Win32:Agent-OKM [Trj] Fermé

Question

Bonjour,
Je n'arrive pas à me débarasser de ce cheval de troie !! ( Win32:Agent-OKM [Trj] ) Qui pourrait me donner la solution ? Merci par avance !

Voici le résultat de HijackThis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:49:06, on 17/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mmall.exe
C:\WINDOWS\mmall.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\mmall.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\System32\_svchosta.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\mmyh_co.exe
C:\WINDOWS\mmoc1.exe
C:\WINDOWS\mm_tmpgr.exe
C:\WINDOWS\mm_tmpgr.exe
C:\WINDOWS\mm_tmpgr.exe
C:\WINDOWS\mmgr.exe
C:\WINDOWS\mmgr.exe
C:\WINDOWS\mmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV	bLiv1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\mmall.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV	bLiv1.dll
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV	bLiv1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\DOCUME~1\Mauxion\LOCALS~1\Temp\E_S14.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [main] C:\WINDOWS\System32\drivers\sysdrv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [default] C:\Documents and Settings\LocalService\scvhost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WintelUpdate] C:\WINDOWS\System32\update285.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [main] C:\WINDOWS\System32\drivers\sysdrv.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c22afea78aa84eb39aed048e52132d9c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c22afea78aa84eb39aed048e52132d9c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {317153FE-B7FB-419B-AC87-0B2EC97D7A04} (VB2S ActiveX Control) - http://www.subdo.com/activex/vb2s.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O21 - SSODL: E404Helper - {acc3899e-5d6f-48b3-81ba-a692590ccff1} - e404d.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Microsoft Inet Servicea - Unknown owner - C:\WINDOWS\System32\_svchosta.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Utilisateur anonyme · Answer

Salut,

Tu n'es pas en SP2 pour être bien protégé !

Commence par télécharger le SP2

jlpjlp · Answer

slt,



tu as F SECURE ET  AVAST???

il ne faut garder qu'un seul antivirus sur ton ordi


__________________

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

______________________


AVG antispyware

https://www.01net.com/telecharger/

Tuto : 
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


->Relance AVG AS -> "Analyse" ->"Paramètres" 

Sous la question "Comment réagir ?" : 

-> clique sur "Actions recommandées" et choisis "Quarantaines" 
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système" 

Si un fichier est infecté en fin d'analyse 

->Clique sur "Appliquer toutes les actions " 

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous". 

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

_________________________
recolle hijackthis et dis tes soucis



rq: il faudra mettre windows a jour une fois que la desinfection sera finie

Utilisateur anonyme · Answer

Salut  jlpjlp,

OUI, qu'un seul AV d'activé à la fois.

Laisse lui le temps de faire les MAJ SP2 avant...

jlpjlp · Answer

slt DID,
je prefererai que l'ordi soit desinfécté avant les mises a jour car il a un parefeu qui le protege
et que certains virus font planter avec le sp2

albator81_1 · Answer

Voici le résultat de SDFix :

SDFix: Version 1.118

Run by Mauxion on 17/12/2007 at 15:42

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 

Name:
ctl_w32

Path:
\SystemRoot\system32\drivers\ctl_w32.sys 

ctl_w32 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service NdisWon - Deleted after Reboot

Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINDOWS\system32\7_exception.nls  - Deleted
C:\WINDOWS\system32\RunOnce.t__  - Deleted
C:\WINDOWS\system32\RunOnce.tmp  - Deleted



Folder C:\Documents and Settings\All Users\Documents\Settings - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 15:48:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\Temp\_av_proI.tm~a02316
C:\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
C:\WINDOWS\system32\drivers\symavc32.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\atmlane.sys 55936 bytes executable
C:\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
C:\WINDOWS\system32\drivers\atv01nt5.dll 21183 bytes executable
C:\WINDOWS\system32\drivers\atv02nt5.dll 11359 bytes executable
C:\WINDOWS\system32\drivers\atv04nt5.dll 25471 bytes executable
C:\WINDOWS\system32\drivers\atv06nt5.dll 14143 bytes executable
C:\WINDOWS\system32\drivers\atv10nt5.dll 17279 bytes executable
C:\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
C:\WINDOWS\system32\drivers\Axmq83.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\ati1mdxx.sys 11615 bytes executable
C:\WINDOWS\system32\drivers\ati1pdxx.sys 12047 bytes executable
C:\WINDOWS\system32\drivers\ati1raxx.sys 30671 bytes executable
C:\WINDOWS\system32\drivers\ati1rvxx.sys 63663 bytes executable
C:\WINDOWS\system32\drivers\ati1snxx.sys 26367 bytes executable
C:\WINDOWS\system32\drivers\ati1ttxx.sys 21343 bytes executable
C:\WINDOWS\system32\drivers\ati1tuxx.sys 36463 bytes executable
C:\WINDOWS\system32\drivers\ati1xbxx.sys 29455 bytes executable
C:\WINDOWS\system32\drivers\ati1xsxx.sys 34735 bytes executable
C:\WINDOWS\system32\drivers\ati2mtaa.sys 327168 bytes executable
C:\WINDOWS\system32\drivers\ati2mtag.sys 701440 bytes executable
C:\WINDOWS\system32\drivers\atinbtxx.sys 57856 bytes executable
C:\WINDOWS\system32\drivers\atinmdxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atinpdxx.sys 14336 bytes executable
C:\WINDOWS\system32\drivers\atinraxx.sys 52224 bytes executable
C:\WINDOWS\system32\drivers\atinrvxx.sys 104960 bytes executable
C:\WINDOWS\system32\drivers\atinsnxx.sys 28672 bytes executable
C:\WINDOWS\system32\drivers\atinttxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atintuxx.sys 73216 bytes executable
C:\WINDOWS\system32\drivers\atinxbxx.sys 31744 bytes executable
C:\WINDOWS\system32\drivers\atinxsxx.sys 63488 bytes executable
C:\WINDOWS\system32\drivers\ativmc20.cod 64352 bytes
C:\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\01\10-{B10C5A70-5F52-6B02-540E-4621F4794CE7}-v1-{8058391C-C4EF-490A-BFA6-0228011399B4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\04\304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\05\305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 456 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\06\306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4134 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\08\308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\09\309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\10\310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 424 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\11\311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\12\312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\13\313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\14\314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\15\315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\16\316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\17\317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\18\318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\19\319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\20\320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger	izibou@hotmail.com\SharingMetadata\cecilia_huet@hotmail.fr\DFSR\Staging\CS{AA62AF11-2777-76FC-41D3-082309C9F36E}\01\11-{AA62AF11-2777-76FC-41D3-082309C9F36E}-v1-{FB8C97F1-9154-4269-BD49-A2621F0CE8C4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 55


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu  1 Mar 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\BIT4C.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c938fdf4fabf9a9109aa1fa9ac821c2\BIT36.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84c8ebea30ffe407ee908e9caa0bd074\BIT4E.tmp"
Thu  1 Mar 2007         4,348 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu  1 Mar 2007            20 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 26 Feb 2007           312 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Thu  1 Mar 2007         1,536 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c94fdf84dc55e9a818c8222bafc1812\download\BIT60.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4eeab5e9badabf8752919b7df37ed651\download\BIT6F.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\download\BIT71.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT69.tmp"

Finished!

albator81_1 · Answer

Voici le résultat de SDFix :

SDFix: Version 1.118

Run by Mauxion on 17/12/2007 at 15:42

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 

Name:
ctl_w32

Path:
\SystemRoot\system32\drivers\ctl_w32.sys 

ctl_w32 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service NdisWon - Deleted after Reboot

Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINDOWS\system32\7_exception.nls  - Deleted
C:\WINDOWS\system32\RunOnce.t__  - Deleted
C:\WINDOWS\system32\RunOnce.tmp  - Deleted



Folder C:\Documents and Settings\All Users\Documents\Settings - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 15:48:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\Temp\_av_proI.tm~a02316
C:\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
C:\WINDOWS\system32\drivers\symavc32.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\atmlane.sys 55936 bytes executable
C:\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
C:\WINDOWS\system32\drivers\atv01nt5.dll 21183 bytes executable
C:\WINDOWS\system32\drivers\atv02nt5.dll 11359 bytes executable
C:\WINDOWS\system32\drivers\atv04nt5.dll 25471 bytes executable
C:\WINDOWS\system32\drivers\atv06nt5.dll 14143 bytes executable
C:\WINDOWS\system32\drivers\atv10nt5.dll 17279 bytes executable
C:\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
C:\WINDOWS\system32\drivers\Axmq83.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\ati1mdxx.sys 11615 bytes executable
C:\WINDOWS\system32\drivers\ati1pdxx.sys 12047 bytes executable
C:\WINDOWS\system32\drivers\ati1raxx.sys 30671 bytes executable
C:\WINDOWS\system32\drivers\ati1rvxx.sys 63663 bytes executable
C:\WINDOWS\system32\drivers\ati1snxx.sys 26367 bytes executable
C:\WINDOWS\system32\drivers\ati1ttxx.sys 21343 bytes executable
C:\WINDOWS\system32\drivers\ati1tuxx.sys 36463 bytes executable
C:\WINDOWS\system32\drivers\ati1xbxx.sys 29455 bytes executable
C:\WINDOWS\system32\drivers\ati1xsxx.sys 34735 bytes executable
C:\WINDOWS\system32\drivers\ati2mtaa.sys 327168 bytes executable
C:\WINDOWS\system32\drivers\ati2mtag.sys 701440 bytes executable
C:\WINDOWS\system32\drivers\atinbtxx.sys 57856 bytes executable
C:\WINDOWS\system32\drivers\atinmdxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atinpdxx.sys 14336 bytes executable
C:\WINDOWS\system32\drivers\atinraxx.sys 52224 bytes executable
C:\WINDOWS\system32\drivers\atinrvxx.sys 104960 bytes executable
C:\WINDOWS\system32\drivers\atinsnxx.sys 28672 bytes executable
C:\WINDOWS\system32\drivers\atinttxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atintuxx.sys 73216 bytes executable
C:\WINDOWS\system32\drivers\atinxbxx.sys 31744 bytes executable
C:\WINDOWS\system32\drivers\atinxsxx.sys 63488 bytes executable
C:\WINDOWS\system32\drivers\ativmc20.cod 64352 bytes
C:\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\01\10-{B10C5A70-5F52-6B02-540E-4621F4794CE7}-v1-{8058391C-C4EF-490A-BFA6-0228011399B4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\04\304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\05\305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 456 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\06\306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4134 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\08\308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\09\309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\10\310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 424 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\11\311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\12\312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\13\313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\14\314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\15\315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\16\316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\17\317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\18\318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\19\319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata	homassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\20\320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger	izibou@hotmail.com\SharingMetadata\cecilia_huet@hotmail.fr\DFSR\Staging\CS{AA62AF11-2777-76FC-41D3-082309C9F36E}\01\11-{AA62AF11-2777-76FC-41D3-082309C9F36E}-v1-{FB8C97F1-9154-4269-BD49-A2621F0CE8C4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 55


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu  1 Mar 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\BIT4C.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c938fdf4fabf9a9109aa1fa9ac821c2\BIT36.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84c8ebea30ffe407ee908e9caa0bd074\BIT4E.tmp"
Thu  1 Mar 2007         4,348 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu  1 Mar 2007            20 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 26 Feb 2007           312 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Thu  1 Mar 2007         1,536 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c94fdf84dc55e9a818c8222bafc1812\download\BIT60.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4eeab5e9badabf8752919b7df37ed651\download\BIT6F.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\download\BIT71.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT69.tmp"

Finished!

jlpjlp · Answer

ok passe a la suite:


AVG antispyware

https://www.01net.com/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

_________________________
recolle hijackthis et dis tes soucis

albator81_1 · Answer

Voici les 2 rapports ( AVG et Combo Fix ) : AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 18:58:29 17/12/2007 + Résultat de l'analyse: C:\WINDOWS\system32\d4ghggf4g.dll -> Downloader.Small.fyx : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{22D37528-AAD5-405E-BEA4-FAF2844C6EDD}\RP218\A0091319.exe -> Downloader.Small.gxd : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIZ1YBOT\nn[1].exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\_svchosta.exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\update1121.exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine). [536] C:\WINDOWS\System32\_svchosta.exe -> Downloader.Tiny.acv : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\mmall.exe -> Proxy.Wopla.ac : Nettoyé et sauvegardé (mise en quarantaine). [680] C:\WINDOWS\mmall.exe -> Proxy.Wopla.ac : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Mauxion\Cookies\mauxion@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Mauxion\Cookies\mauxion@aolfr.122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Mauxion\Cookies\mauxion@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé. C:\Documents and Settings\Mauxion\Cookies\mauxion@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Mauxion\Cookies\mauxion@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Mauxion\Cookies\mauxion@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Mauxion\Cookies\mauxion@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\Mauxion\Cookies\mauxion@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé. C:\Documents and Settings\Mauxion\Cookies\mauxion@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Mauxion\Cookies\mauxion@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Mauxion\Cookies\mauxion@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIZ1YBOT\goeasysearch[1].exe -> Trojan.Agent.dep : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DGT85FF1\e[1].exe -> Trojan.Pakes.bqt : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\97CLSZ9U\tor[1].exe -> Trojan.Pakes.bsd : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\update241.exe -> Trojan.Pakes.bsd : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport ComboFix 07-12-17.1 - Mauxion 2007-12-17 19:02:04.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.50 [GMT 1:00] Running from: C:\Documents and Settings\Mauxion\Mes documents\laurent\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\AXMQ83.sys C:\WINDOWS\system32\drivers\symavc32.sys C:\WINDOWS\system32\e404d.dll C:\WINDOWS\system32\update252.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_AXMQ83 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))))))) . 2007-12-17 17:55 . C:\WINDOWS\LastGood.Tmp 2007-12-17 17:44 . 2007-12-17 17:44 d-------- C:\Documents and Settings\Mauxion\Application Data\Grisoft 2007-12-17 17:44 . 2007-12-17 17:44 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-17 17:44 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-17 15:42 . 2007-12-17 15:42 d-------- C:\WINDOWS\ERUNT 2007-12-17 15:32 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-17 15:32 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-17 15:32 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-17 15:32 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-17 15:32 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-17 15:32 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-17 15:32 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-17 15:32 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-17 15:32 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-17 15:31 . 2007-12-17 15:33 d-------- C:\WINDOWS\system32\fr-fr 2007-12-17 15:25 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-12-17 15:12 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-12-17 15:12 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-12-17 15:12 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-12-17 15:06 . 2007-12-17 15:06 d-------- C:\Program Files\MSXML 4.0 2007-12-17 14:55 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-12-17 14:22 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]00001_.tmp 2007-12-17 14:14 . 2007-12-17 18:54 37,888 --a------ C:\WINDOWS\mm_tmphr.exe 2007-12-17 13:19 . 2007-12-17 13:19 d-------- C:\WINDOWS\provisioning 2007-12-17 13:19 . 2007-12-17 14:32 d-------- C:\WINDOWS\peernet 2007-12-17 13:17 . 2007-12-17 13:17 d-------- C:\WINDOWS\ServicePackFiles 2007-12-17 13:13 . 2004-08-03 22:43 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe 2007-12-17 13:12 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02271_.tmp 2007-12-17 13:08 . 2007-12-17 14:21 d-------- C:\WINDOWS\EHome 2007-12-17 10:55 . 2007-12-17 10:55 3,120 --a------ C:\WINDOWS\system32\118290.54 2007-12-17 10:55 . 2007-12-17 10:55 3,120 --a------ C:\WINDOWS\118294.78 2007-12-17 10:54 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe 2007-12-17 10:54 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys 2007-12-17 10:54 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys 2007-12-12 17:20 . 2007-12-17 18:56 14 --ah----- C:\WINDOWS\mmax.ini 2007-12-08 16:57 . 2005-01-28 08:53 5,525,504 --a------ C:\WINDOWS\system32\setb0.tmp 2007-12-08 16:37 . 2007-12-08 16:37 29 --a------ C:\WINDOWS\DEBUGSM.INI 2007-12-08 15:44 . 2007-12-08 15:44 d-------- C:\WINDOWS\Options 2007-12-08 14:36 . 2007-12-08 14:36 d-------- C:\Program Files\Trend Micro 2007-12-07 21:56 . 2007-12-07 21:56 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-07 21:56 . 2007-12-07 21:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-07 21:55 . 2007-12-17 19:07 d-------- C:\WINDOWS\Internet Logs 2007-12-07 21:47 . 2007-12-17 17:41 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-07 21:36 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-07 21:36 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-07 21:35 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-07 21:35 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-07 21:35 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-07 21:35 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-07 21:35 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-07 21:35 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-07 20:50 . 2007-12-07 20:50 d-------- C:\Program Files\Yahoo! 2007-12-07 20:50 . 2007-12-07 21:15 d-------- C:\Program Files\CCleaner 2007-12-07 17:57 . 2007-12-16 10:30 532,480 --a------ C:\WINDOWS\mmoc1.exe 2007-12-07 17:57 . 2007-12-17 15:56 532,480 --a------ C:\WINDOWS\mm_tmpoc1.exe 2007-12-07 17:57 . 2007-12-17 18:54 4 --a------ C:\WINDOWS\c.pid 2007-12-07 17:56 . 2007-12-17 18:54 38,400 --a------ C:\WINDOWS\mmyh_co.exe 2007-12-07 17:56 . 2007-12-17 18:54 38,400 --a------ C:\WINDOWS\mm_tmpyh_co.exe 2007-12-06 16:27 . 2007-12-06 16:27 533,504 --a------ C:\WINDOWS\mmoc.bin 2007-12-06 16:26 . 2007-12-06 16:26 533,504 --a------ C:\WINDOWS\mm_tmpoc.bin 2007-12-06 16:26 . 2007-12-17 17:53 37,888 --a------ C:\WINDOWS\mmhr.exe 2007-12-04 13:13 . 2007-12-04 13:13 40,960 --a------ C:\WINDOWS\mmhot_reg.exe 2007-12-04 13:12 . 2007-12-04 13:12 40,960 --a------ C:\WINDOWS\mm_tmphot_reg.exe 2007-12-04 13:11 . 2007-12-04 13:11 29 --a------ C:\WINDOWS\system32\ywuthsdg.tmp 2007-12-03 20:15 . 2007-12-03 20:15 d-------- C:\Documents and Settings\Mauxion\Application Data\DivX 2007-12-03 18:55 . 2007-12-17 15:13 d-------- C:\Program Files\DivX 2007-12-03 17:21 . 2007-12-03 17:34 137,728 --a------ C:\WINDOWS\system32\dllcache\ijl10.dll 2007-12-03 15:48 . 2007-12-07 17:58 d-------- C:\Documents and Settings\Mauxion\Application Data\CallingID 2007-12-03 15:47 . 2007-12-03 15:47 d-------- C:\WINDOWS\Downloaded Installations 2007-12-03 15:46 . 2007-12-03 15:46 6 --a------ C:\WINDOWS\system32\mkghj.dll 2007-12-03 15:45 . 2007-12-07 21:23 d-------- C:\WINDOWS\rnapxs 2007-12-03 14:07 . 2007-12-03 14:07 d-------- C:\stdtsa 2007-12-03 11:26 . 2007-12-03 11:26 d-------- C:\Program Files\Fichiers communs\PC Tools 2007-12-03 09:48 . 2007-12-03 13:42 533,504 --a------ C:\WINDOWS\mmc2.bin 2007-12-03 09:47 . 2007-12-04 13:13 533,504 --a------ C:\WINDOWS\mm_tmpc2.bin 2007-12-03 09:46 . 2007-12-17 17:54 37,376 --a------ C:\WINDOWS\mmgr.exe 2007-12-03 09:45 . 2007-12-04 13:11 81,408 --a------ C:\WINDOWS\mmres_drop.exe 2007-12-03 09:45 . 2007-12-04 13:11 81,408 --a------ C:\WINDOWS\mm_tmpres_drop.exe 2007-12-03 09:45 . 2007-12-17 18:55 37,376 --a------ C:\WINDOWS\mm_tmpgr.exe 2007-12-03 09:44 . 2007-12-03 09:44 44 --a------ C:\WINDOWS\system32\p2hhr.bat 2007-11-22 18:40 . 2007-11-22 18:42 d-------- C:\Program Files\IZArc 2007-11-20 19:46 . 2007-11-20 19:46 d-------- C:\Program Files\PrimeBackgammon 2007-11-20 17:09 . 2007-11-20 17:13 d-------- C:\Program Files\Thegrideon Software . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-17 13:14 --------- d-----w C:\Program Files\MSN Messenger 2007-12-17 09:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-11 10:09 --------- d-----w C:\Documents and Settings\Mauxion\Application Data\OpenOffice.org2 2007-12-08 14:48 --------- d-----w C:\Program Files\AOL Security Toolbar 2007-12-08 14:18 --------- d-----w C:\Program Files\eMule 2007-12-07 20:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-19 17:05 --------- d-----w C:\Program Files\Live_TV 2007-11-03 18:13 --------- d-----w C:\Program Files\sony 2007-11-03 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation 2007-11-03 18:09 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared 2007-11-03 18:09 --------- d-----w C:\Documents and Settings\Mauxion\Application Data\Sony Corporation 2007-10-27 12:59 --------- d-----w C:\Program Files\Shareaza 2007-10-26 07:16 --------- d-----w C:\Program Files\Azureus 2007-10-25 18:57 --------- d-----w C:\Documents and Settings\Mauxion\Application Data\Azureus 2007-10-25 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-10-25 15:36 --------- d-----w C:\Program Files\Pack Securite 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft all"="C:\WINDOWS\mmall.exe" [] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiS Tray"="" [] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-02-13 16:05] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00] "AGRSMMSG"="AGRSMMSG.exe" [2003-03-31 12:54 C:\WINDOWS\AGRSMMSG.exe] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Microsoft all"="C:\WINDOWS\mmall.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "E404Helper"= {acc3899e-5d6f-48b3-81ba-a692590ccff1} - e404d.dll [ ] R2 SonyKBS;Keyboard State Detection Service;C:\WINDOWS\system32\DRIVERS\SonyKBS.sys [2003-02-28 14:12] R3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS [2002-12-18 06:03] S2 Microsoft Inet Servicea;Microsoft Inet Servicea;C:\WINDOWS\System32\_svchosta.exe -A [] S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 06:58] S3 PentaxUsb;PENTAX Optio 60 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 13:34] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] *Newly Created Service* - HTTPFILTER . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-17 19:07:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0

jlpjlp · Answer

recolle hijackthis et dis tes soucis

jlpjlp · Answer

analyse ces fichiers sur virus total et dis nous lequels sont inféctés:   https://www.virustotal.com/gui/


C:\WINDOWS\[u]0[/u]02271_.tmp
C:\WINDOWS\system32\118290.54
C:\WINDOWS\118294.78
C:\WINDOWS\system32\ywuthsdg.tmp
C:\WINDOWS\system32\mkghj.dll
C:\WINDOWS\rnapxs
C:\stdtsa
C:\WINDOWS\mmc2.bin
C:\WINDOWS\mm_tmpc2.bin
C:\WINDOWS\mmgr.exe
C:\WINDOWS\mmres_drop.exe
C:\WINDOWS\mm_tmpres_drop.exe
C:\WINDOWS\mm_tmpgr.exe
C:\WINDOWS\system32\p2hhr.bat

_____________________


 colle le rapport d'un scan en ligne 
avec un des suivants: 

Panda en ligne : (desactive avast le temps du scan)
http://pandasoftware.fr

bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

______________________
lance pour nettoyer ton registre : regcleaner:

http://manuelsdaide.com/RegCleaner/RegCleaner.htm
______________________
recolle un rapport hijackthis et dis tes soucis

albator81_1 · Answer

Mon problème est résolu !! merci à jlpjlp et  DllD mes 2 sauveurs !! je reviendrai souvent sur ce site ya plein de choses intéréssantes et des personnes super sympa ! c cool

jlpjlp · Answer

les rapports ca donne quoi?

Win32:Agent-OKM [Trj]

12 réponses

Discussions similaires

Newsletters