOWS\system32\118290.54
2007-12-17 10:55 . 2007-12-17 10:55 3,120 --a------ C:\WINDOWS\118294.78
2007-12-17 10:54 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2007-12-17 10:54 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-12-17 10:54 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-12-12 17:20 . 2007-12-17 18:56 14 --ah----- C:\WINDOWS\mmax.ini
2007-12-08 16:57 . 2005-01-28 08:53 5,525,504 --a------ C:\WINDOWS\system32\setb0.tmp
2007-12-08 16:37 . 2007-12-08 16:37 29 --a------ C:\WINDOWS\DEBUGSM.INI
2007-12-08 15:44 . 2007-12-08 15:44 <REP> d-------- C:\WINDOWS\Options
2007-12-08 14:36 . 2007-12-08 14:36 <REP> d-------- C:\Program Files\Trend Micro
2007-12-07 21:56 . 2007-12-07 21:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-07 21:56 . 2007-12-07 21:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-07 21:55 . 2007-12-17 19:07 <REP> d-------- C:\WINDOWS\Internet Logs
2007-12-07 21:47 . 2007-12-17 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 21:36 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-07 21:36 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-07 21:35 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-07 21:35 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-07 21:35 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-07 21:35 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-07 21:35 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-07 21:35 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-07 20:50 . 2007-12-07 20:50 <REP> d-------- C:\Program Files\Yahoo!
2007-12-07 20:50 . 2007-12-07 21:15 <REP> d-------- C:\Program Files\CCleaner
2007-12-07 17:57 . 2007-12-16 10:30 532,480 --a------ C:\WINDOWS\mmoc1.exe
2007-12-07 17:57 . 2007-12-17 15:56 532,480 --a------ C:\WINDOWS\mm_tmpoc1.exe
2007-12-07 17:57 . 2007-12-17 18:54 4 --a------ C:\WINDOWS\c.pid
2007-12-07 17:56 . 2007-12-17 18:54 38,400 --a------ C:\WINDOWS\mmyh_co.exe
2007-12-07 17:56 . 2007-12-17 18:54 38,400 --a------ C:\WINDOWS\mm_tmpyh_co.exe
2007-12-06 16:27 . 2007-12-06 16:27 533,504 --a------ C:\WINDOWS\mmoc.bin
2007-12-06 16:26 . 2007-12-06 16:26 533,504 --a------ C:\WINDOWS\mm_tmpoc.bin
2007-12-06 16:26 . 2007-12-17 17:53 37,888 --a------ C:\WINDOWS\mmhr.exe
2007-12-04 13:13 . 2007-12-04 13:13 40,960 --a------ C:\WINDOWS\mmhot_reg.exe
2007-12-04 13:12 . 2007-12-04 13:12 40,960 --a------ C:\WINDOWS\mm_tmphot_reg.exe
2007-12-04 13:11 . 2007-12-04 13:11 29 --a------ C:\WINDOWS\system32\ywuthsdg.tmp
2007-12-03 20:15 . 2007-12-03 20:15 <REP> d-------- C:\Documents and Settings\Mauxion\Application Data\DivX
2007-12-03 18:55 . 2007-12-17 15:13 <REP> d-------- C:\Program Files\DivX
2007-12-03 17:21 . 2007-12-03 17:34 137,728 --a------ C:\WINDOWS\system32\dllcache\ijl10.dll
2007-12-03 15:48 . 2007-12-07 17:58 <REP> d-------- C:\Documents and Settings\Mauxion\Application Data\CallingID
2007-12-03 15:47 . 2007-12-03 15:47 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-03 15:46 . 2007-12-03 15:46 6 --a------ C:\WINDOWS\system32\mkghj.dll
2007-12-03 15:45 . 2007-12-07 21:23 <REP> d-------- C:\WINDOWS\rnapxs
2007-12-03 14:07 . 2007-12-03 14:07 <REP> d-------- C:\stdtsa
2007-12-03 11:26 . 2007-12-03 11:26 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
2007-12-03 09:48 . 2007-12-03 13:42 533,504 --a------ C:\WINDOWS\mmc2.bin
2007-12-03 09:47 . 2007-12-04 13:13 533,504 --a------ C:\WINDOWS\mm_tmpc2.bin
2007-12-03 09:46 . 2007-12-17 17:54 37,376 --a------ C:\WINDOWS\mmgr.exe
2007-12-03 09:45 . 2007-12-04 13:11 81,408 --a------ C:\WINDOWS\mmres_drop.exe
2007-12-03 09:45 . 2007-12-04 13:11 81,408 --a------ C:\WINDOWS\mm_tmpres_drop.exe
2007-12-03 09:45 . 2007-12-17 18:55 37,376 --a------ C:\WINDOWS\mm_tmpgr.exe
2007-12-03 09:44 . 2007-12-03 09:44 44 --a------ C:\WINDOWS\system32\p2hhr.bat
2007-11-22 18:40 . 2007-11-22 18:42 <REP> d-------- C:\Program Files\IZArc
2007-11-20 19:46 . 2007-11-20 19:46 <REP> d-------- C:\Program Files\PrimeBackgammon
2007-11-20 17:09 . 2007-11-20 17:13 <REP> d-------- C:\Program Files\Thegrideon Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 13:14 --------- d-----w C:\Program Files\MSN Messenger
2007-12-17 09:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 10:09 --------- d-----w C:\Documents and Settings\Mauxion\Application Data\OpenOffice.org2
2007-12-08 14:48 --------- d-----w C:\Program Files\AOL Security Toolbar
2007-12-08 14:18 --------- d-----w C:\Program Files\eMule
2007-12-07 20:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-19 17:05 --------- d-----w C:\Program Files\Live_TV
2007-11-03 18:13 --------- d-----w C:\Program Files\sony
2007-11-03 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-11-03 18:09 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2007-11-03 18:09 --------- d-----w C:\Documents and Settings\Mauxion\Application Data\Sony Corporation
2007-10-27 12:59 --------- d-----w C:\Program Files\Shareaza
2007-10-26 07:16 --------- d-----w C:\Program Files\Azureus
2007-10-25 18:57 --------- d-----w C:\Documents and Settings\Mauxion\Application Data\Azureus
2007-10-25 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-25 15:36 --------- d-----w C:\Program Files\Pack Securite
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft all"="C:\WINDOWS\mmall.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-02-13 16:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"AGRSMMSG"="AGRSMMSG.exe" [2003-03-31 12:54 C:\WINDOWS\AGRSMMSG.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft all"="C:\WINDOWS\mmall.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {acc3899e-5d6f-48b3-81ba-a692590ccff1} - e404d.dll [ ]
R2 SonyKBS;Keyboard State Detection Service;C:\WINDOWS\system32\DRIVERS\SonyKBS.sys [2003-02-28 14:12]
R3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS [2002-12-18 06:03]
S2 Microsoft Inet Servicea;Microsoft Inet Servicea;C:\WINDOWS\System32\_svchosta.exe -A []
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 06:58]
S3 PentaxUsb;PENTAX Optio 60 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 13:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - HTTPFILTER
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 19:07:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 déc. 2007 à 19:39
17 déc. 2007 à 19:39
recolle hijackthis et dis tes soucis
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
18 déc. 2007 à 07:57
18 déc. 2007 à 07:57
analyse ces fichiers sur virus total et dis nous lequels sont inféctés: https://www.virustotal.com/gui/
C:\WINDOWS\[u]0[/u]02271_.tmp
C:\WINDOWS\system32\118290.54
C:\WINDOWS\118294.78
C:\WINDOWS\system32\ywuthsdg.tmp
C:\WINDOWS\system32\mkghj.dll
C:\WINDOWS\rnapxs
C:\stdtsa
C:\WINDOWS\mmc2.bin
C:\WINDOWS\mm_tmpc2.bin
C:\WINDOWS\mmgr.exe
C:\WINDOWS\mmres_drop.exe
C:\WINDOWS\mm_tmpres_drop.exe
C:\WINDOWS\mm_tmpgr.exe
C:\WINDOWS\system32\p2hhr.bat
_____________________
colle le rapport d'un scan en ligne
avec un des suivants:
Panda en ligne : (desactive avast le temps du scan)
http://pandasoftware.fr
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
______________________
lance pour nettoyer ton registre : regcleaner:
http://manuelsdaide.com/RegCleaner/RegCleaner.htm
______________________
recolle un rapport hijackthis et dis tes soucis
C:\WINDOWS\[u]0[/u]02271_.tmp
C:\WINDOWS\system32\118290.54
C:\WINDOWS\118294.78
C:\WINDOWS\system32\ywuthsdg.tmp
C:\WINDOWS\system32\mkghj.dll
C:\WINDOWS\rnapxs
C:\stdtsa
C:\WINDOWS\mmc2.bin
C:\WINDOWS\mm_tmpc2.bin
C:\WINDOWS\mmgr.exe
C:\WINDOWS\mmres_drop.exe
C:\WINDOWS\mm_tmpres_drop.exe
C:\WINDOWS\mm_tmpgr.exe
C:\WINDOWS\system32\p2hhr.bat
_____________________
colle le rapport d'un scan en ligne
avec un des suivants:
Panda en ligne : (desactive avast le temps du scan)
http://pandasoftware.fr
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
______________________
lance pour nettoyer ton registre : regcleaner:
http://manuelsdaide.com/RegCleaner/RegCleaner.htm
______________________
recolle un rapport hijackthis et dis tes soucis
Mon problème est résolu !! merci à jlpjlp et DllD mes 2 sauveurs !! je reviendrai souvent sur ce site ya plein de choses intéréssantes et des personnes super sympa ! c cool
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
19 déc. 2007 à 23:08
19 déc. 2007 à 23:08
les rapports ca donne quoi?