voici le rapport sdfix
SDFix: Version 1.240
Run by HP_Administrateur on 30/11/2008 at 15:00
Microsoft Windows XP [version 5.1.2600]
Running From: C:SDFix
Checking Services :
Name :
srtwe
Path :
??C:WINDOWSsystem32driverssrtwe.sys
srtwe - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:-10037~1 - Deleted
C:Documents and SettingsAll UsersMenu DémarrerProgrammesAntivirus XP 2008Antivirus XP 2008.lnk - Deleted
C:Documents and SettingsAll UsersMenu DémarrerProgrammesAntivirus XP 2008How to Register Antivirus XP 2008.lnk - Deleted
C:Documents and SettingsAll UsersMenu DémarrerProgrammesAntivirus XP 2008License Agreement.lnk - Deleted
C:Documents and SettingsAll UsersMenu DémarrerProgrammesAntivirus XP 2008Register Antivirus XP 2008.lnk - Deleted
C:Documents and SettingsAll UsersMenu DémarrerProgrammesAntivirus XP 2008Uninstall.lnk - Deleted
C:Documents and SettingsHP_AdministrateurApplication DataMicrosoftInternet ExplorerQuick LaunchAntivirus XP 2008.lnk - Deleted
C:Documents and SettingsAll UsersMenu DémarrerProgrammesAntivirus XP 2008.lnk - Deleted
C:WINDOWSsystem32crypts.dll - Deleted
C:WINDOWSsystem32driverssrtwe.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-30 15:13:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg]
"s1"=dword:42d64c4c
"s2"=dword:090a811f
"h0"=dword:00000002
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:3f,5a,b4,91,5b,4c,a4,8c,46,f2,89,4e,ee,b8,84,c4,27,9a,88,8b,e5,..
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:7a,4f,1d,f3,be,31,79,b9,95,a7,84,26,7c,0b,66,c6,d1,5a,fc,a4,44,..
"p0"="C:Program FilesDAEMON Tools Lite"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4 0000001]
"khjeh"=hex:65,04,0e,df,1f,3d,39,b2,a2,53,ad,48,f1,de,be,a8,c9,a3,a0,d3,cf,..
"a0"=hex:20,01,00,00,4b,ab,e8,94,a1,ee,e7,ce,8f,30,ec,4d,8d,83,60,61,5d,..
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4 0000001 Jf40]
"khjeh"=hex:8d,40,8b,7c,65,6d,0e,d9,46,6e,36,95,12,60,5e,ae,1c,18,36,1f,0d,..
[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicessptdCfg D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:3f,5a,b4,91,5b,4c,a4,8c,46,f2,89,4e,ee,b8,84,c4,27,9a,88,8b,e5,..
[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:7a,4f,1d,f3,be,31,79,b9,95,a7,84,26,7c,0b,66,c6,d1,5a,fc,a4,44,..
"p0"="C:Program FilesDAEMON Tools Lite"
[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4 0000001]
"khjeh"=hex:65,04,0e,df,1f,3d,39,b2,a2,53,ad,48,f1,de,be,a8,c9,a3,a0,d3,cf,..
"a0"=hex:20,01,00,00,4b,ab,e8,94,a1,ee,e7,ce,8f,30,ec,4d,8d,83,60,61,5d,..
[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4 0000001 Jf40]
"khjeh"=hex:8d,40,8b,7c,65,6d,0e,d9,46,6e,36,95,12,60,5e,ae,1c,18,36,1f,0d,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:SDFixackupsackups.zip
Files with Hidden Attributes :
Sat 30 Dec 2006 211 A.SHR --- "C:BOOT.BAK"
Sun 7 Sep 2008 56 ..SHR --- "C:WINDOWSsystem327E021C7F4C.sys"
Sun 7 Sep 2008 12,518 A.SH. --- "C:WINDOWSsystem32KGyGaAvL.sys"
Sun 31 Dec 2006 4,348 A.SH. --- "C:Documents and SettingsAll UsersDRMDRMv1.bak"
Tue 24 Jun 2008 95 A..H. --- "C:Program FilesInterActualInterActual Playeriti9.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:WINDOWSSoftwareDistributionDownloadf7db876e78b88fd8276fd7d29cb7e4ebBIT1.tmp"
Sun 31 Dec 2006 4,348 A.SH. --- "C:Documents and SettingsHP_AdministrateurMes documentsMa musiqueSauvegarde de la licencedrmv1key.bak"
Fri 3 Aug 2007 11,116 A.SH. --- "C:Documents and SettingsHP_AdministrateurMes documentsMa musiqueSauvegarde de la licencedrmv2key.bak"
Finished!