Cheval de troie
albator81_1
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je n'arrive pas à me débarasser de ce cheval de troie !! ( Win32:Agent-OKM [Trj] ) Qui pourrait me donner la solution ? Merci par avance !
Voici le résultat de SDFix:
SDFix: Version 1.118
Run by Mauxion on 17/12/2007 at 15:42
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
ctl_w32
Path:
\SystemRoot\system32\drivers\ctl_w32.sys
ctl_w32 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service NdisWon - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\7_exception.nls - Deleted
C:\WINDOWS\system32\RunOnce.t__ - Deleted
C:\WINDOWS\system32\RunOnce.tmp - Deleted
Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 15:48:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Temp\_av_proI.tm~a02316
C:\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
C:\WINDOWS\system32\drivers\symavc32.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\atmlane.sys 55936 bytes executable
C:\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
C:\WINDOWS\system32\drivers\atv01nt5.dll 21183 bytes executable
C:\WINDOWS\system32\drivers\atv02nt5.dll 11359 bytes executable
C:\WINDOWS\system32\drivers\atv04nt5.dll 25471 bytes executable
C:\WINDOWS\system32\drivers\atv06nt5.dll 14143 bytes executable
C:\WINDOWS\system32\drivers\atv10nt5.dll 17279 bytes executable
C:\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
C:\WINDOWS\system32\drivers\Axmq83.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\ati1mdxx.sys 11615 bytes executable
C:\WINDOWS\system32\drivers\ati1pdxx.sys 12047 bytes executable
C:\WINDOWS\system32\drivers\ati1raxx.sys 30671 bytes executable
C:\WINDOWS\system32\drivers\ati1rvxx.sys 63663 bytes executable
C:\WINDOWS\system32\drivers\ati1snxx.sys 26367 bytes executable
C:\WINDOWS\system32\drivers\ati1ttxx.sys 21343 bytes executable
C:\WINDOWS\system32\drivers\ati1tuxx.sys 36463 bytes executable
C:\WINDOWS\system32\drivers\ati1xbxx.sys 29455 bytes executable
C:\WINDOWS\system32\drivers\ati1xsxx.sys 34735 bytes executable
C:\WINDOWS\system32\drivers\ati2mtaa.sys 327168 bytes executable
C:\WINDOWS\system32\drivers\ati2mtag.sys 701440 bytes executable
C:\WINDOWS\system32\drivers\atinbtxx.sys 57856 bytes executable
C:\WINDOWS\system32\drivers\atinmdxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atinpdxx.sys 14336 bytes executable
C:\WINDOWS\system32\drivers\atinraxx.sys 52224 bytes executable
C:\WINDOWS\system32\drivers\atinrvxx.sys 104960 bytes executable
C:\WINDOWS\system32\drivers\atinsnxx.sys 28672 bytes executable
C:\WINDOWS\system32\drivers\atinttxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atintuxx.sys 73216 bytes executable
C:\WINDOWS\system32\drivers\atinxbxx.sys 31744 bytes executable
C:\WINDOWS\system32\drivers\atinxsxx.sys 63488 bytes executable
C:\WINDOWS\system32\drivers\ativmc20.cod 64352 bytes
C:\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\01\10-{B10C5A70-5F52-6B02-540E-4621F4794CE7}-v1-{8058391C-C4EF-490A-BFA6-0228011399B4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\04\304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\05\305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 456 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\06\306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4134 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\08\308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\09\309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\10\310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 424 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\11\311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\12\312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\13\313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\14\314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\15\315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\16\316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\17\317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\18\318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\19\319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\20\320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\tizibou@hotmail.com\SharingMetadata\cecilia_huet@hotmail.fr\DFSR\Staging\CS{AA62AF11-2777-76FC-41D3-082309C9F36E}\01\11-{AA62AF11-2777-76FC-41D3-082309C9F36E}-v1-{FB8C97F1-9154-4269-BD49-A2621F0CE8C4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 55
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 1 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\BIT4C.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c938fdf4fabf9a9109aa1fa9ac821c2\BIT36.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84c8ebea30ffe407ee908e9caa0bd074\BIT4E.tmp"
Thu 1 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 1 Mar 2007 20 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 26 Feb 2007 312 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Thu 1 Mar 2007 1,536 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c94fdf84dc55e9a818c8222bafc1812\download\BIT60.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4eeab5e9badabf8752919b7df37ed651\download\BIT6F.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\download\BIT71.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT69.tmp"
Finished!
Je n'arrive pas à me débarasser de ce cheval de troie !! ( Win32:Agent-OKM [Trj] ) Qui pourrait me donner la solution ? Merci par avance !
Voici le résultat de SDFix:
SDFix: Version 1.118
Run by Mauxion on 17/12/2007 at 15:42
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
ctl_w32
Path:
\SystemRoot\system32\drivers\ctl_w32.sys
ctl_w32 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service NdisWon - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\7_exception.nls - Deleted
C:\WINDOWS\system32\RunOnce.t__ - Deleted
C:\WINDOWS\system32\RunOnce.tmp - Deleted
Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 15:48:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Axmq83]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Vet Drivers\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Temp\_av_proI.tm~a02316
C:\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
C:\WINDOWS\system32\drivers\symavc32.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\atmlane.sys 55936 bytes executable
C:\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
C:\WINDOWS\system32\drivers\atv01nt5.dll 21183 bytes executable
C:\WINDOWS\system32\drivers\atv02nt5.dll 11359 bytes executable
C:\WINDOWS\system32\drivers\atv04nt5.dll 25471 bytes executable
C:\WINDOWS\system32\drivers\atv06nt5.dll 14143 bytes executable
C:\WINDOWS\system32\drivers\atv10nt5.dll 17279 bytes executable
C:\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
C:\WINDOWS\system32\drivers\Axmq83.sys 183808 bytes executable
C:\WINDOWS\system32\drivers\ati1mdxx.sys 11615 bytes executable
C:\WINDOWS\system32\drivers\ati1pdxx.sys 12047 bytes executable
C:\WINDOWS\system32\drivers\ati1raxx.sys 30671 bytes executable
C:\WINDOWS\system32\drivers\ati1rvxx.sys 63663 bytes executable
C:\WINDOWS\system32\drivers\ati1snxx.sys 26367 bytes executable
C:\WINDOWS\system32\drivers\ati1ttxx.sys 21343 bytes executable
C:\WINDOWS\system32\drivers\ati1tuxx.sys 36463 bytes executable
C:\WINDOWS\system32\drivers\ati1xbxx.sys 29455 bytes executable
C:\WINDOWS\system32\drivers\ati1xsxx.sys 34735 bytes executable
C:\WINDOWS\system32\drivers\ati2mtaa.sys 327168 bytes executable
C:\WINDOWS\system32\drivers\ati2mtag.sys 701440 bytes executable
C:\WINDOWS\system32\drivers\atinbtxx.sys 57856 bytes executable
C:\WINDOWS\system32\drivers\atinmdxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atinpdxx.sys 14336 bytes executable
C:\WINDOWS\system32\drivers\atinraxx.sys 52224 bytes executable
C:\WINDOWS\system32\drivers\atinrvxx.sys 104960 bytes executable
C:\WINDOWS\system32\drivers\atinsnxx.sys 28672 bytes executable
C:\WINDOWS\system32\drivers\atinttxx.sys 13824 bytes executable
C:\WINDOWS\system32\drivers\atintuxx.sys 73216 bytes executable
C:\WINDOWS\system32\drivers\atinxbxx.sys 31744 bytes executable
C:\WINDOWS\system32\drivers\atinxsxx.sys 63488 bytes executable
C:\WINDOWS\system32\drivers\ativmc20.cod 64352 bytes
C:\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\01\10-{B10C5A70-5F52-6B02-540E-4621F4794CE7}-v1-{8058391C-C4EF-490A-BFA6-0228011399B4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\04\304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\05\305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 456 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\06\306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4134 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\07\307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\08\308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\09\309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\10\310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 424 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\11\311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\12\312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\13\313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\14\314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\15\315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\16\316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\17\317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\18\318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\19\319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v319-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\julienmauxion@hotmail.com\SharingMetadata\thomassouchon@hotmail.com\DFSR\Staging\CS{B10C5A70-5F52-6B02-540E-4621F4794CE7}\20\320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-{C5524CFA-9711-4F0D-908E-B75863AC6DAC}-v320-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Mauxion\Local Settings\Application Data\Microsoft\Messenger\tizibou@hotmail.com\SharingMetadata\cecilia_huet@hotmail.fr\DFSR\Staging\CS{AA62AF11-2777-76FC-41D3-082309C9F36E}\01\11-{AA62AF11-2777-76FC-41D3-082309C9F36E}-v1-{FB8C97F1-9154-4269-BD49-A2621F0CE8C4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 55
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 1 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\BIT4C.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c938fdf4fabf9a9109aa1fa9ac821c2\BIT36.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84c8ebea30ffe407ee908e9caa0bd074\BIT4E.tmp"
Thu 1 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 1 Mar 2007 20 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 26 Feb 2007 312 ...H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Thu 1 Mar 2007 1,536 A..H. --- "C:\Documents and Settings\Mauxion\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c94fdf84dc55e9a818c8222bafc1812\download\BIT60.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4eeab5e9badabf8752919b7df37ed651\download\BIT6F.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\download\BIT71.tmp"
Fri 26 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT69.tmp"
Finished!
A voir également:
- Cheval de troie
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Qu'est ce que le cheval au poker - Forum Virus
- Comment se débarrasser d'un cheval de troie ✓ - Forum Virus
- Retrouver son cheval skyrim - Forum Jeux PC
