Backdoor.generic10.axha
emmo
-
tazisaid Messages postés 1 Statut Membre -
tazisaid Messages postés 1 Statut Membre -
Bonjour,
J'ai de puis quelques jours le trojan suivant:
backdoor.generic10.axha
Je pense que je l'ai chopé avec une clé USB.
AVG le voit à chaque ouverture de l'ordinateur ou à chaque ouverture d'unité.
Quelqu'un peut m'aider?
Merci d'avance
J'ai de puis quelques jours le trojan suivant:
backdoor.generic10.axha
Je pense que je l'ai chopé avec une clé USB.
AVG le voit à chaque ouverture de l'ordinateur ou à chaque ouverture d'unité.
Quelqu'un peut m'aider?
Merci d'avance
5 réponses
Salut ,
Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt
Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt
re,
Telecharge et install UsbFix
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau .
# Choisis l option 1 ( Recherche )
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Telecharge et install UsbFix
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau .
# Choisis l option 1 ( Recherche )
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Bonjour,
voici le résultat du test.
Désolé pour la réponse tardive mais j'étais en déplacement.
############################## [ UsbFix V3.011 ]
# User : Administrateur (Administrateurs) # EMO
# Update on 23/04/09 by C_XX & Chiquitine29
# Start at: 09:34:09 | 24/04/2009
# Intel(R) Pentium(R) M processor 1600MHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : AVG Internet Security 8.5 [ Enabled | Updated ]
# FW : AVG Firewall[ Enabled ]8.5
# C:\ # Disque fixe local # 17,58 Go (4,23 Go free) # NTFS
# D:\ # Disque fixe local # 19,67 Go (5,11 Go free) #DONNEES # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1001,97 Mo (126,69 Mo free) [KINGSTON] # FAT
# G:\ # Disque fixe local # 298,02 Go (242,53 Go free) [VERBATIM] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
C:\WINDOWS\system32\xgpinbgnd.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Keyyo Softphone X-Lite\KeyyoXLite.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us"
HKCU_Main: "Start Page"="https://www.msn.com/fr-fr"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IgfxTray=C:\WINDOWS\System32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe
HKLM_Run: Broadcom Wireless Manager UI=C:\WINDOWS\System32\WLTRAY.exe
HKLM_Run: Apoint=C:\Program Files\Apoint\Apoint.exe
HKLM_Run: GC75-Manager-Class="C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe" -startup
HKLM_Run: AdaptecDirectCD="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM_Run: EoEngine=
HKLM_Run: EoWeather=
HKLM_Run: USBPhoneSkype=C:\Program Files\USBPhoneSkype\USBPhoneSkype.exe
HKLM_Run: spc1000=C:\WINDOWS\vspc1000.exe
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: XeroxScanUtility=C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe 1
HKLM_Run: XeroxEndeavorBackgroundTask=C:\WINDOWS\system32\xgpinbgnd.exe 1
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: NBKeyScan="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: regdiit=C:\WINDOWS\system32\winxp.exe
HKLM_Run: CTFMON=C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKCU_Run: XSC SIP Client="D:\Keyyo Softphone X-Lite\KeyyoXLite.exe"
################## [ Informations ]
# Contenu de l'autorun C:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
# Contenu de l'autorun D:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
# Contenu de l'autorun F:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
# Contenu de l'autorun G:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\WINDOWS\system32\winjpg.jpg
Found ! C:\winfile.jpg
Found ! C:\autorun.inf
Found ! D:\winfile.jpg
Found ! D:\autorun.inf
Found ! F:\winfile.jpg
Found ! F:\autorun.inf
Found ! G:\winfile.jpg
Found ! G:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{22f258c2-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{22f258c3-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2ee1d5b2-2b24-11de-8371-009096a7334f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{341bd670-026b-11de-9f60-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{4e462b80-29f7-11de-836f-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9c12e961-e652-11da-9835-000f1fa123b9}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b84ee042-e5b1-11da-a5dc-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b84ee043-e5b1-11da-a5dc-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{e374e600-c37c-11dc-9d26-000f1fa123b9}\Shell\AutoRun\command
################## [ ! Fin du rapport # UsbFix V3.011 ! ]
voici le résultat du test.
Désolé pour la réponse tardive mais j'étais en déplacement.
############################## [ UsbFix V3.011 ]
# User : Administrateur (Administrateurs) # EMO
# Update on 23/04/09 by C_XX & Chiquitine29
# Start at: 09:34:09 | 24/04/2009
# Intel(R) Pentium(R) M processor 1600MHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : AVG Internet Security 8.5 [ Enabled | Updated ]
# FW : AVG Firewall[ Enabled ]8.5
# C:\ # Disque fixe local # 17,58 Go (4,23 Go free) # NTFS
# D:\ # Disque fixe local # 19,67 Go (5,11 Go free) #DONNEES # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1001,97 Mo (126,69 Mo free) [KINGSTON] # FAT
# G:\ # Disque fixe local # 298,02 Go (242,53 Go free) [VERBATIM] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
C:\WINDOWS\system32\xgpinbgnd.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Keyyo Softphone X-Lite\KeyyoXLite.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us"
HKCU_Main: "Start Page"="https://www.msn.com/fr-fr"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IgfxTray=C:\WINDOWS\System32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe
HKLM_Run: Broadcom Wireless Manager UI=C:\WINDOWS\System32\WLTRAY.exe
HKLM_Run: Apoint=C:\Program Files\Apoint\Apoint.exe
HKLM_Run: GC75-Manager-Class="C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe" -startup
HKLM_Run: AdaptecDirectCD="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM_Run: EoEngine=
HKLM_Run: EoWeather=
HKLM_Run: USBPhoneSkype=C:\Program Files\USBPhoneSkype\USBPhoneSkype.exe
HKLM_Run: spc1000=C:\WINDOWS\vspc1000.exe
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: XeroxScanUtility=C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe 1
HKLM_Run: XeroxEndeavorBackgroundTask=C:\WINDOWS\system32\xgpinbgnd.exe 1
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: NBKeyScan="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: regdiit=C:\WINDOWS\system32\winxp.exe
HKLM_Run: CTFMON=C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKCU_Run: XSC SIP Client="D:\Keyyo Softphone X-Lite\KeyyoXLite.exe"
################## [ Informations ]
# Contenu de l'autorun C:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
# Contenu de l'autorun D:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
# Contenu de l'autorun F:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
# Contenu de l'autorun G:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\WINDOWS\system32\winjpg.jpg
Found ! C:\winfile.jpg
Found ! C:\autorun.inf
Found ! D:\winfile.jpg
Found ! D:\autorun.inf
Found ! F:\winfile.jpg
Found ! F:\autorun.inf
Found ! G:\winfile.jpg
Found ! G:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{22f258c2-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{22f258c3-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2ee1d5b2-2b24-11de-8371-009096a7334f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{341bd670-026b-11de-9f60-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{4e462b80-29f7-11de-836f-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9c12e961-e652-11da-9835-000f1fa123b9}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b84ee042-e5b1-11da-a5dc-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b84ee043-e5b1-11da-a5dc-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{e374e600-c37c-11dc-9d26-000f1fa123b9}\Shell\AutoRun\command
################## [ ! Fin du rapport # UsbFix V3.011 ! ]
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau
# choisis l option 2 ( Suppression )
# Ton bureau disparaitra et le pc redémarrera .
# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Double clic sur le raccourci UsbFix présent sur ton bureau
# choisis l option 2 ( Suppression )
# Ton bureau disparaitra et le pc redémarrera .
# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Et voici le nouveau rapport
Merci pour l'aide
############################## [ UsbFix V3.011 ]
# User : Administrateur (Administrateurs) # EMO
# Update on 23/04/09 by C_XX & Chiquitine29
# Start at: 12:37:42 | 24/04/2009
# Intel(R) Pentium(R) M processor 1600MHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : AVG Internet Security 8.5 [ Enabled | Updated ]
# FW : AVG Firewall[ (!) Disabled ]8.5
# C:\ # Disque fixe local # 17,58 Go (4,23 Go free) # NTFS
# D:\ # Disque fixe local # 19,67 Go (5,11 Go free) #DONNEES # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1001,97 Mo (126,69 Mo free) [KINGSTON] # FAT
# G:\ # Disque fixe local # 298,02 Go (242,53 Go free) [VERBATIM] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! C:\WINDOWS\system32\winjpg.jpg
Deleted ! C:\winfile.jpg
Deleted ! C:\autorun.inf
Deleted ! D:\winfile.jpg
Deleted ! D:\autorun.inf
Deleted ! D:\DRVIMAGE.PIF
Deleted ! F:\winfile.jpg
Deleted ! F:\autorun.inf
Deleted ! G:\winfile.jpg
Deleted ! G:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Deleted ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Deleted ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Deleted ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IgfxTray=C:\WINDOWS\System32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe
HKLM_Run: Broadcom Wireless Manager UI=C:\WINDOWS\System32\WLTRAY.exe
HKLM_Run: Apoint=C:\Program Files\Apoint\Apoint.exe
HKLM_Run: GC75-Manager-Class="C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe" -startup
HKLM_Run: AdaptecDirectCD="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM_Run: EoEngine=
HKLM_Run: EoWeather=
HKLM_Run: USBPhoneSkype=C:\Program Files\USBPhoneSkype\USBPhoneSkype.exe
HKLM_Run: spc1000=C:\WINDOWS\vspc1000.exe
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: XeroxScanUtility=C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe 1
HKLM_Run: XeroxEndeavorBackgroundTask=C:\WINDOWS\system32\xgpinbgnd.exe 1
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: NBKeyScan="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKCU_Run: XSC SIP Client="D:\Keyyo Softphone X-Lite\KeyyoXLite.exe"
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{22f258c2-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{22f258c3-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2ee1d5b2-2b24-11de-8371-009096a7334f}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{4e462b80-29f7-11de-836f-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e374e600-c37c-11dc-9d26-000f1fa123b9}\Shell\AutoRun\command
################## [ Listing des fichiers présent ]
C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\UsbFix.exe
C:\boot.ini
D:\MOUSE.COM
D:\Firefox Setup 2.0.exe
D:\PARTINFO.EXE
D:\PQDI.EXE
D:\PQDIFE32.EXE
D:\PQPACKET.EXE
D:\RUNDOS.EXE
D:\avg_ipw_stf_all_85_276a1438.exe
D:\vcleaner.exe
D:\OOo_2.4.0_Win32Intel_install_wJRE_fr.exe
D:\MOUSE.INI
D:\P1010036b.JPG
F:\TravelerSafe+.exe
F:\MyTraveler.exe
G:\calc.exe
G:\NBDBList.ini
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.
################## [ ! Fin du rapport # UsbFix V3.011 ! ]
Merci pour l'aide
############################## [ UsbFix V3.011 ]
# User : Administrateur (Administrateurs) # EMO
# Update on 23/04/09 by C_XX & Chiquitine29
# Start at: 12:37:42 | 24/04/2009
# Intel(R) Pentium(R) M processor 1600MHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : AVG Internet Security 8.5 [ Enabled | Updated ]
# FW : AVG Firewall[ (!) Disabled ]8.5
# C:\ # Disque fixe local # 17,58 Go (4,23 Go free) # NTFS
# D:\ # Disque fixe local # 19,67 Go (5,11 Go free) #DONNEES # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1001,97 Mo (126,69 Mo free) [KINGSTON] # FAT
# G:\ # Disque fixe local # 298,02 Go (242,53 Go free) [VERBATIM] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! C:\WINDOWS\system32\winjpg.jpg
Deleted ! C:\winfile.jpg
Deleted ! C:\autorun.inf
Deleted ! D:\winfile.jpg
Deleted ! D:\autorun.inf
Deleted ! D:\DRVIMAGE.PIF
Deleted ! F:\winfile.jpg
Deleted ! F:\autorun.inf
Deleted ! G:\winfile.jpg
Deleted ! G:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Deleted ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Deleted ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Deleted ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IgfxTray=C:\WINDOWS\System32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe
HKLM_Run: Broadcom Wireless Manager UI=C:\WINDOWS\System32\WLTRAY.exe
HKLM_Run: Apoint=C:\Program Files\Apoint\Apoint.exe
HKLM_Run: GC75-Manager-Class="C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe" -startup
HKLM_Run: AdaptecDirectCD="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM_Run: EoEngine=
HKLM_Run: EoWeather=
HKLM_Run: USBPhoneSkype=C:\Program Files\USBPhoneSkype\USBPhoneSkype.exe
HKLM_Run: spc1000=C:\WINDOWS\vspc1000.exe
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: XeroxScanUtility=C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe 1
HKLM_Run: XeroxEndeavorBackgroundTask=C:\WINDOWS\system32\xgpinbgnd.exe 1
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: NBKeyScan="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKCU_Run: XSC SIP Client="D:\Keyyo Softphone X-Lite\KeyyoXLite.exe"
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{22f258c2-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{22f258c3-087a-11dc-9b28-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2ee1d5b2-2b24-11de-8371-009096a7334f}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{4e462b80-29f7-11de-836f-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d5952510-e645-11dd-9f1f-0010c636c2f6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ded8d779-7bbb-11db-99b5-0010c636c2f6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e374e600-c37c-11dc-9d26-000f1fa123b9}\Shell\AutoRun\command
################## [ Listing des fichiers présent ]
C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\UsbFix.exe
C:\boot.ini
D:\MOUSE.COM
D:\Firefox Setup 2.0.exe
D:\PARTINFO.EXE
D:\PQDI.EXE
D:\PQDIFE32.EXE
D:\PQPACKET.EXE
D:\RUNDOS.EXE
D:\avg_ipw_stf_all_85_276a1438.exe
D:\vcleaner.exe
D:\OOo_2.4.0_Win32Intel_install_wJRE_fr.exe
D:\MOUSE.INI
D:\P1010036b.JPG
F:\TravelerSafe+.exe
F:\MyTraveler.exe
G:\calc.exe
G:\NBDBList.ini
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.
################## [ ! Fin du rapport # UsbFix V3.011 ! ]
Je n'ai plus de messages d'alerte à l'ouverture des différents lecteurs (en particulier C/ ou D/). De plus je n'ai plus dans le menu (click droit) d'autorun sur ces mêmes lecteurs.
Est-ce qu'il y a encore quelquechose à faire?
Notamment à quoi sert "vacciner les lecteurs" dans UsbFix?
En tout cas un grand merci pour l'aide.
@+
Est-ce qu'il y a encore quelquechose à faire?
Notamment à quoi sert "vacciner les lecteurs" dans UsbFix?
En tout cas un grand merci pour l'aide.
@+
re ,
la vaccination sert a créer des dossiers autorun.inf sur tes disque , mais usbfix l a fait durant le nettoyage .
Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «appliquer» pour valider les changements.
Et OK
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\vspc1000.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Ensuite :
élécharge Ad-remover ( de C_XX ) sur ton bureau ( et pas ailleurs!) :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
! Déconnecte toi et ferme toutes applications en cours !
* Clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installe par défaut .
* Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
* Au menu principal choisis l'option "A" et tape sur [entrée] .
Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Aides en images ( Installation ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_instal.html
Aides en images ( Recherche ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_recherche.html
la vaccination sert a créer des dossiers autorun.inf sur tes disque , mais usbfix l a fait durant le nettoyage .
Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «appliquer» pour valider les changements.
Et OK
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\vspc1000.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Ensuite :
élécharge Ad-remover ( de C_XX ) sur ton bureau ( et pas ailleurs!) :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
! Déconnecte toi et ferme toutes applications en cours !
* Clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installe par défaut .
* Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
* Au menu principal choisis l'option "A" et tape sur [entrée] .
Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Aides en images ( Installation ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_instal.html
Aides en images ( Recherche ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_recherche.html
Voici le résultat de Virus Total:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.12.2 2008.12.15 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.14 -
Avast 4.8.1281.0 2008.12.14 -
AVG 8.0.0.199 2008.12.14 -
BitDefender 7.2 2008.12.15 -
CAT-QuickHeal 10.00 2008.12.15 -
ClamAV 0.94.1 2008.12.15 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.14 -
eTrust-Vet 31.6.6258 2008.12.12 -
Ewido 4.0 2008.12.14 -
F-Prot 4.4.4.56 2008.12.14 -
F-Secure 8.0.14332.0 2008.12.15 -
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.15 -
Ikarus T3.1.1.45.0 2008.12.15 -
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.15 -
McAfee 5464 2008.12.14 -
McAfee+Artemis 5464 2008.12.14 -
Microsoft 1.4205 2008.12.15 -
NOD32 3691 2008.12.14 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.14 -
PCTools 4.4.2.0 2008.12.14 -
Prevx1 V2 2008.12.15 -
Rising 21.08.01.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.15 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.15 -
TheHacker 6.3.1.4.188 2008.12.14 -
TrendMicro 8.700.0.1004 2008.12.15 -
VBA32 3.12.8.10 2008.12.14 -
ViRobot 2008.12.15.1517 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.14 -
Information additionnelle
File size: 675840 bytes
MD5...: 2dff4944ef909bae2c01a80618e60064
SHA1..: 6d1991df81e24c9e9458b00e46ec79f488296618
SHA256: b8785d30aa5b7e53a21ff463e3bbb95584268fb399dab43d2705328cd776ea52
SHA512: 0f1cfc0dc4acbe41d7ae4c66fbf9bcf055ee4a559ca0da62c35831e27f6d0cd5
c690a163f211ca5c1cf37f19a8e4481da4552f16f5835a64b1126949ce777d09
ssdeep: 12288:cihdhASRAVmIopy3NObeByGIUV7g6nK/85/8S0:c8jRWmFkobNGI27g6K/
85/8S0
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (59.5%)
Windows Screen Saver (20.6%)
Win32 Executable Generic (13.4%)
Generic Win/DOS Executable (3.1%)
DOS Executable Generic (3.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x430937
timedatestamp.....: 0x465e716c (Thu May 31 06:55:40 2007)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6c824 0x6d000 6.73 44903dbf9efd19bc511c82fedf60ce3a
.rdata 0x6e000 0x10f78 0x11000 4.93 e3c9acc9a0d4083b5b226e5cec1b8616
.data 0x7f000 0x1721c 0x14000 5.78 5228bba737c23160569978ed92ddb85a
.data1 0x97000 0x2a8 0x1000 0.81 b3ea2c6a76b600d75fa305ebe6dbe155
.rsrc 0x98000 0x1030c 0x11000 4.83 09a589606a80630fdd8c062e830a3a62
( 13 imports )
> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> WINMM.dll: PlaySoundA, mixerGetControlDetailsA, mixerSetControlDetails, mixerGetDevCapsA, mixerOpen, mixerGetNumDevs, mixerGetLineControlsA, mixerGetLineInfoA, mixerClose
> KERNEL32.dll: GetCPInfo, GetOEMCP, WritePrivateProfileStringA, SetErrorMode, FileTimeToLocalFileTime, GetFileAttributesA, GetFileTime, GetTickCount, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, ExitProcess, CreateThread, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetACP, LCMapStringA, LCMapStringW, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, FileTimeToSystemTime, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, GlobalFlags, CreateFileA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, DuplicateHandle, GetThreadLocale, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, InterlockedDecrement, GetModuleFileNameW, GetCurrentProcessId, SuspendThread, SetThreadPriority, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, lstrcmpA, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpW, SetLastError, GlobalAlloc, FormatMessageA, LocalFree, MulDiv, GlobalLock, GlobalUnlock, GlobalFree, FreeResource, lstrlenA, CompareStringW, CompareStringA, GetVersion, MultiByteToWideChar, InterlockedExchange, GetModuleHandleA, WinExec, OutputDebugStringA, LoadLibraryExA, GetSystemDirectoryA, GetCurrentProcess, WaitForSingleObject, ResumeThread, SetEvent, Sleep, CreateEventA, GetVersionExA, LoadLibraryA, GetProcAddress, FreeLibrary, CreateMutexA, GetLastError, CloseHandle, WideCharToMultiByte, FindResourceA, LoadResource, LockResource, SizeofResource, GetModuleFileNameA, ExitThread
> USER32.dll: ReleaseCapture, DestroyMenu, LoadMenuA, ReuseDDElParam, UnpackDDElParam, IsZoomed, InflateRect, GetMenuItemInfoA, GetSysColorBrush, SetCapture, WindowFromPoint, CharNextA, CopyAcceleratorTableA, IsRectEmpty, InvalidateRgn, GetNextDlgGroupItem, MessageBeep, UnregisterClassA, SetParent, RegisterClipboardFormatA, GetDCEx, LockWindowUpdate, PostThreadMessageA, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, FillRect, SetWindowContextHelpId, MapDialogRect, GetWindowThreadProcessId, ShowOwnedPopups, SetCursor, GetMessageA, TranslateMessage, GetCursorPos, ValidateRect, PostQuitMessage, ShowWindow, MoveWindow, IsDialogMessageA, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, ModifyMenuA, EnableMenuItem, CheckMenuItem, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, IsChild, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassNameA, SetPropA, LoadAcceleratorsA, RemovePropA, GetFocus, GetForegroundWindow, GetLastActivePopup, DispatchMessageA, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, PeekMessageA, MapWindowPoints, ScrollWindow, TrackPopupMenu, GetKeyState, SetScrollRange, IsWindowVisible, UpdateWindow, MessageBoxA, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, CopyRect, GetScrollInfo, SetScrollInfo, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowTextLengthA, GetWindowTextA, GetScrollPos, SetScrollPos, GetWindow, SetFocus, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetWindowLongA, GetDlgItem, IsWindowEnabled, GetParent, GetNextDlgTabItem, EndDialog, CharUpperA, SetWindowTextA, InsertMenuItemA, CreatePopupMenu, SetRectEmpty, BringWindowToTop, SetMenu, TranslateAcceleratorA, EndPaint, BeginPaint, GetWindowDC, GetPropA, ReleaseDC, LoadCursorA, AdjustWindowRect, GetDC, InvalidateRect, GetWindowRect, GetMenu, CheckMenuRadioItem, SetRect, SetForegroundWindow, IsWindow, PostMessageA, GetSystemMetrics, LoadIconA, KillTimer, SetTimer, GetClientRect, IsIconic, SendMessageA, DrawIcon, EnableWindow
> GDI32.dll: TextOutA, ExtTextOutA, Escape, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, CreateRectRgn, ExtSelectClipRgn, CreatePatternBrush, GetStockObject, RectVisible, CreateSolidBrush, CreateCompatibleBitmap, GetTextMetricsA, GetTextExtentPoint32A, CreateFontIndirectA, GetBkColor, GetTextColor, CreateRectRgnIndirect, GetRgnBox, SetRectRgn, CombineRgn, GetMapMode, PatBlt, SelectClipRgn, PtVisible, GetPixel, GetWindowExtEx, GetViewportExtEx, SetTextColor, GetClipBox, GetDeviceCaps, BitBlt, DeleteDC, CreateCompatibleDC, GetObjectType, CreateDIBitmap, SelectObject, DeleteObject, IntersectClipRect, ExcludeClipRect, SetMapMode, SetBkMode, RestoreDC, SaveDC, CreateBitmap, GetObjectA, SetBkColor
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
> ADVAPI32.dll: RegCreateKeyExA, RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, RegEnumValueA, RegSetValueExA, OpenSCManagerA, OpenServiceA, QueryServiceStatus, ControlService, StartServiceA, CloseServiceHandle, RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> SHELL32.dll: DragFinish, DragQueryFileA
> SHLWAPI.dll: PathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
> oledlg.dll: -
> ole32.dll: CLSIDFromProgID, CoTaskMemAlloc, CLSIDFromString, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, CoGetClassObject, CoRegisterMessageFilter, OleFlushClipboard, OleIsCurrentClipboard, CoRevokeClassObject, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, StgOpenStorageOnILockBytes
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -
( 0 exports )
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.12.2 2008.12.15 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.14 -
Avast 4.8.1281.0 2008.12.14 -
AVG 8.0.0.199 2008.12.14 -
BitDefender 7.2 2008.12.15 -
CAT-QuickHeal 10.00 2008.12.15 -
ClamAV 0.94.1 2008.12.15 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.14 -
eTrust-Vet 31.6.6258 2008.12.12 -
Ewido 4.0 2008.12.14 -
F-Prot 4.4.4.56 2008.12.14 -
F-Secure 8.0.14332.0 2008.12.15 -
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.15 -
Ikarus T3.1.1.45.0 2008.12.15 -
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.15 -
McAfee 5464 2008.12.14 -
McAfee+Artemis 5464 2008.12.14 -
Microsoft 1.4205 2008.12.15 -
NOD32 3691 2008.12.14 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.14 -
PCTools 4.4.2.0 2008.12.14 -
Prevx1 V2 2008.12.15 -
Rising 21.08.01.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.15 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.15 -
TheHacker 6.3.1.4.188 2008.12.14 -
TrendMicro 8.700.0.1004 2008.12.15 -
VBA32 3.12.8.10 2008.12.14 -
ViRobot 2008.12.15.1517 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.14 -
Information additionnelle
File size: 675840 bytes
MD5...: 2dff4944ef909bae2c01a80618e60064
SHA1..: 6d1991df81e24c9e9458b00e46ec79f488296618
SHA256: b8785d30aa5b7e53a21ff463e3bbb95584268fb399dab43d2705328cd776ea52
SHA512: 0f1cfc0dc4acbe41d7ae4c66fbf9bcf055ee4a559ca0da62c35831e27f6d0cd5
c690a163f211ca5c1cf37f19a8e4481da4552f16f5835a64b1126949ce777d09
ssdeep: 12288:cihdhASRAVmIopy3NObeByGIUV7g6nK/85/8S0:c8jRWmFkobNGI27g6K/
85/8S0
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (59.5%)
Windows Screen Saver (20.6%)
Win32 Executable Generic (13.4%)
Generic Win/DOS Executable (3.1%)
DOS Executable Generic (3.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x430937
timedatestamp.....: 0x465e716c (Thu May 31 06:55:40 2007)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6c824 0x6d000 6.73 44903dbf9efd19bc511c82fedf60ce3a
.rdata 0x6e000 0x10f78 0x11000 4.93 e3c9acc9a0d4083b5b226e5cec1b8616
.data 0x7f000 0x1721c 0x14000 5.78 5228bba737c23160569978ed92ddb85a
.data1 0x97000 0x2a8 0x1000 0.81 b3ea2c6a76b600d75fa305ebe6dbe155
.rsrc 0x98000 0x1030c 0x11000 4.83 09a589606a80630fdd8c062e830a3a62
( 13 imports )
> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> WINMM.dll: PlaySoundA, mixerGetControlDetailsA, mixerSetControlDetails, mixerGetDevCapsA, mixerOpen, mixerGetNumDevs, mixerGetLineControlsA, mixerGetLineInfoA, mixerClose
> KERNEL32.dll: GetCPInfo, GetOEMCP, WritePrivateProfileStringA, SetErrorMode, FileTimeToLocalFileTime, GetFileAttributesA, GetFileTime, GetTickCount, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, ExitProcess, CreateThread, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetACP, LCMapStringA, LCMapStringW, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, FileTimeToSystemTime, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, GlobalFlags, CreateFileA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, DuplicateHandle, GetThreadLocale, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, InterlockedDecrement, GetModuleFileNameW, GetCurrentProcessId, SuspendThread, SetThreadPriority, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, lstrcmpA, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpW, SetLastError, GlobalAlloc, FormatMessageA, LocalFree, MulDiv, GlobalLock, GlobalUnlock, GlobalFree, FreeResource, lstrlenA, CompareStringW, CompareStringA, GetVersion, MultiByteToWideChar, InterlockedExchange, GetModuleHandleA, WinExec, OutputDebugStringA, LoadLibraryExA, GetSystemDirectoryA, GetCurrentProcess, WaitForSingleObject, ResumeThread, SetEvent, Sleep, CreateEventA, GetVersionExA, LoadLibraryA, GetProcAddress, FreeLibrary, CreateMutexA, GetLastError, CloseHandle, WideCharToMultiByte, FindResourceA, LoadResource, LockResource, SizeofResource, GetModuleFileNameA, ExitThread
> USER32.dll: ReleaseCapture, DestroyMenu, LoadMenuA, ReuseDDElParam, UnpackDDElParam, IsZoomed, InflateRect, GetMenuItemInfoA, GetSysColorBrush, SetCapture, WindowFromPoint, CharNextA, CopyAcceleratorTableA, IsRectEmpty, InvalidateRgn, GetNextDlgGroupItem, MessageBeep, UnregisterClassA, SetParent, RegisterClipboardFormatA, GetDCEx, LockWindowUpdate, PostThreadMessageA, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, FillRect, SetWindowContextHelpId, MapDialogRect, GetWindowThreadProcessId, ShowOwnedPopups, SetCursor, GetMessageA, TranslateMessage, GetCursorPos, ValidateRect, PostQuitMessage, ShowWindow, MoveWindow, IsDialogMessageA, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, ModifyMenuA, EnableMenuItem, CheckMenuItem, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, IsChild, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassNameA, SetPropA, LoadAcceleratorsA, RemovePropA, GetFocus, GetForegroundWindow, GetLastActivePopup, DispatchMessageA, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, PeekMessageA, MapWindowPoints, ScrollWindow, TrackPopupMenu, GetKeyState, SetScrollRange, IsWindowVisible, UpdateWindow, MessageBoxA, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, CopyRect, GetScrollInfo, SetScrollInfo, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowTextLengthA, GetWindowTextA, GetScrollPos, SetScrollPos, GetWindow, SetFocus, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetWindowLongA, GetDlgItem, IsWindowEnabled, GetParent, GetNextDlgTabItem, EndDialog, CharUpperA, SetWindowTextA, InsertMenuItemA, CreatePopupMenu, SetRectEmpty, BringWindowToTop, SetMenu, TranslateAcceleratorA, EndPaint, BeginPaint, GetWindowDC, GetPropA, ReleaseDC, LoadCursorA, AdjustWindowRect, GetDC, InvalidateRect, GetWindowRect, GetMenu, CheckMenuRadioItem, SetRect, SetForegroundWindow, IsWindow, PostMessageA, GetSystemMetrics, LoadIconA, KillTimer, SetTimer, GetClientRect, IsIconic, SendMessageA, DrawIcon, EnableWindow
> GDI32.dll: TextOutA, ExtTextOutA, Escape, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, CreateRectRgn, ExtSelectClipRgn, CreatePatternBrush, GetStockObject, RectVisible, CreateSolidBrush, CreateCompatibleBitmap, GetTextMetricsA, GetTextExtentPoint32A, CreateFontIndirectA, GetBkColor, GetTextColor, CreateRectRgnIndirect, GetRgnBox, SetRectRgn, CombineRgn, GetMapMode, PatBlt, SelectClipRgn, PtVisible, GetPixel, GetWindowExtEx, GetViewportExtEx, SetTextColor, GetClipBox, GetDeviceCaps, BitBlt, DeleteDC, CreateCompatibleDC, GetObjectType, CreateDIBitmap, SelectObject, DeleteObject, IntersectClipRect, ExcludeClipRect, SetMapMode, SetBkMode, RestoreDC, SaveDC, CreateBitmap, GetObjectA, SetBkColor
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
> ADVAPI32.dll: RegCreateKeyExA, RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, RegEnumValueA, RegSetValueExA, OpenSCManagerA, OpenServiceA, QueryServiceStatus, ControlService, StartServiceA, CloseServiceHandle, RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> SHELL32.dll: DragFinish, DragQueryFileA
> SHLWAPI.dll: PathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
> oledlg.dll: -
> ole32.dll: CLSIDFromProgID, CoTaskMemAlloc, CLSIDFromString, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, CoGetClassObject, CoRegisterMessageFilter, OleFlushClipboard, OleIsCurrentClipboard, CoRevokeClassObject, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, StgOpenStorageOnILockBytes
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -
( 0 exports )
et le rapport de ad-remover
------- LOGFILE OF AD-REMOVER 1.1.3.3 | ONLY XP/VISTA -------
Updated by C_XX on 24/04/2009 at 12:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/
Start at: 13:18:32, 24/04/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: EMO
Current User: Administrateur - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT)
- G:\ (File System: FAT32)
============ Known Adwares Found ============
.
HKCR\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}
HKCU\Software\FunWebProducts
HKCU\Software\Fun Web Products
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}
HKCU\Software\MyWebSearch
HKLM\Software\Fun Web Products
HKLM\Software\FunWebProducts
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
HKLM\Software\MyWebSearch
HKLM\Software\Trymedia Systems
HKU\S-1-5-21-436374069-1682526488-854245398-500\Software\Microsoft\Internet Explorer\Searchscopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
HKCR\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKLM\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
.
C:\Program Files\MyWebSearch
C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
+-----------------| Eorezo Elements Found:
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoweather
.
C:\Program Files\EoRezo
C:\Documents and Settings\Administrateur\Application Data\EoRezo
+-----------------| It's TV Elements Found:
.
+-----------------| Sweetim Elements Found:
.
+-----------------| Added Scan:
---- Mozilla FireFox Version 3.0.9 ----
ProfilePath: 636kyzuw.default (Administrateur)
.
Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
Prefs.js: Browser.Search.SelectedEngine: "Live Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
.
.
.
.
.
---- Internet Explorer Version 7.0.5730.11 ----
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Search bar: hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http
Search Page: hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
First Home Page: hxxp://go.microsoft.com/fwlink/?LinkId=54843
[HKEY_USERS\S-1-5-21-436374069-1682526488-854245398-500\..\Internet Explorer\Main]
Search bar: hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http
Search Page: hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
First Home Page: hxxp://go.microsoft.com/fwlink/?LinkId=54843
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.yahoo.com/
Default_Search_URL: hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http
Search bar: hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http
Search Page: hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http
Start page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
5074 Byte(s) - C:\Ad-Report-Scan-24.04.2009.log
1 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 13:50:08 | 24/04/2009
.
+-----------------| E.O.F
.
------- LOGFILE OF AD-REMOVER 1.1.3.3 | ONLY XP/VISTA -------
Updated by C_XX on 24/04/2009 at 12:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/
Start at: 13:18:32, 24/04/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: EMO
Current User: Administrateur - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT)
- G:\ (File System: FAT32)
============ Known Adwares Found ============
.
HKCR\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}
HKCU\Software\FunWebProducts
HKCU\Software\Fun Web Products
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}
HKCU\Software\MyWebSearch
HKLM\Software\Fun Web Products
HKLM\Software\FunWebProducts
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
HKLM\Software\MyWebSearch
HKLM\Software\Trymedia Systems
HKU\S-1-5-21-436374069-1682526488-854245398-500\Software\Microsoft\Internet Explorer\Searchscopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
HKCR\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKLM\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
.
C:\Program Files\MyWebSearch
C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
+-----------------| Eorezo Elements Found:
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoweather
.
C:\Program Files\EoRezo
C:\Documents and Settings\Administrateur\Application Data\EoRezo
+-----------------| It's TV Elements Found:
.
+-----------------| Sweetim Elements Found:
.
+-----------------| Added Scan:
---- Mozilla FireFox Version 3.0.9 ----
ProfilePath: 636kyzuw.default (Administrateur)
.
Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
Prefs.js: Browser.Search.SelectedEngine: "Live Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
.
.
.
.
.
---- Internet Explorer Version 7.0.5730.11 ----
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Search bar: hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http
Search Page: hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
First Home Page: hxxp://go.microsoft.com/fwlink/?LinkId=54843
[HKEY_USERS\S-1-5-21-436374069-1682526488-854245398-500\..\Internet Explorer\Main]
Search bar: hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http
Search Page: hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
First Home Page: hxxp://go.microsoft.com/fwlink/?LinkId=54843
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.yahoo.com/
Default_Search_URL: hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http
Search bar: hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http
Search Page: hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http
Start page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
5074 Byte(s) - C:\Ad-Report-Scan-24.04.2009.log
1 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 13:50:08 | 24/04/2009
.
+-----------------| E.O.F
.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-21 15:59:34
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 4 GB (24%) free of 18 GB
Total RAM: 510 MB (22% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:13, on 21/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
C:\WINDOWS\system32\xgpinbgnd.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Keyyo Softphone X-Lite\KeyyoXLite.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\WINDOWS\system32\Wscript.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - D:\Personnel\CCM\TAPBar.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - D:\Personnel\CCM\TAPBar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [GC75-Manager-Class] "C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe" -startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [USBPhoneSkype] C:\Program Files\USBPhoneSkype\USBPhoneSkype.exe
O4 - HKLM\..\Run: [spc1000] C:\WINDOWS\vspc1000.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [XeroxScanUtility] C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe 1
O4 - HKLM\..\Run: [XeroxEndeavorBackgroundTask] C:\WINDOWS\system32\xgpinbgnd.exe 1
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [XSC SIP Client] "D:\Keyyo Softphone X-Lite\KeyyoXLite.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MySurvey Messenger.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/...
O16 - DPF: {748838B0-D6B1-4B68-B19F-29DE8661F020} (omikron Interface for Plugins Version 1) - https://www.brdoffice.ro/smartoffice/resource/plugx2.ocx
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D998B43-AE89-47E0-8D12-6A7F5F06A988}: NameServer = 83.222.191.193,83.222.191.194
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EACD873-39CF-4CC1-83FC-4BF78BFABE85}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE