WORM AUTORUN RECALCITRANTS - QUE FAIRE ?

Fermé
mat - 7 mai 2009 à 20:01
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 - 8 mai 2009 à 08:12
Bonjour, il y a environ une semaine, un virus a infecté mon PC. C'était indiqué "warning dangerous spyware, following viruses were founded ...".
J'ai alors téléchargé malwarebytes qui a trouvé de nombreuses infections et les a supprimées. Le "warning dangerous spyware ..." a disparu et mon PC a pu refonctionner normalement ... enfin presque ... lorsque j'étais sur le net, ça ramait complètement ; désormais ça ne fonctionne presque plus.


Voici le premier rapport effectué par malwarebytes :

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 14
Clé(s) du Registre infectée(s): 35
Valeur(s) du Registre infectée(s): 13
Elément(s) de données du Registre infecté(s): 12
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 52

Désormais, grâce à malwarebytes, la plupart des infections ont été supprimés.

Mais même lorsque je viens de toutes les supprimer, il s’en recrée aussitôt une dizaine, principalement des worm autorun, et parfois des trojan agent.


Voici le dernier rapport effectué par malwarebytes :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2067
Windows 5.1.2600 Service Pack 2

07/05/2009 15:34:00
mbam-log-2009-05-07 (15-34-00).txt

Type de recherche: Examen complet (C:\|D:\|E:\|K:\|)
Eléments examinés: 32974
Temps écoulé: 22 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Compaq_Propriétaire\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
Configuration: Windows XP Internet Explorer 6.0



Voici le blog note RSIT :


Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Propriétaire at 2009-05-07 17:00:14
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 210 GB (90%) free of 232 GB
Total RAM: 1022 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:16, on 07/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguidll.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsus.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\3TQIWLYI\RSIT[2].exe
C:\Program Files\trend micro\Compaq_Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P41 "EPSON Stylus Photo RX520 Series (Copie 1)" /O6 "USB002" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\lu77yt.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\lu77yt.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ipfwrd - C:\WINDOWS\SYSTEM32\ipfwrd.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
End of file - 9643 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled scanning task.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX520 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE [2005-04-07 98304]
"EPSON Stylus Photo RX520 Series (Copie 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE [2005-04-07 98304]
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]
"SemanticInsight"=C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe []
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-02-04 155648]
"PS2"=C:\WINDOWS\system32\ps2.exe [2004-10-26 90112]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-11-10 406016]
"PCDrProfiler"= []
"News Service"=C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe [2004-05-06 372736]
"MsgCenterExe"=C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe [2008-08-08 69632]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-11 253952]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-03 61440]
"KAZAA"=C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"F-Secure TNB"=C:\Program Files\Securitoo\Av_Fw\FSGUI\TNBUtil.exe [2008-04-23 744032]
"F-Secure Manager"=C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE [2008-04-23 182936]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-15 344064]
"AltnetPointsManager"=c:\program files\altnet\points manager\points manager.exe -s []
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-08-08 185896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880]
"IW_Drop_Icon"=C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [2004-07-30 1123840]
"InstantTray"=C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe [2004-09-02 770048]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-19 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage
ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-10 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ipfwrd]
C:\WINDOWS\system32\ipfwrd.dll [2009-05-07 23666]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\intelppm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\intelppm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa Media Desktop"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe"="C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe:*:Enabled:Securitoo Antivirus Firewall"
"C:\Program Files\WinAntiVirus Pro 2006\Updater.exe"="C:\Program Files\WinAntiVirus Pro 2006\Updater.exe:*:Enabled:updater.exe"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5f60d44-8dca-11da-9be4-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2009-05-07 16:06:12 ----A---- C:\WINDOWS\system32\ipfwrd.dll
2009-05-07 14:31:38 ----D---- C:\Program Files\trend micro
2009-05-07 14:31:36 ----D---- C:\rsit
2009-05-02 15:41:52 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
2009-05-02 15:41:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-02 15:41:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-20 16:59:55 ----D---- C:\Program Files\Les Boucliers de Quetzalcoatl
2009-04-15 21:56:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 21:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 21:53:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 21:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 21:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 21:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-15 21:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

======List of files/folders modified in the last 1 months======

2009-05-07 16:57:59 ----D---- C:\Program Files\Wanadoo
2009-05-07 16:57:23 ----D---- C:\WINDOWS\Temp
2009-05-07 16:57:23 ----D---- C:\WINDOWS\system32
2009-05-07 16:57:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-07 16:56:23 ----D---- C:\WINDOWS
2009-05-07 16:39:22 ----D---- C:\WINDOWS\system32\drivers
2009-05-07 16:38:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 16:06:23 ----D---- C:\WINDOWS\Prefetch
2009-05-07 15:35:11 ----D---- C:\Program Files
2009-05-03 15:11:37 ----D---- C:\WINDOWS\Minidump
2009-05-02 17:17:03 ----D---- C:\Program Files\Fichiers communs\ErreurChasseur
2009-05-02 17:15:38 ----RSD---- C:\WINDOWS\Fonts
2009-05-02 17:15:38 ----D---- C:\Program Files\Fichiers communs
2009-05-02 15:16:18 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-05-02 14:14:44 ----A---- C:\WINDOWS\system32\userinit.exe
2009-05-02 14:06:18 ----ASH---- C:\WINDOWS\system32\mekawiba.exe
2009-05-02 13:40:44 ----D---- C:\WINDOWS\Registration
2009-04-30 13:48:23 ----HD---- C:\WINDOWS\inf
2009-04-29 17:12:32 ----SHD---- C:\WINDOWS\Installer
2009-04-29 13:04:14 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\dvdcss
2009-04-20 22:08:23 ----D---- C:\Program Files\FinePixViewer
2009-04-16 08:59:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 08:54:38 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 08:54:37 ----D---- C:\WINDOWS\AppPatch
2009-04-15 21:56:41 ----D---- C:\WINDOWS\system32\dllcache
2009-04-15 21:56:32 ----A---- C:\WINDOWS\imsins.BAK
2009-04-15 21:53:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 21:52:48 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\Securitoo\Av_Fw\HIPS\fshs.sys []
R1 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-03-07 14408]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2009-05-07 8720]
R1 vobiw;vobiw; C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 188416]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2004-10-15 67584]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-10 1421312]
R3 cdrdrv;Cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2004-08-03 62976]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\minifilter\fsgk.sys []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S1 vspf;vspf; \??\C:\WINDOWS\system32\drivers\vspf5.sys []
S1 vspf_hk;vspf_hk; \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys []
S3 Aicidrv;Aicidrv; C:\WINDOWS\system32\drivers\Aicidrv.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver; C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS []
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSrec.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-10 405504]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
R2 F-Secure Gatekeeper Handler Starter;F-Secure Gatekeeper Handler Starter; C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe [2008-04-23 47800]
R2 FSMA;FSMA; C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE [2008-04-23 113304]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 SymWSC;SymWMI Service; c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe [2008-04-23 461408]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe [2008-04-23 453216]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S2 FWSvc;Firewall service; C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe /service []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-18 68096]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]

-----------------EOF-----------------
A voir également:
  • WORM AUTORUN RECALCITRANTS - QUE FAIRE ?
  • Autorun - Télécharger - Divers Utilitaires
  • Autorun usb - Télécharger - Divers Utilitaires
  • Autoruns - Télécharger - Optimisation
  • Antivirus autorun - Télécharger - Antivirus & Antimalwares
  • No autorun - Télécharger - Sécurité

1 réponse

sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
8 mai 2009 à 08:12
0