High-Tech Santé Médecine Droit-Finances

Réalisation

vidéo numérique

Rechercher : dans
Par :

Backdoor.generic10.axha

Dernière réponse le 26 jun 2009 à 18:12:46 emmo, le 21 avr 2009 à 12:55:30 
 Signaler ce message aux modérateurs

Bonjour,
J'ai de puis quelques jours le trojan suivant:
backdoor.generic10.axha
Je pense que je l'ai chopé avec une clé USB.
AVG le voit à chaque ouverture de l'ordinateur ou à chaque ouverture d'unité.
Quelqu'un peut m'aider?
Merci d'avance

Configuration: Windows XP
Internet Explorer 7.0

Meilleures réponses pour « backdoor.generic10.axha » dans :
[Windows] Désinstaller Windows Media Player 9, 10 ou 11 VoirLe lecteur Windows Media Player (WMP) est particulièrement difficile à supprimer car il s'agit d'un composant intégré au système d'exploitation Windows. Désinstallation de Windows Media Player 10 ou 11 Désinstallation de Windows Media Player...
Désinstaller proprement Bit Defender 9 et 10 VoirPour désinstaller complètement Bit Defender 9, aller sur le site du fabriquant pour télécharger leur outil de désinstallation. Pour la version 10, suivre le lien suivant.
Adresse IP statique sous Ubuntu 8.10 VoirUbuntu 8.10 est fourni avec NetworkManager, un gestionnaire de réseau assez agressif qui essaie à tout prix trouver et maintenir une connexion internet. Le but de NetworkManager est de fournir une connexion internet simplifiée. Le problème c'est...
Posez votre question Répondre

1

Chiquitine29, le 21 avr 2009 à 12:56:38
  • +1

Salut ,

Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt
@+

   
Répondre à Chiquitine29

2

emmo, le 21 avr 2009 à 15:03:46

Voici le contenu de log.txt et merci pour ton aide

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-21 15:59:34
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 4 GB (24%) free of 18 GB
Total RAM: 510 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:13, on 21/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
C:\WINDOWS\system32\xgpinbgnd.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Keyyo Softphone X-Lite\KeyyoXLite.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\WINDOWS\system32\Wscript.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http:­//www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http:­//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http:­//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http:­//www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http:­//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http:­//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - D:\Personnel\CCM\TAPBar.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - D:\Personnel\CCM\TAPBar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [GC75-Manager-Class] "C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe" -startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [USBPhoneSkype] C:\Program Files\USBPhoneSkype\USBPhoneSkype.exe
O4 - HKLM\..\Run: [spc1000] C:\WINDOWS\vspc1000.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [XeroxScanUtility] C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe 1
O4 - HKLM\..\Run: [XeroxEndeavorBackgroundTask] C:\WINDOWS\system32\xgpinbgnd.exe 1
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [XSC SIP Client] "D:\Keyyo Softphone X-Lite\KeyyoXLite.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MySurvey Messenger.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/...
O16 - DPF: {748838B0-D6B1-4B68-B19F-29DE8661F020} (omikron Interface for Plugins Version 1) - https://www.brdoffice.ro/smartoffice/resource/plugx2.ocx
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D998B43-AE89-47E0-8D12-6A7F5F06A988}: NameServer = 83.222.191.193,83.222.191.194
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EACD873-39CF-4CC1-83FC-4BF78BFABE85}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
End of file - 12126 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-19 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
EoBho Class - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{988B07F5-7392-455A-8A1F-64935CB8B6ED}]
BHO Barre de Confiance CM-CIC - D:\P [2005-01-06 1528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-03-19 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - Barre de confiance CM-CIC - D:\P [2005-01-06 1528]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-03-19 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-02-25 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-02-25 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\System32\WLTRAY.exe [2005-12-19 1347584]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"GC75-Manager-Class"=C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe [2004-03-27 721017]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"EoEngine"= []
"EoWeather"= []
"USBPhoneSkype"=C:\Program Files\USBPhoneSkype\USBPhoneSkype.exe [2006-03-08 180224]
"spc1000"=C:\WINDOWS\vspc1000.exe [2007-07-12 675840]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"XeroxScanUtility"=C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe [2008-03-18 430080]
"XeroxEndeavorBackgroundTask"=C:\WINDOWS\system32\xgpinbgnd.exe [2008-03-13 80896]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2008-02-21 1647912]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-19 1932568]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"regdiit"=C:\WINDOWS\system32\winxp.exe []
"CTFMON"=C:\WINDOWS\system32\wscript.exe [2008-05-08 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"XSC SIP Client"=D:\Keyyo Softphone X-Lite\KeyyoXLite.exe [2004-11-30 3424256]

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
MySurvey Messenger.lnk - C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{3CFCDC11-4584-464B-9194-594D6E1CB246}\Icon3CFCDC113.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-19 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-25 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WinHTTrack\WinHTTrack.exe"="C:\Program Files\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes"
"E:\fscommand\Vividas.exe"="E:\fscommand\Vividas.exe:*:Enabled:Vividas Player"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0"
"C:\Program Files\Keyyo Softphone X-Lite\KeyyoXLite.exe"="C:\Program Files\Keyyo Softphone X-Lite\KeyyoXLite.exe:*:Enabled:KeyyoXLite"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"D:\Keyyo Softphone X-Lite\KeyyoXLite.exe"="D:\Keyyo Softphone X-Lite\KeyyoXLite.exe:*:Enabled:KeyyoXLite"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22f258c2-087a-11dc-9b28-0010c636c2f6}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22f258c3-087a-11dc-9b28-0010c636c2f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ee1d5b2-2b24-11de-8371-009096a7334f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e462b80-29f7-11de-836f-0010c636c2f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c12e961-e652-11da-9835-000f1fa123b9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b84ee042-e5b1-11da-a5dc-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b84ee043-e5b1-11da-a5dc-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}]
shell\AutoRun\command - F:\9.cmd
shell\explore\command - F:\9.cmd
shell\open\command - F:\9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}]
shell\AutoRun\command - F:\ie.exe
shell\explore\command - F:\ie.exe
shell\open\command - F:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e374e600-c37c-11dc-9d26-000f1fa123b9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg


======List of files/folders created in the last 1 months======

2009-04-21 15:59:35 ----D---- C:\Program Files\trend micro
2009-04-21 15:59:34 ----D---- C:\rsit
2009-03-26 17:39:47 ----D---- C:\WINDOWS\system32\embedded
2009-03-25 13:05:18 ----HD---- C:\$AVG8.VAULT$

======List of files/folders modified in the last 1 months======

2009-04-21 15:59:35 ----RD---- C:\Program Files
2009-04-21 15:58:02 ----D---- C:\WINDOWS\Temp
2009-04-21 15:40:39 ----D---- C:\Program Files\Mozilla Firefox
2009-04-21 15:04:15 ----D---- C:\WINDOWS\Prefetch
2009-04-21 14:16:18 ----D---- C:\WINDOWS\system32
2009-04-21 14:14:03 ----D---- C:\WINDOWS
2009-04-21 14:03:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-21 09:00:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-18 00:25:02 ----A---- C:\WINDOWS\win.ini
2009-04-18 00:24:54 ----D---- C:\Program Files\Dictionary
2009-04-18 00:24:12 ----D---- C:\Program Files\Dictionnaire
2009-04-16 16:35:10 ----D---- C:\Documents and Settings\Administrateur\Application Data\Skype
2009-04-16 16:00:06 ----D---- C:\Documents and Settings\Administrateur\Application Data\skypePM
2009-04-14 19:01:02 ----D---- C:\Documents and Settings\Administrateur\Application Data\Delivery
2009-04-14 19:01:00 ----A---- C:\WINDOWS\DeliveryReader.INI
2009-04-07 23:29:31 ----SHD---- C:\System Volume Information
2009-04-07 12:24:40 ----D---- C:\Documents and Settings\Administrateur\Application Data\U3
2009-04-06 09:11:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-01 14:55:10 ----SHD---- C:\WINDOWS\CSC
2009-03-31 19:43:57 ----A---- C:\ASLog.txt
2009-03-26 10:08:22 ----D---- C:\WINDOWS\system32\drivers
2009-03-24 09:24:17 ----HD---- C:\Config.Msi
2009-03-23 12:35:18 ----SHD---- C:\WINDOWS\Installer
2009-03-23 12:33:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-23 12:33:32 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-03-23 12:33:32 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-19 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-19 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-26 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-30 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-30 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-22 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-01 8552]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-03-19 29208]
R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2006-09-05 71808]
R3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\System32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-08-21 140800]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-02-25 681629]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-07-22 5888]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]
R3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\Softwin\BitDefender Firewall\bdftdif.sys []
S1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-03-19 29208]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196); C:\WINDOWS\system32\DRIVERS\gtusbmdm_gpc6400.sys [2004-01-12 158068]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 19034]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-09-15 47360]
S3 phaudlwr;Philips Audio Filter; C:\WINDOWS\system32\DRIVERS\phaudlwr.sys [2007-07-12 88320]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [2003-02-19 41344]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMC2835W_PCI;SMC2835W 2.4GHz 54 Mbps Wireless Cardbus Driver; C:\WINDOWS\System32\DRIVERS\2835WICB.sys [2004-04-30 385920]
S3 SPC1000;USB2.0 PC Camera (SPC1000); C:\WINDOWS\system32\DRIVERS\spc1000.sys [2007-07-12 3033856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-19 298264]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-03-26 1356616]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe []
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-02-21 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

   
Répondre à emmo

3

Chiquitine29, le 21 avr 2009 à 15:20:42
  • +1

Re,

Telecharge et install UsbFix

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisis l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

@+

   
Répondre à Chiquitine29

4

emmo, le 24 avr 2009 à 08:38:32

Bonjour,
voici le résultat du test.
Désolé pour la réponse tardive mais j'étais en déplacement.

############################## [ UsbFix V3.011 ]

# User : Administrateur (Administrateurs) # EMO
# Update on 23/04/09 by C_XX & Chiquitine29
# Start at: 09:34:09 | 24/04/2009

# Intel(R) Pentium(R) M processor 1600MHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : AVG Internet Security 8.5 [ Enabled | Updated ]
# FW : AVG Firewall[ Enabled ]8.5

# C:\ # Disque fixe local # 17,58 Go (4,23 Go free) # NTFS
# D:\ # Disque fixe local # 19,67 Go (5,11 Go free) #DONNEES # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1001,97 Mo (126,69 Mo free) [KINGSTON] # FAT
# G:\ # Disque fixe local # 298,02 Go (242,53 Go free) [VERBATIM] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
C:\WINDOWS\system32\xgpinbgnd.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Keyyo Softphone X-Lite\KeyyoXLite.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com"
HKCU_Main: "Start Page"="http://fr.msn.com/"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IgfxTray=C:\WINDOWS\System32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe
HKLM_Run: Broadcom Wireless Manager UI=C:\WINDOWS\System32\WLTRAY.exe
HKLM_Run: Apoint=C:\Program Files\Apoint\Apoint.exe
HKLM_Run: GC75-Manager-Class="C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe" -startup
HKLM_Run: AdaptecDirectCD="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM_Run: EoEngine=
HKLM_Run: EoWeather=
HKLM_Run: USBPhoneSkype=C:\Program Files\USBPhoneSkype\USBPhoneSkype.exe
HKLM_Run: spc1000=C:\WINDOWS\vspc1000.exe
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: XeroxScanUtility=C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe 1
HKLM_Run: XeroxEndeavorBackgroundTask=C:\WINDOWS\system32\xgpinbgnd.exe 1
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: NBKeyScan="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: regdiit=C:\WINDOWS\system32\winxp.exe
HKLM_Run: CTFMON=C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKCU_Run: XSC SIP Client="D:\Keyyo Softphone X-Lite\KeyyoXLite.exe"

################## [ Informations ]

# Contenu de l'autorun C:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg

# Contenu de l'autorun D:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg

# Contenu de l'autorun F:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg

# Contenu de l'autorun G:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg


################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\winjpg.jpg
Found ! C:\winfile.jpg
Found ! C:\autorun.inf
Found ! D:\winfile.jpg
Found ! D:\autorun.inf
Found ! F:\winfile.jpg
Found ! F:\autorun.inf
Found ! G:\winfile.jpg
Found ! G:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{22f258c2-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{22f258c3-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2ee1d5b2-2b24-11de-8371-009096a7334f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{341bd670-026b-11de-9f60-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{4e462b80-29f7-11de-836f-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9c12e961-e652-11da-9835-000f1fa123b9}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b84ee042-e5b1-11da-a5dc-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b84ee043-e5b1-11da-a5dc-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{e374e600-c37c-11dc-9d26-000f1fa123b9}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.011 ! ]

   
Répondre à emmo

5

Chiquitine29, le 24 avr 2009 à 08:46:21

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisis l option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

@+

   
Répondre à Chiquitine29

6

emmo, le 24 avr 2009 à 11:42:24

Et voici le nouveau rapport
Merci pour l'aide

############################## [ UsbFix V3.011 ]

# User : Administrateur (Administrateurs) # EMO
# Update on 23/04/09 by C_XX & Chiquitine29
# Start at: 12:37:42 | 24/04/2009

# Intel(R) Pentium(R) M processor 1600MHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : AVG Internet Security 8.5 [ Enabled | Updated ]
# FW : AVG Firewall[ (!) Disabled ]8.5

# C:\ # Disque fixe local # 17,58 Go (4,23 Go free) # NTFS
# D:\ # Disque fixe local # 19,67 Go (5,11 Go free) #DONNEES # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1001,97 Mo (126,69 Mo free) [KINGSTON] # FAT
# G:\ # Disque fixe local # 298,02 Go (242,53 Go free) [VERBATIM] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32\winjpg.jpg
Deleted ! C:\winfile.jpg
Deleted ! C:\autorun.inf
Deleted ! D:\winfile.jpg
Deleted ! D:\autorun.inf
Deleted ! D:\DRVIMAGE.PIF
Deleted ! F:\winfile.jpg
Deleted ! F:\autorun.inf
Deleted ! G:\winfile.jpg
Deleted ! G:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Deleted ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Deleted ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Deleted ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IgfxTray=C:\WINDOWS\System32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe
HKLM_Run: Broadcom Wireless Manager UI=C:\WINDOWS\System32\WLTRAY.exe
HKLM_Run: Apoint=C:\Program Files\Apoint\Apoint.exe
HKLM_Run: GC75-Manager-Class="C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe" -startup
HKLM_Run: AdaptecDirectCD="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM_Run: EoEngine=
HKLM_Run: EoWeather=
HKLM_Run: USBPhoneSkype=C:\Program Files\USBPhoneSkype\USBPhoneSkype.exe
HKLM_Run: spc1000=C:\WINDOWS\vspc1000.exe
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: XeroxScanUtility=C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe 1
HKLM_Run: XeroxEndeavorBackgroundTask=C:\WINDOWS\system32\xgpinbgnd.exe 1
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: NBKeyScan="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKCU_Run: XSC SIP Client="D:\Keyyo Softphone X-Lite\KeyyoXLite.exe"

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{22f258c2-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{22f258c3-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2ee1d5b2-2b24-11de-8371-009096a7334f}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{4e462b80-29f7-11de-836f-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e374e600-c37c-11dc-9d26-000f1fa123b9}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\UsbFix.exe
C:\boot.ini
D:\MOUSE.COM
D:\Firefox Setup 2.0.exe
D:\PARTINFO.EXE
D:\PQDI.EXE
D:\PQDIFE32.EXE
D:\PQPACKET.EXE
D:\RUNDOS.EXE
D:\avg_ipw_stf_all_85_276a1438.exe
D:\vcleaner.exe
D:\OOo_2.4.0_Win32Intel_install_wJRE_fr.exe
D:\MOUSE.INI
D:\P1010036b.JPG
F:\TravelerSafe+.exe
F:\MyTraveler.exe
G:\calc.exe
G:\NBDBList.ini

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.011 ! ]

   
Répondre à emmo

7

emmo, le 24 avr 2009 à 11:51:52

Je n'ai plus de messages d'alerte à l'ouverture des différents lecteurs (en particulier C/ ou D/). De plus je n'ai plus dans le menu (click droit) d'autorun sur ces mêmes lecteurs.
Est-ce qu'il y a encore quelquechose à faire?
Notamment à quoi sert "vacciner les lecteurs" dans UsbFix?
En tout cas un grand merci pour l'aide.
@+

   
Répondre à emmo

8

Chiquitine29, le 24 avr 2009 à 12:01:25

Re ,

la vaccination sert a créer des dossiers autorun.inf sur tes disque , mais usbfix l a fait durant le nettoyage .

Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK

Rends toi sur ce site :

http://www.virustotal.com/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\vspc1000.exe


Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.


Ensuite :

élécharge Ad-remover ( de C_XX ) sur ton bureau ( et pas ailleurs!) :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

! Déconnecte toi et ferme toutes applications en cours !

* Clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installe par défaut .
* Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
* Au menu principal choisis l'option "A" et tape sur [entrée] .

Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Aides en images ( Installation ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_instal.html
Aides en images ( Recherche ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_recherche.html


@+

   
Répondre à Chiquitine29

9

emmo, le 24 avr 2009 à 12:11:18

Voici le résultat de Virus Total:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.12.2 2008.12.15 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.14 -
Avast 4.8.1281.0 2008.12.14 -
AVG 8.0.0.199 2008.12.14 -
BitDefender 7.2 2008.12.15 -
CAT-QuickHeal 10.00 2008.12.15 -
ClamAV 0.94.1 2008.12.15 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.14 -
eTrust-Vet 31.6.6258 2008.12.12 -
Ewido 4.0 2008.12.14 -
F-Prot 4.4.4.56 2008.12.14 -
F-Secure 8.0.14332.0 2008.12.15 -
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.15 -
Ikarus T3.1.1.45.0 2008.12.15 -
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.15 -
McAfee 5464 2008.12.14 -
McAfee+Artemis 5464 2008.12.14 -
Microsoft 1.4205 2008.12.15 -
NOD32 3691 2008.12.14 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.14 -
PCTools 4.4.2.0 2008.12.14 -
Prevx1 V2 2008.12.15 -
Rising 21.08.01.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.15 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.15 -
TheHacker 6.3.1.4.188 2008.12.14 -
TrendMicro 8.700.0.1004 2008.12.15 -
VBA32 3.12.8.10 2008.12.14 -
ViRobot 2008.12.15.1517 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.14 -
Information additionnelle
File size: 675840 bytes
MD5...: 2dff4944ef909bae2c01a80618e60064
SHA1..: 6d1991df81e24c9e9458b00e46ec79f488296618
SHA256: b8785d30aa5b7e53a21ff463e3bbb95584268fb399dab43d2705328cd776­ea52
SHA512: 0f1cfc0dc4acbe41d7ae4c66fbf9bcf055ee4a559ca0da62c35831e27f6d­0cd5
c690a163f211ca5c1cf37f19a8e4481da4552f16f5835a64b1126949ce77­7d09
ssdeep: 12288:cihdhASRAVmIopy3NObeByGIUV7g6nK/85/8S0:c8jRWmFkobNGI27­g6K/
85/8S0
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (59.5%)
Windows Screen Saver (20.6%)
Win32 Executable Generic (13.4%)
Generic Win/DOS Executable (3.1%)
DOS Executable Generic (3.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x430937
timedatestamp.....: 0x465e716c (Thu May 31 06:55:40 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6c824 0x6d000 6.73 44903dbf9efd19bc511c82fedf60ce3a
.rdata 0x6e000 0x10f78 0x11000 4.93 e3c9acc9a0d4083b5b226e5cec1b8616
.data 0x7f000 0x1721c 0x14000 5.78 5228bba737c23160569978ed92ddb85a
.data1 0x97000 0x2a8 0x1000 0.81 b3ea2c6a76b600d75fa305ebe6dbe155
.rsrc 0x98000 0x1030c 0x11000 4.83 09a589606a80630fdd8c062e830a3a62

( 13 imports )
> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> WINMM.dll: PlaySoundA, mixerGetControlDetailsA, mixerSetControlDetails, mixerGetDevCapsA, mixerOpen, mixerGetNumDevs, mixerGetLineControlsA, mixerGetLineInfoA, mixerClose
> KERNEL32.dll: GetCPInfo, GetOEMCP, WritePrivateProfileStringA, SetErrorMode, FileTimeToLocalFileTime, GetFileAttributesA, GetFileTime, GetTickCount, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, ExitProcess, CreateThread, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetACP, LCMapStringA, LCMapStringW, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, FileTimeToSystemTime, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, GlobalFlags, CreateFileA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, DuplicateHandle, GetThreadLocale, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, InterlockedDecrement, GetModuleFileNameW, GetCurrentProcessId, SuspendThread, SetThreadPriority, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, lstrcmpA, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpW, SetLastError, GlobalAlloc, FormatMessageA, LocalFree, MulDiv, GlobalLock, GlobalUnlock, GlobalFree, FreeResource, lstrlenA, CompareStringW, CompareStringA, GetVersion, MultiByteToWideChar, InterlockedExchange, GetModuleHandleA, WinExec, OutputDebugStringA, LoadLibraryExA, GetSystemDirectoryA, GetCurrentProcess, WaitForSingleObject, ResumeThread, SetEvent, Sleep, CreateEventA, GetVersionExA, LoadLibraryA, GetProcAddress, FreeLibrary, CreateMutexA, GetLastError, CloseHandle, WideCharToMultiByte, FindResourceA, LoadResource, LockResource, SizeofResource, GetModuleFileNameA, ExitThread
> USER32.dll: ReleaseCapture, DestroyMenu, LoadMenuA, ReuseDDElParam, UnpackDDElParam, IsZoomed, InflateRect, GetMenuItemInfoA, GetSysColorBrush, SetCapture, WindowFromPoint, CharNextA, CopyAcceleratorTableA, IsRectEmpty, InvalidateRgn, GetNextDlgGroupItem, MessageBeep, UnregisterClassA, SetParent, RegisterClipboardFormatA, GetDCEx, LockWindowUpdate, PostThreadMessageA, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, FillRect, SetWindowContextHelpId, MapDialogRect, GetWindowThreadProcessId, ShowOwnedPopups, SetCursor, GetMessageA, TranslateMessage, GetCursorPos, ValidateRect, PostQuitMessage, ShowWindow, MoveWindow, IsDialogMessageA, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, ModifyMenuA, EnableMenuItem, CheckMenuItem, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, IsChild, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassNameA, SetPropA, LoadAcceleratorsA, RemovePropA, GetFocus, GetForegroundWindow, GetLastActivePopup, DispatchMessageA, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, PeekMessageA, MapWindowPoints, ScrollWindow, TrackPopupMenu, GetKeyState, SetScrollRange, IsWindowVisible, UpdateWindow, MessageBoxA, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, CopyRect, GetScrollInfo, SetScrollInfo, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowTextLengthA, GetWindowTextA, GetScrollPos, SetScrollPos, GetWindow, SetFocus, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetWindowLongA, GetDlgItem, IsWindowEnabled, GetParent, GetNextDlgTabItem, EndDialog, CharUpperA, SetWindowTextA, InsertMenuItemA, CreatePopupMenu, SetRectEmpty, BringWindowToTop, SetMenu, TranslateAcceleratorA, EndPaint, BeginPaint, GetWindowDC, GetPropA, ReleaseDC, LoadCursorA, AdjustWindowRect, GetDC, InvalidateRect, GetWindowRect, GetMenu, CheckMenuRadioItem, SetRect, SetForegroundWindow, IsWindow, PostMessageA, GetSystemMetrics, LoadIconA, KillTimer, SetTimer, GetClientRect, IsIconic, SendMessageA, DrawIcon, EnableWindow
> GDI32.dll: TextOutA, ExtTextOutA, Escape, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, CreateRectRgn, ExtSelectClipRgn, CreatePatternBrush, GetStockObject, RectVisible, CreateSolidBrush, CreateCompatibleBitmap, GetTextMetricsA, GetTextExtentPoint32A, CreateFontIndirectA, GetBkColor, GetTextColor, CreateRectRgnIndirect, GetRgnBox, SetRectRgn, CombineRgn, GetMapMode, PatBlt, SelectClipRgn, PtVisible, GetPixel, GetWindowExtEx, GetViewportExtEx, SetTextColor, GetClipBox, GetDeviceCaps, BitBlt, DeleteDC, CreateCompatibleDC, GetObjectType, CreateDIBitmap, SelectObject, DeleteObject, IntersectClipRect, ExcludeClipRect, SetMapMode, SetBkMode, RestoreDC, SaveDC, CreateBitmap, GetObjectA, SetBkColor
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
> ADVAPI32.dll: RegCreateKeyExA, RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, RegEnumValueA, RegSetValueExA, OpenSCManagerA, OpenServiceA, QueryServiceStatus, ControlService, StartServiceA, CloseServiceHandle, RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> SHELL32.dll: DragFinish, DragQueryFileA
> SHLWAPI.dll: PathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
> oledlg.dll: -
> ole32.dll: CLSIDFromProgID, CoTaskMemAlloc, CLSIDFromString, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, CoGetClassObject, CoRegisterMessageFilter, OleFlushClipboard, OleIsCurrentClipboard, CoRevokeClassObject, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, StgOpenStorageOnILockBytes
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )

   
Répondre à emmo

10

emmo, le 26 avr 2009 à 09:30:16

Et le rapport de ad-remover


------- LOGFILE OF AD-REMOVER 1.1.3.3 | ONLY XP/VISTA -------

Updated by C_XX on 24/04/2009 at 12:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

Start at: 13:18:32, 24/04/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: EMO
Current User: Administrateur - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT)
- G:\ (File System: FAT32)

============ Known Adwares Found ============

.
HKCR\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}
HKCU\Software\FunWebProducts
HKCU\Software\Fun Web Products
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}­
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}­
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00­a6faf1-072e-44cf-8957-5838f569a31d}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07­b18ea1-a523-4961-b6bb-170de4475cca}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07­b18ea9-a523-4961-b6bb-170de4475cca}
HKCU\Software\MyWebSearch
HKLM\Software\Fun Web Products
HKLM\Software\FunWebProducts
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}­
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
HKLM\Software\MyWebSearch
HKLM\Software\Trymedia Systems
HKU\S-1-5-21-436374069-1682526488-854245398-500\Software\Mic­rosoft\Internet Explorer\Searchscopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}­
HKCR\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D3­23AD3}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKLM\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4C­DD239}
.
C:\Program Files\MyWebSearch
C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf

+-----------------| Eorezo Elements Found:

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64­F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-3972369­6E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF­2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C­89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine­
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoweathe­r
.
C:\Program Files\EoRezo
C:\Documents and Settings\Administrateur\Application Data\EoRezo

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.9 ----

ProfilePath: 636kyzuw.default (Administrateur)
.
Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
Prefs.js: Browser.Search.SelectedEngine: "Live Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search bar: hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http
Search Page: hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
First Home Page: hxxp://go.microsoft.com/fwlink/?LinkId=54843

[HKEY_USERS\S-1-5-21-436374069-1682526488-854245398-500\..\Internet Explorer\Main]

Search bar: hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http
Search Page: hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
First Home Page: hxxp://go.microsoft.com/fwlink/?LinkId=54843

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.yahoo.com/
Default_Search_URL: hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http
Search bar: hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http
Search Page: hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http
Start page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

5074 Byte(s) - C:\Ad-Report-Scan-24.04.2009.log

1 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 13:50:08 | 24/04/2009
.
+-----------------| E.O.F
.

   
Répondre à emmo

11

 tazisaid, le 26 jun 2009 à 18:12:46

Bonjour, Je viens de lancer un scan AVG de mon disque dur externe et j'ai eu une alerte me signalant la présence de ce cheval de troie : backdoor.generic10.axha. AVG n'arrive pas à le supprimer Je ne sais pas du tout quoi faire

   
Répondre à tazisaid
Posez votre question Répondre
Ils ont besoin de votre aide