Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[résolu]Downloader.agent.uj

Miaw

Par Miaw
dans Analyses et éradication malwares

 Partager

Messages recommandés

Miaw Member

Miaw

Posté(e)
Posté(e) (modifié)

Bonjours et joyeuse fêtes (avec un peu de retard).

Voici mon problème , il y a 1 semaine, antivir a trouvé un trojan sur mon pc, pensant l'avoir éradiqué je ne m'en souciait plus jusqu'à se qu'il revienne encore et encore :'(, j'ai essayé de le supprimer mais sans succés, de plus l'analyse en mode sans echec avec AVG Anti-spyware détecte bien un downloader.agent.uj en risque élevé mais ne vas pas jusqu'au bout de son scan car au bout d'un moment, le logiciel plante en me signalant une erreur dans C:\program files\Grisoft\AVG Anti-spyware 7.5\avgas.err

 

Voici mon log Hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 15:33:51, on 27/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C47A3B6-A911-4DE9-B608-1E407E5D642F}: NameServer = 85.255.115.3,85.255.112.10

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.3 85.255.112.10

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.3 85.255.112.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.3 85.255.112.10

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

Je vous remercie d'avance de votre aide.

 

Edit : je viens de voir ce message visiblement similaire au mien : http://forum.zebulon.fr/index.php?showtopic=111976

Puis-je suivre la même procédure?

Modifié par Miaw
Lien vers le commentaire
Partager sur d’autres sites

Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut :P

 

Edit : je viens de voir ce message visiblement similaire au mien : http://forum.zebulon.fr/index.php?showtopic=111976

Puis-je suivre la même procédure?

Chaque cas est particulier et on ne peux pas adapter une procédure trouvée dans une autre discussion :P

Aussi stp, fais les manipulations suivantes stp >

 

Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

 

Télécharge le FixWareout d'un de ces deux sites sur le bureau:

http://downloads.subratam.org/Fixwareout.exe

http://swandog46.geekstogo.com/Fixwareout.exe

 

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.

Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

 

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C47A3B6-A911-4DE9-B608-1E407E5D642F}: NameServer = 85.255.115.3,85.255.112.10

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.3 85.255.112.10

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.3 85.255.112.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.3 85.255.112.10

Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

 

A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

 

Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

 

De plus je te demanderai ceci stp >

 

Télécharge DiagHelp.zip sur ton bureau

  • Ne double-clic pas dessus !! Fais un clic droit sur le fichier et "extraire tout"
  • Un nouveau dossier va être créé , il se nomme DiagHelp
  • Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
  • Une fenêtre va s'ouvrir, choisis l'option 1
  • L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
  • Copie/colle le contenu du bloc-note qui s'ouvre dans ton prochain post.

@+

 

Edit: as tu conservé le rapport d'Antivir?

Modifié par charles ingals
Lien vers le commentaire
Partager sur d’autres sites
Miaw Member

Miaw

Posté(e)
  • Auteur
Posté(e) (modifié)

Non je n'ai pas penser à faire de sauvegarde de se rapport.

 

Voici les différents rapports :

Fixwareout :

 

Fixwareout

Last edited 12/06/2006

Post this report in the forums please

...

Prerun check

[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"="cszsk.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dmehc.exe"="C:\\WINDOWS\\system32\\dmehc.exe"

 

...

...

Reg Entries that were deleted

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}74F0E9A5B5F7-20D9-7864-5A70-CC43741A{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E3F5BAC8FCB-9588-0A94-944D-E9BE57DC{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\chemd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap

...

 

Random Runs removed from HKLM

"dmehc.exe"=-

...

...

 

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

 

»»»»» Searching by size/names...

 

»»»»»

Search five digit cs, dm kd and jb files.

This WILL/CAN also list Legit Files, Submit them at Virustotal

C:\WINDOWS\SYSTEM32\CSZSK.EXE 51 283 2006-08-13

 

Other suspects.

 

»»»»» Misc files.

 

»»»»» Checking for older varients covered by the Rem3 tool.

...

Postrun check

[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"system"=""

 

...

 

Hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 16:38:43, on 27/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

Diaghelp :

 

Service Pack 212 2 2006 14:06:09.500

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver ACPI.sys

Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver compbatt.sys

Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS

Loaded driver intelide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver vmscsi.sys

Loaded driver \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

Loaded driver disk.sys

Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Loaded driver fltMgr.sys

Loaded driver sr.sys

Loaded driver KSecDD.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver Mup.sys

Loaded driver agp440.sys

Loaded driver \SystemRoot\system32\DRIVERS\amdk7.sys

Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys

Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\vmmouse.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\parport.sys

Loaded driver \SystemRoot\system32\DRIVERS\serial.sys

Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys

Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\system32\DRIVERS\vmx_svga.sys

Loaded driver \SystemRoot\system32\DRIVERS\vmxnet.sys

Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys

Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys

Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\system32\DRIVERS\psched.sys

Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys

Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\update.sys

Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS

Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Loaded driver \SystemRoot\System32\drivers\vga.sys

Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Did not load driver \SystemRoot\system32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys

Loaded driver \SystemRoot\System32\Drivers\Fips.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys

Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS

Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys

Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS

Loaded driver \SystemRoot\system32\DRIVERS\srv.sys

Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

 

Pendant le fixwareout AVG me l'a détecté comme étant un keylogger mais je suppose que cela est normal?

Modifié par Miaw
Lien vers le commentaire
Partager sur d’autres sites
Miaw Member

Miaw

Posté(e)
  • Auteur
Posté(e)

ok voici le rapport du Help.cmd de diaghelp :

 

FPort v2.0 - TCP/IP Process to Port Mapper

Copyright 2000 by Foundstone, Inc.

http://www.foundstone.com

 

Pid Process Port Proto Path

1056 -> 1025 TCP

916 -> 135 TCP

4 System -> 139 TCP

4 System -> 445 TCP

0 System -> 4504 TCP

0 System -> 4514 TCP

0 System -> 4527 TCP

0 System -> 4535 TCP

0 System -> 4539 TCP

0 System -> 4540 TCP

0 System -> 4543 TCP

1168 avgnt -> 1026 TCP C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

1896 avguard -> 18350 TCP C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

336 firefox -> 4485 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4486 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4487 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4488 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4489 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4490 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4491 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4492 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4493 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4503 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4511 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4519 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4520 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4521 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4526 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4529 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4530 TCP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4533 TCP C:\Program Files\Mozilla Firefox\firefox.exe

 

1056 -> 1040 UDP

916 -> 445 UDP

4 System -> 137 UDP

4 System -> 500 UDP

1168 avgnt -> 1046 UDP C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

1896 avguard -> 1034 UDP C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

1896 avguard -> 123 UDP C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

336 firefox -> 1047 UDP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 123 UDP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 138 UDP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 1900 UDP C:\Program Files\Mozilla Firefox\firefox.exe

336 firefox -> 4500 UDP C:\Program Files\Mozilla Firefox\firefox.exe

 

 

 

PsList 1.26 - Process Information Lister

Copyright © 1999-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

Process information for MADRON-59F1DAAF:

 

Name Pid Pri Thd Hnd VM WS Priv

Idle 0 0 1 0 0 28 0

System 4 8 58 303 1904 44 0

smss 564 11 3 21 3828 56 168

csrss 628 13 11 439 26296 3032 1900

winlogon 652 13 15 421 55632 1576 7448

services 696 9 16 272 37912 1624 2168

svchost 856 8 16 208 62892 1004 3256

svchost 916 8 10 238 36728 1280 1920

svchost 1008 8 70 1345 96096 6616 12888

alg 1056 8 5 98 33312 136 1264

svchost 1064 8 6 88 31576 1064 1448

svchost 1104 8 14 188 38764 164 1844

spoolsv 1400 8 11 114 43256 1016 3236

sched 1884 8 7 63 33044 1896 1756

avguard 1896 8 23 110 72900 4252 46052

guard 1908 8 9 77 44260 10304 20708

UAService7 2032 8 2 21 8348 132 244

lsass 708 9 19 351 42800 1268 3884

explorer 1664 8 18 769 148268 22432 37596

firefox 336 8 19 302 107484 46124 34152

realsched 1052 8 4 161 39904 172 1372

PDVDServ 1128 8 2 80 35276 332 1020

avgnt 1168 8 2 60 32800 492 1460

sqlmangr 1176 8 2 76 36960 1016 1408

jusched 1216 8 1 24 19148 96 612

avgas 1284 8 16 251 98156 17000 31488

MsgPlus 1428 8 1 34 27440 412 780

ctfmon 1680 8 1 68 30788 672 1024

cmd 1780 8 1 18 14480 1676 1620

pslist 2096 13 2 92 18432 1944 880

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 1664

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x7c800000 0x104000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll

0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll

0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll

0x77f40000 0x76000 6.00.2900.2937 C:\WINDOWS\system32\SHLWAPI.dll

0x7c9d0000 0x823000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll

0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll

0x75f10000 0xfd000 6.00.2900.2937 C:\WINDOWS\system32\BROWSEUI.dll

0x77720000 0x16f000 6.00.2900.2937 C:\WINDOWS\system32\SHDOCVW.dll

0x6fee0000 0x54000 5.01.2600.2952 C:\WINDOWS\system32\NETAPI32.dll

0x77aa0000 0xa7000 6.00.2900.2937 C:\WINDOWS\system32\WININET.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x77170000 0xa0000 6.00.2900.2960 C:\WINDOWS\system32\urlmon.dll

0x7dbf0000 0x2f5000 6.00.2900.2963 C:\WINDOWS\system32\mshtml.dll

0x74630000 0x27000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll

0x019d0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll

0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll

0x76d10000 0x19000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll

0x10000000 0xe000 3.63.0004.0000 C:\Program Files\MessengerPlus! 3\MsgPlusLoader.dll

0x00d50000 0x10000 5.02.5358.4827 C:\WINDOWS\system32\WPDShServiceObj.dll

0x02570000 0x2d000 5.02.5358.4827 C:\WINDOWS\system32\PortableDeviceTypes.dll

0x025a0000 0x58000 5.02.5358.4827 C:\WINDOWS\system32\PortableDeviceApi.dll

0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv

0x028d0000 0x13000 7.00.0000.0004 C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll

0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL

0x02b60000 0x56000 7.10.3052.0004 C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll

0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\AntiVir PersonalEdition Classic\MSVCP71.dll

0x6ff90000 0x27000 6.00.2900.2937 C:\WINDOWS\system32\cdfview.dll

0x02810000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

0x02f40000 0x174000 1.01.0001.0001 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll

0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL

0x62860000 0x4c000 8.00.0000.8964 C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll

0x60b30000 0x18000 8.00.0000.8964 C:\Program Files\OpenOffice.org 2.0\program\uwinapi.dll

0x62410000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.0\program\stlport_vc7145.dll

0x031e0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

0x03220000 0x70a000 6.14.0010.8198 C:\WINDOWS\system32\nvcpl.dll

0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x03970000 0x44000 6.14.0010.8198 C:\WINDOWS\system32\NVRSFR.DLL

0x039c0000 0x73000 6.14.0010.11014 C:\WINDOWS\system32\nvshell.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x03cf0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x03ae0000 0x20000 7.05.0000.0049 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll

0x03bb0000 0x24000 4.42.0000.0000 C:\Program Files\7-Zip\7-zip.dll

0x73a80000 0x15000 5.01.2600.2709 C:\WINDOWS\system32\mscms.dll

0x58a10000 0x41000 5.01.2600.2709 C:\WINDOWS\system32\icm32.dll

0x41f00000 0x7000 1.01.0000.3917 C:\WINDOWS\system32\asfsipc.dll

0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL

0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll

0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL

0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL

0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

No matching processes were found.

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 652

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

0x7c800000 0x104000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll

0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll

0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll

0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll

0x6fee0000 0x54000 5.01.2600.2952 C:\WINDOWS\system32\NETAPI32.dll

0x7c9d0000 0x823000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll

0x77f40000 0x76000 6.00.2900.2937 C:\WINDOWS\system32\SHLWAPI.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll

0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll

0x012d0000 0xae000 1.05.0540.0000 C:\WINDOWS\system32\WgaLogon.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76d10000 0x19000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll

0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

services.exe pid: 696

Command line: C:\WINDOWS\system32\services.exe

 

Base Size Version Path

0x7c800000 0x104000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll

0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll

0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll

0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll

0x7dbc0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll

0x6fee0000 0x54000 5.01.2600.2952 C:\WINDOWS\system32\NETAPI32.dll

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll

0x7c9d0000 0x823000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll

0x77f40000 0x76000 6.00.2900.2937 C:\WINDOWS\system32\SHLWAPI.dll

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 8CDF-0FA9

 

Répertoire de C:\Program Files

 

27/12/2006 15:27 <REP> .

27/12/2006 15:27 <REP> ..

06/08/2006 14:46 <REP> 7-Zip

08/08/2006 19:06 <REP> Adobe

27/12/2006 13:25 <REP> AntiVir PersonalEdition Classic

17/01/2006 18:17 <REP> AvRack

27/12/2006 17:07 <REP> City of Heroes

17/01/2006 18:07 <REP> ComPlus Applications

17/01/2006 21:41 <REP> CyberLink

10/12/2006 09:52 <REP> Elaborate Bytes

12/11/2006 22:22 <REP> Fichiers communs

18/09/2006 19:17 <REP> Gpotato

27/12/2006 13:49 <REP> Grisoft

22/09/2006 19:39 <REP> GUILD WARS

27/12/2006 16:38 <REP> Hijackthis

06/08/2006 18:01 <REP> IGN

27/12/2006 15:26 <REP> Incoming

18/08/2006 12:01 <REP> Internet Explorer

22/04/2006 02:15 <REP> Jasc Software Inc

14/11/2006 16:56 <REP> Java

20/08/2006 22:19 <REP> Java Web Start

02/08/2006 17:25 <REP> Lavasoft

11/08/2006 20:31 <REP> MAIET

23/08/2006 21:04 <REP> MessengerPlus! 3

17/01/2006 18:09 <REP> microsoft frontpage

24/05/2006 17:31 <REP> Microsoft SQL Server

29/10/2006 17:47 <REP> Movie Maker

27/12/2006 19:04 <REP> Mozilla Firefox

23/08/2006 21:00 <REP> MSN

17/01/2006 18:06 <REP> MSN Gaming Zone

23/08/2006 21:04 <REP> MSN Messenger

13/02/2006 13:23 <REP> Nero Burning Rom

17/01/2006 18:07 <REP> NetMeeting

13/08/2006 22:37 <REP> Netscape

17/01/2006 18:06 <REP> Online Services

17/01/2006 21:37 <REP> OpenOffice.org 2.0

18/08/2006 11:59 <REP> Outlook Express

18/01/2006 18:38 <REP> Real

17/01/2006 18:17 <REP> Realtek Sound Manager

20/01/2006 12:23 <REP> Samsung

17/01/2006 18:08 <REP> Services en ligne

24/02/2006 09:06 <REP> Skype

21/05/2006 09:12 <REP> Sonic Foundry

16/11/2006 17:20 <REP> Sony

19/05/2006 19:16 <REP> Sony Setup

16/10/2006 22:17 <REP> Teamspeak2_RC2

01/08/2006 20:09 <REP> ToniArts

10/06/2006 12:17 <REP> Ubisoft

16/09/2006 15:50 <REP> UniUploader

19/01/2006 17:17 <REP> VideoLAN

18/01/2006 18:38 <REP> Viewpoint

16/11/2006 17:20 <REP> Vstplugins

20/04/2006 07:50 <REP> Wanadoo

23/12/2006 17:51 <REP> Warcraft III

29/08/2006 19:34 <REP> Winamp

07/11/2006 22:42 <REP> Windows Media Player

17/01/2006 18:06 <REP> Windows NT

14/12/2006 18:31 <REP> World of Warcraft

02/11/2006 21:25 <REP> WowCartographe

17/01/2006 18:09 <REP> xerox

0 fichier(s) 0 octets

60 Rép(s) 101 761 769 472 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 8CDF-0FA9

 

Répertoire de C:\

 

11/11/2001 00:00 68 096 diff.exe

27/08/2006 14:10 103 424 grep.exe

 

Répertoire de C:\

 

11/11/2001 00:00 68 096 diff.exe

27/08/2006 14:10 103 424 grep.exe

4 fichier(s) 343 040 octets

0 Rép(s) 101 761 769 472 octets libres

C:\Documents and Settings\Patrick\.housecall\getMac.exe

C:\Documents and Settings\Patrick\.housecall\patch.exe

C:\Documents and Settings\Patrick\.housecall\tsc.exe

C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\RR3TR8HB\localhost\Program Files\eMule\Incoming\JGF\jgf.exe

C:\Documents and Settings\Patrick\Application Data\MSNInstaller\msnauins.exe

C:\Documents and Settings\Patrick\Application Data\Simply Super Software\Trojan Remover\cpu3.exe

C:\Documents and Settings\Patrick\Bureau\Codec_Sniper.exe

C:\Documents and Settings\Patrick\Bureau\Fixwareout.exe

C:\Documents and Settings\Patrick\Bureau\SDFix.exe

C:\Documents and Settings\Patrick\Bureau\DiagHelp\diff.exe

C:\Documents and Settings\Patrick\Bureau\DiagHelp\FilesInfoCmd.exe

C:\Documents and Settings\Patrick\Bureau\DiagHelp\Fport.exe

C:\Documents and Settings\Patrick\Bureau\DiagHelp\grep.exe

C:\Documents and Settings\Patrick\Bureau\DiagHelp\LFiles.exe

C:\Documents and Settings\Patrick\Bureau\DiagHelp\LISTDLLS.exe

C:\Documents and Settings\Patrick\Bureau\DiagHelp\pslist.exe

C:\Documents and Settings\Patrick\Bureau\DiagHelp\streams.exe

C:\Documents and Settings\Patrick\Bureau\DiagHelp\swreg.exe

C:\Documents and Settings\Patrick\Bureau\Installers\GunzInternational_20060726full.exe

C:\Documents and Settings\Patrick\Bureau\WinPFind\winpfind.exe

C:\Documents and Settings\Patrick\Bureau\WinPFind\plugins\wpf2def.exe

 

Et comme je vien de finir le winpfind je le met aussi :P :

 

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

 

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

 

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Logfile created on: 27/12/2006 18:47:32

WinPFind v1.5.0 Folder = C:\Documents and Settings\Patrick\Bureau\WinPFind\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 6.0.2900.2180)

 

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

 

Checking %SystemDrive% folder...

 

Checking %ProgramFilesDir% folder...

 

Checking %WinDir% folder...

UPX! 06/11/2001 00:03:28 175104 C:\WINDOWS\eiunin.exe (?? ??)

 

Checking %System% folder...

WSUD 17/11/2004 09:08:06 16162816 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)

UPX! 26/03/2002 08:19:42 23040 C:\WINDOWS\SYSTEM32\auth.dll ()

aspack 18/03/2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)

aspack 26/05/2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)

aspack 22/07/2005 18:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)

aspack 05/12/2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)

PEC2 05/08/2004 13:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc ()

PTech 19/06/2006 15:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)

PECompact2 09/08/2006 11:03:06 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)

aspack 09/08/2006 11:03:06 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)

UPX! 17/03/2006 23:43:52 110080 C:\WINDOWS\SYSTEM32\nLame.dll ()

aspack 05/08/2004 13:00:00 733184 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)

WSUD 05/08/2004 13:00:00 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)

Umonitor 05/08/2004 13:00:00 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)

winsync 05/08/2004 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

PTech 19/06/2006 15:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

WSUD 10/05/2006 01:51:10 7767040 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

 

Checking %System%\Drivers folder and sub-folders...

 

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS

 

 

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

27/12/2006 16:33:14 S 2048 C:\WINDOWS\bootstat.dat ()

27/12/2006 14:51:24 HS 19968 C:\WINDOWS\Thumbs.db ()

16/11/2006 17:20:44 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat ()

16/11/2006 17:21:36 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index28.dat ()

16/11/2006 17:21:38 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index29.dat ()

27/12/2006 14:51:22 HS 24064 C:\WINDOWS\system32\Thumbs.db ()

27/12/2006 16:33:38 H 1024 C:\WINDOWS\system32\config\default.LOG ()

27/12/2006 16:33:16 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()

27/12/2006 16:43:26 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()

27/12/2006 18:51:56 H 1024 C:\WINDOWS\system32\config\software.LOG ()

27/12/2006 18:41:06 H 1024 C:\WINDOWS\system32\config\system.LOG ()

17/11/2006 21:03:40 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\5a8f8c42-bf4e-402d-8262-c8344b7081c4 ()

17/11/2006 21:03:40 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()

27/12/2006 16:33:16 H 6 C:\WINDOWS\Tasks\SA.DAT ()

 

Checking for CPL files...

05/08/2004 13:00:00 71680 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)

17/11/2004 09:08:06 16162816 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)

05/08/2004 13:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)

05/08/2004 13:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)

05/08/2004 13:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)

05/08/2004 13:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)

05/08/2004 13:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)

05/08/2004 13:00:00 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)

05/08/2004 13:00:00 134144 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)

05/08/2004 13:00:00 380928 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)

05/08/2004 13:00:00 70144 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)

12/10/2006 03:10:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)

05/08/2004 13:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)

05/08/2004 13:00:00 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)

05/08/2004 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)

05/08/2004 13:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)

05/08/2004 13:00:00 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)

10/12/2005 03:06:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl ()

05/08/2004 13:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)

01/11/2002 20:15:54 45175 C:\WINDOWS\SYSTEM32\plugincpl140_03.cpl (Sun Microsystems)

05/08/2004 13:00:00 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)

05/08/2004 13:00:00 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)

05/08/2004 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)

05/08/2004 13:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)

05/08/2004 13:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)

26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)

05/08/2004 13:00:00 71680 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)

05/08/2004 13:00:00 555008 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)

05/08/2004 13:00:00 138240 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)

05/08/2004 13:00:00 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)

05/08/2004 13:00:00 157184 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)

05/08/2004 13:00:00 359936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)

05/08/2004 13:00:00 134144 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)

05/08/2004 13:00:00 70144 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)

05/08/2004 13:00:00 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)

05/08/2004 13:00:00 626176 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)

05/08/2004 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)

05/08/2004 13:00:00 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)

05/08/2004 13:00:00 261120 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)

05/08/2004 13:00:00 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)

05/08/2004 13:00:00 118272 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)

05/08/2004 13:00:00 159744 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)

05/08/2004 13:00:00 305152 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)

05/08/2004 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)

05/08/2004 13:00:00 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)

05/08/2004 13:00:00 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)

26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

 

Checking for Downloaded Program Files...

{00B71CFB-6864-4346-A978-C0A14556272C} - Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - FilePlanet Download Control Class - CodeBase = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - Java Plug-in 1.4.1_02 - CodeBase = http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab

{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = https://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

 

Checking files in %ALLUSERSPROFILE%\Startup folder...

17/01/2006 18:09:28 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

08/08/2006 19:07:18 1757 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk ()

20/08/2006 21:58:34 1908 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk ()

 

Checking files in %ALLUSERSPROFILE%\Application Data folder...

02/08/2006 17:53:18 305 C:\Documents and Settings\All Users\Application Data\addr_file.html ()

17/01/2006 18:59:10 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

20/09/2006 16:07:48 2556 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

 

Checking files in %USERPROFILE%\Startup folder...

17/01/2006 18:09:28 HS 84 C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

 

Checking files in %USERPROFILE%\Application Data folder...

17/01/2006 18:59:10 HS 62 C:\Documents and Settings\Patrick\Application Data\desktop.ini ()

27/12/2006 12:22:32 1408021 C:\Documents and Settings\Patrick\Application Data\Install.dat ()

 

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

 

>>> Internet Explorer Settings <<<

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

\\Local Page - %SystemRoot%\system32\blank.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

\\{08C06D61-F1F3-4799-86F8-BE1A89362C85} - Search Class = ()

\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

 

>>> BHO's <<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)

 

>>> Internet Explorer Bars, Toolbars and Extensions <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Astuce du jour = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]

\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8192 = Windows Messenger

\\NEXTID - 8195

\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Console Java (Sun)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.)

\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe ()

 

>>> Approved Shell Extensions (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Extension Affichage Panorama du Panneau de configuration = deskpan.dll ()

\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Extensions de l'environnement de compression de fichiers = ()

\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Menu contextuel de cryptage = ()

\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Extension icône HyperTerminal = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)

\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Barre des tâches et menu Démarrer = ()

\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()

\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Comptes d'utilisateurs = ()

\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

\\{D653647D-D607-4DF6-A5B8-48D2BA195F7B} - BitDefender Antivirus v8 = ()

\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll (Nero AG)

\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll (Nero AG)

\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll ()

\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll ()

\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll ()

\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

\\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)

\\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} - OpenOffice.org Infotip Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)

\\{63542C48-9552-494A-84F7-73AA6A7C99C1} - OpenOffice.org Property Sheet Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)

\\{3B092F0C-7696-40E3-A80F-68D74DA84210} - OpenOffice.org Thumbnail Viewer = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)

\\{23170F69-40C1-278A-1000-000100020000} - 7-Zip Shell Extension = C:\Program Files\7-Zip\7-zip.dll ()

\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)

\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

\\{52B87208-9CCF-42C9-B88E-069281105805} - Trojan Remover Shell Extension = ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

 

>>> Context Menu Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]

\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()

\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)

\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)

 

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

 

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]

\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()

\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)

 

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll ()

\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

 

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]

\BitDefender Antivirus v8 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = ()

\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)

 

>>> Column Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll (Nero AG)

\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)

\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

 

>>> Registry Run Keys <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()

nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe ()

NWEReboot - Reg Data missing or invalid ()

NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()

RemoteControl - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

NeroCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

avgnt - C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)

DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe ()

MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)

QuickTime Task - C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe ()

TkBellExe - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

CloneDVDElbyDelay - C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe (Elaborate Bytes AG)

!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

CTFMON.EXE - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

 

>>> Startup Links <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]

C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

 

>>> MSConfig Disabled Items <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

system.ini 0

win.ini 0

bootini 0

services 0

startup 0

 

 

[All Users Startup Folder Disabled Items]

 

[Current User Startup Folder Disabled Items]

 

>>> User Agent Post Platform <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

\\SV1 -

 

>>> AppInit Dll's <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

 

>>> Image File Execution Options <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

\Your Image File Name Here without a path - Debugger = ntsd -d

 

>>> Shell Service Object Delay Load <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)

\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

 

>>> Shell Execute Hooks <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

 

>>> Shared Task Scheduler <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

 

>>> Winlogon <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

\\UserInit = C:\WINDOWS\system32\userinit.exe,

\\Shell = Explorer.exe

\\System =

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

\crypt32chain - crypt32.dll = (Microsoft Corporation)

\cryptnet - cryptnet.dll = (Microsoft Corporation)

\cscdll - cscdll.dll = (Microsoft Corporation)

\ScCertProp - wlnotify.dll = (Microsoft Corporation)

\Schedule - wlnotify.dll = (Microsoft Corporation)

\sclgntfy - sclgntfy.dll = (Microsoft Corporation)

\SensLogn - WlNotify.dll = (Microsoft Corporation)

\termsrv - wlnotify.dll = (Microsoft Corporation)

\WgaLogon - WgaLogon.dll = (Microsoft Corporation)

\wlballoon - wlnotify.dll = (Microsoft Corporation)

 

>>> DNS Name Servers <<<

 

>>> All Winsock2 Catalogs <<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)

\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)

\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]

\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000005\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\00000000001\\PackedCatalogItem - 225,5temRoot%\system32\mswsock.dll ()

\000000000010\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)

\000000000011\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)

 

>>> Protocol Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]

\ipp - ()

\msdaipp - ()

 

>>> Protocol Filters (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

 

>>> Selected AddOn's <<<

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Lien vers le commentaire
Partager sur d’autres sites
Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Ok! stp fais le scan en ligne suivant>

 

Fais un scan en ligne avec Panda :

http://www.pandasoftware.fr/Activescan/Activescan.html .

Et poste le rapport qu'il t'affichera à la fin, pour cela, assure toi que IE est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809 .

Si tu n'y arrives pas, le tuto est : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

 

Fais aussi analyser ce fichier > C:\WINDOWS\eiunin.exe

 

Lorsque tu cliques sur cette adresse => http://www.virustotal.com/flash/index_en.html

 

tu as une case nommée "Parcourir", tu cliques dessus et une fenêtre s'ouvre=> parcours ton disque dur , et recherche le fichier eiunin.exe que tu trouveras en allant dans le dossier C:\WINDOWS

 

Tu cliques une fois sur le fichier eiunin.exe (il prend une couleur bleue!) puis tu cliques sur "ouvrir" en bas de la fenêtre puis sur "send" .Le scan de ce fichier va débuter.Tu n'as plus qu'à sélectionner puis copier /coller l'analyse .

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ce prendra pour faire analyser)

 

Si tu ne vois pas ce fichier fais ceci >

 

*Assure toi d'avoir accès à tous les fichiers,certains fichiers/dossiers sont cachés!!

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

@+

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...