Infection de Trojans

Réponse 41 / 72

Bronksman Messages postés 45 Statut Membre

Mon rapport SRENG

[CODE]

2007-11-06,14:01:22

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<\\MAISON-ENFANTS\EPSON Stylus CX3800 Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P43 "\\MAISON-ENFANTS\EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"> [N/A]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<QuickTime Task><"F:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<KernelFaultCheck><> [N/A]
<COMODO Firewall Pro><"C:\Program Files\Comodo\Firewall\CPF.exe" /background> [(Verified)Comodo CA Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
<Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================
Startup Folders
[Acrobat Assistant]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk --> F:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [Adobe Systems Inc.]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[ClipPlus36.exe]
<C:\Documents and Settings\Bronksman\Start Menu\Programs\Startup\ClipPlus36.exe.lnk --> D:\CLIPPL~1\CLIPPL~1.EXE [Written by Matt English, menglish@teleport.com]><N>

==================================
Services
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Comodo Application Agent / CmdAgent][Running/Auto Start]
<C:\Program Files\Comodo\Firewall\cmdagent.exe><COMODO>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HTTP SSL / HTTPFilter][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k HTTPFilter-->%SystemRoot%\System32\w3ssl.dll><Microsoft Corporation>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[SavRoam / SavRoam][Stopped/Manual Start]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Network Provisioning Service / xmlprov][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\xmlprov.dll><Microsoft Corporation>

==================================
Drivers
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atimtag / atimtag][Stopped/Manual Start]
<System32\DRIVERS\atimtag.sys><ATI Technologies Inc.>
[Comodo Application Engine / CmdMon][Running/System Start]
<System32\DRIVERS\cmdmon.sys><Comodo Research Lab., Inc.>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[3Com 3C90X-BC Family PCI EtherLink Adapter / EL90XBC][Running/Manual Start]
<System32\DRIVERS\el90xbc5.sys><3Com Corporation>
[EraserUtilDrv10733 / EraserUtilDrv10733][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys><N/A>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
<system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[FltMgr / FltMgr][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\fltMgr.sys><Microsoft Corporation>
[Comodo Network Engine / Inspect][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\inspect.sys><COMODO>
[mckzmvlc / mckzmvlc][Running/Boot Start]
<\SystemRoot\system32\drivers\ubsxriif.dat><N/A>
[Microsoft System Management BIOS Driver / mssmbios][Stopped/Manual Start]
<system32\DRIVERS\mssmbios.sys><Microsoft Corporation>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071104.009\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071104.009\navex15.sys><Symantec Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SAVRT / SAVRT][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[]
{1C4DCFCA-1F18-476C-9E0A-FC6F303BC986} <C:\WINDOWS\system32\cmcfg3.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, >
[ewidoOnlineScan Control]
{193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, Sun Microsystems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[ewidoOnlineScan Control]
{193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
[]
{1C4DCFCA-1F18-476C-9E0A-FC6F303BC986} <C:\WINDOWS\system32\cmcfg3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[E&xport to Microsoft Excel]
<res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 504 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 596 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4123]
[C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 10.1.5.5000]
[C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 640 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 652 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4123]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 832 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 964 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1120 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1384 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1480 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\pdfports.dll] [Adobe Systems Incorporated., 5.0.000]
[F:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll] [N/A, ]
[PID: 1600 / Bronksman][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4123]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 1656 / Bronksman][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1872 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 104.0.11.1]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1]
[PID: 1952 / SYSTEM][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.1.5.5000]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[PID: 1992 / Bronksman][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE] [SEIKO EPSON CORPORATION, 4.00]
[PID: 180 / Bronksman][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 104.0.11.1]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 104.0.11.1]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 104.0.11.1]
[C:\WINDOWS\System32\SYMREDIR.DLL] [Symantec Corporation, 6.0.4.402]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 10.1.5.5000]
[PID: 404 / SYSTEM][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.1.5.5000]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\NTS.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.1.5.5000]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.5.5000]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 51.3.0.11]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071104.009\ccEraser.dll] [Symantec Corporation, 107.3.3.4]
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071104.009\ecmsvr32.dll] [Symantec Corporation, 71.3.0.25]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071104.009\NAVEX32a.DLL] [Symantec Corporation, 20071.3.0.24]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071104.009\NAVENG32.DLL] [Symantec Corporation, 20071.3.0.24]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.2.3]
[C:\Program Files\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Symantec AntiVirus\vpmsece4.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 2.2.0.7]
[PID: 428 / Bronksman][C:\PROGRA~1\SYMANT~1\VPTray.exe] [Symantec Corporation, 10.1.5.5000]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.2.3]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccAlert.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.1.5.5000]
[PID: 880 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 104.0.11.1]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 2.2.0.7]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 104.0.11.1]
[PID: 1216 / Bronksman][C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.20.6]
[PID: 1512 / Bronksman][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1536 / Bronksman][F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe] [Adobe Systems Inc., 5, 0, 0, 0]
[PID: 1616 / Bronksman][D:\ClipPlus36\ClipPlus36.exe] [Written by Matt English, menglish@teleport.com, 3.06]
[C:\WINDOWS\System32\MSVBVM50.DLL] [Microsoft Corporation, 05.02.8244 (SP2)]
[PID: 2812 / Bronksman][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\cmcfg3.dll] [N/A, ]
[C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Java\jre1.6.0_02\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PDFShell.dll] [Adobe Systems Incorporated, 5.0.0.2001042700]
[PID: 3408 / Bronksman][C:\Documents and Settings\Bronksman\Desktop\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Documents and Settings\Bronksman\Desktop\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1992, C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIACA.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1536, F:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1616, D:\CLIPPLUS36\CLIPPLUS36.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

[/CODE]

Réponse 42 / 72

Bronksman Messages postés 45 Statut Membre

Mon rapport Diaghelp

DiagHelp version v1.3 - http://www.malekal.com
excute le 2007-11-06 à 14:03:27,75

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2007-11-06 14:03:25
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->2007-11-06 14:02:01
C:\WINDOWS\prefetch\SRENGPS.EXE-009D3007.pf -->2007-11-06 13:56:42
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->2007-11-06 13:55:12
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->2007-11-06 13:53:09
C:\WINDOWS\prefetch\DOSCAN.EXE-2CDA015C.pf -->2007-11-06 13:51:55
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->2007-11-06 13:51:49
C:\WINDOWS\prefetch\OSA.EXE-2CD63980.pf -->2007-11-06 13:51:46
C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf -->2007-11-06 13:51:45
C:\WINDOWS\prefetch\CLIPPLUS36.EXE-191CBCC9.pf -->2007-11-06 13:51:45

C:\WINDOWS\System32\drivers\vlyjodj^.sys -->2007-11-06 13:13:59
C:\WINDOWS\System32\drivers\inspect.sys -->2007-11-06 12:14:20
C:\WINDOWS\System32\drivers\cmdmon.sys -->2007-11-06 12:14:20
C:\WINDOWS\System32\drivers\FILEM701.SYS -->2007-11-01 16:43:33
C:\WINDOWS\System32\drivers\ubsxriif.dat -->2007-10-30 18:40:00
C:\WINDOWS\System32\drivers\pkdipxac.dat -->2007-10-30 18:39:58
C:\WINDOWS\System32\drivers\scdemu.sys -->2007-04-09 07:27:07

C:\WINDOWS\System32\PerfStringBackup.INI -->2007-11-06 11:36:25
C:\WINDOWS\System32\perfh009.dat -->2007-11-06 11:36:25
C:\WINDOWS\System32\perfc009.dat -->2007-11-06 11:36:25
C:\WINDOWS\System32\FNTCACHE.DAT -->2007-11-06 11:27:53
C:\WINDOWS\System32\$winnt$.inf -->2007-11-06 11:26:19
C:\WINDOWS\System32\wmpscheme.xml -->2007-11-06 11:16:43
C:\WINDOWS\System32\nscompat.tlb -->2007-11-06 11:16:35
C:\WINDOWS\System32\amcompat.tlb -->2007-11-06 11:16:35
C:\WINDOWS\System32\WindowsLogon.manifest -->2007-11-06 11:08:20
C:\WINDOWS\System32\logonui.exe.manifest -->2007-11-06 11:08:20
C:\WINDOWS\System32\wuaucpl.cpl.manifest -->2007-11-06 11:07:55
C:\WINDOWS\System32\sapi.cpl.manifest -->2007-11-06 11:07:55
C:\WINDOWS\System32\nwc.cpl.manifest -->2007-11-06 11:07:55
C:\WINDOWS\System32\ncpa.cpl.manifest -->2007-11-06 11:07:55
C:\WINDOWS\System32\cdplayer.exe.manifest -->2007-11-06 11:07:55
C:\WINDOWS\System32\wpa.dbl -->2007-11-05 18:52:38
C:\WINDOWS\System32\Blank.htm -->2007-10-25 12:00:05
C:\WINDOWS\System32\TZLog.log -->2007-10-10 18:23:31
C:\WINDOWS\System32\jupdate-1.6.0_02-b06.log -->2007-08-02 11:14:52
C:\WINDOWS\System32\wuapi.dll -->2007-07-30 18:19:36
C:\WINDOWS\System32\wucltui.dll -->2007-07-30 18:19:32
C:\WINDOWS\System32\wuaucpl.cpl.mui -->2007-07-30 18:19:32
C:\WINDOWS\System32\mucltui.dll -->2007-07-30 18:19:10
C:\WINDOWS\System32\wuapi.dll.mui -->2007-07-30 18:19:02
C:\WINDOWS\System32\mucltui.dll.mui -->2007-07-30 18:19:02

C:\WINDOWS\0.log -->2007-11-06 13:52:56
C:\WINDOWS\bootstat.dat -->2007-11-06 13:48:27
C:\WINDOWS\SchedLgU.Txt -->2007-11-06 13:14:19
C:\WINDOWS\setupapi.log -->2007-11-06 11:34:33
C:\WINDOWS\setuplog.txt -->2007-11-06 11:33:22
C:\WINDOWS\tsoc.log -->2007-11-06 11:26:50
C:\WINDOWS\ntdtcsetup.log -->2007-11-06 11:26:50
C:\WINDOWS\iis6.log -->2007-11-06 11:26:50
C:\WINDOWS\comsetup.log -->2007-11-06 11:26:50
C:\WINDOWS\setupact.log -->2007-11-06 11:26:49
C:\WINDOWS\imsins.log -->2007-11-06 11:26:49
C:\WINDOWS\setuperr.log -->2007-11-06 11:16:57
C:\WINDOWS\WMSysPrx.prx -->2007-11-06 11:16:32
C:\WINDOWS\OEWABLog.txt -->2007-11-06 11:16:25
C:\WINDOWS\ODBCINST.INI -->2007-11-06 11:16:13

MD5 des fichiers sensibles
tcpip.sys e7774698bb0d14b0710a9a31e209f9b6
ndis.sys 3efd4f59ba0a340de0a3ab984001dbf7
null.sys 73c1e1f395918bc2c6dd67af7591a3ad
svchost.exe 0f7d9c87b0ce1fa520473119752c6f79

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1656
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0xf7000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
0x77c10000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x772d0000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x773d0000 0x7f4000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77120000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f80000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x769c0000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x5ad70000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x77340000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x5b630000 0x70000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x71d40000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x76b20000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x74b30000 0x41000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x762c0000 0x8a000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76400000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll
0x74af0000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74ad0000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x72430000 0x12000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x76200000 0x97000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x760f0000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\URLMON.DLL
0x10000000 0x8000 1.00.0000.0001 F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
0x01b80000 0x38000 C:\WINDOWS\system32\cmcfg3.dll
0x74810000 0x2ad000 6.00.2600.0000 C:\WINDOWS\System32\mshtml.dll
0x01bc0000 0x1a000 5.00.0000.0352 C:\WINDOWS\system32\PDFShell.dll
0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll
0x76c30000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x70eb0000 0x7000 1.01.0000.3917 C:\WINDOWS\System32\asfsipc.dll
0x605f0000 0xd000 2.00.2600.0000 C:\WINDOWS\System32\MSISIP.DLL
0x74ea0000 0x10000 5.06.0000.6626 C:\WINDOWS\System32\wshext.dll
0x763b0000 0x45000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x365a0000 0x15000 10.00.2625.0000 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL
0x76080000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 596
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x6e000 \??\C:\WINDOWS\system32\winlogon.exe
0x77c10000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x762c0000 0x8a000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76c30000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x773d0000 0x7f4000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x772d0000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77340000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll
0x763b0000 0x45000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x1f850000 0x16000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll
0x76bd0000 0x1e000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x10000000 0x11000 6.14.0010.4123 C:\WINDOWS\system32\Ati2evxx.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x5ad70000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\UxTheme.dll
0x65e30000 0xd000 10.01.0005.5000 C:\WINDOWS\system32\NavLogon.dll

Volume in drive C is Bootdisk 10 Gig
Volume Serial Number is 4C35-E683

Directory of C:\WINDOWS\system32

2001-08-23 07:00 4 096 csrss.exe
1 File(s) 4 096 bytes
0 Dir(s) 3 474 350 080 bytes free

Contenu de Downloaded Program Files
Volume in drive C is Bootdisk 10 Gig
Volume Serial Number is 4C35-E683

Directory of C:\WINDOWS\Downloaded Program Files

2007-11-04 13:27 <DIR> .
2007-11-04 13:27 <DIR> ..
2007-11-06 11:08 65 desktop.ini
2006-07-11 09:41 345 656 ewidoOnlineScan.dll
2 File(s) 345 721 bytes

Total Files Listed:
2 File(s) 345 721 bytes
2 Dir(s) 3 474 350 080 bytes free

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"F:\\Program Files\\BitTorrent\\bittorrent.exe"="F:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 21:22:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Accessing \device\physicalmemory via NtCreateSymbolicLinkObject

Process list by traversal of KiWaitListHead

4 - System
180 - ccApp.exe
404 - Rtvscan.exe
428 - VPTray.exe
568 - csrss.exe
596 - winlogon.exe
640 - services.exe
652 - lsass.exe
908 - svchost.exe
964 - svchost.exe
1120 - svchost.exe
1384 - svchost.exe
1436 - cpf.exe
1480 - spoolsv.exe
1512 - ctfmon.exe
1616 - ClipPlus36.exe
1656 - explorer.exe
1916 - cmdagent.exe
1992 - E_FATIACA.EXE
2812 - IEXPLORE.EXE
3248 - cmd.exe

Total number of processes = 21
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Accessing \device\physicalmemory via NtCreateSymbolicLinkObject

Driver/Module list by traversal of PsLoadedModuleList

804D0000 - \WINDOWS\system32\ntoskrnl.exe
806B4000 - \WINDOWS\system32\hal.dll
F7BA9000 - \WINDOWS\system32\KDCOM.DLL
F7AB9000 - \WINDOWS\system32\BOOTVID.dll
F765C000 - ACPI.sys
F7BAB000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F76A9000 - pci.sys
F76B9000 - isapnp.sys
F7929000 - ubsxriif.dat
F7BAD000 - viaide.sys
F7931000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F76C9000 - MountMgr.sys
F763D000 - ftdisk.sys
F7BAF000 - dmload.sys
F7619000 - dmio.sys
F7939000 - PartMgr.sys
F76D9000 - VolSnap.sys
F76E9000 - vlyjodj^.sys
F7603000 - atapi.sys
F76F9000 - ultra.sys
F75ED000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
F7709000 - disk.sys
F7719000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F75DB000 - sr.sys
F75C7000 - KSecDD.sys
F7544000 - Ntfs.sys
F7729000 - inspect.sys
F751C000 - \WINDOWS\System32\DRIVERS\NDIS.SYS
F7941000 - viaagp.sys
F7949000 - viaagp1.sys
F7502000 - Mup.sys
F7989000 - \SystemRoot\System32\DRIVERS\processr.sys
F735A000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F7789000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7991000 - \SystemRoot\System32\DRIVERS\fdc.sys
F7347000 - \SystemRoot\System32\DRIVERS\parport.sys
F7799000 - \SystemRoot\System32\DRIVERS\serial.sys
F7B55000 - \SystemRoot\System32\DRIVERS\serenum.sys
F77A9000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7999000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F79A1000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F77B9000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F77C9000 - \SystemRoot\System32\DRIVERS\redbook.sys
F7326000 - \SystemRoot\System32\DRIVERS\ks.sys
F79A9000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F7307000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F72F4000 - \SystemRoot\System32\DRIVERS\el90xbc5.sys
F77D9000 - \SystemRoot\system32\drivers\es1371mp.sys
F72D3000 - \SystemRoot\system32\drivers\portcls.sys
F77E9000 - \SystemRoot\system32\drivers\drmk.sys
F7CEF000 - \SystemRoot\System32\DRIVERS\audstub.sys
F77F9000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7B5D000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F72BD000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F7809000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F7819000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7B61000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F720C000 - \SystemRoot\System32\DRIVERS\psched.sys
F7829000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F79B1000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F79B9000 - \SystemRoot\System32\DRIVERS\raspti.sys
F71DF000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F7839000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7D03000 - \SystemRoot\System32\DRIVERS\swenum.sys
F7195000 - \SystemRoot\System32\DRIVERS\update.sys
F7B85000 - \SystemRoot\System32\DRIVERS\gameenum.sys
F7849000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F79C1000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F7899000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7BC5000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F4F21000 - \??\C:\Program Files\Symantec AntiVirus\savrt.sys
F4EFF000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS
F4EEB000 - \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
F7BC7000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7D26000 - \SystemRoot\System32\Drivers\Null.SYS
F7BC9000 - \SystemRoot\System32\Drivers\Beep.SYS
F79D1000 - \SystemRoot\System32\drivers\vga.sys
F7BCB000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7BCD000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F79D9000 - \SystemRoot\System32\Drivers\Msfs.SYS
F79E1000 - \SystemRoot\System32\Drivers\Npfs.SYS
F74D6000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F78B9000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F4D96000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F4D83000 - \SystemRoot\System32\DRIVERS\cmdmon.sys
F4D48000 - \SystemRoot\System32\Drivers\SYMTDI.SYS
F4D23000 - \SystemRoot\System32\DRIVERS\netbt.sys
F4D03000 - \SystemRoot\System32\drivers\afd.sys
F78C9000 - \SystemRoot\System32\DRIVERS\netbios.sys
F79E9000 - \SystemRoot\System32\Drivers\SCDEmu.SYS
F4C13000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F4BAF000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F78E9000 - \SystemRoot\System32\Drivers\Fips.SYS
F4B4C000 - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
F4B2D000 - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
F78F9000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F7919000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F4AEF000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7BD7000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
F6FAD000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F7CFF000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9B8000 - \SystemRoot\System32\ati2dvag.dll
BF9F8000 - \SystemRoot\System32\ati2cqag.dll
BFA32000 - \SystemRoot\System32\atikvmag.dll
BFA68000 - \SystemRoot\System32\ati3duag.dll
BFCC9000 - \SystemRoot\System32\ativvaxx.dll
F2AE3000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
F2793000 - \SystemRoot\system32\drivers\wdmaud.sys
F4CE3000 - \SystemRoot\system32\drivers\sysaudio.sys
F265D000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F7BD5000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F2334000 - \SystemRoot\System32\DRIVERS\srv.sys
F1D49000 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071104.009\navex15.sys
F1D36000 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071104.009\naveng.sys
F1E73000 - \SystemRoot\System32\Drivers\SYMREDRV.SYS
F1BF7000 - \SystemRoot\system32\drivers\kmixer.sys
F7D51000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 119

Liste des programmes installes

ACDSee 5.0 PowerPack
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 7.0.5
Apple Software Update
ATI Display Driver
CCleaner (remove only)
CoffeeCup LockBox
COMODO Firewall Pro
EasyPHP 1.8
HijackThis 1.99.1
HotDog Professional 6
Ipswitch WS_FTP Pro
Jasc Paint Shop Pro 8
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
LiveUpdate 3.1 (Symantec Corporation)
Microsoft Office XP French User Interface Pack
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5)
Norton Utilities 2003 for Windows
Notepad++
Photo-Objects 50,000 Premium Image Collection
PowerISO
QuickTime
Sausage Software Common Files
Software Update for Web Folders
Symantec AntiVirus
WD Diagnostics
WinRAR archiver

Volume in drive C is Bootdisk 10 Gig
Volume Serial Number is 4C35-E683

Directory of C:\Program Files

2007-11-06 12:14 <DIR> .
2007-11-06 12:14 <DIR> ..
2007-04-15 23:27 <DIR> Adobe
2007-07-30 15:25 <DIR> Apple Software Update
2007-10-09 16:46 <DIR> Common Files
2007-11-06 12:14 <DIR> Comodo
2007-04-15 22:05 <DIR> ComPlus Applications
2007-04-30 11:02 <DIR> EPSON
2007-11-05 18:19 <DIR> Internet Explorer
2007-08-02 11:14 <DIR> Java
2007-04-15 22:19 <DIR> Messenger
2007-10-09 17:36 <DIR> Microsoft ActiveSync
2007-04-15 22:11 <DIR> microsoft frontpage
2007-10-09 17:33 <DIR> Microsoft Office
2007-11-05 18:20 <DIR> Movie Maker
2007-08-28 14:03 <DIR> Mozilla Firefox
2007-04-15 22:05 <DIR> MSN
2007-04-15 22:04 <DIR> MSN Gaming Zone
2007-04-15 23:12 <DIR> MSN Messenger
2007-11-05 18:19 <DIR> NetMeeting
2007-04-15 22:08 <DIR> Online Services
2007-10-10 18:21 <DIR> Outlook Express
2007-04-30 18:27 <DIR> Symantec
2007-11-06 13:53 <DIR> Symantec AntiVirus
2007-04-15 23:19 <DIR> Unlocker
2007-07-17 22:01 <DIR> Western Digital Technologies
2007-11-06 11:16 <DIR> Windows Media Player
2007-11-05 18:05 <DIR> Windows NT
2007-05-31 10:55 <DIR> WinRAR
2007-04-15 22:11 <DIR> xerox
0 File(s) 0 bytes
30 Dir(s) 3 477 770 240 bytes free
Volume in drive C is Bootdisk 10 Gig
Volume Serial Number is 4C35-E683

Directory of C:\Program Files\common files

2007-10-09 16:46 <DIR> .
2007-10-09 16:46 <DIR> ..
2007-04-17 18:44 <DIR> ACD Systems
2007-04-17 19:13 <DIR> Adobe
2007-10-09 17:36 <DIR> Designer
2007-04-17 19:02 <DIR> InstallShield
2007-04-30 21:59 <DIR> Java
2007-10-09 17:37 <DIR> Microsoft Shared
2007-04-15 22:06 <DIR> MSSoap
2007-04-15 18:51 <DIR> ODBC
2007-04-15 22:07 <DIR> Services
2007-04-15 18:51 <DIR> SpeechEngines
2007-04-30 18:28 <DIR> Symantec Shared
2007-10-10 18:21 <DIR> System
0 File(s) 0 bytes
14 Dir(s) 3 477 766 144 bytes free
Volume in drive C is Bootdisk 10 Gig
Volume Serial Number is 4C35-E683

Directory of C:\

2007-04-19 16:55 140 288 javex.exe
1 File(s) 140 288 bytes
0 Dir(s) 3 477 766 144 bytes free

c:\Documents and Settings\All Users\Documents\Jasc PaintShop Pro 7 (1).exe
c:\Documents and Settings\Bronksman\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Bronksman\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
c:\Documents and Settings\Bronksman\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
c:\Documents and Settings\Bronksman\Desktop\avenger.exe
c:\Documents and Settings\Bronksman\Desktop\avgas-setup-7.5.1.43.exe
c:\Documents and Settings\Bronksman\Desktop\ccsetup201.exe
c:\Documents and Settings\Bronksman\Desktop\SDFix.exe
c:\Documents and Settings\Bronksman\Desktop\spybotsd_includes.exe
c:\Documents and Settings\Bronksman\Desktop\spybotsd15.exe
c:\Documents and Settings\Bronksman\Desktop\VundoFix.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\catchme.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\diff.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\dumphive.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\find2.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\Fport.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\grep.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\gzip.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\LFiles.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\md5sums.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\pslist.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\streams.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\swreg.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\tar.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Bronksman\Desktop\sreng2\SREngPS.EXE
c:\Documents and Settings\Bronksman\My Documents\My Received Files\test\PowerISO 3.7.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_PAPA900MHZ.tar.gz a l'adresse http://upload.malekal.com

Réponse 43 / 72

Bronksman Messages postés 45 Statut Membre

Mon rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 14:11:59, on 2007-11-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\ClipPlus36\ClipPlus36.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\HijackThis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Sites%20Web/01mes%20liens/mesliens.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1C4DCFCA-1F18-476C-9E0A-FC6F303BC986} - C:\WINDOWS\system32\cmcfg3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [\\MAISON-ENFANTS\EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P43 "\\MAISON-ENFANTS\EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: ClipPlus36.exe.lnk = D:\ClipPlus36\ClipPlus36.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Réponse 44 / 72

Bronksman Messages postés 45 Statut Membre

Il y a un popup du pare feu concernant IE a chaque fois que IE est redémarré et sa dit qu'il y a des changement.

Si je le bloque cette page n'ouvre pas mais si je l'autorise elle ouvre. C'est certainement le virus qui fait cela n'est-ce pas?

Est-ce qu'il y a un moyen de te fournir un rapport avec COMODO?

Réponse 45 / 72

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Re,

L'infection qui te touche est de type Delf et très coriace. Il y a toujours risque de plantage en nettoyant car elle est solidement imbriquée avec le système et protégée par rootkit.

1/ Tu as bien réactivé la restauration système n'est-ce-pas ?
2/ Effectue une sauvegarde du système avec Erunt. Voir ce sujet à la lettre P : https://forum.pcastuces.com/sujet.asp?f=25&s=3902
3/ * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
4/ Edite le rapport Combofix et un nouveau rapport Hijackthis.

FillPCA

Réponse 46 / 72

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Re,

Je dois m'absenter mais je reviens plus tard en soirée.

FillPCA

Réponse 47 / 72

Bronksman Messages postés 45 Statut Membre

mon rapport combofix

ComboFix 07-11-07.1 - Bronksman 2007-11-06 15:08:33.1 - NTFSx86
Running from: C:\Documents and Settings\Bronksman\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cmcfg3.dll
C:\WINDOWS\system32\drivers\pkdipxac.dat
C:\WINDOWS\system32\drivers\ubsxriif.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MCKZMVLC
-------\mckzmvlc
-------\poof

((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.

2007-11-06 15:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 13:13 60,416 --a------ C:\WINDOWS\system32\drivers\vlyjodj^.sys
2007-11-06 12:21 <DIR> d-------- C:\Documents and Settings\Bronksman\Application Data\Comodo
2007-11-06 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-06 12:14 <DIR> d-------- C:\Program Files\Comodo
2007-11-06 11:06 155,648 --a--c--- C:\WINDOWS\system32\DllCache\icwhelp.dll
2007-11-06 11:06 73,728 --a--c--- C:\WINDOWS\system32\DllCache\icwtutor.exe
2007-11-06 11:06 61,440 --a--c--- C:\WINDOWS\system32\DllCache\icwres.dll
2007-11-06 11:06 57,344 --a--c--- C:\WINDOWS\system32\DllCache\icwconn.dll
2007-11-06 11:06 45,056 --a--c--- C:\WINDOWS\system32\DllCache\icwutil.dll
2007-11-06 11:06 40,960 --a--c--- C:\WINDOWS\system32\DllCache\trialoc.dll
2007-11-06 11:06 24,576 --a--c--- C:\WINDOWS\system32\DllCache\icwrmind.exe
2007-11-06 10:53 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-11-06 10:53 24,661 --a--c--- C:\WINDOWS\system32\DllCache\spxcoins.dll
2007-11-06 10:53 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-11-06 10:53 13,312 --a--c--- C:\WINDOWS\system32\DllCache\irclass.dll
2007-11-05 18:06 272,896 --a--c--- C:\WINDOWS\system32\DllCache\pinball.exe
2007-11-05 18:06 200,192 --a--c--- C:\WINDOWS\system32\DllCache\wordpad.exe
2007-11-05 17:54 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-11-05 17:54 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-11-05 17:53 55,808 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-11-05 17:51 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-11-05 17:50 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-11-05 17:50 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-11-05 17:46 70,656 --a------ C:\WINDOWS\system32\storprop.dll
2007-11-05 17:46 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-11-05 17:46 10,496 --a--c--- C:\WINDOWS\system32\DllCache\irenum.sys
2007-11-04 18:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-04 17:17 <DIR> d-------- C:\VundoFix Backups
2007-11-02 15:29 <DIR> d-------- C:\possible virus from sys32-driver dir
2007-11-01 16:43 73,488 --a------ C:\WINDOWS\system32\drivers\FILEM701.SYS
2007-10-30 16:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ipswitch
2007-10-23 11:13 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-09 17:36 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-10-09 16:45 <DIR> d--h----- C:\WINDOWS\ShellNew

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 20:11 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-16 04:27 --------- d-----w C:\Documents and Settings\Bronksman\Application Data\BitTorrent
2007-09-09 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-07-01 00:09 17,144 ----a-w C:\Documents and Settings\Bronksman\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MAISON-ENFANTS\EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 22:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 18:26]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 19:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-06 12:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 07:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnsc"=C:\WINDOWS\system32\msnsc.exe

C:\Documents and Settings\Bronksman\Start Menu\Programs\Startup\
ClipPlus36.exe.lnk - D:\ClipPlus36\ClipPlus36.exe [2007-04-30 20:32:25]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-04-12 17:27:01]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 15:15:56
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\MAISON-ENFANTS\\EPSON Stylus CX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P43 \"\\\\MAISON-ENFANTS\\EPSON Stylus CX3800 Series\" /O6 \"USB001\" /M \"Stylus CX3800\""
.
Completion time: 2007-11-07 15:19:00 - machine was rebooted
.
--- E O F ---

Réponse 48 / 72

Bronksman Messages postés 45 Statut Membre

mon rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 15:22:49, on 2007-11-07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\ClipPlus36\ClipPlus36.exe
C:\WINDOWS\system32\notepad.exe
F:\HijackThis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Sites%20Web/01mes%20liens/mesliens.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [\\MAISON-ENFANTS\EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P43 "\\MAISON-ENFANTS\EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: ClipPlus36.exe.lnk = D:\ClipPlus36\ClipPlus36.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Réponse 49 / 72

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Re,

Bien joué. Je crois que c'est presque gagné.

A/
1. Copier tout le texte de la boîte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):

Drivers to unload:
vlyjodj^

Files to delete:
C:\WINDOWS\System32\drivers\vlyjodj^.sys

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

2. Maintenant, lancer The Avenger en cliquant sur son icône du bureau.
· Sous "Script file to execute" choisir "Input Script Manually".
· Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
· Dans cette fenêtre, coller le texte précedemment copié sur le bureau par les touches (Ctrl+V).
· Cliquer Done
· ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
· Répondre "Yes" deux fois quand demandé.
3. The Avenger va automatiquement faire ce qui suit:
· Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)
· Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.
· Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
· The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.
4. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau log HijackThis en utilisant REPONDRE

B/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

* "appliquer" et "ok"

C/ * Peux-tu tester ceci : C:\WINDOWS\system32\msnsc.exe
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

D/ * Zippe le contenu de ce dossier : C:\Qoobox
* Pour cela, ouvre le poste de travail>C:
* Fais un clic droit sur _OTMoveIT puis choisis envoyer vers>dossier compressé.
* Un fichier au format zip est alors créé.
* Clique sur ce lien : http://upload.malekal.com/
* Clique sur le bouton parcourir et indique le chemin du fichier zippé.
* Clique enfin sur "envoyer le fichier".

Fais la même chose avec ce dossier C:\Avenger

E/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

F/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

G/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

H/ Edite les rapports suivants : Avenger, virustotal, AVGantispyware, Hijackthis, Diaghelp et SREng.

I/ Dis-moi comment le pc se porte.

FillPCA

Réponse 50 / 72

Bronksman Messages postés 45 Statut Membre

A/ Avenger et Hijackthis

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oatvoisp

*******************

Script file located at: \??\C:\bkgeahru.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key \Registry\Machine\System\CurrentControlSet\Services\vlyjodj^ not found!
Unload of driver vlyjodj^ failed!

Could not process line:
vlyjodj^
Status: 0xc0000034

File C:\WINDOWS\System32\drivers\vlyjodj^.sys deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

2ième rapport

Logfile of HijackThis v1.99.1
Scan saved at 18:02:47, on 2007-11-07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\ClipPlus36\ClipPlus36.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
F:\HijackThis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Sites%20Web/01mes%20liens/mesliens.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [\\MAISON-ENFANTS\EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P43 "\\MAISON-ENFANTS\EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: ClipPlus36.exe.lnk = D:\ClipPlus36\ClipPlus36.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Réponse 51 / 72

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Re,

OK. Je te laisse faire la suite et je regarde cela demain. Je crois que c'est gagné.
Le reste devrait dégager sans problème.

FillPCA

Réponse 52 / 72

Bronksman Messages postés 45 Statut Membre

Rapport VIRUSTOTAL

Fichier msnsc.exe reçu le 2007.11.07 00:07:40 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 3/31 (9.68%)

Fichier msnsc.exe reçu le 2007.11.07 00:07:40 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 3/31 (9.68%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 39 et 56 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.7.0 2007.11.06 -
AntiVir 7.6.0.30 2007.11.06 -
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.06 -
AVG 7.5.0.503 2007.11.06 -
BitDefender 7.2 2007.11.06 -
CAT-QuickHeal 9.00 2007.11.06 -
ClamAV 0.91.2 2007.11.06 -
DrWeb 4.44.0.09170 2007.11.06 -
eSafe 7.0.15.0 2007.11.06 suspicious Trojan/Worm
eTrust-Vet 31.2.5270 2007.11.05 -
Ewido 4.0 2007.11.06 -
FileAdvisor 1 2007.11.07 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.06 -
F-Secure 6.70.13030.0 2007.11.06 -
Ikarus T3.1.1.12 2007.11.06 -
Kaspersky 7.0.0.125 2007.11.06 -
McAfee 5157 2007.11.06 -
Microsoft 1.3007 2007.11.06 -
NOD32v2 2642 2007.11.06 -
Norman 5.80.02 2007.11.06 -
Panda 9.0.0.4 2007.11.06 Suspicious file
Rising 20.17.12.00 2007.11.06 -
Sophos 4.23.0 2007.11.06 -
Sunbelt 2.2.907.0 2007.11.06 Trojan-Spy.Agent.204
Symantec 10 2007.11.06 -
TheHacker 6.2.9.118 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.06 -
Webwasher-Gateway 6.0.1 2007.11.06 -
Information additionnelle
File size: 62054 bytes
MD5: 18002e6a898b85035872cc7beea63f62
SHA1: 08956d60c302ec8317671c1cd222fb4b430c38d2
packers: UPX
packers: UPX
packers: UPX

Réponse 53 / 72

Bronksman Messages postés 45 Statut Membre

Mon rapport AVGantispyware

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:42:44 2007-11-07

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
HKU\S-1-5-21-1177238915-1060284298-1957994488-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
C:\System Volume Information\_restore{CE4D58F1-B5CC-4959-8126-C235F29B3AE4}\RP1\A0001030.dll -> Trojan.Agent.brw : Ignored.
C:\avenger.zip/avenger/backup-2007-11-07-17.56.20,87.zip/avenger/Iqxtccd.dll -> Trojan.Agent.brw : Ignored.
C:\avenger\backup-2007-11-07-17.56.20,87.zip/avenger/Iqxtccd.dll -> Trojan.Agent.brw : Ignored.
D:\documents\quantum_primaire_D\downloads\Decompressor software\WinISO\WinISO\WinISO_crk.exe -> Trojan.Small : Ignored.
D:\documents\quantum_primaire_D\downloads\Decompressor software\WinISO\WinISO_crk.exe -> Trojan.Small : Ignored.
D:\documents\quantum_primaire_D\downloads\Decompressor software\WinRAR\WinISO\WinISO_crk.exe -> Trojan.Small : Ignored.
D:\documents\quantum_primaire_D\downloads\Decompressor software\WinZIP\WinISO\WinISO_crk.exe -> Trojan.Small : Ignored.
D:\documents\quantum_primaire_D\downloads\Decompressor software\WinZIP\WinZIP\WinISO\WinISO_crk.exe -> Trojan.Small : Ignored.

::Report end

Réponse 54 / 72

Bronksman Messages postés 45 Statut Membre

J'attend le résultat de Kaspersky...Très long.
220000 fichiers à scanner...+/- 9000 fichiers /heures
Fait le calcul....

À+

Réponse 55 / 72

Bronksman Messages postés 45 Statut Membre

Rapport Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 08, 2007 7:42:32 AM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/11/2007
Kaspersky Anti-Virus database records: 452652
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 91754
Number of viruses found: 6
Number of infected objects: 32
Number of suspicious objects: 0
Duration of the scan process: 03:59:22

Infected Object Name / Virus Name / Last Action
C:\avenger\backup-2007-11-07-17.56.20,87.zip/avenger/Iqxtccd.dll Infected: Trojan-PSW.Win32.LdPinch.dvz skipped
C:\avenger\backup-2007-11-07-17.56.20,87.zip ZIP: infected - 1 skipped
C:\avenger.zip/avenger/backup-2007-11-07-17.56.20,87.zip/avenger/Iqxtccd.dll Infected: Trojan-PSW.Win32.LdPinch.dvz skipped
C:\avenger.zip/avenger/backup-2007-11-07-17.56.20,87.zip Infected: Trojan-PSW.Win32.LdPinch.dvz skipped
C:\avenger.zip ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Bronksman\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bronksman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bronksman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bronksman\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bronksman\Local Settings\Temp\~DF3BD3.tmp Object is locked skipped
C:\Documents and Settings\Bronksman\Local Settings\Temp\~DFAF82.tmp Object is locked skipped
C:\Documents and Settings\Bronksman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bronksman\ntuser.dat Object is locked skipped
C:\Documents and Settings\Bronksman\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0935NAV~.TMP Object is locked skipped
C:\qoobox\Quarantine\catchme2007-11-07_151527.97.zip/ubsxriif.dat Infected: Trojan.Win32.Agent.cid skipped
C:\qoobox\Quarantine\catchme2007-11-07_151527.97.zip/pkdipxac.dat Infected: Trojan.Win32.Agent.cid skipped
C:\qoobox\Quarantine\catchme2007-11-07_151527.97.zip ZIP: infected - 2 skipped
C:\qoobox.zip/qoobox/qoobox.zip/Quarantine/catchme2007-11-07_151527.97.zip/ubsxriif.dat Infected: Trojan.Win32.Agent.cid skipped
C:\qoobox.zip/qoobox/qoobox.zip/Quarantine/catchme2007-11-07_151527.97.zip/pkdipxac.dat Infected: Trojan.Win32.Agent.cid skipped
C:\qoobox.zip/qoobox/qoobox.zip/Quarantine/catchme2007-11-07_151527.97.zip Infected: Trojan.Win32.Agent.cid skipped
C:\qoobox.zip/qoobox/qoobox.zip Infected: Trojan.Win32.Agent.cid skipped
C:\qoobox.zip/qoobox/Quarantine/catchme2007-11-07_151527.97.zip/ubsxriif.dat Infected: Trojan.Win32.Agent.cid skipped
C:\qoobox.zip/qoobox/Quarantine/catchme2007-11-07_151527.97.zip/pkdipxac.dat Infected: Trojan.Win32.Agent.cid skipped
C:\qoobox.zip/qoobox/Quarantine/catchme2007-11-07_151527.97.zip Infected: Trojan.Win32.Agent.cid skipped
C:\qoobox.zip ZIP: infected - 7 skipped
C:\SDFix\backups_old1\backups.zip/backups/ie_update3r.exe Infected: Trojan-Downloader.Win32.Tiny.zj skipped
C:\SDFix\backups_old1\backups.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CE4D58F1-B5CC-4959-8126-C235F29B3AE4}\RP1\A0001030.dll Infected: Trojan-PSW.Win32.LdPinch.dvz skipped
C:\System Volume Information\_restore{CE4D58F1-B5CC-4959-8126-C235F29B3AE4}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\cmcfg3.1 Infected: Trojan-Spy.Win32.BZub.btx skipped
C:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\ClipPlus36\Latest.C36 Object is locked skipped
D:\ClipPlus36\Saved.C36 Object is locked skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\keyfinder1.41.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\keyfinder1.41.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\keyfinder1.41.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\keyfinder1.41.exe RarSFX: infected - 3 skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\keyfinder1.51.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\keyfinder1.51.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\keyfinder1.51.exe RarSFX: infected - 2 skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\kf151.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\kf151.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\kf151.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Sites Web\logiciels\create CD\WINXP Keyfinder\Magical Jelly Bean keyfinder\kf151.zip ZIP: infected - 3 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Réponse 56 / 72

Bronksman Messages postés 45 Statut Membre

Rapport Diaghelp

DiagHelp version v1.3 - http://www.malekal.com
excute le 2007-11-08 à 7:53:13,61

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2007-11-08 07:53:09
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2007-11-08 07:53:06
C:\WINDOWS\prefetch\AVENGER.EXE-21FD0F0A.pf -->2007-11-08 07:52:41
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->2007-11-08 07:45:18
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->2007-11-08 07:45:06
C:\WINDOWS\prefetch\Layout.ini -->2007-11-08 06:51:21
C:\WINDOWS\prefetch\CPFUPDAT.EXE-18C6DFD4.pf -->2007-11-08 00:07:12
C:\WINDOWS\prefetch\DWHWIZRD.EXE-2CC782A2.pf -->2007-11-07 23:29:00
C:\WINDOWS\prefetch\LUALL.EXE-2BCC229F.pf -->2007-11-07 23:24:17
C:\WINDOWS\prefetch\VPDN_LU.EXE-0A29B4CE.pf -->2007-11-07 23:23:56

C:\WINDOWS\System32\drivers\inspect.sys -->2007-11-08 00:08:45
C:\WINDOWS\System32\drivers\cmdmon.sys -->2007-11-08 00:08:44
C:\WINDOWS\System32\drivers\FILEM701.SYS -->2007-11-01 16:43:33
C:\WINDOWS\System32\drivers\AvgAsCln.sys -->2007-05-30 07:10:42
C:\WINDOWS\System32\drivers\scdemu.sys -->2007-04-09 07:27:07
C:\WINDOWS\System32\drivers\SYMEVENT.SYS -->2006-09-18 16:55:28
C:\WINDOWS\System32\drivers\symtdi.sys -->2006-08-07 15:02:26

C:\WINDOWS\System32\wpa.dbl -->2007-11-07 15:14:12
C:\WINDOWS\System32\PerfStringBackup.INI -->2007-11-06 11:36:25
C:\WINDOWS\System32\perfh009.dat -->2007-11-06 11:36:25
C:\WINDOWS\System32\perfc009.dat -->2007-11-06 11:36:25
C:\WINDOWS\System32\FNTCACHE.DAT -->2007-11-06 11:27:53
C:\WINDOWS\System32\$winnt$.inf -->2007-11-06 11:26:19
C:\WINDOWS\System32\wmpscheme.xml -->2007-11-06 11:16:43
C:\WINDOWS\System32\nscompat.tlb -->2007-11-06 11:16:35
C:\WINDOWS\System32\amcompat.tlb -->2007-11-06 11:16:35
C:\WINDOWS\System32\WindowsLogon.manifest -->2007-11-06 11:08:20
C:\WINDOWS\System32\logonui.exe.manifest -->2007-11-06 11:08:20
C:\WINDOWS\System32\wuaucpl.cpl.manifest -->2007-11-06 11:07:55
C:\WINDOWS\System32\sapi.cpl.manifest -->2007-11-06 11:07:55
C:\WINDOWS\System32\nwc.cpl.manifest -->2007-11-06 11:07:55
C:\WINDOWS\System32\ncpa.cpl.manifest -->2007-11-06 11:07:55
C:\WINDOWS\System32\cdplayer.exe.manifest -->2007-11-06 11:07:55
C:\WINDOWS\System32\Blank.htm -->2007-10-25 12:00:05
C:\WINDOWS\System32\TZLog.log -->2007-10-10 18:23:31
C:\WINDOWS\System32\jupdate-1.6.0_02-b06.log -->2007-08-02 11:14:52
C:\WINDOWS\System32\wuapi.dll -->2007-07-30 18:19:36
C:\WINDOWS\System32\wucltui.dll -->2007-07-30 18:19:32
C:\WINDOWS\System32\wuaucpl.cpl.mui -->2007-07-30 18:19:32
C:\WINDOWS\System32\mucltui.dll -->2007-07-30 18:19:10
C:\WINDOWS\System32\wuapi.dll.mui -->2007-07-30 18:19:02
C:\WINDOWS\System32\mucltui.dll.mui -->2007-07-30 18:19:02

C:\WINDOWS\setupapi.log -->2007-11-07 22:58:05
C:\WINDOWS\0.log -->2007-11-07 22:06:37
C:\WINDOWS\bootstat.dat -->2007-11-07 22:01:02
C:\WINDOWS\SchedLgU.Txt -->2007-11-07 17:52:53
C:\WINDOWS\WMSysPrx.prx -->2007-11-06 11:16:32
C:\WINDOWS\ODBCINST.INI -->2007-11-06 11:16:13
C:\WINDOWS\WindowsShell.Manifest -->2007-11-06 11:07:55
C:\WINDOWS\win.ini -->2007-11-06 11:07:24
C:\WINDOWS\system.ini -->2007-11-06 10:53:49
C:\WINDOWS\UPGRADE.TXT -->2007-11-06 08:27:02
C:\WINDOWS\catchme.exe -->2007-10-29 18:56:19
C:\WINDOWS\iltwain.ini -->2007-10-25 12:00:03
C:\WINDOWS\ODBC.INI -->2007-10-09 16:48:44
C:\WINDOWS\setupapi.log.0.old -->2007-09-25 05:55:01
C:\WINDOWS\mozver.dat -->2007-08-15 07:04:39

MD5 des fichiers sensibles
tcpip.sys e7774698bb0d14b0710a9a31e209f9b6
ndis.sys 3efd4f59ba0a340de0a3ab984001dbf7
null.sys 73c1e1f395918bc2c6dd67af7591a3ad
svchost.exe 0f7d9c87b0ce1fa520473119752c6f79

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1616
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0xf7000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
0x77c10000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x772d0000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x773d0000 0x7f4000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77120000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f80000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x769c0000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x5ad70000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x77340000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x5b630000 0x70000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x76b20000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x74b30000 0x41000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x74af0000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74ad0000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x76400000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll
0x762c0000 0x8a000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x72430000 0x12000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x76200000 0x97000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x760f0000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\System32\ODBC32.dll
0x763b0000 0x45000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x1f850000 0x16000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll
0x76170000 0x88000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
0x76c30000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x10000000 0x13000 7.05.0001.0036 F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x00940000 0x8000 1.00.0000.0001 F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
0x00c20000 0x1a000 5.00.0000.0352 C:\WINDOWS\system32\PDFShell.dll
0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 592
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x6e000 \??\C:\WINDOWS\system32\winlogon.exe
0x77c10000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x762c0000 0x8a000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76c30000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x773d0000 0x7f4000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x772d0000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77340000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll
0x763b0000 0x45000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x1f850000 0x16000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll
0x76bd0000 0x1e000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x10000000 0x11000 6.14.0010.4123 C:\WINDOWS\system32\Ati2evxx.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x5ad70000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\UxTheme.dll
0x65e30000 0xd000 10.01.0005.5000 C:\WINDOWS\system32\NavLogon.dll
0x77120000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll

Volume in drive C is Bootdisk 10 Gig
Volume Serial Number is 4C35-E683

Directory of C:\WINDOWS\system32

2001-08-23 07:00 4 096 csrss.exe
1 File(s) 4 096 bytes
0 Dir(s) 3 222 941 696 bytes free

Contenu de Downloaded Program Files
Volume in drive C is Bootdisk 10 Gig
Volume Serial Number is 4C35-E683

Directory of C:\WINDOWS\Downloaded Program Files

2007-11-07 22:58 <DIR> .
2007-11-07 22:58 <DIR> ..
2007-11-06 11:08 65 desktop.ini
2006-07-11 09:41 345 656 ewidoOnlineScan.dll
2007-01-07 12:55 2 305 kavwebscan.inf
3 File(s) 348 026 bytes

Total Files Listed:
3 File(s) 348 026 bytes
2 Dir(s) 3 222 937 600 bytes free

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Accessing \device\physicalmemory via NtCreateSymbolicLinkObject

Process list by traversal of KiWaitListHead

4 - System
216 - cpf.exe
276 - avgas.exe
564 - csrss.exe
592 - winlogon.exe
636 - services.exe
648 - lsass.exe
892 - svchost.exe
948 - svchost.exe
956 - IEXPLORE.EXE
1128 - svchost.exe
1164 - svchost.exe
1284 - Rtvscan.exe
1520 - ClipPlus36.exe
1584 - spoolsv.exe
1616 - explorer.exe
1704 - cmd.exe
1800 - guard.exe
1944 - E_FATIACA.EXE
1968 - ccApp.exe
2004 - VPTray.exe

Total number of processes = 21
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Accessing \device\physicalmemory via NtCreateSymbolicLinkObject

Driver/Module list by traversal of PsLoadedModuleList

804D0000 - \WINDOWS\system32\ntoskrnl.exe
806B4000 - \WINDOWS\system32\hal.dll
F7BA9000 - \WINDOWS\system32\KDCOM.DLL
F7AB9000 - \WINDOWS\system32\BOOTVID.dll
F765C000 - ACPI.sys
F7BAB000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F76A9000 - pci.sys
F76B9000 - isapnp.sys
F7BAD000 - viaide.sys
F7929000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F76C9000 - MountMgr.sys
F763D000 - ftdisk.sys
F7BAF000 - dmload.sys
F7619000 - dmio.sys
F7931000 - PartMgr.sys
F76D9000 - VolSnap.sys
F7603000 - atapi.sys
F76E9000 - ultra.sys
F75ED000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
F76F9000 - disk.sys
F7709000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F75DB000 - sr.sys
F75C7000 - KSecDD.sys
F7544000 - Ntfs.sys
F7719000 - inspect.sys
F751C000 - \WINDOWS\System32\DRIVERS\NDIS.SYS
F7939000 - viaagp.sys
F7941000 - viaagp1.sys
F7502000 - Mup.sys
F7971000 - \SystemRoot\System32\DRIVERS\processr.sys
F735A000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F77A9000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7979000 - \SystemRoot\System32\DRIVERS\fdc.sys
F7347000 - \SystemRoot\System32\DRIVERS\parport.sys
F77B9000 - \SystemRoot\System32\DRIVERS\serial.sys
F7B49000 - \SystemRoot\System32\DRIVERS\serenum.sys
F77C9000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7981000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7989000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F77D9000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F77E9000 - \SystemRoot\System32\DRIVERS\redbook.sys
F7326000 - \SystemRoot\System32\DRIVERS\ks.sys
F7991000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F7307000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F72F4000 - \SystemRoot\System32\DRIVERS\el90xbc5.sys
F77F9000 - \SystemRoot\system32\drivers\es1371mp.sys
F72D3000 - \SystemRoot\system32\drivers\portcls.sys
F7809000 - \SystemRoot\system32\drivers\drmk.sys
F7C97000 - \SystemRoot\System32\DRIVERS\audstub.sys
F7819000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7B51000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F72BD000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F7829000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F7839000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7B5D000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F72AC000 - \SystemRoot\System32\DRIVERS\psched.sys
F7849000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F7999000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F79A1000 - \SystemRoot\System32\DRIVERS\raspti.sys
F71DF000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F7869000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7CAB000 - \SystemRoot\System32\DRIVERS\swenum.sys
F7195000 - \SystemRoot\System32\DRIVERS\update.sys
F7B79000 - \SystemRoot\System32\DRIVERS\gameenum.sys
F7879000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F79A9000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F78D9000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7BC7000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F50F5000 - \??\C:\Program Files\Symantec AntiVirus\savrt.sys
F50D3000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS
F50BF000 - \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
F7BC9000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7CCF000 - \SystemRoot\System32\Drivers\Null.SYS
F7BCB000 - \SystemRoot\System32\Drivers\Beep.SYS
F7CD2000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F79B9000 - \SystemRoot\System32\drivers\vga.sys
F7BCD000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7BCF000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F79C1000 - \SystemRoot\System32\Drivers\Msfs.SYS
F79C9000 - \SystemRoot\System32\Drivers\Npfs.SYS
F74CE000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F78E9000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F4F6A000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F4F57000 - \SystemRoot\System32\DRIVERS\cmdmon.sys
F4F1C000 - \SystemRoot\System32\Drivers\SYMTDI.SYS
F4EF7000 - \SystemRoot\System32\DRIVERS\netbt.sys
F4ED7000 - \SystemRoot\System32\drivers\afd.sys
F78F9000 - \SystemRoot\System32\DRIVERS\netbios.sys
F79D1000 - \SystemRoot\System32\Drivers\SCDEmu.SYS
F4E87000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F4E23000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F7919000 - \SystemRoot\System32\Drivers\Fips.SYS
F4D20000 - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
F7749000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F4CD9000 - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
F7CA1000 - \??\F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F7759000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F4CC3000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7BDB000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
F7181000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F7CB7000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9B8000 - \SystemRoot\System32\ati2dvag.dll
BF9F8000 - \SystemRoot\System32\ati2cqag.dll
BFA32000 - \SystemRoot\System32\atikvmag.dll
BFA68000 - \SystemRoot\System32\ati3duag.dll
BFCC9000 - \SystemRoot\System32\ativvaxx.dll
F2AD7000 * --[Hidden]--
F28C7000 - \SystemRoot\system32\drivers\wdmaud.sys
F2A83000 - \SystemRoot\system32\drivers\sysaudio.sys
F26BF000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F7C03000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F23EE000 - \SystemRoot\System32\DRIVERS\srv.sys
F2A23000 - \SystemRoot\System32\Drivers\SYMREDRV.SYS
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F1DA4000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F1CD2000 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\navex15.sys
F1CBF000 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\naveng.sys
F1C98000 - \SystemRoot\system32\drivers\kmixer.sys
F7D15000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 121

Liste des programmes installes

ACDSee 5.0 PowerPack
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 7.0.5
Apple Software Update
ATI Display Driver
AVG Anti-Spyware 7.5
CCleaner (remove only)
CoffeeCup LockBox
COMODO Firewall Pro
EasyPHP 1.8
ERUNT 1.1j
HotDog Professional 6
Ipswitch WS_FTP Pro
Jasc Paint Shop Pro 8
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
LiveUpdate 3.1 (Symantec Corporation)
Microsoft Office XP French User Interface Pack
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5)
Norton Utilities 2003 for Windows
Notepad++
Photo-Objects 50,000 Premium Image Collection
PowerISO
QuickTime
Sausage Software Common Files
Software Update for Web Folders
Symantec AntiVirus
WD Diagnostics
WinRAR archiver

Volume in drive C is Bootdisk 10 Gig
Volume Serial Number is 4C35-E683

Directory of C:\Program Files

2007-11-06 14:44 <DIR> .
2007-11-06 14:44 <DIR> ..
2007-04-15 23:27 <DIR> Adobe
2007-07-30 15:25 <DIR> Apple Software Update
2007-10-09 16:46 <DIR> Common Files
2007-11-06 12:14 <DIR> Comodo
2007-04-15 22:05 <DIR> ComPlus Applications
2007-04-30 11:02 <DIR> EPSON
2007-11-06 14:45 <DIR> ERUNT
2007-11-05 18:19 <DIR> Internet Explorer
2007-08-02 11:14 <DIR> Java
2007-04-15 22:19 <DIR> Messenger
2007-10-09 17:36 <DIR> Microsoft ActiveSync
2007-04-15 22:11 <DIR> microsoft frontpage
2007-10-09 17:33 <DIR> Microsoft Office
2007-11-05 18:20 <DIR> Movie Maker
2007-08-28 14:03 <DIR> Mozilla Firefox
2007-04-15 22:05 <DIR> MSN
2007-04-15 22:04 <DIR> MSN Gaming Zone
2007-04-15 23:12 <DIR> MSN Messenger
2007-11-05 18:19 <DIR> NetMeeting
2007-04-15 22:08 <DIR> Online Services
2007-10-10 18:21 <DIR> Outlook Express
2007-04-30 18:27 <DIR> Symantec
2007-11-07 22:07 <DIR> Symantec AntiVirus
2007-04-15 23:19 <DIR> Unlocker
2007-07-17 22:01 <DIR> Western Digital Technologies
2007-11-06 11:16 <DIR> Windows Media Player
2007-11-05 18:05 <DIR> Windows NT
2007-05-31 10:55 <DIR> WinRAR
2007-04-15 22:11 <DIR> xerox
0 File(s) 0 bytes
31 Dir(s) 3 213 348 864 bytes free
Volume in drive C is Bootdisk 10 Gig
Volume Serial Number is 4C35-E683

Directory of C:\Program Files\common files

2007-10-09 16:46 <DIR> .
2007-10-09 16:46 <DIR> ..
2007-04-17 18:44 <DIR> ACD Systems
2007-04-17 19:13 <DIR> Adobe
2007-10-09 17:36 <DIR> Designer
2007-04-17 19:02 <DIR> InstallShield
2007-04-30 21:59 <DIR> Java
2007-10-09 17:37 <DIR> Microsoft Shared
2007-04-15 22:06 <DIR> MSSoap
2007-04-15 18:51 <DIR> ODBC
2007-04-15 22:07 <DIR> Services
2007-04-15 18:51 <DIR> SpeechEngines
2007-04-30 18:28 <DIR> Symantec Shared
2007-10-10 18:21 <DIR> System
0 File(s) 0 bytes
14 Dir(s) 3 213 348 864 bytes free
Volume in drive C is Bootdisk 10 Gig
Volume Serial Number is 4C35-E683

Directory of C:\

2007-04-19 16:55 140 288 javex.exe
1 File(s) 140 288 bytes
0 Dir(s) 3 213 348 864 bytes free

c:\Documents and Settings\All Users\Documents\Jasc PaintShop Pro 7 (1).exe
c:\Documents and Settings\Bronksman\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Bronksman\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
c:\Documents and Settings\Bronksman\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
c:\Documents and Settings\Bronksman\Desktop\avenger.exe
c:\Documents and Settings\Bronksman\Desktop\avgas-setup-7.5.1.43.exe
c:\Documents and Settings\Bronksman\Desktop\ccsetup202.exe
c:\Documents and Settings\Bronksman\Desktop\ComboFix.exe
c:\Documents and Settings\Bronksman\Desktop\erunt-setup.exe
c:\Documents and Settings\Bronksman\Desktop\SDFix.exe
c:\Documents and Settings\Bronksman\Desktop\spybotsd_includes.exe
c:\Documents and Settings\Bronksman\Desktop\spybotsd15.exe
c:\Documents and Settings\Bronksman\Desktop\VundoFix.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\catchme.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\diff.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\dumphive.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\find2.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\Fport.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\grep.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\gzip.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\LFiles.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\md5sums.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\pslist.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\streams.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\swreg.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\tar.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Bronksman\Desktop\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Bronksman\Desktop\sreng2\SREngPS.EXE
c:\Documents and Settings\Bronksman\My Documents\My Received Files\test\PowerISO 3.7.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_PAPA900MHZ.tar.gz a l'adresse http://upload.malekal.com

PS: Le site de malekal n'était pas en ligne donc pas pu envoyer le fichier.

Réponse 57 / 72

Bronksman Messages postés 45 Statut Membre

Mon rapport SRENG

[CODE]

2007-11-08,08:06:53

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<\\MAISON-ENFANTS\EPSON Stylus CX3800 Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P43 "\\MAISON-ENFANTS\EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"> [N/A]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<QuickTime Task><"F:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<COMODO Firewall Pro><"C:\Program Files\Comodo\Firewall\CPF.exe" /background> [(Verified)Comodo CA Limited]
<!AVG Anti-Spyware><"F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
<Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================
Startup Folders
[Acrobat Assistant]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk --> F:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [Adobe Systems Inc.]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[ClipPlus36.exe]
<C:\Documents and Settings\Bronksman\Start Menu\Programs\Startup\ClipPlus36.exe.lnk --> D:\CLIPPL~1\CLIPPL~1.EXE [Written by Matt English, menglish@teleport.com]><N>
[ERUNT AutoBackup]
<C:\Documents and Settings\Bronksman\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk --> C:\PROGRA~1\ERUNT\AUTOBACK.EXE [N/A]><N>

==================================
Services
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Comodo Application Agent / CmdAgent][Stopped/Auto Start]
<C:\Program Files\Comodo\Firewall\cmdagent.exe><COMODO>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HTTP SSL / HTTPFilter][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k HTTPFilter-->%SystemRoot%\System32\w3ssl.dll><Microsoft Corporation>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[SavRoam / SavRoam][Stopped/Manual Start]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Network Provisioning Service / xmlprov][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\xmlprov.dll><Microsoft Corporation>

==================================
Drivers
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atimtag / atimtag][Stopped/Manual Start]
<System32\DRIVERS\atimtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\BRONKS~1\LOCALS~1\Temp\catchme.sys><N/A>
[Comodo Application Engine / CmdMon][Running/System Start]
<System32\DRIVERS\cmdmon.sys><Comodo Research Lab., Inc.>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[3Com 3C90X-BC Family PCI EtherLink Adapter / EL90XBC][Running/Manual Start]
<System32\DRIVERS\el90xbc5.sys><3Com Corporation>
[EraserUtilDrv10733 / EraserUtilDrv10733][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys><N/A>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
<system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[FltMgr / FltMgr][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\fltMgr.sys><Microsoft Corporation>
[Comodo Network Engine / Inspect][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\inspect.sys><COMODO>
[Microsoft System Management BIOS Driver / mssmbios][Stopped/Manual Start]
<system32\DRIVERS\mssmbios.sys><Microsoft Corporation>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\navex15.sys><Symantec Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SAVRT / SAVRT][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, >
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[ewidoOnlineScan Control]
{193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, Sun Microsystems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[ewidoOnlineScan Control]
{193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[E&xport to Microsoft Excel]
<res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 500 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 564 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 592 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4123]
[C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 10.1.5.5000]
[C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 636 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 648 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 808 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4123]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 892 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 948 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1128 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1164 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1500 / Bronksman][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4123]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 1584 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\pdfports.dll] [Adobe Systems Incorporated., 5.0.000]
[F:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll] [N/A, ]
[PID: 1616 / Bronksman][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\PDFShell.dll] [Adobe Systems Incorporated, 5.0.0.2001042700]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[PID: 1904 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 104.0.11.1]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1]
[PID: 1944 / Bronksman][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE] [SEIKO EPSON CORPORATION, 4.00]
[PID: 1968 / Bronksman][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 104.0.11.1]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 104.0.11.1]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 104.0.11.1]
[C:\WINDOWS\System32\SYMREDIR.DLL] [Symantec Corporation, 6.0.4.402]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 10.1.5.5000]
[PID: 2004 / Bronksman][C:\PROGRA~1\SYMANT~1\VPTray.exe] [Symantec Corporation, 10.1.5.5000]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.2.3]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccAlert.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 10.1.5.5000]
[F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[PID: 2040 / Bronksman][C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.20.6]
[PID: 216 / Bronksman][C:\Program Files\Comodo\Firewall\CPF.exe] [COMODO, 2.4.0.58]
[C:\Program Files\Comodo\Firewall\dbghelp.dll] [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)]
[C:\Program Files\Comodo\Firewall\Languages\4\CPF_Fre.dll] [COMODO, 2.4.0.57]
[PID: 276 / Bronksman][F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43]
[F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 272 / SYSTEM][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.1.5.5000]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[PID: 452 / Bronksman][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1284 / SYSTEM][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.1.5.5000]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\NTS.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.1.5.5000]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.5.5000]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 51.3.0.11]
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.2.3]
[C:\Program Files\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Symantec AntiVirus\vpmsece4.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 2.2.0.7]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\ccEraser.dll] [Symantec Corporation, 107.3.3.4]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\ecmsvr32.dll] [Symantec Corporation, 71.3.0.25]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\NAVEX32a.DLL] [Symantec Corporation, 20071.3.0.24]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\NAVENG32.DLL] [Symantec Corporation, 20071.3.0.24]
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] [Symantec Corporation, 10.1.5.5000]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.1.5.5000]
[PID: 864 / Bronksman][F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe] [Adobe Systems Inc., 5, 0, 0, 0]
[PID: 1520 / Bronksman][D:\ClipPlus36\ClipPlus36.exe] [Written by Matt English, menglish@teleport.com, 3.06]
[C:\WINDOWS\System32\MSVBVM50.DLL] [Microsoft Corporation, 05.02.8244 (SP2)]
[PID: 196 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 104.0.11.1]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 2.2.0.7]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 104.0.11.1]
[PID: 956 / Bronksman][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Java\jre1.6.0_02\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PDFShell.dll] [Adobe Systems Incorporated, 5.0.0.2001042700]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[PID: 3048 / Bronksman][C:\Documents and Settings\Bronksman\Desktop\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Documents and Settings\Bronksman\Desktop\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1944, C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIACA.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 864, F:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1520, D:\CLIPPLUS36\CLIPPLUS36.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

[/CODE]

Réponse 58 / 72

Bronksman Messages postés 45 Statut Membre

Mon Rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 08:09:11, on 2007-11-08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\ClipPlus36\ClipPlus36.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
F:\HijackThis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Sites%20Web/01mes%20liens/mesliens.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [\\MAISON-ENFANTS\EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P43 "\\MAISON-ENFANTS\EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: ClipPlus36.exe.lnk = D:\ClipPlus36\ClipPlus36.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Réponse 59 / 72

Bronksman Messages postés 45 Statut Membre

J'attend de vos nouvelles .

Réponse 60 / 72

Bronksman Messages postés 45 Statut Membre

Mon système se comporte en ce qui me semble plus lent et ce probablement à cause de tout les logiciels installé.
Étrangement depuis hier chaque fois que je poste un message ici je dois me reconnecter sur ce site parcontre avec mon autre ordinateur ce n'est pas le cas.

Est ce que la cause est due au trojan ou Comodo, AVG Spyware, etc.

Système AMD Athlon 900 mhz 384 ram

Infection de Trojans

72 réponses

Votre réponse

Discussions similaires

Newsletters